Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/7c166c-24b2-4a07-9115-17ce67bdad7b/1/7AdSoYmrqvkmP6lM_Xrw7difVzw.roa
File:                     7AdSoYmrqvkmP6lM_Xrw7difVzw.roa (raw, json)
Hash identifier:          b9H9yiYWmd5zbCKQ1uBZEKl9GMPp0QH2PUETysc0jyU=
Subject key identifier:   EC:07:52:A1:89:AB:AA:F9:26:3F:A9:4C:FD:7A:F0:ED:D8:9F:57:3C
Certificate issuer:       /CN=5cf88adc19eaad13d685b81ec39935bd4b2c69ad
Certificate serial:       018CC6B787E11FE974C02376AE61EB1E0862
Authority key identifier: 5C:F8:8A:DC:19:EA:AD:13:D6:85:B8:1E:C3:99:35:BD:4B:2C:69:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XPiK3BnqrRPWhbgew5k1vUssaa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/7c166c-24b2-4a07-9115-17ce67bdad7b/1/7AdSoYmrqvkmP6lM_Xrw7difVzw.roa
Signing time:             Mon 01 Jan 2024 20:29:25 +0000
ROA not before:           Mon 01 Jan 2024 20:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208862
IP address blocks:        45.82.0.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/7c166c-24b2-4a07-9115-17ce67bdad7b/1/XPiK3BnqrRPWhbgew5k1vUssaa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/7c166c-24b2-4a07-9115-17ce67bdad7b/1/XPiK3BnqrRPWhbgew5k1vUssaa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XPiK3BnqrRPWhbgew5k1vUssaa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 04:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:87:e1:1f:e9:74:c0:23:76:ae:61:eb:1e:08:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cf88adc19eaad13d685b81ec39935bd4b2c69ad
        Validity
            Not Before: Jan  1 20:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec0752a189abaaf9263fa94cfd7af0edd89f573c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:f1:07:b8:b3:d0:bf:cd:43:00:e7:bc:ba:ea:
                    0e:c1:ae:e7:0e:7c:73:1d:4e:b2:c6:54:ff:a0:93:
                    66:09:97:4c:9a:af:d3:fd:72:27:76:86:3b:75:6b:
                    26:d6:d3:93:8d:d8:bb:79:e0:61:ca:ae:24:04:f1:
                    20:0e:d2:3c:30:ad:6f:59:79:8f:e9:a5:e7:11:d8:
                    70:ce:81:5d:2d:0f:f5:ac:45:3a:6c:e8:b3:a1:bd:
                    e1:43:93:4d:8c:53:c4:a0:31:17:40:5a:85:5f:bd:
                    bd:33:3f:3c:09:b7:db:36:8c:f8:6b:93:6b:bc:dd:
                    ca:0a:80:8e:eb:d9:d0:cf:97:7c:fd:ec:2c:64:63:
                    5b:ce:23:ae:61:b3:83:0f:35:72:12:4b:17:d8:f2:
                    16:5d:ff:82:43:da:ab:c9:a2:86:6f:65:44:14:b2:
                    a6:34:66:c1:9b:a5:42:7d:54:b9:ff:29:5f:af:6e:
                    a1:a1:6d:c3:13:4f:f5:23:6b:8d:8a:54:5a:00:40:
                    7f:f4:4e:51:46:46:42:10:e4:31:2f:5e:33:37:66:
                    98:73:2d:90:e0:4e:36:cd:a2:64:f8:1d:5d:23:1e:
                    06:21:6f:3a:38:02:15:1f:ad:ff:ba:00:23:93:6d:
                    11:eb:3a:46:86:15:66:c2:16:f2:d0:9d:b7:df:f6:
                    b9:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:07:52:A1:89:AB:AA:F9:26:3F:A9:4C:FD:7A:F0:ED:D8:9F:57:3C
            X509v3 Authority Key Identifier:
                keyid:5C:F8:8A:DC:19:EA:AD:13:D6:85:B8:1E:C3:99:35:BD:4B:2C:69:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XPiK3BnqrRPWhbgew5k1vUssaa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7c166c-24b2-4a07-9115-17ce67bdad7b/1/7AdSoYmrqvkmP6lM_Xrw7difVzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7c166c-24b2-4a07-9115-17ce67bdad7b/1/XPiK3BnqrRPWhbgew5k1vUssaa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:32:83:bb:0c:02:16:f3:58:41:88:d0:ec:dc:64:da:7f:8b:
         10:0b:a8:fe:d0:9a:6d:eb:ac:03:05:c5:4c:da:c4:d5:7f:ca:
         6b:5c:38:44:51:2c:6c:3b:41:cb:d9:df:91:64:89:d5:cb:45:
         25:d1:e3:5b:65:00:6e:06:6a:65:bf:ca:90:aa:93:d2:92:0d:
         5c:27:3d:e6:9b:1c:ba:b2:77:09:b7:ad:e3:28:18:e2:5d:92:
         3c:f7:76:d8:9d:f9:1b:bd:2c:e8:eb:2d:b5:0d:5e:34:99:d3:
         e6:1f:6f:5a:18:79:1e:2a:17:c9:b9:3b:34:db:00:e9:f5:30:
         7c:59:22:a4:4a:e0:b8:19:89:09:97:3b:84:b5:74:e0:c8:14:
         c0:c2:2d:91:ce:62:db:bf:b6:c8:94:7c:3d:e5:5b:fd:56:f7:
         63:8b:8b:d5:4f:13:86:46:67:ca:1f:ab:67:b1:98:44:a8:eb:
         a1:fc:d2:de:85:8f:ae:c0:e7:b0:68:af:26:cf:1c:f3:ca:36:
         2d:f8:fa:68:ce:33:68:c6:81:08:ef:4b:59:53:65:46:25:aa:
         c8:ba:d1:96:4a:c7:6a:3a:b4:5c:71:6e:1f:74:33:e3:26:ed:
         d9:fa:a6:da:8c:c8:60:16:b1:ad:31:8b:ab:c6:85:6d:94:d7:
         23:b1:7f:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt4fhH+l0wCN2rmHrHghiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZjg4YWRjMTllYWFkMTNkNjg1YjgxZWMzOTkzNWJkNGIy
YzY5YWQwHhcNMjQwMTAxMjAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzA3NTJhMTg5YWJhYWY5MjYzZmE5NGNmZDdhZjBlZGQ4OWY1NzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivEHuLPQv81DAOe8uuoOwa7nDnxz
HU6yxlT/oJNmCZdMmq/T/XIndoY7dWsm1tOTjdi7eeBhyq4kBPEgDtI8MK1vWXmP
6aXnEdhwzoFdLQ/1rEU6bOizob3hQ5NNjFPEoDEXQFqFX729Mz88CbfbNoz4a5Nr
vN3KCoCO69nQz5d8/ewsZGNbziOuYbODDzVyEksX2PIWXf+CQ9qryaKGb2VEFLKm
NGbBm6VCfVS5/ylfr26hoW3DE0/1I2uNilRaAEB/9E5RRkZCEOQxL14zN2aYcy2Q
4E42zaJk+B1dIx4GIW86OAIVH63/ugAjk20R6zpGhhVmwhby0J233/a5ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOwHUqGJq6r5Jj+pTP168O3Yn1c8MB8GA1UdIwQY
MBaAFFz4itwZ6q0T1oW4HsOZNb1LLGmtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFBpSzNCbnFyUlBXaGJnZXc1azF2VXNzYWEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS83YzE2NmMtMjRiMi00YTA3LTkxMTUt
MTdjZTY3YmRhZDdiLzEvN0FkU29ZbXJxdmttUDZsTV9Ycnc3ZGlmVnp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS83YzE2NmMtMjRiMi00YTA3LTkxMTUtMTdjZTY3YmRhZDdi
LzEvWFBpSzNCbnFyUlBXaGJnZXc1azF2VXNzYWEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVIAMA0G
CSqGSIb3DQEBCwUAA4IBAQCqMoO7DAIW81hBiNDs3GTaf4sQC6j+0Jpt66wDBcVM
2sTVf8prXDhEUSxsO0HL2d+RZInVy0Ul0eNbZQBuBmplv8qQqpPSkg1cJz3mmxy6
sncJt63jKBjiXZI893bYnfkbvSzo6y21DV40mdPmH29aGHkeKhfJuTs02wDp9TB8
WSKkSuC4GYkJlzuEtXTgyBTAwi2RzmLbv7bIlHw95Vv9Vvdji4vVTxOGRmfKH6tn
sZhEqOuh/NLehY+uwOewaK8mzxzzyjYt+PpozjNoxoEI70tZU2VGJarIutGWSsdq
OrRccW4fdDPjJu3Z+qbajMhgFrGtMYurxoVtlNcjsX9Z
-----END CERTIFICATE-----