Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/7EYf6YyjfRxu_fcxczuN0BUWHcA.roa
File:                     7EYf6YyjfRxu_fcxczuN0BUWHcA.roa (raw, json)
Hash identifier:          GIA7t4WLyENpU3aw+4IDfAARphudaOvnhWXVOGazYFQ=
Subject key identifier:   EC:46:1F:E9:8C:A3:7D:1C:6E:FD:F7:31:73:3B:8D:D0:15:16:1D:C0
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018F064756A576E88D521F756A4F869139B0
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/7EYf6YyjfRxu_fcxczuN0BUWHcA.roa
Signing time:             Mon 22 Apr 2024 14:48:09 +0000
ROA not before:           Mon 22 Apr 2024 14:48:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        45.155.65.0/24 maxlen: 24
                          176.118.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 00:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:47:56:a5:76:e8:8d:52:1f:75:6a:4f:86:91:39:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 22 14:48:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec461fe98ca37d1c6efdf731733b8dd015161dc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:63:92:ab:74:99:cd:97:03:a4:d5:a3:be:e3:
                    39:71:ed:47:04:f8:da:62:8b:94:fe:e7:59:3a:3a:
                    40:50:54:d5:75:22:7b:e7:bc:c2:40:11:85:dc:93:
                    8f:41:e3:8d:26:74:64:88:3c:c0:79:bd:43:ed:5c:
                    66:15:9a:bd:d7:81:79:88:79:16:d6:83:a6:1e:13:
                    d7:c8:85:2c:aa:9a:bb:47:aa:2c:8d:78:19:8b:b6:
                    e2:d4:10:4d:2d:4c:97:ec:c4:40:16:5d:60:5e:5b:
                    92:9a:5e:d3:a1:a3:5e:b8:8f:db:15:bc:09:e3:71:
                    31:57:db:5a:cb:5f:c9:f0:a3:35:4e:c8:53:43:22:
                    4f:25:e5:9f:e6:d9:47:46:ce:76:18:23:bb:af:02:
                    29:cf:ca:0a:18:b6:62:ec:02:da:73:4c:b6:8e:70:
                    63:ec:ba:89:a3:2d:2f:d0:1c:48:ce:3d:65:6e:75:
                    44:8e:1b:6f:31:1e:95:67:f1:43:36:7c:f3:78:cc:
                    f4:ee:23:07:dc:44:93:6f:f5:19:62:3d:ca:6d:86:
                    91:c3:b6:19:9e:56:0c:2d:fb:c5:cf:ae:4b:64:e7:
                    70:0e:32:aa:02:4b:af:bd:13:2d:a4:a6:02:48:cb:
                    57:31:e4:dc:f9:e1:ad:e0:be:0d:68:88:9e:1a:51:
                    66:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:46:1F:E9:8C:A3:7D:1C:6E:FD:F7:31:73:3B:8D:D0:15:16:1D:C0
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/7EYf6YyjfRxu_fcxczuN0BUWHcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.65.0/24
                  176.118.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:e0:ef:a0:a6:02:b6:01:89:46:64:f0:bc:5d:c0:90:58:37:
         45:ff:68:d6:a6:13:01:10:3b:ba:76:4f:d2:d0:b4:98:eb:50:
         b3:9f:a9:91:a2:75:4d:2d:78:7e:58:20:56:2a:f7:7e:8b:d3:
         ff:9a:d5:fe:14:24:97:f6:6b:31:82:5d:98:71:cb:6f:e7:00:
         32:6f:53:8f:d2:fe:c1:90:88:e6:e6:84:92:8d:2a:29:bb:55:
         00:40:89:80:ca:73:0f:f7:45:4b:4c:cb:ce:a8:20:c4:f4:b5:
         21:bb:e2:f9:ae:c9:ca:7f:db:a0:03:c7:57:77:07:e2:c2:26:
         d8:4a:6e:7d:53:14:15:ce:e9:32:e1:4a:38:c8:34:25:50:36:
         22:8e:4e:44:7e:40:4a:52:a2:02:76:0e:b7:59:3c:38:46:de:
         c7:17:fe:3c:cb:81:47:58:68:6a:66:82:1a:bf:62:2d:30:b5:
         9f:06:bc:45:4e:38:5c:c3:a0:db:d8:7e:d0:08:fa:2c:31:51:
         6d:bc:1f:5e:b5:dd:44:a0:24:f7:94:fb:8c:9a:a9:a9:fa:ee:
         a3:5c:73:a1:a0:d2:ae:08:c7:1d:26:34:dd:e0:2d:f8:25:1c:
         be:79:ca:1b:ce:6a:20:61:14:93:66:ea:d0:6f:a2:88:da:2b:
         f1:3e:8b:97
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8GR1alduiNUh91ak+GkTmwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwNDIyMTQ0ODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzQ2MWZlOThjYTM3ZDFjNmVmZGY3MzE3MzNiOGRkMDE1MTYxZGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWOSq3SZzZcDpNWjvuM5ce1HBPja
YouU/udZOjpAUFTVdSJ757zCQBGF3JOPQeONJnRkiDzAeb1D7VxmFZq914F5iHkW
1oOmHhPXyIUsqpq7R6osjXgZi7bi1BBNLUyX7MRAFl1gXluSml7ToaNeuI/bFbwJ
43ExV9tay1/J8KM1TshTQyJPJeWf5tlHRs52GCO7rwIpz8oKGLZi7ALac0y2jnBj
7LqJoy0v0BxIzj1lbnVEjhtvMR6VZ/FDNnzzeMz07iMH3ESTb/UZYj3KbYaRw7YZ
nlYMLfvFz65LZOdwDjKqAkuvvRMtpKYCSMtXMeTc+eGt4L4NaIieGlFm1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOxGH+mMo30cbv33MXM7jdAVFh3AMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvN0VZZjZZeWpmUnh1X2ZjeGN6dU4wQlVXSGNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZtBAwQA
sHYhMA0GCSqGSIb3DQEBCwUAA4IBAQCO4O+gpgK2AYlGZPC8XcCQWDdF/2jWphMB
EDu6dk/S0LSY61Czn6mRonVNLXh+WCBWKvd+i9P/mtX+FCSX9msxgl2Ycctv5wAy
b1OP0v7BkIjm5oSSjSopu1UAQImAynMP90VLTMvOqCDE9LUhu+L5rsnKf9ugA8dX
dwfiwibYSm59UxQVzuky4Uo4yDQlUDYijk5EfkBKUqICdg63WTw4Rt7HF/48y4FH
WGhqZoIav2ItMLWfBrxFTjhcw6Db2H7QCPosMVFtvB9etd1EoCT3lPuMmqmp+u6j
XHOhoNKuCMcdJjTd4C34JRy+ecobzmogYRSTZurQb6KI2ivxPouX
-----END CERTIFICATE-----