Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/GOVv7UWiyAgkUB324DNsuUmKdTE.roa
File:                     GOVv7UWiyAgkUB324DNsuUmKdTE.roa (raw, json)
Hash identifier:          ADQ5I5pX9eFcLUcZ8U56+xsynmnuecGVYVarRV0N63M=
Subject key identifier:   18:E5:6F:ED:45:A2:C8:08:24:50:1D:F6:E0:33:6C:B9:49:8A:75:31
Certificate issuer:       /CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
Certificate serial:       019427488FE9AB5F156B62442D41FA152618
Authority key identifier: BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/GOVv7UWiyAgkUB324DNsuUmKdTE.roa
Signing time:             Thu 02 Jan 2025 13:50:54 +0000
ROA not before:           Thu 02 Jan 2025 13:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196714
IP address blocks:        93.94.6.0/23 maxlen: 23
                          93.94.6.0/24 maxlen: 24
                          93.94.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 10:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:8f:e9:ab:5f:15:6b:62:44:2d:41:fa:15:26:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
        Validity
            Not Before: Jan  2 13:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18e56fed45a2c80824501df6e0336cb9498a7531
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b0:b8:92:ff:c4:89:4a:96:4f:b8:e8:2a:4b:
                    11:56:b6:51:3c:e1:bd:f8:6c:7a:12:93:61:b5:8a:
                    cc:ce:77:93:90:93:3e:0c:00:1b:7b:59:a1:c1:8c:
                    22:02:0b:8a:70:ee:93:d2:0f:7d:40:c5:14:26:d3:
                    77:7f:16:a1:73:85:92:3f:2d:10:b3:7b:ea:31:10:
                    95:dc:03:41:15:a1:0d:2b:45:3b:ff:a7:b3:3a:b9:
                    13:a2:54:74:eb:44:3f:30:f9:fb:5e:d7:61:c5:7d:
                    d2:67:34:ea:dc:2f:90:a9:b8:d9:3f:0a:e7:01:b8:
                    bf:3f:07:95:98:4f:cc:5f:e6:67:2e:81:7c:51:0b:
                    54:e1:dc:10:bc:0d:b3:2e:a4:ca:4d:c6:da:bb:84:
                    8d:dc:a0:19:37:c1:65:22:6a:b0:f8:e0:ca:98:f5:
                    c9:b1:d2:84:08:ca:5d:6a:a5:b4:13:ee:5d:ea:22:
                    49:66:e5:0c:78:79:d5:44:4f:a9:04:9a:86:ad:49:
                    4f:61:c6:09:26:d5:ec:f9:1f:10:7f:cd:e8:87:4f:
                    e1:e6:54:8a:60:5b:95:2b:c2:1d:49:29:4d:2e:ed:
                    09:2d:72:3a:6b:2b:1f:c0:a5:91:92:56:28:ea:c9:
                    9e:77:ca:37:6f:b6:36:7b:f7:7d:4d:cc:97:95:a0:
                    62:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:E5:6F:ED:45:A2:C8:08:24:50:1D:F6:E0:33:6C:B9:49:8A:75:31
            X509v3 Authority Key Identifier:
                keyid:BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/GOVv7UWiyAgkUB324DNsuUmKdTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.94.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:12:66:bf:ca:97:96:78:7a:f2:ea:20:c4:34:2c:41:27:bb:
         c0:97:89:9c:16:2a:ec:e3:f2:a4:3a:a0:33:09:9d:3a:83:1d:
         b5:3f:e3:e0:3d:84:3e:ba:68:31:5e:10:ca:59:43:1e:9d:8e:
         b4:ed:08:89:96:da:7d:fc:42:5d:76:a3:83:9a:79:a8:1a:3e:
         48:a7:2c:0e:fe:51:ab:08:ee:e1:55:be:00:d6:12:35:cd:20:
         67:59:0c:03:62:4b:bf:7c:b0:ad:8e:ec:9d:51:e1:bf:a9:f0:
         3d:cf:3f:ab:81:04:10:08:dc:69:fe:19:c3:68:33:8c:b6:86:
         95:63:47:0e:2c:0b:12:0c:c8:e8:66:2b:c1:26:43:55:39:c5:
         d1:30:2e:68:dd:08:e4:db:23:80:b0:6d:da:d2:85:b5:a4:1b:
         bc:48:85:c4:c2:c0:e4:79:28:a1:00:bc:c2:08:a2:e0:85:e2:
         53:63:6e:c4:f2:55:84:a7:f0:52:4e:15:51:db:37:78:33:ec:
         a4:4c:00:91:8e:b1:6d:89:82:c6:f9:f6:8a:ea:b6:38:80:b5:
         b0:cc:63:66:91:84:4c:c9:49:70:8f:d1:f3:83:d1:05:02:fd:
         ba:bf:14:8d:84:5c:55:4f:46:f9:17:a2:46:28:9f:7b:3a:bb:
         b9:ea:08:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSI/pq18Va2JELUH6FSYYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjQ5MzQ1N2IyZjAyZTY5Yjg1ZjcxOGRjYzE2YTlhOWVm
MGZjZDEwHhcNMjUwMTAyMTM1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGU1NmZlZDQ1YTJjODA4MjQ1MDFkZjZlMDMzNmNiOTQ5OGE3NTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLC4kv/EiUqWT7joKksRVrZRPOG9
+Gx6EpNhtYrMzneTkJM+DAAbe1mhwYwiAguKcO6T0g99QMUUJtN3fxahc4WSPy0Q
s3vqMRCV3ANBFaENK0U7/6ezOrkTolR060Q/MPn7XtdhxX3SZzTq3C+QqbjZPwrn
Abi/PweVmE/MX+ZnLoF8UQtU4dwQvA2zLqTKTcbau4SN3KAZN8FlImqw+ODKmPXJ
sdKECMpdaqW0E+5d6iJJZuUMeHnVRE+pBJqGrUlPYcYJJtXs+R8Qf83oh0/h5lSK
YFuVK8IdSSlNLu0JLXI6aysfwKWRklYo6smed8o3b7Y2e/d9TcyXlaBirwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjlb+1FosgIJFAd9uAzbLlJinUxMB8GA1UdIwQY
MBaAFL+0k0V7LwLmm4X3GNzBapqe8PzRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMt
MWY2NDA5ODQ4MTUwLzEvR09WdjdVV2l5QWdrVUIzMjRETnN1VW1LZFRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMtMWY2NDA5ODQ4MTUw
LzEvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXV4GMA0G
CSqGSIb3DQEBCwUAA4IBAQA1Ema/ypeWeHry6iDENCxBJ7vAl4mcFirs4/KkOqAz
CZ06gx21P+PgPYQ+umgxXhDKWUMenY607QiJltp9/EJddqODmnmoGj5IpywO/lGr
CO7hVb4A1hI1zSBnWQwDYku/fLCtjuydUeG/qfA9zz+rgQQQCNxp/hnDaDOMtoaV
Y0cOLAsSDMjoZivBJkNVOcXRMC5o3Qjk2yOAsG3a0oW1pBu8SIXEwsDkeSihALzC
CKLgheJTY27E8lWEp/BSThVR2zd4M+ykTACRjrFtiYLG+faK6rY4gLWwzGNmkYRM
yUlwj9Hzg9EFAv26vxSNhFxVT0b5F6JGKJ97Oru56ggr
-----END CERTIFICATE-----