Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/7LBZszIZhGNOVscwpU51_2NKk-k.roa
File:                     7LBZszIZhGNOVscwpU51_2NKk-k.roa (raw, json)
Hash identifier:          pCzZ9q2je54+Cj1SRbBRhMeveAKNMdKXxB3ATFJo4sY=
Subject key identifier:   EC:B0:59:B3:32:19:84:63:4E:56:C7:30:A5:4E:75:FF:63:4A:93:E9
Certificate issuer:       /CN=5dd7336fa915721ce3bfee217f4e99164db9532b
Certificate serial:       018CC6B827C6C34782A6433DB83923F78C06
Authority key identifier: 5D:D7:33:6F:A9:15:72:1C:E3:BF:EE:21:7F:4E:99:16:4D:B9:53:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/7LBZszIZhGNOVscwpU51_2NKk-k.roa
Signing time:             Mon 01 Jan 2024 20:30:06 +0000
ROA not before:           Mon 01 Jan 2024 20:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        109.68.56.0/21 maxlen: 21
                          193.151.72.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/Xdczb6kVchzjv-4hf06ZFk25Uys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/Xdczb6kVchzjv-4hf06ZFk25Uys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:27:c6:c3:47:82:a6:43:3d:b8:39:23:f7:8c:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd7336fa915721ce3bfee217f4e99164db9532b
        Validity
            Not Before: Jan  1 20:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecb059b3321984634e56c730a54e75ff634a93e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:95:24:6b:59:16:a4:cd:5d:7c:7b:36:1b:5e:
                    e2:f3:4e:77:d2:9b:eb:e9:85:2a:6d:7a:e5:d2:fa:
                    12:d8:63:50:6a:dc:e6:91:fd:f0:d1:5a:88:09:80:
                    89:c8:95:9e:49:d5:1a:03:df:03:93:12:dc:eb:2e:
                    d0:2d:f6:a3:88:16:0e:b8:26:df:66:3e:f2:8e:8e:
                    05:ad:b3:38:ac:3c:08:09:90:8b:fb:5d:0e:ce:a2:
                    59:f6:cf:f8:b1:76:75:dd:0c:af:a6:82:0e:1d:73:
                    c8:b7:2b:b7:f0:e5:b0:2b:64:5a:b5:c5:37:23:0b:
                    37:d6:ca:91:d4:69:75:a4:dd:45:1c:97:2a:e1:c1:
                    cc:e4:1c:18:c7:28:08:7e:ad:68:5f:85:e9:fc:15:
                    33:e2:c8:a3:f7:16:bf:d5:db:2d:c7:d1:bc:4f:87:
                    b4:ba:81:74:f4:5a:00:e3:ec:7c:dd:61:ab:26:c0:
                    ea:ba:7c:3a:c6:98:d7:6a:52:5a:26:6e:fb:ed:9a:
                    67:1e:0e:97:f7:a6:74:bf:8c:8d:7a:57:42:6a:35:
                    a7:9e:14:1f:23:e8:c5:37:ea:62:09:e5:69:c1:93:
                    7c:80:69:47:83:85:78:68:a6:3f:31:d8:6f:0d:eb:
                    96:e0:95:d4:66:bd:b7:de:e3:fc:19:19:a3:d8:bd:
                    a6:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:B0:59:B3:32:19:84:63:4E:56:C7:30:A5:4E:75:FF:63:4A:93:E9
            X509v3 Authority Key Identifier:
