Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/7xJzZuXVkw14u4HIKBgu9T528JM.roa
File:                     7xJzZuXVkw14u4HIKBgu9T528JM.roa (raw, json)
Hash identifier:          srQ3RyevNjwc4jKrZflbpcqjf4hiN6EaOh0ZilNd5Ec=
Subject key identifier:   EF:12:73:66:E5:D5:93:0D:78:BB:81:C8:28:18:2E:F5:3E:76:F0:93
Certificate issuer:       /CN=b82e7b8068c4ae9ae4ca4c3a6b2096199a741ff2
Certificate serial:       018CC79459408BAB93500771A09ADF0D2589
Authority key identifier: B8:2E:7B:80:68:C4:AE:9A:E4:CA:4C:3A:6B:20:96:19:9A:74:1F:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uC57gGjErprkykw6ayCWGZp0H_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/7xJzZuXVkw14u4HIKBgu9T528JM.roa
Signing time:             Tue 02 Jan 2024 00:30:37 +0000
ROA not before:           Tue 02 Jan 2024 00:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43444
IP address blocks:        178.159.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/uC57gGjErprkykw6ayCWGZp0H_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/uC57gGjErprkykw6ayCWGZp0H_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uC57gGjErprkykw6ayCWGZp0H_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:59:40:8b:ab:93:50:07:71:a0:9a:df:0d:25:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b82e7b8068c4ae9ae4ca4c3a6b2096199a741ff2
        Validity
            Not Before: Jan  2 00:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef127366e5d5930d78bb81c828182ef53e76f093
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:1b:c0:eb:51:e5:b5:12:62:d2:1f:d9:4e:0b:
                    5b:9f:15:79:bf:c8:5e:22:e8:99:bf:59:5d:25:86:
                    e9:0b:c2:3d:58:a1:fd:6a:ad:e0:f9:25:d8:19:f3:
                    e1:f7:b6:53:27:2e:3e:b8:9b:50:93:76:47:a8:bf:
                    37:53:d2:99:10:0b:6c:6b:99:d8:4b:17:ee:8d:ee:
                    b5:8c:a5:09:16:00:08:8c:a2:9b:69:7a:d2:de:87:
                    61:06:f5:d1:20:7e:94:b8:c9:2b:85:e7:9c:80:2e:
                    0d:0f:b5:81:76:e4:71:ea:e6:f2:ca:fd:d7:28:ba:
                    14:8e:5b:2d:b1:4d:52:d7:cb:34:99:37:a8:d4:09:
                    a4:81:32:2e:e3:ad:89:40:d7:2e:f5:c1:c2:84:4e:
                    33:08:07:78:1b:7d:a6:82:8b:15:ad:49:6d:2e:d8:
                    3c:74:c2:a2:f5:80:cc:f0:31:17:48:c0:b6:d3:23:
                    2b:b3:7e:15:6b:74:e0:01:d1:fe:ff:83:1a:28:d2:
                    aa:b1:48:6b:c7:81:0f:7e:eb:23:b5:82:06:bb:3c:
                    8b:b0:34:d3:ab:6b:ad:32:59:31:66:af:74:8d:e5:
                    f4:f4:80:3f:c6:98:92:a8:25:18:38:f7:13:e5:f0:
                    b0:39:60:98:a7:9e:10:45:e9:b7:05:4f:59:5c:bf:
                    a9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:12:73:66:E5:D5:93:0D:78:BB:81:C8:28:18:2E:F5:3E:76:F0:93
            X509v3 Authority Key Identifier:
