Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/iiJJfO1nYvqRhAwFuLfwvB8rszk.roa
File:                     iiJJfO1nYvqRhAwFuLfwvB8rszk.roa (raw, json)
Hash identifier:          Ym2z9SC6P91Bgc00HDDuDs9n6A0Egef2ZwgjhOUlYm8=
Subject key identifier:   8A:22:49:7C:ED:67:62:FA:91:84:0C:05:B8:B7:F0:BC:1F:2B:B3:39
Certificate issuer:       /CN=7d7b4bcabeb29605ea511de973e4675c4b8a29df
Certificate serial:       018F0F3BCE1E04FD243726EA46DC0751DB6A
Authority key identifier: 7D:7B:4B:CA:BE:B2:96:05:EA:51:1D:E9:73:E4:67:5C:4B:8A:29:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fXtLyr6ylgXqUR3pc-RnXEuKKd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/iiJJfO1nYvqRhAwFuLfwvB8rszk.roa
Signing time:             Wed 24 Apr 2024 08:32:08 +0000
ROA not before:           Wed 24 Apr 2024 08:32:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47745
IP address blocks:        151.237.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/fXtLyr6ylgXqUR3pc-RnXEuKKd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/fXtLyr6ylgXqUR3pc-RnXEuKKd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fXtLyr6ylgXqUR3pc-RnXEuKKd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 08:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0f:3b:ce:1e:04:fd:24:37:26:ea:46:dc:07:51:db:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d7b4bcabeb29605ea511de973e4675c4b8a29df
        Validity
            Not Before: Apr 24 08:32:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a22497ced6762fa91840c05b8b7f0bc1f2bb339
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5a:2e:34:9c:36:9f:fb:9c:9f:dd:14:1f:9c:
                    78:bd:39:a6:ae:69:8a:ee:45:9d:a8:42:24:c5:61:
                    bc:7e:3e:89:27:56:6b:72:d4:15:5a:eb:60:66:e0:
                    e4:f4:9b:dc:a9:1d:67:b8:e6:b5:84:bc:6b:04:4e:
                    1a:e2:ce:d6:5f:99:95:bb:6c:34:f7:81:fc:b1:ab:
                    90:29:c0:81:2b:8e:43:21:d3:bf:1a:0a:0e:32:23:
                    3c:6e:37:5c:b5:29:5a:a0:ea:9c:f5:10:73:12:ff:
                    1b:c4:fa:ce:cf:95:01:d0:66:27:70:eb:c3:4d:8a:
                    85:a0:52:bf:0d:7e:4c:84:b7:d9:11:0d:56:22:93:
                    de:28:f8:e1:27:09:8e:be:d3:fa:5d:65:15:2d:80:
                    8c:37:7c:53:a6:f9:fc:2b:93:b3:83:d6:2b:f6:18:
                    0e:a5:66:3f:7c:b4:01:18:fc:b2:57:f5:2c:23:ca:
                    69:3d:6e:5a:8e:33:8e:8f:f0:90:2a:c8:7b:db:e0:
                    66:93:0e:11:14:97:56:af:ac:60:f5:31:f3:e1:d4:
                    e4:ef:b7:56:05:74:a0:df:a0:7e:86:05:2d:a1:53:
                    05:61:25:56:28:0d:3e:32:6d:53:54:ef:f4:cd:a5:
                    93:11:7e:02:88:d1:ad:bc:f6:7c:9b:c9:96:32:36:
                    41:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:22:49:7C:ED:67:62:FA:91:84:0C:05:B8:B7:F0:BC:1F:2B:B3:39
            X509v3 Authority Key Identifier:
                keyid:7D:7B:4B:CA:BE:B2:96:05:EA:51:1D:E9:73:E4:67:5C:4B:8A:29:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fXtLyr6ylgXqUR3pc-RnXEuKKd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/iiJJfO1nYvqRhAwFuLfwvB8rszk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/fXtLyr6ylgXqUR3pc-RnXEuKKd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.237.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:5a:34:f2:2d:e3:e4:e8:6f:7c:66:42:31:eb:84:cd:52:3b:
         1c:db:f9:6c:72:1f:f9:fc:88:ba:ea:d5:1f:70:49:a7:89:33:
         61:0b:0d:59:4e:42:5d:22:e2:bc:46:2f:b0:18:76:54:bf:b0:
         8e:29:de:8f:da:4f:97:f1:9a:b3:a5:2a:ae:56:71:ed:33:1e:
         90:10:5b:55:a1:01:b5:e8:9e:72:d6:3b:88:3e:ad:0c:2b:ef:
         8f:44:0d:d0:cc:2a:9b:7a:90:a2:fa:cf:ea:a1:93:94:9f:51:
         cf:96:58:87:9a:f8:d7:3d:2e:99:7b:ed:83:71:81:f0:f1:51:
         66:37:f2:62:6c:8d:69:46:e8:77:4c:05:a8:94:52:2b:dc:22:
         99:2b:2b:5f:32:f7:15:22:2d:14:4e:5a:fe:41:f6:06:22:b3:
         8f:c9:46:f8:aa:64:28:0b:97:b2:d0:06:a4:34:f2:d5:af:03:
         73:e9:c4:8e:32:c2:c7:4b:22:82:02:4c:3f:63:ac:a1:ac:30:
         4e:a0:94:81:2e:7a:64:3f:74:24:c6:44:e2:ca:51:99:32:56:
         c0:84:d0:8c:a4:19:25:52:8a:28:cb:f6:43:71:bb:d8:ff:2e:
         0a:55:4e:75:3c:1d:c3:6f:c1:fe:7d:58:0c:70:06:66:b8:eb:
         04:83:3a:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8PO84eBP0kNybqRtwHUdtqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkN2I0YmNhYmViMjk2MDVlYTUxMWRlOTczZTQ2NzVjNGI4
YTI5ZGYwHhcNMjQwNDI0MDgzMjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTIyNDk3Y2VkNjc2MmZhOTE4NDBjMDViOGI3ZjBiYzFmMmJiMzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVouNJw2n/ucn90UH5x4vTmmrmmK
7kWdqEIkxWG8fj6JJ1ZrctQVWutgZuDk9JvcqR1nuOa1hLxrBE4a4s7WX5mVu2w0
94H8sauQKcCBK45DIdO/GgoOMiM8bjdctSlaoOqc9RBzEv8bxPrOz5UB0GYncOvD
TYqFoFK/DX5MhLfZEQ1WIpPeKPjhJwmOvtP6XWUVLYCMN3xTpvn8K5Ozg9Yr9hgO
pWY/fLQBGPyyV/UsI8ppPW5ajjOOj/CQKsh72+Bmkw4RFJdWr6xg9THz4dTk77dW
BXSg36B+hgUtoVMFYSVWKA0+Mm1TVO/0zaWTEX4CiNGtvPZ8m8mWMjZB+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIoiSXztZ2L6kYQMBbi38LwfK7M5MB8GA1UdIwQY
MBaAFH17S8q+spYF6lEd6XPkZ1xLiinfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlh0THlyNnlsZ1hxVVIzcGMtUm5YRXVLS2Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny84ODk3ZmQtMTg2Mi00MzkzLWFhNGIt
NDQ3NjE3YTRhNzQ0LzEvaWlKSmZPMW5ZdnFSaEF3RnVMZnd2Qjhyc3prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny84ODk3ZmQtMTg2Mi00MzkzLWFhNGItNDQ3NjE3YTRhNzQ0
LzEvZlh0THlyNnlsZ1hxVVIzcGMtUm5YRXVLS2Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl+0HMA0G
CSqGSIb3DQEBCwUAA4IBAQBnWjTyLePk6G98ZkIx64TNUjsc2/lsch/5/Ii66tUf
cEmniTNhCw1ZTkJdIuK8Ri+wGHZUv7COKd6P2k+X8ZqzpSquVnHtMx6QEFtVoQG1
6J5y1juIPq0MK++PRA3QzCqbepCi+s/qoZOUn1HPlliHmvjXPS6Ze+2DcYHw8VFm
N/JibI1pRuh3TAWolFIr3CKZKytfMvcVIi0UTlr+QfYGIrOPyUb4qmQoC5ey0Aak
NPLVrwNz6cSOMsLHSyKCAkw/Y6yhrDBOoJSBLnpkP3QkxkTiylGZMlbAhNCMpBkl
Uoooy/ZDcbvY/y4KVU51PB3Db8H+fVgMcAZmuOsEgzp4
-----END CERTIFICATE-----