Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/7HE6VFnxNrxsGEl0Cc9SwzGx7eE.roa
File:                     7HE6VFnxNrxsGEl0Cc9SwzGx7eE.roa (raw, json)
Hash identifier:          D4VKUz51nPOAqP8jpwvX6nIoEcNB/kytOgLIJeYESzE=
Subject key identifier:   EC:71:3A:54:59:F1:36:BC:6C:18:49:74:09:CF:52:C3:31:B1:ED:E1
Certificate issuer:       /CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
Certificate serial:       018CC7272FE0091BCA86AF68C6108B134934
Authority key identifier: 94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/7HE6VFnxNrxsGEl0Cc9SwzGx7eE.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        45.80.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 16:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:2f:e0:09:1b:ca:86:af:68:c6:10:8b:13:49:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec713a5459f136bc6c18497409cf52c331b1ede1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:63:86:8e:aa:41:53:07:5c:d4:e6:b8:c4:1b:
                    4b:a7:c2:2c:3b:10:59:dc:55:fe:2d:34:da:14:da:
                    bf:45:09:0a:18:4e:17:8d:99:75:59:c4:ed:29:c4:
                    66:55:ce:2c:eb:35:cb:2e:8b:1c:e3:27:25:7d:0f:
                    07:ac:c5:93:28:dd:25:b4:f2:f6:1c:b9:05:c7:9c:
                    39:98:ac:75:99:b4:c7:11:b2:94:2d:df:f4:a9:b0:
                    2e:51:93:2f:a5:9e:8b:35:dc:19:77:f6:eb:75:c0:
                    9f:95:9d:2b:67:31:36:0e:72:cc:2b:27:f0:7e:27:
                    af:78:28:ff:3a:bb:a7:32:23:ab:b7:a9:71:41:14:
                    f1:61:e8:69:e8:3b:ba:e2:9c:73:9d:dd:1d:16:ed:
                    a9:86:3b:31:ca:b9:97:81:6b:8f:93:53:e9:8e:69:
                    2c:f0:4b:f7:2d:62:e8:f9:39:ea:4b:77:f8:c6:64:
                    d9:89:1d:3d:cb:9b:11:9e:68:6e:72:1c:38:b8:7a:
                    6a:3e:88:98:e5:b3:21:66:e3:4a:a7:05:9c:5e:ce:
                    75:56:5d:30:f0:c2:17:c5:bb:18:12:fe:61:61:85:
                    f1:a3:bb:f9:95:d6:f5:42:a5:b0:35:fc:47:72:0d:
                    0f:46:4c:d1:e9:16:8d:2b:f6:10:e0:3c:56:fe:39:
                    6c:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:71:3A:54:59:F1:36:BC:6C:18:49:74:09:CF:52:C3:31:B1:ED:E1
            X509v3 Authority Key Identifier:
                keyid:94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/7HE6VFnxNrxsGEl0Cc9SwzGx7eE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:bf:a2:10:a7:39:bf:e4:a2:65:51:16:7e:cb:39:a9:e0:b0:
         de:f5:2a:4e:3f:aa:36:fd:69:9c:23:a8:d0:41:16:9b:9d:f9:
         4e:2d:ee:3a:3c:1f:07:21:c9:a3:14:da:64:a0:c6:a1:c8:4d:
         9f:91:9f:fb:9e:56:7c:94:84:54:a3:a7:a1:03:7b:1d:51:a7:
         89:b9:d1:52:71:d1:cf:a9:29:c6:11:c4:f9:9c:d8:0c:76:d8:
         2b:a6:25:c7:52:cf:0a:a6:40:32:17:56:0a:fa:25:01:ce:36:
         9f:50:5b:6f:90:c5:7b:8c:5a:17:17:5f:fc:85:a1:a4:86:ff:
         91:11:e5:01:0e:e4:c1:14:54:3b:16:7c:15:c8:f1:05:aa:a9:
         6d:a0:73:86:66:c2:13:ce:25:d8:6e:c9:29:74:9b:50:5b:bd:
         72:21:60:a1:3f:8e:0f:ec:f3:54:e5:f9:d0:bc:b4:02:38:16:
         a4:1c:b4:37:78:ee:32:55:4a:54:e9:a4:d6:1d:67:92:c3:58:
         a7:00:65:2a:14:0c:dd:45:60:ca:d4:a7:42:67:eb:0d:92:dc:
         04:ed:a3:5e:cb:c8:fd:e7:85:70:0c:1c:5b:10:ee:1c:4d:d1:
         bf:75:1c:90:fd:6e:0c:ea:58:c0:39:45:8b:ba:11:97:85:ea:
         f4:66:37:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJy/gCRvKhq9oxhCLE0k0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZTU5ZDI0NWQxNTBkYzM4YzQ4OTYyNjNkY2JkY2JiZDY3
NDcwYTcwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzcxM2E1NDU5ZjEzNmJjNmMxODQ5NzQwOWNmNTJjMzMxYjFlZGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGOGjqpBUwdc1Oa4xBtLp8IsOxBZ
3FX+LTTaFNq/RQkKGE4XjZl1WcTtKcRmVc4s6zXLLosc4yclfQ8HrMWTKN0ltPL2
HLkFx5w5mKx1mbTHEbKULd/0qbAuUZMvpZ6LNdwZd/brdcCflZ0rZzE2DnLMKyfw
fieveCj/OrunMiOrt6lxQRTxYehp6Du64pxznd0dFu2phjsxyrmXgWuPk1Ppjmks
8Ev3LWLo+TnqS3f4xmTZiR09y5sRnmhuchw4uHpqPoiY5bMhZuNKpwWcXs51Vl0w
8MIXxbsYEv5hYYXxo7v5ldb1QqWwNfxHcg0PRkzR6RaNK/YQ4DxW/jlspwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOxxOlRZ8Ta8bBhJdAnPUsMxse3hMB8GA1UdIwQY
MBaAFJTlnSRdFQ3DjEiWJj3L3LvWdHCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDIt
ZWU5NWI2Y2MzNDc0LzEvN0hFNlZGbnhOcnhzR0VsMENjOVN3ekd4N2VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDItZWU5NWI2Y2MzNDc0
LzEvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVAdMA0G
CSqGSIb3DQEBCwUAA4IBAQCWv6IQpzm/5KJlURZ+yzmp4LDe9SpOP6o2/WmcI6jQ
QRabnflOLe46PB8HIcmjFNpkoMahyE2fkZ/7nlZ8lIRUo6ehA3sdUaeJudFScdHP
qSnGEcT5nNgMdtgrpiXHUs8KpkAyF1YK+iUBzjafUFtvkMV7jFoXF1/8haGkhv+R
EeUBDuTBFFQ7FnwVyPEFqqltoHOGZsITziXYbskpdJtQW71yIWChP44P7PNU5fnQ
vLQCOBakHLQ3eO4yVUpU6aTWHWeSw1inAGUqFAzdRWDK1KdCZ+sNktwE7aNey8j9
54VwDBxbEO4cTdG/dRyQ/W4M6ljAOUWLuhGXher0ZjfG
-----END CERTIFICATE-----