Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/d13f84-16ce-4d51-a618-c2a5d9d70313/1/cg__zioM7AjTZm2rKOe3Q9yJ1FE.roa
File:                     cg__zioM7AjTZm2rKOe3Q9yJ1FE.roa (raw, json)
Hash identifier:          RFiknT93pkHj13kddAgufqBAUZs6UZjecDGxLNV16Bg=
Subject key identifier:   72:0F:FF:CE:2A:0C:EC:08:D3:66:6D:AB:28:E7:B7:43:DC:89:D4:51
Certificate issuer:       /CN=7e5ac81bbccf852f22ac8ed52d2e92db31d8d606
Certificate serial:       0190FE4F1B07825660B84FD2A8CE935E8939
Authority key identifier: 7E:5A:C8:1B:BC:CF:85:2F:22:AC:8E:D5:2D:2E:92:DB:31:D8:D6:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/flrIG7zPhS8irI7VLS6S2zHY1gY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/d13f84-16ce-4d51-a618-c2a5d9d70313/1/cg__zioM7AjTZm2rKOe3Q9yJ1FE.roa
Signing time:             Mon 29 Jul 2024 11:45:15 +0000
ROA not before:           Mon 29 Jul 2024 11:45:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6848
IP address blocks:        193.149.240.0/22 maxlen: 22
                          193.149.244.0/23 maxlen: 23
                          193.149.246.0/24 maxlen: 24
                          193.149.247.0/24 maxlen: 24
                          193.149.248.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/d13f84-16ce-4d51-a618-c2a5d9d70313/1/flrIG7zPhS8irI7VLS6S2zHY1gY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/d13f84-16ce-4d51-a618-c2a5d9d70313/1/flrIG7zPhS8irI7VLS6S2zHY1gY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/flrIG7zPhS8irI7VLS6S2zHY1gY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fe:4f:1b:07:82:56:60:b8:4f:d2:a8:ce:93:5e:89:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e5ac81bbccf852f22ac8ed52d2e92db31d8d606
        Validity
            Not Before: Jul 29 11:45:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=720fffce2a0cec08d3666dab28e7b743dc89d451
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:5f:bd:41:1c:58:89:c8:bf:95:27:52:68:c6:
                    ee:68:7a:3d:e1:b5:cc:67:88:47:d4:c4:d7:d6:21:
                    b3:ce:6e:bb:4e:de:71:49:d4:16:1f:e7:dd:46:ae:
                    88:ef:c4:86:8b:76:74:b0:04:02:3f:72:03:37:ec:
                    8f:47:53:f7:25:2b:16:45:80:83:0f:21:bb:83:c5:
                    ab:ed:06:4b:6d:7a:0d:f1:e1:2c:b0:1f:d8:21:9d:
                    13:97:0b:60:a4:59:21:46:35:eb:e4:53:0c:c9:88:
                    84:fc:7e:3c:9c:56:28:26:7d:24:3e:13:9f:5a:a4:
                    07:cf:d7:2f:6d:2a:d4:22:93:aa:ab:f4:e8:66:f2:
                    a2:54:55:d6:8c:72:28:51:f3:2e:bd:bb:d6:c2:c0:
                    92:4a:2f:86:be:1b:b3:69:da:06:57:77:6b:48:9e:
                    fa:ff:fd:5d:55:72:28:72:b6:f7:19:d9:db:34:05:
                    d5:23:37:d8:e3:7e:e0:2c:a2:4d:a6:cf:0f:0a:52:
                    58:fe:3d:d5:96:eb:d6:46:a4:b3:65:36:cf:3f:01:
                    8c:26:f7:13:7e:df:70:9c:9c:52:aa:bb:0d:20:5a:
                    d4:2b:14:9d:1a:c4:4d:6c:24:81:0f:cd:72:7b:7d:
                    33:25:0f:94:c4:f3:92:2e:ab:98:e6:36:96:c4:32:
                    2d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:0F:FF:CE:2A:0C:EC:08:D3:66:6D:AB:28:E7:B7:43:DC:89:D4:51