                keyid:B8:2E:7B:80:68:C4:AE:9A:E4:CA:4C:3A:6B:20:96:19:9A:74:1F:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uC57gGjErprkykw6ayCWGZp0H_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/7xJzZuXVkw14u4HIKBgu9T528JM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/uC57gGjErprkykw6ayCWGZp0H_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.159.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:dc:ce:29:84:1a:88:35:af:83:e0:da:89:38:29:02:ca:4b:
         c9:ba:d3:fb:f9:15:a2:75:e6:fe:44:04:f6:98:6b:b7:89:b1:
         ce:10:1e:82:19:a5:c8:42:17:a6:5d:30:a9:10:62:f1:61:be:
         82:25:77:f9:98:50:7d:3b:0e:d6:5b:6c:37:b4:3d:e6:bd:e1:
         fe:f8:d6:a7:18:af:25:bc:2e:cc:d8:84:ce:9d:fb:ba:03:a4:
         eb:f2:df:51:70:c1:2b:fe:05:ba:6d:c9:83:07:f9:fe:ce:88:
         b2:37:05:d4:a8:6b:bf:07:01:29:78:d9:fc:88:17:b3:aa:13:
         31:1c:8a:fd:05:a6:01:2f:cc:9d:95:db:2b:78:5a:b8:ce:d9:
         a9:14:f6:47:6d:53:10:96:c1:a8:66:4d:d0:4d:f3:db:67:8f:
         7e:1a:0c:82:e9:52:19:bb:15:c8:93:ac:15:ae:71:9a:a2:06:
         4d:c9:c3:ee:58:9f:53:c7:fd:fe:b1:17:75:9d:45:33:d9:b7:
         ab:5d:72:8a:3f:c1:93:40:11:50:a8:23:59:aa:fa:b2:62:6e:
         d8:d8:dc:ed:8c:16:8a:e5:3d:51:bc:a0:4c:3f:55:4f:06:4a:
         b2:64:39:0e:9f:bf:be:0f:b8:9b:dc:e8:c5:d0:2f:5a:9f:a9:
         b1:a3:99:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlFlAi6uTUAdxoJrfDSWJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MmU3YjgwNjhjNGFlOWFlNGNhNGMzYTZiMjA5NjE5OWE3
NDFmZjIwHhcNMjQwMTAyMDAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjEyNzM2NmU1ZDU5MzBkNzhiYjgxYzgyODE4MmVmNTNlNzZmMDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRvA61HltRJi0h/ZTgtbnxV5v8he
IuiZv1ldJYbpC8I9WKH9aq3g+SXYGfPh97ZTJy4+uJtQk3ZHqL83U9KZEAtsa5nY
Sxfuje61jKUJFgAIjKKbaXrS3odhBvXRIH6UuMkrheecgC4ND7WBduRx6ubyyv3X
KLoUjlstsU1S18s0mTeo1AmkgTIu462JQNcu9cHChE4zCAd4G32mgosVrUltLtg8
dMKi9YDM8DEXSMC20yMrs34Va3TgAdH+/4MaKNKqsUhrx4EPfusjtYIGuzyLsDTT
q2utMlkxZq90jeX09IA/xpiSqCUYOPcT5fCwOWCYp54QRem3BU9ZXL+pRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO8Sc2bl1ZMNeLuByCgYLvU+dvCTMB8GA1UdIwQY
MBaAFLgue4BoxK6a5MpMOmsglhmadB/yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUM1N2dHakVycHJreWt3NmF5Q1dHWnAwSF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8yOWM5MTUtMmNiYy00NzY4LTg0MGMt
YWFkZmE5YzA2NzQyLzEvN3hKelp1WFZrdzE0dTRISUtCZ3U5VDUyOEpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8yOWM5MTUtMmNiYy00NzY4LTg0MGMtYWFkZmE5YzA2NzQy
LzEvdUM1N2dHakVycHJreWt3NmF5Q1dHWnAwSF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsp9jMA0G
CSqGSIb3DQEBCwUAA4IBAQCR3M4phBqINa+D4NqJOCkCykvJutP7+RWideb+RAT2
mGu3ibHOEB6CGaXIQhemXTCpEGLxYb6CJXf5mFB9Ow7WW2w3tD3mveH++NanGK8l
vC7M2ITOnfu6A6Tr8t9RcMEr/gW6bcmDB/n+zoiyNwXUqGu/BwEpeNn8iBezqhMx
HIr9BaYBL8ydldsreFq4ztmpFPZHbVMQlsGoZk3QTfPbZ49+GgyC6VIZuxXIk6wV
rnGaogZNycPuWJ9Tx/3+sRd1nUUz2berXXKKP8GTQBFQqCNZqvqyYm7Y2NztjBaK
5T1RvKBMP1VPBkqyZDkOn7++D7ib3OjF0C9an6mxo5nf
-----END CERTIFICATE-----