Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/ls7QRK_LHcV6HAvK-gTyulIwekE.roa
File:                     ls7QRK_LHcV6HAvK-gTyulIwekE.roa (raw, json)
Hash identifier:          8Emkax7aSFALidjB0ibIraONTsIleRBJM72r2KsoAxs=
Subject key identifier:   96:CE:D0:44:AF:CB:1D:C5:7A:1C:0B:CA:FA:04:F2:BA:52:30:7A:41
Certificate issuer:       /CN=b7c40a747e3ac1acc611a4c403b6007398e7d79f
Certificate serial:       018E37CDE863AC5302C9D7C488C7DDB5E6B9
Authority key identifier: B7:C4:0A:74:7E:3A:C1:AC:C6:11:A4:C4:03:B6:00:73:98:E7:D7:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t8QKdH46wazGEaTEA7YAc5jn158.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/ls7QRK_LHcV6HAvK-gTyulIwekE.roa
Signing time:             Wed 13 Mar 2024 12:33:44 +0000
ROA not before:           Wed 13 Mar 2024 12:33:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        45.67.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/t8QKdH46wazGEaTEA7YAc5jn158.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/t8QKdH46wazGEaTEA7YAc5jn158.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t8QKdH46wazGEaTEA7YAc5jn158.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:37:cd:e8:63:ac:53:02:c9:d7:c4:88:c7:dd:b5:e6:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7c40a747e3ac1acc611a4c403b6007398e7d79f
        Validity
            Not Before: Mar 13 12:33:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96ced044afcb1dc57a1c0bcafa04f2ba52307a41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c7:53:3a:15:9e:3c:ba:96:ef:39:36:8b:b5:
                    38:91:ba:99:29:15:4f:20:cf:38:af:00:c9:04:0d:
                    fe:ff:6e:84:73:81:15:78:c0:10:8e:61:46:8c:94:
                    74:e2:69:c0:80:6a:60:62:8c:66:60:77:28:67:dc:
                    c5:40:56:72:80:2c:91:cc:b6:74:6f:62:5f:d7:54:
                    85:5e:75:32:1b:90:70:3e:68:7e:92:71:03:55:5b:
                    5e:24:d9:d0:58:b6:06:5d:27:ee:09:ad:12:c8:e0:
                    0e:16:ae:bd:bd:a0:32:ea:e8:88:d6:82:bc:ae:60:
                    77:61:26:00:fe:4b:1e:90:26:11:b9:da:92:ce:bf:
                    8e:b9:5d:68:ae:53:02:53:a4:d4:d6:cc:43:27:d3:
                    2e:10:22:07:a9:eb:6c:1e:68:e1:75:3f:d8:05:f4:
                    6c:dd:e8:80:1a:44:58:50:bc:e2:4f:f6:4d:a6:2a:
                    43:a5:6c:a4:a5:6c:5e:65:29:1b:33:51:0b:37:d1:
                    3c:a6:ad:5a:ae:47:22:dc:09:4a:05:1e:73:1b:62:
                    40:f4:9f:97:7b:cd:e0:0a:19:b8:d3:78:cc:ee:a3:
                    0f:12:4e:99:0c:a6:9b:01:60:7a:71:5b:a7:f3:d8:
                    55:15:93:35:7c:8d:a8:f1:01:86:4d:e3:c0:a1:2a:
                    e3:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:CE:D0:44:AF:CB:1D:C5:7A:1C:0B:CA:FA:04:F2:BA:52:30:7A:41
            X509v3 Authority Key Identifier:
                keyid:B7:C4:0A:74:7E:3A:C1:AC:C6:11:A4:C4:03:B6:00:73:98:E7:D7:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t8QKdH46wazGEaTEA7YAc5jn158.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/ls7QRK_LHcV6HAvK-gTyulIwekE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/t8QKdH46wazGEaTEA7YAc5jn158.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:86:33:aa:fb:d3:f9:c8:43:21:04:da:40:6f:af:6d:5d:7a:
         0d:bd:69:23:0c:85:02:fa:08:73:75:9b:31:92:d6:55:e7:df:
         f2:44:39:02:33:ba:32:88:9b:b5:a1:d5:ff:60:90:9f:2f:89:
         73:8a:23:79:bb:8d:cc:ee:0f:e3:c2:00:c8:05:5a:85:94:cd:
         bf:03:bb:ab:23:d1:38:ff:64:db:ae:a5:82:ec:aa:3a:77:6e:
         ec:e2:33:e5:6b:e4:ef:cb:56:0c:35:11:8b:85:6e:87:bf:c4:
         7f:7f:9f:43:da:e1:7f:ec:a5:c1:27:e6:14:c2:23:c3:16:4b:
         9b:08:9f:7e:17:31:a6:ae:68:47:54:93:8b:55:a8:8e:07:f6:
         73:6d:87:41:fa:05:be:ec:82:bb:3a:01:eb:ad:10:a3:5b:c1:
         92:0c:e6:7f:b7:73:19:d5:7d:76:e2:67:f7:d9:e2:4d:8f:2f:
         41:e4:4e:e9:5f:e9:31:fb:6d:de:5a:f0:ca:14:ff:0a:ea:f4:
         39:86:65:88:fd:cb:3a:a5:32:d7:da:b3:9b:ec:94:a3:c2:4b:
         f5:c5:9d:1e:3e:a5:00:2c:3c:a0:fd:52:e9:8d:a8:de:29:20:
         ba:94:ea:93:a2:7a:ed:e1:f1:a8:72:d9:ee:71:d3:4a:56:5e:
         70:d1:76:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY43zehjrFMCydfEiMfdtea5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3YzQwYTc0N2UzYWMxYWNjNjExYTRjNDAzYjYwMDczOThl
N2Q3OWYwHhcNMjQwMzEzMTIzMzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmNlZDA0NGFmY2IxZGM1N2ExYzBiY2FmYTA0ZjJiYTUyMzA3YTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcdTOhWePLqW7zk2i7U4kbqZKRVP
IM84rwDJBA3+/26Ec4EVeMAQjmFGjJR04mnAgGpgYoxmYHcoZ9zFQFZygCyRzLZ0
b2Jf11SFXnUyG5BwPmh+knEDVVteJNnQWLYGXSfuCa0SyOAOFq69vaAy6uiI1oK8
rmB3YSYA/ksekCYRudqSzr+OuV1orlMCU6TU1sxDJ9MuECIHqetsHmjhdT/YBfRs
3eiAGkRYULziT/ZNpipDpWykpWxeZSkbM1ELN9E8pq1arkci3AlKBR5zG2JA9J+X
e83gChm403jM7qMPEk6ZDKabAWB6cVun89hVFZM1fI2o8QGGTePAoSrjiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJbO0ESvyx3FehwLyvoE8rpSMHpBMB8GA1UdIwQY
MBaAFLfECnR+OsGsxhGkxAO2AHOY59efMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDhRS2RINDZ3YXpHRWFURUE3WUFjNWpuMTU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zNzVlYmMtYmFmYi00ZTBiLWI1NDkt
Nzc2MzVhMjJlYjk2LzEvbHM3UVJLX0xIY1Y2SEF2Sy1nVHl1bEl3ZWtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zNzVlYmMtYmFmYi00ZTBiLWI1NDktNzc2MzVhMjJlYjk2
LzEvdDhRS2RINDZ3YXpHRWFURUE3WUFjNWpuMTU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUMNMA0G
CSqGSIb3DQEBCwUAA4IBAQAfhjOq+9P5yEMhBNpAb69tXXoNvWkjDIUC+ghzdZsx
ktZV59/yRDkCM7oyiJu1odX/YJCfL4lziiN5u43M7g/jwgDIBVqFlM2/A7urI9E4
/2TbrqWC7Ko6d27s4jPla+Tvy1YMNRGLhW6Hv8R/f59D2uF/7KXBJ+YUwiPDFkub
CJ9+FzGmrmhHVJOLVaiOB/ZzbYdB+gW+7IK7OgHrrRCjW8GSDOZ/t3MZ1X124mf3
2eJNjy9B5E7pX+kx+23eWvDKFP8K6vQ5hmWI/cs6pTLX2rOb7JSjwkv1xZ0ePqUA
LDyg/VLpjajeKSC6lOqTonrt4fGoctnucdNKVl5w0XaC
-----END CERTIFICATE-----