Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/b7f839-c680-45ea-a8ee-13087bebd1e4/1/x7G3_EedMag96ih44LzaGzQiIXA.roa
File:                     x7G3_EedMag96ih44LzaGzQiIXA.roa (raw, json)
Hash identifier:          4M93Q/AO/Zond7mH/1XhwlY2MInfgCW17LkqVTCTkWw=
Subject key identifier:   C7:B1:B7:FC:47:9D:31:A8:3D:EA:28:78:E0:BC:DA:1B:34:22:21:70
Certificate issuer:       /CN=4c0006e05896f6ffb30161e7c8dda2f9ad05b561
Certificate serial:       018CC26D3CA9EE539A7DB5E94775119C5835
Authority key identifier: 4C:00:06:E0:58:96:F6:FF:B3:01:61:E7:C8:DD:A2:F9:AD:05:B5:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TAAG4FiW9v-zAWHnyN2i-a0FtWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/b7f839-c680-45ea-a8ee-13087bebd1e4/1/x7G3_EedMag96ih44LzaGzQiIXA.roa
Signing time:             Mon 01 Jan 2024 00:29:47 +0000
ROA not before:           Mon 01 Jan 2024 00:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        45.133.144.0/24 maxlen: 24
                          45.133.144.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/b7f839-c680-45ea-a8ee-13087bebd1e4/1/TAAG4FiW9v-zAWHnyN2i-a0FtWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/b7f839-c680-45ea-a8ee-13087bebd1e4/1/TAAG4FiW9v-zAWHnyN2i-a0FtWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TAAG4FiW9v-zAWHnyN2i-a0FtWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3c:a9:ee:53:9a:7d:b5:e9:47:75:11:9c:58:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c0006e05896f6ffb30161e7c8dda2f9ad05b561
        Validity
            Not Before: Jan  1 00:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7b1b7fc479d31a83dea2878e0bcda1b34222170
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:10:5d:68:e9:67:b6:39:43:c6:73:cd:a4:e6:
                    45:0e:a3:e9:70:2b:ea:82:a7:f0:34:e8:df:36:89:
                    5d:a3:4e:9a:10:1a:48:27:29:96:0a:2c:cb:07:db:
                    85:22:b3:55:bb:ef:5c:92:ab:a7:63:f2:d6:56:ac:
                    14:d8:33:65:92:fc:52:ba:bf:a3:fe:d8:5d:c4:79:
                    3a:49:a5:b3:50:5a:1e:eb:58:11:10:a6:1b:60:e9:
                    2e:7a:fb:65:67:3f:11:df:e1:21:3c:80:cf:12:fe:
                    b9:c2:e2:96:80:6d:9c:33:f4:ad:79:9e:2b:26:25:
                    01:71:56:de:12:8e:e3:77:65:b5:7a:4e:b3:5d:f4:
                    20:74:3d:a3:83:55:dd:7a:97:66:65:57:1f:48:97:
                    5b:ab:4f:a0:51:93:08:2d:65:91:5c:d9:0c:ce:54:
                    d0:fe:9b:f0:35:90:9a:0e:04:6f:1c:d7:bd:4c:2a:
                    b3:c7:df:bc:e0:30:66:c1:71:2d:c4:9a:38:79:0c:
                    81:34:72:b9:03:9d:04:0f:62:3a:27:51:bb:64:ee:
                    5a:f6:21:ef:b5:3d:d4:8f:5a:c4:7a:39:24:da:3c:
                    dc:fa:f2:73:c7:05:99:2c:94:ff:65:5e:9b:4a:54:
                    b6:62:81:a9:4f:23:7d:38:82:b1:d0:8f:ed:d2:97:
                    94:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:B1:B7:FC:47:9D:31:A8:3D:EA:28:78:E0:BC:DA:1B:34:22:21:70
            X509v3 Authority Key Identifier:
