Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/1-c7NaoLWaLoQTPizmgiRi57sEyQ.roa
File:                     1-c7NaoLWaLoQTPizmgiRi57sEyQ.roa (raw, json)
Hash identifier:          2/LXBztEoTsD9KDL3Xmw7wfcuvtMoN0yqLM0GH5gcZs=
Subject key identifier:   F9:CE:CD:6A:82:D6:68:BA:10:4C:F8:B3:9A:08:91:8B:9E:EC:13:24
Certificate issuer:       /CN=44fc887c977393575de6257e75fa99cde2037c6c
Certificate serial:       018571A78D799EC82FEE0C2E50B29CE25129
Authority key identifier: 44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/1-c7NaoLWaLoQTPizmgiRi57sEyQ.roa
Signing time:             Mon 02 Jan 2023 08:44:44 +0000
ROA not before:           Mon 02 Jan 2023 08:44:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     33696
IP address blocks:        193.43.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Mar 2023 07:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:a7:8d:79:9e:c8:2f:ee:0c:2e:50:b2:9c:e2:51:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44fc887c977393575de6257e75fa99cde2037c6c
        Validity
            Not Before: Jan  2 08:44:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f9cecd6a82d668ba104cf8b39a08918b9eec1324
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f2:62:e9:47:16:91:85:99:a2:60:aa:6a:d1:
                    f4:23:87:f4:21:a9:b3:00:38:7e:cf:e5:38:74:3b:
                    fe:4c:8b:59:f3:83:57:77:17:5a:c6:23:2f:b6:f2:
                    cc:57:d2:3a:d3:f6:1f:54:37:f7:f0:ba:e4:77:a3:
                    ab:da:b3:03:79:05:07:18:04:49:1a:be:b7:20:e0:
                    aa:17:e3:27:2b:83:db:1f:35:a0:69:54:2f:72:40:
                    83:52:c7:73:d6:24:0b:43:1c:33:69:53:ab:78:90:
                    10:69:7e:64:99:fe:a0:ec:fb:de:ee:a5:d1:df:81:
                    65:98:49:26:c5:2f:f7:75:37:6c:cb:18:56:e2:ae:
                    be:ab:59:c0:0b:b3:4d:df:0d:c2:39:20:75:07:98:
                    31:7b:b4:48:7b:ea:85:36:35:09:81:11:cc:2c:80:
                    72:22:b9:01:1e:08:d9:68:dd:5d:34:7d:8d:a7:f7:
                    3a:29:ad:2a:fb:17:35:8a:35:eb:fb:fa:71:4b:b4:
                    e7:1e:c9:bc:f4:1d:94:34:7d:f3:fe:06:4e:45:2c:
                    7d:84:5a:f6:ce:98:92:b5:49:dd:06:90:b8:8a:78:
                    0c:da:9b:a5:22:cd:a2:45:ae:36:be:cf:76:0f:d6:
                    1e:83:e8:64:14:79:49:3a:75:98:4e:ac:e7:ba:d8:
                    b1:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                F9:CE:CD:6A:82:D6:68:BA:10:4C:F8:B3:9A:08:91:8B:9E:EC:13:24
            X509v3 Authority Key Identifier: 
