Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/070630-5234-49c4-84fe-15bda6b867cb/1/7FIS9JXLBhSn9Xd80njFKcjrU5c.roa
File:                     7FIS9JXLBhSn9Xd80njFKcjrU5c.roa (raw, json)
Hash identifier:          YIkfZDnE728Jfdsal+Cj/SDX4JnmcF1VCDJGwCdL40A=
Subject key identifier:   EC:52:12:F4:95:CB:06:14:A7:F5:77:7C:D2:78:C5:29:C8:EB:53:97
Certificate issuer:       /CN=53b1a8ebc3ecf7f5db7f6cacd00e920af85ae8b4
Certificate serial:       019593E9D55D052BC9B1B2F5A0A1C6A40826
Authority key identifier: 53:B1:A8:EB:C3:EC:F7:F5:DB:7F:6C:AC:D0:0E:92:0A:F8:5A:E8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U7Go68Ps9_Xbf2ys0A6SCvha6LQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/070630-5234-49c4-84fe-15bda6b867cb/1/7FIS9JXLBhSn9Xd80njFKcjrU5c.roa
Signing time:             Fri 14 Mar 2025 09:08:49 +0000
ROA not before:           Fri 14 Mar 2025 09:08:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50575
IP address blocks:        45.147.220.0/22 maxlen: 22
                          2001:67c:24ac::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/070630-5234-49c4-84fe-15bda6b867cb/1/U7Go68Ps9_Xbf2ys0A6SCvha6LQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/070630-5234-49c4-84fe-15bda6b867cb/1/U7Go68Ps9_Xbf2ys0A6SCvha6LQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U7Go68Ps9_Xbf2ys0A6SCvha6LQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:93:e9:d5:5d:05:2b:c9:b1:b2:f5:a0:a1:c6:a4:08:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53b1a8ebc3ecf7f5db7f6cacd00e920af85ae8b4
        Validity
            Not Before: Mar 14 09:08:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec5212f495cb0614a7f5777cd278c529c8eb5397
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:87:53:5c:1e:5f:93:c7:e6:a0:5f:04:71:b7:
                    64:ac:d7:c6:cc:26:83:8a:a0:74:44:25:17:fb:c8:
                    97:63:95:52:d8:81:34:77:33:a3:21:f9:96:e5:93:
                    cf:46:2b:e2:16:1a:5e:b4:87:7a:d7:6e:ac:f7:88:
                    92:df:2f:f1:f0:9a:47:08:43:61:f1:68:b4:52:eb:
                    12:2f:10:46:f4:ad:ec:63:11:58:42:cf:75:7b:cf:
                    28:82:84:b2:4c:b4:d2:50:23:69:2e:c2:e3:17:54:
                    38:7a:7f:e2:92:7e:14:aa:2d:4e:bc:e2:c2:c7:03:
                    8d:06:75:fb:4b:a8:4a:dd:ee:8e:7f:b9:aa:7d:0b:
                    c6:24:21:92:d2:54:ef:52:b8:1a:b3:ce:e6:c1:3d:
                    d0:96:63:d6:91:d4:29:ff:ca:62:bf:a6:c5:b7:3c:
                    f7:05:59:51:80:ad:20:0a:42:e7:ec:f7:11:f3:ca:
                    46:ee:20:51:e2:96:14:02:fd:39:34:37:01:ef:5f:
                    42:d1:52:7c:a8:ac:c7:1c:72:df:b2:78:bb:1f:1f:
                    9c:63:dd:75:cc:33:3f:ee:16:06:40:f5:f9:f1:74:
                    80:ec:30:ca:23:88:1e:8b:01:7d:c9:d1:59:b2:d8:
                    0e:98:1d:cc:47:ab:9f:16:1b:b9:bd:90:06:7f:23:
                    36:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:52:12:F4:95:CB:06:14:A7:F5:77:7C:D2:78:C5:29:C8:EB:53:97
            X509v3 Authority Key Identifier:
