Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/18ec59-0b00-4da6-88d8-d4fd3e389536/1/ez_Om5SXmFYvxarIRsdXmBP32AY.roa
File:                     ez_Om5SXmFYvxarIRsdXmBP32AY.roa (raw, json)
Hash identifier:          +7snaJHblepHI73fQ//15V8asdHgfEQsBMwFqtpPr8o=
Subject key identifier:   7B:3F:CE:9B:94:97:98:56:2F:C5:AA:C8:46:C7:57:98:13:F7:D8:06
Certificate issuer:       /CN=454fd1c04bf7ec1dabbd2d21fda0085e251ec735
Certificate serial:       018CC2DABAE06C47FC6AD1446059FCF01FC2
Authority key identifier: 45:4F:D1:C0:4B:F7:EC:1D:AB:BD:2D:21:FD:A0:08:5E:25:1E:C7:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RU_RwEv37B2rvS0h_aAIXiUexzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/18ec59-0b00-4da6-88d8-d4fd3e389536/1/ez_Om5SXmFYvxarIRsdXmBP32AY.roa
Signing time:             Mon 01 Jan 2024 02:29:23 +0000
ROA not before:           Mon 01 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44352
IP address blocks:        91.241.176.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/18ec59-0b00-4da6-88d8-d4fd3e389536/1/RU_RwEv37B2rvS0h_aAIXiUexzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/18ec59-0b00-4da6-88d8-d4fd3e389536/1/RU_RwEv37B2rvS0h_aAIXiUexzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RU_RwEv37B2rvS0h_aAIXiUexzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ba:e0:6c:47:fc:6a:d1:44:60:59:fc:f0:1f:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=454fd1c04bf7ec1dabbd2d21fda0085e251ec735
        Validity
            Not Before: Jan  1 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b3fce9b949798562fc5aac846c7579813f7d806
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ee:de:8f:52:25:32:d6:eb:81:bb:e5:c6:c9:
                    1f:ac:16:ea:9b:f8:f8:a6:ed:da:68:3d:a6:84:9c:
                    ac:f3:1a:2d:a1:10:82:f2:82:06:ec:98:05:20:de:
                    1e:ed:89:e6:d7:f4:4f:8a:91:23:4d:d2:a3:9c:1e:
                    cd:53:cb:c6:a3:97:cc:d3:dc:9d:18:fa:f3:ea:aa:
                    23:4c:d4:ba:7c:2d:8d:b0:57:3d:e5:a1:74:89:3f:
                    32:b7:39:cb:1e:8f:8a:e1:94:e3:d9:e7:e7:7e:ee:
                    8e:09:a6:b8:51:a8:c1:fd:db:88:52:df:db:54:16:
                    b0:a9:ee:70:92:cb:66:ce:b8:ee:8b:78:96:13:67:
                    71:19:ed:31:ff:31:ba:80:02:91:04:e7:76:57:12:
                    37:d6:5b:47:d1:99:15:5e:c4:7d:bc:ce:aa:36:3c:
                    cf:15:91:e7:90:2d:5b:af:f2:f0:bd:91:96:1b:d7:
                    0a:5c:09:db:bf:7c:de:b1:8a:5d:cb:1c:10:9e:dd:
                    9e:2a:17:92:5a:bd:e3:d5:59:f1:72:da:f8:71:2c:
                    d2:63:e1:e6:a5:4a:fd:e1:26:6c:87:c2:98:6d:fb:
                    26:d9:49:3d:90:35:7b:fc:60:ab:db:00:2e:46:df:
                    0a:e8:ff:e9:3e:ab:68:de:96:0c:12:6b:e4:04:8c:
                    9f:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:3F:CE:9B:94:97:98:56:2F:C5:AA:C8:46:C7:57:98:13:F7:D8:06
            X509v3 Authority Key Identifier:
                keyid:45:4F:D1:C0:4B:F7:EC:1D:AB:BD:2D:21:FD:A0:08:5E:25:1E:C7:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RU_RwEv37B2rvS0h_aAIXiUexzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/18ec59-0b00-4da6-88d8-d4fd3e389536/1/ez_Om5SXmFYvxarIRsdXmBP32AY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/18ec59-0b00-4da6-88d8-d4fd3e389536/1/RU_RwEv37B2rvS0h_aAIXiUexzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.241.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:87:88:a3:a2:de:80:2a:e3:f7:00:da:2b:5a:7b:5e:21:20:
         ee:44:1c:f8:ab:30:b8:72:90:35:66:03:3c:fa:37:ca:82:b9:
         1b:c1:7c:59:aa:09:58:9d:04:6c:11:19:62:ae:cd:b1:89:2b:
         b6:c7:64:14:24:fb:e7:a5:56:5c:c8:b5:fb:22:f9:fa:6e:43:
         2d:a5:fa:48:b8:4b:68:8c:30:11:59:cf:ec:e8:dc:15:10:d6:
         22:0e:03:a5:46:18:a0:bb:1b:99:b4:23:7d:c1:50:f5:2d:71:
         c3:b3:e8:38:54:de:9d:62:d1:fd:c8:b6:9a:c3:a5:ae:77:e4:
         88:98:bb:f7:82:0a:5c:7c:77:4a:62:b5:32:99:d1:93:37:f8:
         da:71:47:62:a4:8c:af:70:35:5e:ab:a0:0c:19:d6:eb:4d:e3:
         e8:ec:0c:ef:70:f1:ab:77:f1:0a:8d:48:ea:98:6b:f9:3b:fa:
         6d:84:33:2c:ad:8a:cc:c5:1d:86:d6:0f:d8:35:4a:c0:19:d2:
         7e:0a:d0:ee:a5:71:94:71:ff:c1:c2:1a:41:68:4b:57:e5:9a:
         c6:6f:88:b7:8e:22:b8:6d:14:d0:3d:f1:b0:dd:a5:f9:85:98:
         a5:4a:be:66:0b:9b:3c:1d:ba:df:e1:b1:74:c8:8f:10:9f:f0:
         27:44:f3:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2rrgbEf8atFEYFn88B/CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1NGZkMWMwNGJmN2VjMWRhYmJkMmQyMWZkYTAwODVlMjUx
ZWM3MzUwHhcNMjQwMTAxMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjNmY2U5Yjk0OTc5ODU2MmZjNWFhYzg0NmM3NTc5ODEzZjdkODA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArO7ej1IlMtbrgbvlxskfrBbqm/j4
pu3aaD2mhJys8xotoRCC8oIG7JgFIN4e7Ynm1/RPipEjTdKjnB7NU8vGo5fM09yd
GPrz6qojTNS6fC2NsFc95aF0iT8ytznLHo+K4ZTj2efnfu6OCaa4UajB/duIUt/b
VBawqe5wkstmzrjui3iWE2dxGe0x/zG6gAKRBOd2VxI31ltH0ZkVXsR9vM6qNjzP
FZHnkC1br/LwvZGWG9cKXAnbv3zesYpdyxwQnt2eKheSWr3j1Vnxctr4cSzSY+Hm
pUr94SZsh8KYbfsm2Uk9kDV7/GCr2wAuRt8K6P/pPqto3pYMEmvkBIyfdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHs/zpuUl5hWL8WqyEbHV5gT99gGMB8GA1UdIwQY
MBaAFEVP0cBL9+wdq70tIf2gCF4lHsc1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlVfUndFdjM3QjJydlMwaF9hQUlYaVVleHpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8xOGVjNTktMGIwMC00ZGE2LTg4ZDgt
ZDRmZDNlMzg5NTM2LzEvZXpfT201U1htRll2eGFySVJzZFhtQlAzMkFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8xOGVjNTktMGIwMC00ZGE2LTg4ZDgtZDRmZDNlMzg5NTM2
LzEvUlVfUndFdjM3QjJydlMwaF9hQUlYaVVleHpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW/GwMA0G
CSqGSIb3DQEBCwUAA4IBAQB0h4ijot6AKuP3ANorWnteISDuRBz4qzC4cpA1ZgM8
+jfKgrkbwXxZqglYnQRsERlirs2xiSu2x2QUJPvnpVZcyLX7Ivn6bkMtpfpIuEto
jDARWc/s6NwVENYiDgOlRhiguxuZtCN9wVD1LXHDs+g4VN6dYtH9yLaaw6Wud+SI
mLv3ggpcfHdKYrUymdGTN/jacUdipIyvcDVeq6AMGdbrTePo7AzvcPGrd/EKjUjq
mGv5O/pthDMsrYrMxR2G1g/YNUrAGdJ+CtDupXGUcf/BwhpBaEtX5ZrGb4i3jiK4
bRTQPfGw3aX5hZilSr5mC5s8Hbrf4bF0yI8Qn/AnRPPC
-----END CERTIFICATE-----