                keyid:5D:D7:33:6F:A9:15:72:1C:E3:BF:EE:21:7F:4E:99:16:4D:B9:53:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/7LBZszIZhGNOVscwpU51_2NKk-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/Xdczb6kVchzjv-4hf06ZFk25Uys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.68.56.0/21
                  193.151.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:e0:54:f4:85:66:17:7b:5f:7c:14:59:5e:a6:0b:0e:54:e3:
         1e:af:36:bd:49:02:d3:20:e4:14:ef:5f:f7:f1:f4:b0:de:a8:
         46:86:e0:41:65:c1:48:6b:6e:e1:0c:4d:22:f2:53:6e:58:7f:
         2e:13:ca:46:74:15:89:37:1d:c7:98:a1:85:01:50:84:04:04:
         54:7f:0c:de:58:ce:94:cc:16:49:6a:b2:8e:6e:f8:17:16:01:
         cc:c8:25:1b:5b:7b:57:10:2d:c3:23:cf:40:60:53:4b:32:b3:
         46:ff:5a:91:e3:1a:a2:86:bb:dd:92:20:e1:1d:ab:b2:68:17:
         2b:08:40:e3:2e:c4:f8:16:53:48:8d:0a:40:0a:95:44:d9:75:
         ad:f9:2e:7b:96:cb:f2:70:fc:00:f0:95:e2:94:02:ba:ff:92:
         da:39:b4:1f:07:53:6b:c3:11:83:59:e8:24:82:ee:17:a3:82:
         66:ed:fb:89:4d:8d:0a:88:0d:7f:57:5c:97:34:8f:c7:b2:34:
         d6:b4:36:fc:f1:24:e9:07:32:bf:08:5e:9c:4c:68:12:9f:a6:
         46:44:9a:32:b3:70:bf:24:ce:c1:10:33:88:f7:8e:0e:96:e0:
         c6:5c:51:e3:68:8a:05:86:ed:47:11:ae:ba:39:e2:41:95:47:
         c8:87:1b:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuCfGw0eCpkM9uDkj94wGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDczMzZmYTkxNTcyMWNlM2JmZWUyMTdmNGU5OTE2NGRi
OTUzMmIwHhcNMjQwMTAxMjAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2IwNTliMzMyMTk4NDYzNGU1NmM3MzBhNTRlNzVmZjYzNGE5M2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUka1kWpM1dfHs2G17i80530pvr
6YUqbXrl0voS2GNQatzmkf3w0VqICYCJyJWeSdUaA98DkxLc6y7QLfajiBYOuCbf
Zj7yjo4FrbM4rDwICZCL+10OzqJZ9s/4sXZ13QyvpoIOHXPItyu38OWwK2RatcU3
Iws31sqR1Gl1pN1FHJcq4cHM5BwYxygIfq1oX4Xp/BUz4sij9xa/1dstx9G8T4e0
uoF09FoA4+x83WGrJsDqunw6xpjXalJaJm777ZpnHg6X96Z0v4yNeldCajWnnhQf
I+jFN+piCeVpwZN8gGlHg4V4aKY/MdhvDeuW4JXUZr233uP8GRmj2L2miQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOywWbMyGYRjTlbHMKVOdf9jSpPpMB8GA1UdIwQY
MBaAFF3XM2+pFXIc47/uIX9OmRZNuVMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRjemI2a1ZjaHpqdi00aGYwNlpGazI1VXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9lNzQ0YmQtZjZkOS00Zjc0LThjMDEt
OGM0YmM0NTkyN2EzLzEvN0xCWnN6SVpoR05PVnNjd3BVNTFfMk5Lay1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9lNzQ0YmQtZjZkOS00Zjc0LThjMDEtOGM0YmM0NTkyN2Ez
LzEvWGRjemI2a1ZjaHpqdi00aGYwNlpGazI1VXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDbUQ4AwQC
wZdIMA0GCSqGSIb3DQEBCwUAA4IBAQBm4FT0hWYXe198FFlepgsOVOMerza9SQLT
IOQU71/38fSw3qhGhuBBZcFIa27hDE0i8lNuWH8uE8pGdBWJNx3HmKGFAVCEBARU
fwzeWM6UzBZJarKObvgXFgHMyCUbW3tXEC3DI89AYFNLMrNG/1qR4xqihrvdkiDh
HauyaBcrCEDjLsT4FlNIjQpACpVE2XWt+S57lsvycPwA8JXilAK6/5LaObQfB1Nr
wxGDWegkgu4Xo4Jm7fuJTY0KiA1/V1yXNI/HsjTWtDb88STpBzK/CF6cTGgSn6ZG
RJoys3C/JM7BEDOI944OluDGXFHjaIoFhu1HEa66OeJBlUfIhxtd
-----END CERTIFICATE-----