Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/7cfc68-47b8-4628-b42f-9529bccbbb14/1/H7NryRhsTB88AEPA7-axy1B9Bnw.roa
File:                     H7NryRhsTB88AEPA7-axy1B9Bnw.roa (raw, json)
Hash identifier:          Y/QFTaELz4QTjODxY0Ox7LKUb8C7z/HSVMsOaA/36ak=
Subject key identifier:   1F:B3:6B:C9:18:6C:4C:1F:3C:00:43:C0:EF:E6:B1:CB:50:7D:06:7C
Certificate issuer:       /CN=2eb4d4de4084f3c8e1a4f6d4d3553907ab0c808a
Certificate serial:       018CC727517C54C64BC6BFF880E9257C0707
Authority key identifier: 2E:B4:D4:DE:40:84:F3:C8:E1:A4:F6:D4:D3:55:39:07:AB:0C:80:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LrTU3kCE88jhpPbU01U5B6sMgIo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/7cfc68-47b8-4628-b42f-9529bccbbb14/1/H7NryRhsTB88AEPA7-axy1B9Bnw.roa
Signing time:             Mon 01 Jan 2024 22:31:31 +0000
ROA not before:           Mon 01 Jan 2024 22:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        45.11.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/7cfc68-47b8-4628-b42f-9529bccbbb14/1/LrTU3kCE88jhpPbU01U5B6sMgIo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/7cfc68-47b8-4628-b42f-9529bccbbb14/1/LrTU3kCE88jhpPbU01U5B6sMgIo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LrTU3kCE88jhpPbU01U5B6sMgIo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:51:7c:54:c6:4b:c6:bf:f8:80:e9:25:7c:07:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2eb4d4de4084f3c8e1a4f6d4d3553907ab0c808a
        Validity
            Not Before: Jan  1 22:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fb36bc9186c4c1f3c0043c0efe6b1cb507d067c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:6d:78:25:0c:38:13:a9:cf:4b:5c:35:94:7d:
                    0b:0a:f7:5d:72:58:27:66:51:00:61:10:74:b1:da:
                    29:68:58:5b:e3:7c:0e:2d:1c:3f:0b:8a:74:4b:35:
                    b7:10:29:d5:3e:54:49:d4:da:ad:36:c1:35:9c:ad:
                    83:47:f8:71:b3:62:66:92:0f:1c:46:c6:33:fe:7c:
                    2f:f9:cb:13:e8:9e:f1:c2:58:ca:32:fd:b0:a5:f4:
                    11:40:d2:2d:31:4a:f7:41:6b:4a:43:92:9e:7d:ac:
                    d3:ac:aa:fc:77:bb:fc:a8:05:27:78:79:1b:90:74:
                    d6:54:77:5c:20:22:4d:f2:e5:09:ba:11:74:b0:08:
                    1e:ef:9a:37:a0:7e:a1:fe:31:15:86:a0:71:e0:b5:
                    88:e6:e5:d4:85:8e:6f:2e:5a:78:ed:13:a8:dd:5d:
                    1b:fe:57:b2:06:56:53:1d:08:40:54:ca:54:20:94:
                    03:ae:39:09:5d:2d:c5:bb:6f:64:46:7d:e7:a2:e4:
                    52:16:0e:74:24:f1:45:ab:24:91:da:71:44:00:c1:
                    90:68:4b:c0:a1:08:31:f3:29:e1:26:46:18:3c:5b:
                    37:1e:fc:5f:bd:bd:20:ee:af:bd:d0:8b:9c:86:61:
                    0a:cb:ba:8d:28:ee:a9:15:78:b4:56:dd:93:33:c6:
                    8c:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:B3:6B:C9:18:6C:4C:1F:3C:00:43:C0:EF:E6:B1:CB:50:7D:06:7C
            X509v3 Authority Key Identifier:
                keyid:2E:B4:D4:DE:40:84:F3:C8:E1:A4:F6:D4:D3:55:39:07:AB:0C:80:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LrTU3kCE88jhpPbU01U5B6sMgIo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/7cfc68-47b8-4628-b42f-9529bccbbb14/1/H7NryRhsTB88AEPA7-axy1B9Bnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/7cfc68-47b8-4628-b42f-9529bccbbb14/1/LrTU3kCE88jhpPbU01U5B6sMgIo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:ee:ae:6b:75:c9:6d:4b:8c:ea:a8:8a:8a:94:9b:1a:21:fa:
         f7:93:b0:cf:6f:64:f4:28:bb:75:c1:a4:a2:8f:36:15:03:a3:
         0f:a2:cc:fb:b5:4c:8d:36:e3:eb:2c:d0:a5:2f:73:18:05:a4:
         c0:97:a4:b8:e6:02:7a:29:a2:d5:e1:0d:f9:68:62:f0:7f:0c:
         73:27:d9:41:0c:02:e0:9f:25:75:b1:15:20:9f:e6:70:d1:71:
         7f:35:1c:77:cd:39:e8:6b:62:bc:83:df:ad:2e:22:bc:c1:af:
         a8:64:8f:ee:7c:14:ce:82:97:09:32:47:45:1e:4f:92:a3:95:
         b3:d1:c6:ed:70:97:c0:18:32:cc:b9:91:3a:b4:04:f0:bd:92:
         10:5f:7b:b9:e3:b2:4b:12:ec:3f:3b:2d:be:12:ee:37:d8:b9:
         70:cc:37:7f:bb:00:08:38:6e:22:97:90:6b:b3:a6:da:36:b0:
         97:71:4d:e3:b4:0c:37:f3:ac:5a:bf:5b:5b:cb:5f:d5:96:43:
         4a:70:a3:2b:1f:fc:d6:53:98:77:ad:6d:b4:35:ab:46:9a:66:
         44:00:03:fc:3b:a6:1b:28:78:da:ed:35:54:b7:dd:26:81:fc:
         92:c8:a8:a9:21:d5:41:a4:5d:ee:ad:08:4b:b0:a4:04:5d:c7:
         fc:58:b3:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1F8VMZLxr/4gOklfAcHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlYjRkNGRlNDA4NGYzYzhlMWE0ZjZkNGQzNTUzOTA3YWIw
YzgwOGEwHhcNMjQwMTAxMjIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmIzNmJjOTE4NmM0YzFmM2MwMDQzYzBlZmU2YjFjYjUwN2QwNjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh214JQw4E6nPS1w1lH0LCvddclgn
ZlEAYRB0sdopaFhb43wOLRw/C4p0SzW3ECnVPlRJ1NqtNsE1nK2DR/hxs2Jmkg8c
RsYz/nwv+csT6J7xwljKMv2wpfQRQNItMUr3QWtKQ5KefazTrKr8d7v8qAUneHkb
kHTWVHdcICJN8uUJuhF0sAge75o3oH6h/jEVhqBx4LWI5uXUhY5vLlp47ROo3V0b
/leyBlZTHQhAVMpUIJQDrjkJXS3Fu29kRn3nouRSFg50JPFFqySR2nFEAMGQaEvA
oQgx8ynhJkYYPFs3Hvxfvb0g7q+90IuchmEKy7qNKO6pFXi0Vt2TM8aM2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+za8kYbEwfPABDwO/msctQfQZ8MB8GA1UdIwQY
MBaAFC601N5AhPPI4aT21NNVOQerDICKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHJUVTNrQ0U4OGpocFBiVTAxVTVCNnNNZ0lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS83Y2ZjNjgtNDdiOC00NjI4LWI0MmYt
OTUyOWJjY2JiYjE0LzEvSDdOcnlSaHNUQjg4QUVQQTctYXh5MUI5Qm53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS83Y2ZjNjgtNDdiOC00NjI4LWI0MmYtOTUyOWJjY2JiYjE0
LzEvTHJUVTNrQ0U4OGpocFBiVTAxVTVCNnNNZ0lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQtAMA0G
CSqGSIb3DQEBCwUAA4IBAQBm7q5rdcltS4zqqIqKlJsaIfr3k7DPb2T0KLt1waSi
jzYVA6MPosz7tUyNNuPrLNClL3MYBaTAl6S45gJ6KaLV4Q35aGLwfwxzJ9lBDALg
nyV1sRUgn+Zw0XF/NRx3zTnoa2K8g9+tLiK8wa+oZI/ufBTOgpcJMkdFHk+So5Wz
0cbtcJfAGDLMuZE6tATwvZIQX3u547JLEuw/Oy2+Eu432LlwzDd/uwAIOG4il5Br
s6baNrCXcU3jtAw386xav1tby1/VlkNKcKMrH/zWU5h3rW20NatGmmZEAAP8O6Yb
KHja7TVUt90mgfySyKipIdVBpF3urQhLsKQEXcf8WLNx
-----END CERTIFICATE-----