                keyid:4C:00:06:E0:58:96:F6:FF:B3:01:61:E7:C8:DD:A2:F9:AD:05:B5:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TAAG4FiW9v-zAWHnyN2i-a0FtWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/b7f839-c680-45ea-a8ee-13087bebd1e4/1/x7G3_EedMag96ih44LzaGzQiIXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/b7f839-c680-45ea-a8ee-13087bebd1e4/1/TAAG4FiW9v-zAWHnyN2i-a0FtWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:40:76:66:a5:29:28:fc:2b:fc:da:a2:48:08:12:a0:10:1a:
         8d:f4:9b:59:af:a7:5b:e0:55:36:72:47:ca:97:fe:fe:95:49:
         46:5e:e0:bd:10:3b:e5:91:67:ec:5b:12:e3:67:df:e9:57:54:
         04:11:1f:46:d7:41:1b:16:54:a6:8a:b6:53:87:5d:8f:cb:15:
         d4:ce:8c:96:a2:1f:4c:04:0c:15:58:a6:51:d9:e8:7d:c6:1d:
         a7:96:71:14:df:e3:43:cb:5f:a1:56:06:85:2a:10:48:9e:53:
         c2:65:6c:ee:24:cc:f3:67:57:8a:e9:73:8c:3d:e8:41:1a:75:
         32:71:21:a0:87:93:eb:c1:35:e4:e8:26:88:f5:0c:e8:c3:de:
         d4:b2:6b:da:a2:69:5f:c5:8e:fc:c2:65:f4:bd:da:87:1b:1f:
         bd:c4:b4:48:db:80:e7:09:11:2a:35:68:25:18:72:61:0d:91:
         16:16:61:21:56:25:80:ff:b3:2c:63:fb:d3:84:b8:9e:02:ec:
         d5:2a:3e:b9:46:ea:d3:0d:1b:a2:75:19:08:b0:71:42:41:03:
         00:17:a5:1e:d7:41:c0:c3:26:bf:cf:e8:ce:98:79:10:a1:b2:
         db:9e:37:fe:30:41:06:bc:86:8e:bf:12:e7:f2:02:d7:ec:be:
         aa:d3:bd:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTyp7lOafbXpR3URnFg1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMDAwNmUwNTg5NmY2ZmZiMzAxNjFlN2M4ZGRhMmY5YWQw
NWI1NjEwHhcNMjQwMTAxMDAyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2IxYjdmYzQ3OWQzMWE4M2RlYTI4NzhlMGJjZGExYjM0MjIyMTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBBdaOlntjlDxnPNpOZFDqPpcCvq
gqfwNOjfNoldo06aEBpIJymWCizLB9uFIrNVu+9ckqunY/LWVqwU2DNlkvxSur+j
/thdxHk6SaWzUFoe61gREKYbYOkuevtlZz8R3+EhPIDPEv65wuKWgG2cM/SteZ4r
JiUBcVbeEo7jd2W1ek6zXfQgdD2jg1XdepdmZVcfSJdbq0+gUZMILWWRXNkMzlTQ
/pvwNZCaDgRvHNe9TCqzx9+84DBmwXEtxJo4eQyBNHK5A50ED2I6J1G7ZO5a9iHv
tT3Uj1rEejkk2jzc+vJzxwWZLJT/ZV6bSlS2YoGpTyN9OIKx0I/t0peUhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMext/xHnTGoPeooeOC82hs0IiFwMB8GA1UdIwQY
MBaAFEwABuBYlvb/swFh58jdovmtBbVhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEFBRzRGaVc5di16QVdIbnlOMmktYTBGdFdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9iN2Y4MzktYzY4MC00NWVhLWE4ZWUt
MTMwODdiZWJkMWU0LzEveDdHM19FZWRNYWc5NmloNDRMemFHelFpSVhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9iN2Y4MzktYzY4MC00NWVhLWE4ZWUtMTMwODdiZWJkMWU0
LzEvVEFBRzRGaVc5di16QVdIbnlOMmktYTBGdFdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYWQMA0G
CSqGSIb3DQEBCwUAA4IBAQBMQHZmpSko/Cv82qJICBKgEBqN9JtZr6db4FU2ckfK
l/7+lUlGXuC9EDvlkWfsWxLjZ9/pV1QEER9G10EbFlSmirZTh12PyxXUzoyWoh9M
BAwVWKZR2eh9xh2nlnEU3+NDy1+hVgaFKhBInlPCZWzuJMzzZ1eK6XOMPehBGnUy
cSGgh5PrwTXk6CaI9Qzow97UsmvaomlfxY78wmX0vdqHGx+9xLRI24DnCREqNWgl
GHJhDZEWFmEhViWA/7MsY/vThLieAuzVKj65RurTDRuidRkIsHFCQQMAF6Ue10HA
wya/z+jOmHkQobLbnjf+MEEGvIaOvxLn8gLX7L6q070n
-----END CERTIFICATE-----