            X509v3 Authority Key Identifier:
                keyid:7E:5A:C8:1B:BC:CF:85:2F:22:AC:8E:D5:2D:2E:92:DB:31:D8:D6:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/flrIG7zPhS8irI7VLS6S2zHY1gY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/d13f84-16ce-4d51-a618-c2a5d9d70313/1/cg__zioM7AjTZm2rKOe3Q9yJ1FE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/d13f84-16ce-4d51-a618-c2a5d9d70313/1/flrIG7zPhS8irI7VLS6S2zHY1gY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.149.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         46:ad:f5:1c:be:34:b4:b9:95:b0:f5:8b:57:2c:3a:d0:fc:4f:
         d9:f6:a3:26:e7:21:a8:de:54:33:4a:49:16:f7:d0:cd:66:af:
         0d:a2:b2:27:43:62:1e:29:fd:fd:31:7f:f4:1f:5f:c5:bf:e2:
         ec:20:5e:8c:71:09:65:83:37:a3:f1:ad:5c:e2:fa:06:e9:8a:
         94:d5:24:10:f1:a3:35:fc:42:13:f9:db:2e:91:a2:e6:a1:46:
         b3:96:f2:3b:74:62:eb:05:c3:05:31:21:24:cb:07:23:40:ca:
         4d:4c:e8:b7:4b:f0:a0:5e:33:8a:f6:10:fd:c7:c3:11:c3:e5:
         78:e7:94:6f:f9:fb:e8:b8:cd:12:27:bf:49:7a:70:22:87:d4:
         a0:67:68:68:99:3c:48:38:00:c8:a7:8f:49:63:08:91:88:e9:
         2a:36:4e:ca:5f:60:cb:03:e9:b2:08:9c:91:7f:85:6c:67:12:
         bf:ac:b6:33:a7:ab:eb:fc:58:81:a9:e8:31:38:69:6d:04:f5:
         ad:d7:f8:7b:36:85:79:b4:86:04:b8:89:e1:30:ae:c5:ff:7c:
         12:0b:7a:6e:6d:db:d8:5c:2b:a8:54:c9:3f:fd:de:7c:fa:7d:
         34:f9:94:1b:71:f7:d3:47:06:a7:d6:db:be:c7:ee:77:6c:c2:
         c1:55:89:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZD+TxsHglZguE/SqM6TXok5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNWFjODFiYmNjZjg1MmYyMmFjOGVkNTJkMmU5MmRiMzFk
OGQ2MDYwHhcNMjQwNzI5MTE0NTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjBmZmZjZTJhMGNlYzA4ZDM2NjZkYWIyOGU3Yjc0M2RjODlkNDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0V+9QRxYici/lSdSaMbuaHo94bXM
Z4hH1MTX1iGzzm67Tt5xSdQWH+fdRq6I78SGi3Z0sAQCP3IDN+yPR1P3JSsWRYCD
DyG7g8Wr7QZLbXoN8eEssB/YIZ0TlwtgpFkhRjXr5FMMyYiE/H48nFYoJn0kPhOf
WqQHz9cvbSrUIpOqq/ToZvKiVFXWjHIoUfMuvbvWwsCSSi+GvhuzadoGV3drSJ76
//1dVXIocrb3GdnbNAXVIzfY437gLKJNps8PClJY/j3VluvWRqSzZTbPPwGMJvcT
ft9wnJxSqrsNIFrUKxSdGsRNbCSBD81ye30zJQ+UxPOSLquY5jaWxDItJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHIP/84qDOwI02Ztqyjnt0PcidRRMB8GA1UdIwQY
MBaAFH5ayBu8z4UvIqyO1S0uktsx2NYGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmxySUc3elBoUzhpckk3VkxTNlMyekhZMWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9kMTNmODQtMTZjZS00ZDUxLWE2MTgt
YzJhNWQ5ZDcwMzEzLzEvY2dfX3ppb003QWpUWm0ycktPZTNROXlKMUZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9kMTNmODQtMTZjZS00ZDUxLWE2MTgtYzJhNWQ5ZDcwMzEz
LzEvZmxySUc3elBoUzhpckk3VkxTNlMyekhZMWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwZXwMA0G
CSqGSIb3DQEBCwUAA4IBAQBGrfUcvjS0uZWw9YtXLDrQ/E/Z9qMm5yGo3lQzSkkW
99DNZq8NorInQ2IeKf39MX/0H1/Fv+LsIF6McQllgzej8a1c4voG6YqU1SQQ8aM1
/EIT+dsukaLmoUazlvI7dGLrBcMFMSEkywcjQMpNTOi3S/CgXjOK9hD9x8MRw+V4
55Rv+fvouM0SJ79JenAih9SgZ2homTxIOADIp49JYwiRiOkqNk7KX2DLA+myCJyR
f4VsZxK/rLYzp6vr/FiBqegxOGltBPWt1/h7NoV5tIYEuInhMK7F/3wSC3pubdvY
XCuoVMk//d58+n00+ZQbcffTRwan1tu+x+53bMLBVYlP
-----END CERTIFICATE-----