Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/fa342e-b3bc-4373-8c6b-8854c82b545d/1/s7Nwp-pdtW1VzrXELmi88KxRbcY.roa
File:                     s7Nwp-pdtW1VzrXELmi88KxRbcY.roa (raw, json)
Hash identifier:          kS5lauB3KVi7i9vxOk/8PTUnH9Bpra45tJL87reMp8I=
Subject key identifier:   B3:B3:70:A7:EA:5D:B5:6D:55:CE:B5:C4:2E:68:BC:F0:AC:51:6D:C6
Certificate issuer:       /CN=cb335dc6feb385f6a23344056a13c2c595028e91
Certificate serial:       018CC6B788797EBCA8C1FDB06A5981B7ED57
Authority key identifier: CB:33:5D:C6:FE:B3:85:F6:A2:33:44:05:6A:13:C2:C5:95:02:8E:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yzNdxv6zhfaiM0QFahPCxZUCjpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/fa342e-b3bc-4373-8c6b-8854c82b545d/1/s7Nwp-pdtW1VzrXELmi88KxRbcY.roa
Signing time:             Mon 01 Jan 2024 20:29:25 +0000
ROA not before:           Mon 01 Jan 2024 20:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41652
IP address blocks:        45.80.2.0/24 maxlen: 24
                          45.80.0.0/22 maxlen: 22
                          2a0e:3780::/29 maxlen: 29
                          2a0e:3780::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/fa342e-b3bc-4373-8c6b-8854c82b545d/1/yzNdxv6zhfaiM0QFahPCxZUCjpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/fa342e-b3bc-4373-8c6b-8854c82b545d/1/yzNdxv6zhfaiM0QFahPCxZUCjpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yzNdxv6zhfaiM0QFahPCxZUCjpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 01:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:88:79:7e:bc:a8:c1:fd:b0:6a:59:81:b7:ed:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb335dc6feb385f6a23344056a13c2c595028e91
        Validity
            Not Before: Jan  1 20:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3b370a7ea5db56d55ceb5c42e68bcf0ac516dc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:96:e6:a4:28:e0:d6:63:d7:00:86:dd:82:c3:
                    e0:d2:90:af:12:16:81:74:47:10:47:18:fd:36:b9:
                    87:b2:90:ef:2d:52:85:92:92:c1:05:5d:53:52:cb:
                    4e:9e:6d:f4:2e:c4:94:a7:ca:d3:c2:e8:69:21:3f:
                    09:f1:af:44:ad:c8:14:78:0e:a5:13:3e:2e:d0:57:
                    96:08:de:01:57:cf:f6:73:be:22:43:7c:7f:0d:e8:
                    56:1b:12:4a:90:00:be:13:22:a2:41:a9:b4:dd:41:
                    0e:7e:8e:ec:74:4c:e5:82:01:db:97:8d:0a:6b:d5:
                    ad:bc:fb:f8:e0:6f:99:cd:91:23:ff:1a:e4:02:15:
                    e6:b5:59:87:52:26:f6:3f:84:de:f1:54:69:fd:2c:
                    d0:39:81:37:9f:5a:04:43:3f:ee:3c:cd:f5:7e:16:
                    fd:13:d3:41:ee:b0:c8:a5:99:b4:8f:02:73:5d:7d:
                    73:e2:d7:e8:63:e8:1e:f3:68:47:24:4b:a4:2e:cb:
                    3a:12:3f:e8:e9:06:62:c4:e0:97:1f:7a:b8:e7:50:
                    5c:69:c4:b5:d7:19:8f:70:19:f4:54:07:e2:e4:8f:
                    7b:49:b7:42:e7:be:55:55:70:78:6f:bb:96:11:bf:
                    d7:74:dd:73:38:d0:df:ad:6c:cd:a4:a1:f0:51:31:
                    eb:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:B3:70:A7:EA:5D:B5:6D:55:CE:B5:C4:2E:68:BC:F0:AC:51:6D:C6
            X509v3 Authority Key Identifier:
