Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/7zVc7wmUZnjAPdAtLO46mzekulE.roa
File:                     7zVc7wmUZnjAPdAtLO46mzekulE.roa (raw, json)
Hash identifier:          Ayi3lpkHD04ZTNGDvAY6GkZuUDnwqVYMAqpx0EOO/qE=
Subject key identifier:   EF:35:5C:EF:09:94:66:78:C0:3D:D0:2D:2C:EE:3A:9B:37:A4:BA:51
Certificate issuer:       /CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
Certificate serial:       018CC2DB01DEEC36272A5B0A1468CA5E6636
Authority key identifier: 98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/7zVc7wmUZnjAPdAtLO46mzekulE.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201838
IP address blocks:        45.90.200.0/22 maxlen: 24
                          45.145.148.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:01:de:ec:36:27:2a:5b:0a:14:68:ca:5e:66:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef355cef09946678c03dd02d2cee3a9b37a4ba51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7b:e1:eb:75:7d:4a:90:19:1c:39:45:a1:b1:
                    6e:1f:91:36:f9:84:77:bb:66:01:56:2a:43:15:b9:
                    f8:ec:da:95:b8:ff:3c:43:bf:29:82:f7:2a:a7:20:
                    6e:cb:2d:36:5a:ad:19:4b:5a:68:98:c9:45:59:73:
                    6e:f3:dc:f0:2f:8c:86:ef:8f:24:77:06:4f:42:4c:
                    19:d7:5a:40:2f:ca:7b:50:1a:7a:01:ad:d7:6b:2b:
                    d0:e7:d6:da:7a:88:55:37:89:b9:61:49:b9:82:aa:
                    6b:b4:62:9c:e5:d3:90:c2:55:d0:8e:bd:cb:80:7f:
                    7a:b5:08:59:78:25:32:28:b3:61:2b:3a:bb:be:51:
                    60:1c:e6:dc:6a:19:f5:f2:ab:0d:38:86:b1:5c:ad:
                    e8:46:57:19:10:25:50:e0:76:72:22:45:7f:14:8c:
                    36:e6:93:85:2b:2a:7f:4b:ed:46:f6:06:3f:e3:9f:
                    c5:49:a9:25:ea:85:bb:f0:83:da:5b:2d:e5:cf:1d:
                    1a:cc:d2:62:8c:e8:a0:ab:92:68:d7:be:9c:49:13:
                    65:2f:0d:fb:82:07:a8:a2:b1:4d:04:01:1d:34:e7:
                    86:51:1a:fe:05:04:34:c4:75:f2:1b:32:58:0e:8d:
                    fb:d5:05:a9:b4:89:05:14:49:ec:5c:35:a5:62:15:
                    fd:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:35:5C:EF:09:94:66:78:C0:3D:D0:2D:2C:EE:3A:9B:37:A4:BA:51
            X509v3 Authority Key Identifier:
                keyid:98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/7zVc7wmUZnjAPdAtLO46mzekulE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.200.0/22
                  45.145.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:01:8f:df:ab:42:bb:4f:e1:da:8e:10:d3:bb:11:40:da:30:
         63:54:0d:b1:56:1d:87:84:4b:c3:60:6f:61:70:72:ca:ba:0c:
         81:06:80:06:fa:14:86:37:03:e5:4f:69:8d:b9:33:11:f7:08:
         20:b1:4f:2e:07:39:79:73:ca:de:2b:aa:6a:c7:94:79:78:52:
         94:ce:f8:2e:79:eb:b8:a4:2f:56:b2:6e:51:32:c2:28:cf:15:
         47:03:52:8a:28:00:45:03:98:b7:5a:1f:8c:0f:78:7c:cc:f9:
         c2:88:8f:58:93:53:83:79:4e:b3:73:c5:d8:13:7e:03:8d:42:
         78:2a:6e:20:0e:22:ea:35:14:dd:2f:aa:e6:cf:8b:36:df:57:
         e7:14:0c:40:86:27:53:92:7c:57:ce:2a:5f:2d:ac:31:2d:b7:
         34:61:a6:6c:dc:28:b3:a8:36:d5:c6:ac:6a:33:12:07:8b:b2:
         b2:58:00:93:1a:7e:7e:1d:88:6e:74:d2:15:92:4a:18:8c:35:
         9c:3a:cd:fa:26:fc:c3:d9:52:e5:c3:47:52:2e:04:14:0c:ca:
         dd:03:ed:e6:46:ed:dd:ca:5e:4b:b6:73:75:54:cd:dd:e9:82:
         43:b4:34:b0:46:96:c5:ca:fe:20:1d:7a:5b:e5:09:a5:6a:db:
         78:3c:b3:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2wHe7DYnKlsKFGjKXmY2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjhhMTk5MmJiODAzN2RkZTgxZDBjOGNkYzA2OTVmY2Vl
MTdjMjcwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjM1NWNlZjA5OTQ2Njc4YzAzZGQwMmQyY2VlM2E5YjM3YTRiYTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnvh63V9SpAZHDlFobFuH5E2+YR3
u2YBVipDFbn47NqVuP88Q78pgvcqpyBuyy02Wq0ZS1pomMlFWXNu89zwL4yG748k
dwZPQkwZ11pAL8p7UBp6Aa3XayvQ59baeohVN4m5YUm5gqprtGKc5dOQwlXQjr3L
gH96tQhZeCUyKLNhKzq7vlFgHObcahn18qsNOIaxXK3oRlcZECVQ4HZyIkV/FIw2
5pOFKyp/S+1G9gY/45/FSakl6oW78IPaWy3lzx0azNJijOigq5Jo176cSRNlLw37
ggeoorFNBAEdNOeGURr+BQQ0xHXyGzJYDo371QWptIkFFEnsXDWlYhX97QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO81XO8JlGZ4wD3QLSzuOps3pLpRMB8GA1UdIwQY
MBaAFJhooZkruAN93oHQyM3AaV/O4XwnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2It
ZDc4ZDU2MzFkN2Y2LzEvN3pWYzd3bVVabmpBUGRBdExPNDZtemVrdWxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2ItZDc4ZDU2MzFkN2Y2
LzEvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVrIAwQC
LZGUMA0GCSqGSIb3DQEBCwUAA4IBAQBtAY/fq0K7T+HajhDTuxFA2jBjVA2xVh2H
hEvDYG9hcHLKugyBBoAG+hSGNwPlT2mNuTMR9wggsU8uBzl5c8reK6pqx5R5eFKU
zvgueeu4pC9Wsm5RMsIozxVHA1KKKABFA5i3Wh+MD3h8zPnCiI9Yk1ODeU6zc8XY
E34DjUJ4Km4gDiLqNRTdL6rmz4s231fnFAxAhidTknxXzipfLawxLbc0YaZs3Ciz
qDbVxqxqMxIHi7KyWACTGn5+HYhudNIVkkoYjDWcOs36JvzD2VLlw0dSLgQUDMrd
A+3mRu3dyl5LtnN1VM3d6YJDtDSwRpbFyv4gHXpb5Qmlatt4PLNX
-----END CERTIFICATE-----