Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/7ZHM696OtUnBWTPTchIbpvHOp6k.roa
File:                     7ZHM696OtUnBWTPTchIbpvHOp6k.roa (raw, json)
Hash identifier:          6S19yDQ4qzxS1GkNhW70quwi0W7I1UuevlIzFWlipPE=
Subject key identifier:   ED:91:CC:EB:DE:8E:B5:49:C1:59:33:D3:72:12:1B:A6:F1:CE:A7:A9
Certificate issuer:       /CN=2890da765a999f719875c51eecf4c7d6148a1bd9
Certificate serial:       018CC26D0B95A897C1944750FBD8CA38ADE0
Authority key identifier: 28:90:DA:76:5A:99:9F:71:98:75:C5:1E:EC:F4:C7:D6:14:8A:1B:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KJDadlqZn3GYdcUe7PTH1hSKG9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/7ZHM696OtUnBWTPTchIbpvHOp6k.roa
Signing time:             Mon 01 Jan 2024 00:29:35 +0000
ROA not before:           Mon 01 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208339
IP address blocks:        45.143.204.0/23 maxlen: 24
                          45.143.204.0/24 maxlen: 24
                          45.143.204.0/22 maxlen: 23
                          45.143.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/KJDadlqZn3GYdcUe7PTH1hSKG9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/KJDadlqZn3GYdcUe7PTH1hSKG9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KJDadlqZn3GYdcUe7PTH1hSKG9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0b:95:a8:97:c1:94:47:50:fb:d8:ca:38:ad:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2890da765a999f719875c51eecf4c7d6148a1bd9
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed91ccebde8eb549c15933d372121ba6f1cea7a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b6:b3:c2:1e:aa:99:d7:9e:cf:69:22:f4:4c:
                    a2:f5:74:be:1c:db:4f:b2:ba:6d:a7:0a:fd:67:ec:
                    28:c6:cf:25:2a:03:83:59:d2:6c:e9:d1:dd:8c:f8:
                    5e:fd:5d:27:e5:40:99:ba:2a:86:19:ac:7f:6c:f6:
                    4a:ba:d7:e3:38:84:b8:26:f2:52:57:9d:c7:ed:1b:
                    cf:8d:f9:fa:d5:d1:9f:7c:22:78:84:d7:30:80:cb:
                    b2:42:d5:9d:10:ef:43:6e:cc:e5:d5:8a:20:6e:3c:
                    3d:5c:57:ec:b5:e4:b0:45:73:0b:f5:d0:53:cb:a0:
                    ee:dd:ab:63:a0:99:15:03:81:f4:cb:b5:ac:16:2d:
                    62:93:71:66:77:4c:37:94:8d:ea:5f:80:84:b9:33:
                    22:f0:61:33:f6:be:6e:8c:9c:19:cc:16:68:f5:66:
                    e9:a8:4f:b0:9a:a2:d0:a4:ac:66:3e:bc:41:b8:ca:
                    00:84:94:ac:f7:70:37:24:ad:fc:a2:a1:e1:59:3c:
                    21:f3:e8:08:19:a7:8f:98:6b:38:22:4e:3e:e4:10:
                    c3:a9:10:1f:42:e1:d4:77:d7:68:a7:4f:11:ea:d0:
                    2c:5d:4f:39:75:dd:90:06:0b:22:4c:40:4b:be:b1:
                    5a:e1:95:d2:05:98:d8:c1:0d:11:50:04:3f:43:ff:
                    8a:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:91:CC:EB:DE:8E:B5:49:C1:59:33:D3:72:12:1B:A6:F1:CE:A7:A9
            X509v3 Authority Key Identifier:
                keyid:28:90:DA:76:5A:99:9F:71:98:75:C5:1E:EC:F4:C7:D6:14:8A:1B:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KJDadlqZn3GYdcUe7PTH1hSKG9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/7ZHM696OtUnBWTPTchIbpvHOp6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/KJDadlqZn3GYdcUe7PTH1hSKG9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:83:3d:c2:4a:b9:42:d2:31:66:8c:7b:0f:ac:fb:2a:ec:78:
         86:f6:26:b5:3a:d5:e9:1d:23:bf:e5:ae:19:70:48:83:81:ef:
         c4:7a:9c:ad:64:ca:bb:5a:07:ab:ec:ac:73:0c:3c:ce:3e:86:
         88:65:35:13:31:ce:e4:68:ba:a2:96:23:75:95:53:16:f3:e9:
         ad:a4:42:96:53:1c:14:7b:84:5d:76:50:1e:af:54:7b:44:6e:
         35:96:9f:4c:cc:59:b2:39:b2:4b:8e:33:66:18:3a:86:f6:ad:
         9a:11:96:4d:b4:82:91:56:ea:0c:83:ed:3e:82:32:b0:e6:ce:
         df:fa:7d:9c:8a:a1:40:c1:74:5e:bd:9d:48:1b:ab:36:25:30:
         10:63:e1:da:94:97:e5:86:40:f0:a6:4d:5c:b6:80:4c:5b:b6:
         06:21:79:ad:6f:2f:c1:4c:68:16:42:23:32:92:21:70:4e:37:
         64:76:c5:12:85:56:73:db:5d:34:1e:65:f2:51:fe:cf:40:84:
         9b:b0:93:18:77:bb:4d:ba:35:a4:3b:19:b7:13:fe:ee:af:5f:
         d0:41:76:59:e7:af:d6:42:51:a8:a7:49:9a:5f:e4:f7:ce:7c:
         a4:e1:d4:70:7e:67:31:41:df:4f:ea:25:a3:dc:0d:c3:9a:36:
         d1:6c:57:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQuVqJfBlEdQ+9jKOK3gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4OTBkYTc2NWE5OTlmNzE5ODc1YzUxZWVjZjRjN2Q2MTQ4
YTFiZDkwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDkxY2NlYmRlOGViNTQ5YzE1OTMzZDM3MjEyMWJhNmYxY2VhN2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLazwh6qmdeez2ki9Eyi9XS+HNtP
srptpwr9Z+woxs8lKgODWdJs6dHdjPhe/V0n5UCZuiqGGax/bPZKutfjOIS4JvJS
V53H7RvPjfn61dGffCJ4hNcwgMuyQtWdEO9Dbszl1Yogbjw9XFfsteSwRXML9dBT
y6Du3atjoJkVA4H0y7WsFi1ik3Fmd0w3lI3qX4CEuTMi8GEz9r5ujJwZzBZo9Wbp
qE+wmqLQpKxmPrxBuMoAhJSs93A3JK38oqHhWTwh8+gIGaePmGs4Ik4+5BDDqRAf
QuHUd9dop08R6tAsXU85dd2QBgsiTEBLvrFa4ZXSBZjYwQ0RUAQ/Q/+KwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2RzOvejrVJwVkz03ISG6bxzqepMB8GA1UdIwQY
MBaAFCiQ2nZamZ9xmHXFHuz0x9YUihvZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0pEYWRscVpuM0dZZGNVZTdQVEgxaFNLRzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8yYmJjZDQtZWRhYi00OGVlLWE0MTEt
MjhmYzcwNjNkOTUyLzEvN1pITTY5Nk90VW5CV1RQVGNoSWJwdkhPcDZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8yYmJjZDQtZWRhYi00OGVlLWE0MTEtMjhmYzcwNjNkOTUy
LzEvS0pEYWRscVpuM0dZZGNVZTdQVEgxaFNLRzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLY/MMA0G
CSqGSIb3DQEBCwUAA4IBAQBigz3CSrlC0jFmjHsPrPsq7HiG9ia1OtXpHSO/5a4Z
cEiDge/EepytZMq7Wger7KxzDDzOPoaIZTUTMc7kaLqiliN1lVMW8+mtpEKWUxwU
e4RddlAer1R7RG41lp9MzFmyObJLjjNmGDqG9q2aEZZNtIKRVuoMg+0+gjKw5s7f
+n2ciqFAwXRevZ1IG6s2JTAQY+HalJflhkDwpk1ctoBMW7YGIXmtby/BTGgWQiMy
kiFwTjdkdsUShVZz2100HmXyUf7PQISbsJMYd7tNujWkOxm3E/7ur1/QQXZZ56/W
QlGop0maX+T3znyk4dRwfmcxQd9P6iWj3A3DmjbRbFcb
-----END CERTIFICATE-----