Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/7WOG6s5tW7B7gjwDOUp2LA9Pv9A.roa
File:                     7WOG6s5tW7B7gjwDOUp2LA9Pv9A.roa (raw, json)
Hash identifier:          8Ag6dapSxd8POV6PjUl89nHNHv2b7CMpLY2suHjyxpE=
Subject key identifier:   ED:63:86:EA:CE:6D:5B:B0:7B:82:3C:03:39:4A:76:2C:0F:4F:BF:D0
Certificate issuer:       /CN=7d5695786f8450d1041dc88ad892cbb570d5972b
Certificate serial:       018D32F9FD5E9D439561D077815247840784
Authority key identifier: 7D:56:95:78:6F:84:50:D1:04:1D:C8:8A:D8:92:CB:B5:70:D5:97:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/7WOG6s5tW7B7gjwDOUp2LA9Pv9A.roa
Signing time:             Mon 22 Jan 2024 21:01:00 +0000
ROA not before:           Mon 22 Jan 2024 21:01:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        45.11.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:32:f9:fd:5e:9d:43:95:61:d0:77:81:52:47:84:07:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d5695786f8450d1041dc88ad892cbb570d5972b
        Validity
            Not Before: Jan 22 21:01:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed6386eace6d5bb07b823c03394a762c0f4fbfd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:1a:4c:6d:35:7c:80:05:94:0d:1b:ef:cf:ca:
                    e3:9d:26:a8:e7:5d:73:ce:7b:5d:f6:bd:7e:42:9c:
                    4e:aa:04:9d:13:53:eb:c9:7b:2b:5f:3e:a4:27:7e:
                    97:bf:fa:d3:28:fc:b1:2d:b9:4d:bf:46:a7:96:4d:
                    96:c1:77:46:f1:db:5e:c4:f0:dc:aa:fc:0c:2d:3a:
                    19:9f:69:c2:a2:c7:e8:15:f5:a2:28:39:ac:97:b0:
                    57:61:57:65:94:d0:e0:cd:ce:36:de:53:f3:28:84:
                    34:23:6d:92:3e:a8:42:c1:52:97:f0:bd:12:2f:5f:
                    af:be:28:5e:bc:d1:f9:43:de:92:bb:6e:24:75:7a:
                    8b:ce:ff:61:f5:e9:e3:87:5a:8c:24:c1:1a:9a:d7:
                    a6:c3:61:94:85:12:b3:9e:f5:2e:8b:19:fa:72:8e:
                    fa:91:bf:5c:86:dc:6d:c8:8f:fa:fd:51:46:c4:6d:
                    2b:7c:58:f5:7a:44:d3:a5:41:28:84:a0:55:da:95:
                    15:46:13:15:3c:58:43:1e:92:95:da:56:fd:71:a6:
                    14:bf:7d:cf:a1:01:ec:2e:4b:9b:9f:93:84:53:bf:
                    55:c9:62:4b:c5:3f:68:a9:7d:5c:05:a8:a6:9d:43:
                    0a:2f:37:bc:b9:b7:3f:6d:cc:42:43:34:46:4c:84:
                    00:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:63:86:EA:CE:6D:5B:B0:7B:82:3C:03:39:4A:76:2C:0F:4F:BF:D0
            X509v3 Authority Key Identifier:
                keyid:7D:56:95:78:6F:84:50:D1:04:1D:C8:8A:D8:92:CB:B5:70:D5:97:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/7WOG6s5tW7B7gjwDOUp2LA9Pv9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:a0:51:ce:6b:ee:8c:b4:c0:72:cc:17:d2:64:ee:64:4d:a3:
         67:cf:82:05:a2:06:96:d1:2d:f3:5d:3f:f6:fc:3d:7f:29:19:
         b8:3e:86:c3:58:84:de:ab:e6:c7:80:f9:a2:72:71:60:da:dc:
         ce:a1:a8:dc:56:00:1a:40:c2:44:af:05:7e:d3:fe:43:db:a3:
         03:1c:c6:ae:5d:9a:73:2f:e6:fe:06:a0:0e:17:54:56:58:83:
         16:dd:e8:24:12:8b:c3:22:0f:3e:28:cb:9f:27:e2:00:1a:e6:
         f8:33:54:17:19:da:eb:fc:7d:57:a5:d1:8b:f8:8b:18:e3:d3:
         d8:f9:04:a8:30:f3:40:12:ff:99:00:a0:90:35:ed:4b:3d:a4:
         df:d6:48:10:c4:9b:9b:0e:fc:76:aa:f8:d9:ce:5b:cf:3a:56:
         fd:de:60:86:58:4f:2d:a1:91:14:d8:a1:0a:3c:d5:ca:2d:60:
         b4:3a:9b:fc:c0:1e:ae:e1:14:bc:bc:69:e7:8b:07:c2:39:ed:
         ff:65:58:f2:26:ea:f6:86:e7:1a:15:2d:b1:ac:2c:37:66:53:
         6c:f7:b0:25:bf:e6:c9:62:20:ee:9d:7a:81:78:62:65:44:19:
         73:ab:6f:95:d3:46:52:dc:70:dc:bf:1f:cf:78:cb:4e:ce:31:
         7a:18:b0:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0y+f1enUOVYdB3gVJHhAeEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTY5NTc4NmY4NDUwZDEwNDFkYzg4YWQ4OTJjYmI1NzBk
NTk3MmIwHhcNMjQwMTIyMjEwMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDYzODZlYWNlNmQ1YmIwN2I4MjNjMDMzOTRhNzYyYzBmNGZiZmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhpMbTV8gAWUDRvvz8rjnSao511z
zntd9r1+QpxOqgSdE1PryXsrXz6kJ36Xv/rTKPyxLblNv0anlk2WwXdG8dtexPDc
qvwMLToZn2nCosfoFfWiKDmsl7BXYVdllNDgzc423lPzKIQ0I22SPqhCwVKX8L0S
L1+vvihevNH5Q96Su24kdXqLzv9h9enjh1qMJMEamtemw2GUhRKznvUuixn6co76
kb9chtxtyI/6/VFGxG0rfFj1ekTTpUEohKBV2pUVRhMVPFhDHpKV2lb9caYUv33P
oQHsLkubn5OEU79VyWJLxT9oqX1cBaimnUMKLze8ubc/bcxCQzRGTIQAZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO1jhurObVuwe4I8AzlKdiwPT7/QMB8GA1UdIwQY
MBaAFH1WlXhvhFDRBB3IitiSy7Vw1ZcrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZhVmVHLUVVTkVFSGNpSzJKTEx0WERWbHlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8zMTdhYTctZTJhZC00YTg1LWIzZDIt
NjNiMzM4MDhhNmE4LzEvN1dPRzZzNXRXN0I3Z2p3RE9VcDJMQTlQdjlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8zMTdhYTctZTJhZC00YTg1LWIzZDItNjNiMzM4MDhhNmE4
LzEvZlZhVmVHLUVVTkVFSGNpSzJKTEx0WERWbHlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQuvMA0G
CSqGSIb3DQEBCwUAA4IBAQCVoFHOa+6MtMByzBfSZO5kTaNnz4IFogaW0S3zXT/2
/D1/KRm4PobDWITeq+bHgPmicnFg2tzOoajcVgAaQMJErwV+0/5D26MDHMauXZpz
L+b+BqAOF1RWWIMW3egkEovDIg8+KMufJ+IAGub4M1QXGdrr/H1XpdGL+IsY49PY
+QSoMPNAEv+ZAKCQNe1LPaTf1kgQxJubDvx2qvjZzlvPOlb93mCGWE8toZEU2KEK
PNXKLWC0Opv8wB6u4RS8vGnniwfCOe3/ZVjyJur2hucaFS2xrCw3ZlNs97Alv+bJ
YiDunXqBeGJlRBlzq2+V00ZS3HDcvx/PeMtOzjF6GLB4
-----END CERTIFICATE-----