Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/_X7VZsJh87O3KHCelK3pTyUaMhc.roa
File:                     _X7VZsJh87O3KHCelK3pTyUaMhc.roa (raw, json)
Hash identifier:          RYSqUIQiaooPxVsWqB23ebwLaB7O3t6I8RkRphka7lI=
Subject key identifier:   FD:7E:D5:66:C2:61:F3:B3:B7:28:70:9E:94:AD:E9:4F:25:1A:32:17
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       018CC64B649B54EB19090EB53ACAF90DE699
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/_X7VZsJh87O3KHCelK3pTyUaMhc.roa
Signing time:             Mon 01 Jan 2024 18:31:18 +0000
ROA not before:           Mon 01 Jan 2024 18:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8796
IP address blocks:        193.227.121.0/24 maxlen: 24
                          45.153.8.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 06:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:64:9b:54:eb:19:09:0e:b5:3a:ca:f9:0d:e6:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Jan  1 18:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd7ed566c261f3b3b728709e94ade94f251a3217
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e7:0c:aa:5b:59:fa:c4:46:41:c6:cc:c1:4a:
                    07:65:55:f4:fb:0a:28:2e:7a:9e:85:c6:97:08:5b:
                    8e:9e:4f:0f:e9:27:3d:91:ea:92:08:40:7e:b8:12:
                    12:c0:ce:51:5a:99:d0:d0:06:f2:26:ca:26:7b:65:
                    1c:07:1b:dc:2e:3d:37:f3:c1:a8:ad:a3:7e:f0:c7:
                    3e:35:50:69:08:ba:d2:96:96:05:f8:71:0d:b1:ad:
                    92:4b:bf:b7:9f:3b:a9:ca:c0:6d:6e:0b:19:de:80:
                    88:83:a8:19:29:f1:bb:60:f1:f4:b9:a3:dd:12:94:
                    aa:2f:a8:fb:12:6a:64:c4:68:19:49:f8:26:88:17:
                    d5:00:14:7a:9b:53:18:76:a9:a0:8b:89:53:70:a3:
                    94:1b:cc:28:b0:77:59:6c:48:db:f0:9b:e9:5d:8d:
                    21:04:23:c2:2c:cb:f9:91:3d:76:43:4d:3c:86:46:
                    18:9d:3f:ba:7a:6f:f2:83:7d:e3:6b:06:c7:75:82:
                    b6:d5:cf:0e:30:44:41:75:2d:6e:35:58:cf:c7:87:
                    7d:a2:68:0b:a2:74:3c:f9:dd:ed:e9:a0:16:22:78:
                    28:07:4b:e6:24:28:60:9e:09:73:da:c7:de:ef:cc:
                    41:62:0c:91:0c:a9:99:88:f5:23:2a:9c:df:40:cd:
                    ce:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:7E:D5:66:C2:61:F3:B3:B7:28:70:9E:94:AD:E9:4F:25:1A:32:17
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/_X7VZsJh87O3KHCelK3pTyUaMhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.8.0/23
                  193.227.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:7a:a6:7b:02:9f:72:63:4a:88:b3:1b:49:29:a8:6f:38:cd:
         4d:c2:9f:e6:57:d4:a4:89:ca:99:63:f8:e5:58:ee:27:c7:e9:
         6a:76:84:11:81:68:11:98:3d:c4:20:07:4a:a7:58:c2:0c:11:
         05:b9:38:e4:4b:09:bf:32:2f:74:d9:6e:d1:77:99:ed:16:cd:
         ca:43:76:3a:7f:24:d4:93:fb:57:74:1f:6c:4c:c4:9b:f1:66:
         aa:e2:df:e0:13:fa:be:4a:0c:e1:1b:e5:57:5a:a1:0b:9f:a7:
         6c:99:1d:b8:6b:2d:c6:93:bd:f8:6a:86:87:39:30:06:1f:a4:
         0f:86:12:84:8a:48:a4:68:4c:71:67:eb:97:e4:d9:ca:31:9f:
         3e:c5:81:34:84:04:89:49:99:d8:da:a4:8d:73:45:68:c8:27:
         e2:21:29:db:59:59:e5:47:98:06:38:50:46:c9:9b:23:16:9f:
         5b:0f:5d:ca:d3:52:40:b6:dd:d9:7c:f6:ef:c9:80:2a:d9:c7:
         ce:85:ca:84:fd:22:a5:43:c2:a0:1f:93:3b:ab:62:0b:fa:ae:
         08:c5:94:9b:9e:a0:7c:b8:83:b4:2c:ca:e2:5e:91:fd:2d:d2:
         f0:60:88:dd:ad:71:2f:b5:04:4a:d3:3a:10:d7:69:a9:de:d6:
         35:60:27:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS2SbVOsZCQ61Osr5DeaZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjQwMTAxMTgzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDdlZDU2NmMyNjFmM2IzYjcyODcwOWU5NGFkZTk0ZjI1MWEzMjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ecMqltZ+sRGQcbMwUoHZVX0+woo
LnqehcaXCFuOnk8P6Sc9keqSCEB+uBISwM5RWpnQ0AbyJsome2UcBxvcLj0388Go
raN+8Mc+NVBpCLrSlpYF+HENsa2SS7+3nzupysBtbgsZ3oCIg6gZKfG7YPH0uaPd
EpSqL6j7EmpkxGgZSfgmiBfVABR6m1MYdqmgi4lTcKOUG8wosHdZbEjb8JvpXY0h
BCPCLMv5kT12Q008hkYYnT+6em/yg33jawbHdYK21c8OMERBdS1uNVjPx4d9omgL
onQ8+d3t6aAWIngoB0vmJChgnglz2sfe78xBYgyRDKmZiPUjKpzfQM3OuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP1+1WbCYfOztyhwnpSt6U8lGjIXMB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEvX1g3VlpzSmg4N08zS0hDZWxLM3BUeVVhTWhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLZkIAwQA
weN5MA0GCSqGSIb3DQEBCwUAA4IBAQDReqZ7Ap9yY0qIsxtJKahvOM1Nwp/mV9Sk
icqZY/jlWO4nx+lqdoQRgWgRmD3EIAdKp1jCDBEFuTjkSwm/Mi902W7Rd5ntFs3K
Q3Y6fyTUk/tXdB9sTMSb8Waq4t/gE/q+SgzhG+VXWqELn6dsmR24ay3Gk734aoaH
OTAGH6QPhhKEikikaExxZ+uX5NnKMZ8+xYE0hASJSZnY2qSNc0VoyCfiISnbWVnl
R5gGOFBGyZsjFp9bD13K01JAtt3ZfPbvyYAq2cfOhcqE/SKlQ8KgH5M7q2IL+q4I
xZSbnqB8uIO0LMriXpH9LdLwYIjdrXEvtQRK0zoQ12mp3tY1YCdk
-----END CERTIFICATE-----