Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/a5a6b3-3ec3-487e-aba0-b8b1e4b4ecb9/1/7iSXQzRJAcMf_gTmIY-Yq9VjHLU.roa
File:                     7iSXQzRJAcMf_gTmIY-Yq9VjHLU.roa (raw, json)
Hash identifier:          ZPfafDzxxJq72xsg/V75gIDRGxuHUM2TPUxUeO6rrrw=
Subject key identifier:   EE:24:97:43:34:49:01:C3:1F:FE:04:E6:21:8F:98:AB:D5:63:1C:B5
Certificate issuer:       /CN=b520a204f4e09cc83a6258d7aa44f7d2f0fa44a0
Certificate serial:       018CC8DCD0E079F10B6AF2B46D77E70016D8
Authority key identifier: B5:20:A2:04:F4:E0:9C:C8:3A:62:58:D7:AA:44:F7:D2:F0:FA:44:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tSCiBPTgnMg6YljXqkT30vD6RKA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/a5a6b3-3ec3-487e-aba0-b8b1e4b4ecb9/1/7iSXQzRJAcMf_gTmIY-Yq9VjHLU.roa
Signing time:             Tue 02 Jan 2024 06:29:23 +0000
ROA not before:           Tue 02 Jan 2024 06:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44841
IP address blocks:        45.153.248.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/a5a6b3-3ec3-487e-aba0-b8b1e4b4ecb9/1/tSCiBPTgnMg6YljXqkT30vD6RKA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/a5a6b3-3ec3-487e-aba0-b8b1e4b4ecb9/1/tSCiBPTgnMg6YljXqkT30vD6RKA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tSCiBPTgnMg6YljXqkT30vD6RKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d0:e0:79:f1:0b:6a:f2:b4:6d:77:e7:00:16:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b520a204f4e09cc83a6258d7aa44f7d2f0fa44a0
        Validity
            Not Before: Jan  2 06:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee249743344901c31ffe04e6218f98abd5631cb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:6d:5d:6f:11:ef:ae:6d:8c:4b:48:dc:a0:bd:
                    fe:32:8a:79:c6:76:9b:d8:8a:5c:bf:16:e0:96:0f:
                    0b:3a:88:0d:d8:37:c3:ee:d6:d2:1a:10:ff:c0:93:
                    c3:63:28:1a:59:a8:14:e4:d5:3a:56:1c:43:6f:b0:
                    74:86:74:46:26:de:b7:17:1f:a1:51:49:46:9f:e1:
                    7b:c3:01:ec:77:7d:95:55:a9:ab:cf:01:c7:ef:63:
                    f2:b1:58:ee:1d:d6:5c:3c:d6:9c:dc:43:8a:28:be:
                    cb:e6:54:ba:6e:62:78:80:46:3f:63:1b:04:57:56:
                    c6:35:d2:7b:7e:a9:1f:aa:d7:d8:12:e7:50:31:de:
                    6e:d2:7c:f0:1a:31:78:32:75:e1:50:36:e2:c1:4e:
                    a4:08:d1:84:2b:a9:bb:0b:ac:1e:88:53:47:54:61:
                    aa:d9:e1:27:48:46:ce:5b:da:41:03:d9:c4:39:91:
                    44:41:07:f4:d5:ab:72:63:ae:2d:ad:7e:65:d7:58:
                    3c:7e:de:47:a0:45:c4:30:c1:bb:3f:a1:51:75:f1:
                    93:bd:4c:b1:de:a6:c4:ac:ad:9e:79:8e:af:39:e8:
                    4e:fd:a3:3a:48:fe:b4:68:b2:6e:d2:fe:d1:31:53:
                    25:32:0e:a5:46:22:4b:49:4b:0f:e0:0d:52:99:68:
                    60:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:24:97:43:34:49:01:C3:1F:FE:04:E6:21:8F:98:AB:D5:63:1C:B5
            X509v3 Authority Key Identifier:
                keyid:B5:20:A2:04:F4:E0:9C:C8:3A:62:58:D7:AA:44:F7:D2:F0:FA:44:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tSCiBPTgnMg6YljXqkT30vD6RKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/a5a6b3-3ec3-487e-aba0-b8b1e4b4ecb9/1/7iSXQzRJAcMf_gTmIY-Yq9VjHLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/a5a6b3-3ec3-487e-aba0-b8b1e4b4ecb9/1/tSCiBPTgnMg6YljXqkT30vD6RKA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:bc:f4:ce:dd:32:d9:9c:e3:db:a4:63:23:f9:fe:5f:a7:90:
         f5:4f:44:31:cf:a6:5d:fa:96:a8:85:b1:00:ac:4b:1b:bd:20:
         f1:30:ee:aa:91:01:2d:f5:53:88:f4:40:4d:19:6c:d8:fe:0f:
         50:a7:8d:af:aa:36:9d:cd:32:89:4c:d3:00:a8:6f:52:56:97:
         6d:c3:a9:88:e5:b9:5e:9b:c2:3e:21:9c:df:d8:b4:af:c5:28:
         0b:90:91:fc:0a:80:50:f6:e7:ae:f0:0e:5a:77:c9:67:1c:78:
         56:26:e5:09:b1:19:7d:33:df:ae:72:e0:25:cf:4d:a7:a3:42:
         2b:9b:a9:9f:43:55:d1:4d:20:7f:f5:33:48:3c:4c:7b:5e:ff:
         38:26:7f:08:59:33:78:4a:19:21:ee:65:17:d4:8a:43:b7:29:
         85:b5:91:d1:4f:b4:fd:f2:e9:ed:5a:27:da:0e:02:77:d8:99:
         ff:e5:a4:ec:f8:77:0f:81:bc:a2:2a:13:d3:51:84:fa:a3:0b:
         03:b3:c9:76:36:fa:aa:70:0f:61:c3:09:0b:3a:f9:fb:69:5c:
         e4:fa:6e:0b:5b:d7:b4:ee:c8:db:df:86:c1:be:99:38:af:4f:
         ae:33:50:35:10:10:3b:a5:50:a1:ee:3b:92:05:7d:1c:06:4a:
         f0:46:5e:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3NDgefELavK0bXfnABbYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MjBhMjA0ZjRlMDljYzgzYTYyNThkN2FhNDRmN2QyZjBm
YTQ0YTAwHhcNMjQwMTAyMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTI0OTc0MzM0NDkwMWMzMWZmZTA0ZTYyMThmOThhYmQ1NjMxY2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnG1dbxHvrm2MS0jcoL3+Mop5xnab
2Ipcvxbglg8LOogN2DfD7tbSGhD/wJPDYygaWagU5NU6VhxDb7B0hnRGJt63Fx+h
UUlGn+F7wwHsd32VVamrzwHH72PysVjuHdZcPNac3EOKKL7L5lS6bmJ4gEY/YxsE
V1bGNdJ7fqkfqtfYEudQMd5u0nzwGjF4MnXhUDbiwU6kCNGEK6m7C6weiFNHVGGq
2eEnSEbOW9pBA9nEOZFEQQf01atyY64trX5l11g8ft5HoEXEMMG7P6FRdfGTvUyx
3qbErK2eeY6vOehO/aM6SP60aLJu0v7RMVMlMg6lRiJLSUsP4A1SmWhgDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4kl0M0SQHDH/4E5iGPmKvVYxy1MB8GA1UdIwQY
MBaAFLUgogT04JzIOmJY16pE99Lw+kSgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFNDaUJQVGduTWc2WWxqWHFrVDMwdkQ2UktBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9hNWE2YjMtM2VjMy00ODdlLWFiYTAt
YjhiMWU0YjRlY2I5LzEvN2lTWFF6UkpBY01mX2dUbUlZLVlxOVZqSExVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9hNWE2YjMtM2VjMy00ODdlLWFiYTAtYjhiMWU0YjRlY2I5
LzEvdFNDaUJQVGduTWc2WWxqWHFrVDMwdkQ2UktBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZn4MA0G
CSqGSIb3DQEBCwUAA4IBAQCAvPTO3TLZnOPbpGMj+f5fp5D1T0Qxz6Zd+paohbEA
rEsbvSDxMO6qkQEt9VOI9EBNGWzY/g9Qp42vqjadzTKJTNMAqG9SVpdtw6mI5ble
m8I+IZzf2LSvxSgLkJH8CoBQ9ueu8A5ad8lnHHhWJuUJsRl9M9+ucuAlz02no0Ir
m6mfQ1XRTSB/9TNIPEx7Xv84Jn8IWTN4Shkh7mUX1IpDtymFtZHRT7T98untWifa
DgJ32Jn/5aTs+HcPgbyiKhPTUYT6owsDs8l2NvqqcA9hwwkLOvn7aVzk+m4LW9e0
7sjb34bBvpk4r0+uM1A1EBA7pVCh7juSBX0cBkrwRl76
-----END CERTIFICATE-----