Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/7sk9hJTd2n-r3DnnstBen7WmkQg.roa
File:                     7sk9hJTd2n-r3DnnstBen7WmkQg.roa (raw, json)
Hash identifier:          bjHRXr72WLmB+S1HOabBzZE6kQxYN/wz8AKyQsn1p2Y=
Subject key identifier:   EE:C9:3D:84:94:DD:DA:7F:AB:DC:39:E7:B2:D0:5E:9F:B5:A6:91:08
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018CC86F3E418A864E127F4821F1269E5DF6
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/7sk9hJTd2n-r3DnnstBen7WmkQg.roa
Signing time:             Tue 02 Jan 2024 04:29:42 +0000
ROA not before:           Tue 02 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        45.138.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:3e:41:8a:86:4e:12:7f:48:21:f1:26:9e:5d:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eec93d8494ddda7fabdc39e7b2d05e9fb5a69108
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:9a:b0:7f:9a:55:f3:54:61:33:0e:b0:01:8d:
                    b2:4c:d8:df:f5:2c:9f:e2:56:0c:f7:4c:e0:0e:54:
                    c8:3d:bf:af:ac:ab:3b:f7:a2:b5:34:f8:71:ab:95:
                    c6:96:62:01:f5:2d:05:06:5a:4c:66:48:70:94:25:
                    03:06:da:ae:e9:3e:c1:59:a4:e4:3d:49:b0:2f:e5:
                    66:8f:03:ad:54:5e:ff:2d:3a:d6:d0:30:6c:6d:9c:
                    b4:88:29:f2:ce:0a:e4:21:a7:80:40:c9:e8:22:30:
                    60:7a:39:0f:55:f8:29:e0:d4:10:7c:84:61:70:28:
                    25:d8:39:97:6f:fe:ae:43:20:9d:f9:09:d9:1f:28:
                    8f:4b:0f:21:62:1b:6b:b9:cf:4c:07:33:ae:18:bd:
                    53:a4:db:93:c9:79:51:56:88:b3:08:67:44:08:b8:
                    e2:11:4d:08:d3:08:4d:a8:10:f2:58:3d:5d:48:2d:
                    6c:9f:c9:50:66:5e:98:e4:c7:05:f2:11:bf:ce:fa:
                    e0:30:01:ac:2b:a4:6f:d8:1c:fa:78:59:92:fc:c3:
                    fe:83:60:29:f4:a3:41:10:6f:67:54:d3:75:98:bf:
                    9a:bf:d8:eb:6c:44:7b:4f:55:d8:ae:5f:09:19:79:
                    77:e0:ae:f2:91:80:3f:dc:c8:66:06:27:d6:f5:e9:
                    6c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:C9:3D:84:94:DD:DA:7F:AB:DC:39:E7:B2:D0:5E:9F:B5:A6:91:08
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/7sk9hJTd2n-r3DnnstBen7WmkQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:17:aa:64:d4:97:d3:ba:bf:5d:c9:32:04:c1:af:fe:a4:12:
         c4:f9:a4:18:0c:4f:ea:05:cd:09:0c:94:8c:e4:cf:0c:b2:79:
         16:0b:80:84:f1:f4:3c:87:0f:4c:8b:cd:aa:a8:f4:81:54:8c:
         f6:8e:b2:c9:12:2d:71:34:5f:49:42:ff:86:f7:9f:54:8f:ee:
         fa:7a:cf:46:81:a2:c7:36:3b:06:e6:88:b4:b1:e7:dd:6c:53:
         2c:07:28:91:c6:e3:a9:1f:c3:91:3c:4a:bb:1d:bc:e2:8a:e8:
         5c:9d:26:19:52:62:f5:91:21:49:00:44:c1:46:10:81:f8:7d:
         d0:7b:ef:87:e6:0d:f6:f8:d9:00:68:86:4d:96:90:7c:dc:b2:
         c2:72:fb:c4:4e:88:a7:8f:40:dc:be:2f:b1:0b:a0:17:7f:ba:
         4c:1f:1c:7c:7e:a8:fb:16:d4:29:6b:4f:41:42:df:16:4d:e4:
         5f:31:64:bc:cb:6e:97:68:8d:fd:e1:28:a5:55:d7:5f:c5:b9:
         5f:36:3e:46:8c:0a:e9:40:f0:c5:4c:88:ce:3f:8c:8a:2e:72:
         cb:7a:ff:17:07:77:a3:db:47:8b:cd:3f:f4:16:e0:12:98:82:
         96:f7:7d:8d:5b:fb:f5:23:45:c8:63:c7:9e:98:aa:bc:44:16:
         3e:84:e6:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbz5BioZOEn9IIfEmnl32MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMTAyMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWM5M2Q4NDk0ZGRkYTdmYWJkYzM5ZTdiMmQwNWU5ZmI1YTY5MTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5qwf5pV81RhMw6wAY2yTNjf9Syf
4lYM90zgDlTIPb+vrKs796K1NPhxq5XGlmIB9S0FBlpMZkhwlCUDBtqu6T7BWaTk
PUmwL+VmjwOtVF7/LTrW0DBsbZy0iCnyzgrkIaeAQMnoIjBgejkPVfgp4NQQfIRh
cCgl2DmXb/6uQyCd+QnZHyiPSw8hYhtruc9MBzOuGL1TpNuTyXlRVoizCGdECLji
EU0I0whNqBDyWD1dSC1sn8lQZl6Y5McF8hG/zvrgMAGsK6Rv2Bz6eFmS/MP+g2Ap
9KNBEG9nVNN1mL+av9jrbER7T1XYrl8JGXl34K7ykYA/3MhmBifW9elsYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO7JPYSU3dp/q9w557LQXp+1ppEIMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvN3NrOWhKVGQybi1yM0RubnN0QmVuN1dta1FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYq0MA0G
CSqGSIb3DQEBCwUAA4IBAQBGF6pk1JfTur9dyTIEwa/+pBLE+aQYDE/qBc0JDJSM
5M8MsnkWC4CE8fQ8hw9Mi82qqPSBVIz2jrLJEi1xNF9JQv+G959Uj+76es9GgaLH
NjsG5oi0sefdbFMsByiRxuOpH8ORPEq7HbziiuhcnSYZUmL1kSFJAETBRhCB+H3Q
e++H5g32+NkAaIZNlpB83LLCcvvEToinj0Dcvi+xC6AXf7pMHxx8fqj7FtQpa09B
Qt8WTeRfMWS8y26XaI394SilVddfxblfNj5GjArpQPDFTIjOP4yKLnLLev8XB3ej
20eLzT/0FuASmIKW932NW/v1I0XIY8eemKq8RBY+hOYY
-----END CERTIFICATE-----