Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/7_thGNn6CdK4yEA_2xTY0KzR4Lw.roa
File:                     7_thGNn6CdK4yEA_2xTY0KzR4Lw.roa (raw, json)
Hash identifier:          QCMttiKgQbLoQpYEEaQraNLXUoG+6rf3sRtrYQrYKBU=
Subject key identifier:   EF:FB:61:18:D9:FA:09:D2:B8:C8:40:3F:DB:14:D8:D0:AC:D1:E0:BC
Certificate issuer:       /CN=8fd57a75dd7e952bee283935d6df2925d282a070
Certificate serial:       018D2227847464EA73780A7A8A96BE13E91C
Authority key identifier: 8F:D5:7A:75:DD:7E:95:2B:EE:28:39:35:D6:DF:29:25:D2:82:A0:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j9V6dd1-lSvuKDk11t8pJdKCoHA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/7_thGNn6CdK4yEA_2xTY0KzR4Lw.roa
Signing time:             Fri 19 Jan 2024 14:37:11 +0000
ROA not before:           Fri 19 Jan 2024 14:37:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        45.66.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/j9V6dd1-lSvuKDk11t8pJdKCoHA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/j9V6dd1-lSvuKDk11t8pJdKCoHA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j9V6dd1-lSvuKDk11t8pJdKCoHA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:22:27:84:74:64:ea:73:78:0a:7a:8a:96:be:13:e9:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fd57a75dd7e952bee283935d6df2925d282a070
        Validity
            Not Before: Jan 19 14:37:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=effb6118d9fa09d2b8c8403fdb14d8d0acd1e0bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:5f:58:cd:2d:a4:b0:94:1e:36:37:65:df:94:
                    7b:5b:bf:b4:b6:e6:15:7c:23:5a:b0:d4:06:7b:3a:
                    44:fa:72:30:c9:48:e0:1e:cb:82:36:dd:6a:b2:04:
                    d2:ca:57:44:b8:60:f9:ae:25:5a:d9:fb:16:d5:b9:
                    04:ed:6d:b4:1c:56:7b:9f:b8:9f:d9:ca:b1:45:02:
                    56:fb:40:b1:14:9b:43:4f:c2:0f:8d:3c:ed:c4:ac:
                    ee:86:9b:9c:58:20:23:32:f2:81:b8:f3:ee:c0:ec:
                    e9:8b:7d:8a:45:ea:30:38:89:2b:03:1f:7d:36:02:
                    f3:ae:0e:87:af:31:9c:9c:b5:bf:31:9f:b5:a0:64:
                    b5:bc:a2:20:f5:0f:7a:47:78:c9:fe:f8:ed:a4:63:
                    58:0a:a2:00:a5:16:18:f9:4d:27:45:e5:07:25:29:
                    08:b1:0d:07:74:09:72:de:46:1b:45:ab:6e:77:e6:
                    f8:c4:d7:d1:1e:92:c7:21:e5:82:46:02:dc:78:4c:
                    9f:08:3e:b1:25:c1:61:bf:8a:04:22:73:5a:05:93:
                    de:cb:b5:78:5e:9b:04:c4:1b:76:b0:c6:72:4a:e1:
                    ff:31:9b:28:74:de:2e:35:a5:a4:d2:38:e6:a3:29:
                    dd:77:05:a8:20:a3:57:1c:08:9a:39:09:81:03:32:
                    85:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:FB:61:18:D9:FA:09:D2:B8:C8:40:3F:DB:14:D8:D0:AC:D1:E0:BC
            X509v3 Authority Key Identifier:
                keyid:8F:D5:7A:75:DD:7E:95:2B:EE:28:39:35:D6:DF:29:25:D2:82:A0:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j9V6dd1-lSvuKDk11t8pJdKCoHA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/7_thGNn6CdK4yEA_2xTY0KzR4Lw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/39d4b5-b5c9-480a-9405-d9a539b8b7ad/1/j9V6dd1-lSvuKDk11t8pJdKCoHA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:aa:46:67:c9:ca:9a:9e:cf:36:3a:9e:cf:f4:77:45:62:db:
         81:43:37:a7:65:a6:42:00:f0:78:bf:55:71:ed:b1:00:c7:b3:
         70:d2:5f:66:bb:b4:5c:a8:3a:b8:f6:82:39:bd:e0:43:b6:da:
         63:20:c1:bb:08:2d:e7:d0:b5:8b:41:4b:bd:7c:ee:e9:b5:00:
         56:69:2d:36:af:74:31:10:aa:07:02:c0:3d:26:f2:5f:56:9e:
         ba:60:29:bf:4d:88:d6:6b:30:8d:1e:1b:1b:e1:e3:3b:93:bb:
         88:f3:8a:4e:67:66:f3:5d:17:f5:d5:d1:0b:ba:6f:6a:e0:c2:
         16:1d:1a:f0:4b:88:3f:de:ac:cb:5e:ab:c9:b0:0c:ae:fd:9d:
         6c:b1:ba:80:c9:ba:0f:d1:98:1d:00:8e:ea:c1:d2:d9:ea:24:
         ec:fc:b2:02:bc:82:78:0e:e9:08:f2:c5:fd:24:45:ef:74:b1:
         dd:4a:1a:42:1e:4f:de:10:be:d6:12:7e:7f:94:50:f7:61:78:
         c1:7d:78:28:37:9c:1d:95:69:86:42:23:a0:2a:dc:4e:3c:b0:
         c5:1c:17:42:07:0f:fa:5f:94:ca:66:5e:fc:96:b7:ed:f1:1c:
         fe:6c:38:9a:55:4e:79:7c:73:ba:15:23:bf:94:58:c8:bb:9d:
         5d:16:13:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0iJ4R0ZOpzeAp6ipa+E+kcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmZDU3YTc1ZGQ3ZTk1MmJlZTI4MzkzNWQ2ZGYyOTI1ZDI4
MmEwNzAwHhcNMjQwMTE5MTQzNzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmZiNjExOGQ5ZmEwOWQyYjhjODQwM2ZkYjE0ZDhkMGFjZDFlMGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjV9YzS2ksJQeNjdl35R7W7+0tuYV
fCNasNQGezpE+nIwyUjgHsuCNt1qsgTSyldEuGD5riVa2fsW1bkE7W20HFZ7n7if
2cqxRQJW+0CxFJtDT8IPjTztxKzuhpucWCAjMvKBuPPuwOzpi32KReowOIkrAx99
NgLzrg6HrzGcnLW/MZ+1oGS1vKIg9Q96R3jJ/vjtpGNYCqIApRYY+U0nReUHJSkI
sQ0HdAly3kYbRatud+b4xNfRHpLHIeWCRgLceEyfCD6xJcFhv4oEInNaBZPey7V4
XpsExBt2sMZySuH/MZsodN4uNaWk0jjmoynddwWoIKNXHAiaOQmBAzKFFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/7YRjZ+gnSuMhAP9sU2NCs0eC8MB8GA1UdIwQY
MBaAFI/VenXdfpUr7ig5NdbfKSXSgqBwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajlWNmRkMS1sU3Z1S0RrMTF0OHBKZEtDb0hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zOWQ0YjUtYjVjOS00ODBhLTk0MDUt
ZDlhNTM5YjhiN2FkLzEvN190aEdObjZDZEs0eUVBXzJ4VFkwS3pSNEx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zOWQ0YjUtYjVjOS00ODBhLTk0MDUtZDlhNTM5YjhiN2Fk
LzEvajlWNmRkMS1sU3Z1S0RrMTF0OHBKZEtDb0hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUJTMA0G
CSqGSIb3DQEBCwUAA4IBAQCVqkZnycqans82Op7P9HdFYtuBQzenZaZCAPB4v1Vx
7bEAx7Nw0l9mu7RcqDq49oI5veBDttpjIMG7CC3n0LWLQUu9fO7ptQBWaS02r3Qx
EKoHAsA9JvJfVp66YCm/TYjWazCNHhsb4eM7k7uI84pOZ2bzXRf11dELum9q4MIW
HRrwS4g/3qzLXqvJsAyu/Z1ssbqAyboP0ZgdAI7qwdLZ6iTs/LICvIJ4DukI8sX9
JEXvdLHdShpCHk/eEL7WEn5/lFD3YXjBfXgoN5wdlWmGQiOgKtxOPLDFHBdCBw/6
X5TKZl78lrft8Rz+bDiaVU55fHO6FSO/lFjIu51dFhMz
-----END CERTIFICATE-----