                keyid:CB:33:5D:C6:FE:B3:85:F6:A2:33:44:05:6A:13:C2:C5:95:02:8E:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yzNdxv6zhfaiM0QFahPCxZUCjpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/fa342e-b3bc-4373-8c6b-8854c82b545d/1/s7Nwp-pdtW1VzrXELmi88KxRbcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/fa342e-b3bc-4373-8c6b-8854c82b545d/1/yzNdxv6zhfaiM0QFahPCxZUCjpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.0.0/22
                IPv6:
                  2a0e:3780::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:cc:06:7d:5b:8c:ce:73:cd:69:fa:34:45:ac:3b:25:8a:e9:
         10:14:09:d6:f7:11:40:4a:84:04:99:b9:76:82:5a:2a:de:fb:
         ea:6b:50:0d:70:60:11:fa:c6:fa:a0:ff:a0:7a:8e:14:5c:52:
         19:d4:9c:67:4c:9f:93:e0:03:b2:4b:24:cc:ad:54:b5:b8:3f:
         eb:70:d2:ab:96:6b:44:b3:ad:ce:16:ee:3a:4b:75:3b:84:7b:
         d5:74:ca:f0:06:aa:fd:04:4f:35:aa:5a:24:5f:b1:45:f6:55:
         d1:90:c1:73:42:b9:ba:80:cf:cf:6e:2f:fa:a1:fc:b6:27:e1:
         c7:da:f6:a9:8b:9c:54:c5:e4:c0:28:a5:43:ea:09:e6:a3:0d:
         b1:95:aa:16:40:ba:37:a7:ef:89:2c:28:da:9b:11:04:8f:e6:
         57:b8:c0:57:b2:5f:cd:ce:60:e4:70:61:7a:58:16:c8:52:fd:
         e5:90:43:c0:b6:a2:25:cd:9d:38:0a:2b:bf:06:24:05:e8:d2:
         dc:b9:87:68:ba:22:41:6a:df:bb:07:65:3d:a1:0d:5e:2a:ab:
         4d:0f:35:bc:d3:5a:ec:b7:aa:bc:dc:d2:f3:9e:7d:39:e6:01:
         bd:20:b3:ed:a3:05:ae:cc:c9:57:4c:7e:b1:e0:22:48:d7:05:
         fb:dd:a0:62
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt4h5fryowf2walmBt+1XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMzM1ZGM2ZmViMzg1ZjZhMjMzNDQwNTZhMTNjMmM1OTUw
MjhlOTEwHhcNMjQwMTAxMjAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2IzNzBhN2VhNWRiNTZkNTVjZWI1YzQyZTY4YmNmMGFjNTE2ZGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZbmpCjg1mPXAIbdgsPg0pCvEhaB
dEcQRxj9NrmHspDvLVKFkpLBBV1TUstOnm30LsSUp8rTwuhpIT8J8a9ErcgUeA6l
Ez4u0FeWCN4BV8/2c74iQ3x/DehWGxJKkAC+EyKiQam03UEOfo7sdEzlggHbl40K
a9WtvPv44G+ZzZEj/xrkAhXmtVmHUib2P4Te8VRp/SzQOYE3n1oEQz/uPM31fhb9
E9NB7rDIpZm0jwJzXX1z4tfoY+ge82hHJEukLss6Ej/o6QZixOCXH3q451BcacS1
1xmPcBn0VAfi5I97SbdC575VVXB4b7uWEb/XdN1zONDfrWzNpKHwUTHrgQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLOzcKfqXbVtVc61xC5ovPCsUW3GMB8GA1UdIwQY
MBaAFMszXcb+s4X2ojNEBWoTwsWVAo6RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXpOZHh2NnpoZmFpTTBRRmFoUEN4WlVDanBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9mYTM0MmUtYjNiYy00MzczLThjNmIt
ODg1NGM4MmI1NDVkLzEvczdOd3AtcGR0VzFWenJYRUxtaTg4S3hSYmNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9mYTM0MmUtYjNiYy00MzczLThjNmItODg1NGM4MmI1NDVk
LzEveXpOZHh2NnpoZmFpTTBRRmFoUEN4WlVDanBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVAAMA0E
AgACMAcDBQMqDjeAMA0GCSqGSIb3DQEBCwUAA4IBAQBazAZ9W4zOc81p+jRFrDsl
iukQFAnW9xFASoQEmbl2gloq3vvqa1ANcGAR+sb6oP+geo4UXFIZ1JxnTJ+T4AOy
SyTMrVS1uD/rcNKrlmtEs63OFu46S3U7hHvVdMrwBqr9BE81qlokX7FF9lXRkMFz
Qrm6gM/Pbi/6ofy2J+HH2vapi5xUxeTAKKVD6gnmow2xlaoWQLo3p++JLCjamxEE
j+ZXuMBXsl/NzmDkcGF6WBbIUv3lkEPAtqIlzZ04Ciu/BiQF6NLcuYdouiJBat+7
B2U9oQ1eKqtNDzW801rst6q83NLznn055gG9ILPtowWuzMlXTH6x4CJI1wX73aBi
-----END CERTIFICATE-----