                keyid:53:B1:A8:EB:C3:EC:F7:F5:DB:7F:6C:AC:D0:0E:92:0A:F8:5A:E8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7Go68Ps9_Xbf2ys0A6SCvha6LQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/070630-5234-49c4-84fe-15bda6b867cb/1/7FIS9JXLBhSn9Xd80njFKcjrU5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/070630-5234-49c4-84fe-15bda6b867cb/1/U7Go68Ps9_Xbf2ys0A6SCvha6LQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.220.0/22
                IPv6:
                  2001:67c:24ac::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:3a:2f:5f:38:f1:99:1c:a7:36:c4:c4:a5:51:eb:cd:bf:5a:
         e7:40:b1:c8:1f:3a:8a:c3:a7:c4:d8:7d:a5:ee:d2:36:48:7f:
         2f:b0:d7:90:71:cd:ea:3e:73:0f:36:03:f1:29:e4:bb:d4:a7:
         bd:1f:c2:93:73:e6:ae:73:83:c9:f4:5c:fe:40:8c:39:9c:31:
         76:27:a9:14:4e:43:83:da:65:12:35:ac:28:50:b8:39:d0:c0:
         59:5c:37:19:da:de:24:be:d1:29:ee:33:fc:3d:b8:4b:d0:2c:
         00:ff:05:c0:04:c5:1b:fc:17:9c:d4:9a:bf:40:2f:7f:1f:c3:
         30:9c:ec:18:8e:1e:e3:76:32:fe:0f:7c:9d:43:05:79:ae:cb:
         23:77:a3:cb:3e:5f:da:b4:1a:54:a1:ec:87:83:35:29:77:5d:
         29:64:e3:26:c7:b4:83:76:6f:fa:5a:a5:2f:8b:89:65:ad:c6:
         af:68:4a:37:4e:1e:ea:4f:bf:ff:57:5a:d8:62:66:cb:06:5c:
         e5:6b:f3:da:2e:8b:20:f2:09:ed:16:14:c0:5d:a1:0b:08:3e:
         0e:de:10:6d:6f:13:ba:5e:73:88:36:b0:66:cd:90:1d:6e:31:
         90:10:e8:70:f6:fb:c7:2c:27:14:dc:0b:9e:84:c0:bb:05:05:
         4e:1c:32:4a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZWT6dVdBSvJsbL1oKHGpAgmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjFhOGViYzNlY2Y3ZjVkYjdmNmNhY2QwMGU5MjBhZjg1
YWU4YjQwHhcNMjUwMzE0MDkwODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzUyMTJmNDk1Y2IwNjE0YTdmNTc3N2NkMjc4YzUyOWM4ZWI1Mzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyodTXB5fk8fmoF8EcbdkrNfGzCaD
iqB0RCUX+8iXY5VS2IE0dzOjIfmW5ZPPRiviFhpetId6126s94iS3y/x8JpHCENh
8Wi0UusSLxBG9K3sYxFYQs91e88ogoSyTLTSUCNpLsLjF1Q4en/ikn4Uqi1OvOLC
xwONBnX7S6hK3e6Of7mqfQvGJCGS0lTvUrgas87mwT3QlmPWkdQp/8piv6bFtzz3
BVlRgK0gCkLn7PcR88pG7iBR4pYUAv05NDcB719C0VJ8qKzHHHLfsni7Hx+cY911
zDM/7hYGQPX58XSA7DDKI4geiwF9ydFZstgOmB3MR6ufFhu5vZAGfyM27QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOxSEvSVywYUp/V3fNJ4xSnI61OXMB8GA1UdIwQY
MBaAFFOxqOvD7Pf1239srNAOkgr4Wui0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdHbzY4UHM5X1hiZjJ5czBBNlNDdmhhNkxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wNzA2MzAtNTIzNC00OWM0LTg0ZmUt
MTViZGE2Yjg2N2NiLzEvN0ZJUzlKWExCaFNuOVhkODBuakZLY2pyVTVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wNzA2MzAtNTIzNC00OWM0LTg0ZmUtMTViZGE2Yjg2N2Ni
LzEvVTdHbzY4UHM5X1hiZjJ5czBBNlNDdmhhNkxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCLZPcMA8E
AgACMAkDBwAgAQZ8JKwwDQYJKoZIhvcNAQELBQADggEBAFU6L1848ZkcpzbExKVR
682/WudAscgfOorDp8TYfaXu0jZIfy+w15Bxzeo+cw82A/Ep5LvUp70fwpNz5q5z
g8n0XP5AjDmcMXYnqRROQ4PaZRI1rChQuDnQwFlcNxna3iS+0SnuM/w9uEvQLAD/
BcAExRv8F5zUmr9AL38fwzCc7BiOHuN2Mv4PfJ1DBXmuyyN3o8s+X9q0GlSh7IeD
NSl3XSlk4ybHtIN2b/papS+LiWWtxq9oSjdOHupPv/9XWthiZssGXOVr89ouiyDy
Ce0WFMBdoQsIPg7eEG1vE7pec4g2sGbNkB1uMZAQ6HD2+8csJxTcC56EwLsFBU4c
Mko=
-----END CERTIFICATE-----