                keyid:44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/1-c7NaoLWaLoQTPizmgiRi57sEyQ.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:bb:a4:51:05:84:cb:b8:dd:62:06:c5:b1:a5:2c:ad:6b:47:
         64:84:47:44:4e:29:05:f8:ab:4d:42:d1:5f:b7:84:02:65:e3:
         9c:34:7c:07:77:57:9c:25:1f:82:a7:85:94:72:68:a5:3d:89:
         a7:e4:9a:a7:54:d8:ad:ce:3a:55:1c:75:33:23:1f:57:c3:67:
         4f:5a:d5:37:7c:4f:eb:43:a8:e8:4f:1f:00:c5:07:4f:40:b7:
         0f:1d:58:58:9c:61:f4:0b:8d:27:50:8f:1c:9c:86:e9:3c:97:
         97:37:96:0b:ee:51:ed:60:0d:24:ce:6f:e2:ff:4a:4c:45:d1:
         f2:b3:d0:7c:12:90:5e:db:5c:54:3b:bd:6c:3c:ee:73:a7:3e:
         26:27:7e:d1:75:8d:a4:fd:5e:62:6f:d5:cd:e6:0a:66:ff:10:
         c3:34:41:15:82:b9:9c:82:4c:f8:a8:ad:4b:c0:fd:15:35:33:
         60:0b:1d:e9:4e:23:1b:6a:5d:18:cc:08:81:2a:36:5b:d2:c2:
         6e:9a:58:1d:e0:22:2e:82:10:42:39:af:48:71:d0:78:2c:e2:
         f5:28:1b:d9:ac:d2:99:79:1f:52:2c:d0:33:66:e5:fd:02:1e:
         83:01:b8:5f:0c:fb:ba:cc:45:f4:a3:88:92:26:5f:1c:63:18:
         1c:92:9f:1e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVxp415nsgv7gwuULKc4lEpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZmM4ODdjOTc3MzkzNTc1ZGU2MjU3ZTc1ZmE5OWNkZTIw
MzdjNmMwHhcNMjMwMTAyMDg0NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWNlY2Q2YTgyZDY2OGJhMTA0Y2Y4YjM5YTA4OTE4YjllZWMxMzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvJi6UcWkYWZomCqatH0I4f0Iamz
ADh+z+U4dDv+TItZ84NXdxdaxiMvtvLMV9I60/YfVDf38Lrkd6Or2rMDeQUHGARJ
Gr63IOCqF+MnK4PbHzWgaVQvckCDUsdz1iQLQxwzaVOreJAQaX5kmf6g7Pve7qXR
34FlmEkmxS/3dTdsyxhW4q6+q1nAC7NN3w3COSB1B5gxe7RIe+qFNjUJgRHMLIBy
IrkBHgjZaN1dNH2Np/c6Ka0q+xc1ijXr+/pxS7TnHsm89B2UNH3z/gZORSx9hFr2
zpiStUndBpC4ingM2pulIs2iRa42vs92D9Yeg+hkFHlJOnWYTqznutixTQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPnOzWqC1mi6EEz4s5oIkYue7BMkMB8GA1UdIwQY
MBaAFET8iHyXc5NXXeYlfnX6mc3iA3xsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMt
YzM2OWMxZDRjMzM3LzEvMS1jN05hb0xXYUxvUVRQaXptZ2lSaTU3c0V5US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjcvZjA3YzY2LTQ3M2QtNDM1YS1iNjkzLWMzNjljMWQ0YzMz
Ny8xL1JQeUlmSmR6azFkZDVpVi1kZnFaemVJRGZHdy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMErjjAN
BgkqhkiG9w0BAQsFAAOCAQEABrukUQWEy7jdYgbFsaUsrWtHZIRHRE4pBfirTULR
X7eEAmXjnDR8B3dXnCUfgqeFlHJopT2Jp+Sap1TYrc46VRx1MyMfV8NnT1rVN3xP
60Oo6E8fAMUHT0C3Dx1YWJxh9AuNJ1CPHJyG6TyXlzeWC+5R7WANJM5v4v9KTEXR
8rPQfBKQXttcVDu9bDzuc6c+Jid+0XWNpP1eYm/VzeYKZv8QwzRBFYK5nIJM+Kit
S8D9FTUzYAsd6U4jG2pdGMwIgSo2W9LCbppYHeAiLoIQQjmvSHHQeCzi9Sgb2azS
mXkfUizQM2bl/QIegwG4Xwz7usxF9KOIkiZfHGMYHJKfHg==
-----END CERTIFICATE-----
Generated at Wed Mar 15 13:10:33 2023 by rpki-client on console-ams.rpki-client.org