Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/1-1xuAM8l7ehFt6g3fYOifaOi1tk.roa
File:                     1-1xuAM8l7ehFt6g3fYOifaOi1tk.roa (raw, json)
Hash identifier:          hacvU6FeoB/OyuhzV92CoTCutk1nnUro7bWwA9jWSQ8=
Subject key identifier:   FB:5C:6E:00:CF:25:ED:E8:45:B7:A8:37:7D:83:A2:7D:A3:A2:D6:D9
Certificate issuer:       /CN=7b5516af4b74a1142bef13c3fd707059e61a6b95
Certificate serial:       018CCA9963B00E7CDEB0C611B06A6D3137D6
Authority key identifier: 7B:55:16:AF:4B:74:A1:14:2B:EF:13:C3:FD:70:70:59:E6:1A:6B:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1UWr0t0oRQr7xPD_XBwWeYaa5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/1-1xuAM8l7ehFt6g3fYOifaOi1tk.roa
Signing time:             Tue 02 Jan 2024 14:34:59 +0000
ROA not before:           Tue 02 Jan 2024 14:34:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        109.205.152.0/22 maxlen: 22
                          109.205.156.0/24 maxlen: 24
                          185.6.132.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/e1UWr0t0oRQr7xPD_XBwWeYaa5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/e1UWr0t0oRQr7xPD_XBwWeYaa5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1UWr0t0oRQr7xPD_XBwWeYaa5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:63:b0:0e:7c:de:b0:c6:11:b0:6a:6d:31:37:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5516af4b74a1142bef13c3fd707059e61a6b95
        Validity
            Not Before: Jan  2 14:34:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb5c6e00cf25ede845b7a8377d83a27da3a2d6d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d8:b6:8e:35:c4:8f:9c:a1:93:53:b1:9a:e8:
                    a9:22:4e:80:60:a5:77:d0:90:a1:1b:d3:79:c1:4e:
                    2e:bc:7e:85:fe:dd:08:0c:d1:7f:37:18:87:78:80:
                    83:23:5e:82:ca:cc:da:f2:4b:93:dd:8b:86:bd:93:
                    fc:89:78:15:0a:ea:29:7d:4a:df:73:a9:23:95:b7:
                    56:dc:66:ff:1e:ce:a5:1a:31:d2:d7:d4:35:c3:5e:
                    15:1c:66:a3:b6:2f:79:f4:ad:42:3f:d1:72:cb:1f:
                    3a:71:32:de:4d:09:dc:e3:8f:fb:fd:4c:e4:7e:9d:
                    cd:d6:fd:83:4e:65:da:26:c7:d1:5d:2e:25:f2:df:
                    2b:5c:03:10:db:ab:f4:26:aa:78:27:11:4d:f2:a5:
                    94:fc:d3:50:88:c9:40:1c:bb:97:9a:c8:da:8e:20:
                    5b:6c:b4:6d:81:62:79:49:72:4d:fa:05:a8:30:aa:
                    2a:21:fe:b3:27:4d:fc:0c:eb:81:3d:ec:dc:64:6b:
                    51:08:5d:39:77:8a:c8:d7:cf:0b:3b:a3:23:91:14:
                    5a:98:08:6b:f6:c4:3b:55:65:7e:b4:1a:30:be:de:
                    d3:c7:63:90:8f:cb:17:63:9a:7b:57:ae:79:f4:03:
                    c7:64:b4:f9:db:98:6d:9a:f7:27:c4:c3:5b:9b:7e:
                    90:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:5C:6E:00:CF:25:ED:E8:45:B7:A8:37:7D:83:A2:7D:A3:A2:D6:D9
            X509v3 Authority Key Identifier:
                keyid:7B:55:16:AF:4B:74:A1:14:2B:EF:13:C3:FD:70:70:59:E6:1A:6B:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1UWr0t0oRQr7xPD_XBwWeYaa5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/1-1xuAM8l7ehFt6g3fYOifaOi1tk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/e1UWr0t0oRQr7xPD_XBwWeYaa5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.152.0-109.205.156.255
                  185.6.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:6a:20:88:40:ab:2c:5c:e3:6b:64:00:bb:f1:58:99:7d:6b:
         ce:f3:7e:48:ac:2e:55:21:5b:de:6d:fc:28:93:f2:95:4c:5a:
         70:97:37:07:34:48:24:98:7d:79:e5:20:62:d1:00:10:7d:b4:
         5f:ac:de:03:bd:7a:63:f1:88:48:52:fb:48:4c:57:f8:8a:c1:
         fb:55:45:01:a9:59:91:b4:75:8c:dd:c8:2a:ea:22:6e:38:a4:
         dc:3b:ab:73:7b:36:88:5e:89:af:13:35:7e:19:1f:2d:69:fe:
         55:ce:50:35:74:97:40:17:88:c0:60:89:d0:74:49:b5:9f:35:
         2e:f4:db:dd:35:ba:8d:5c:2e:14:df:77:aa:6b:1b:06:42:b9:
         4a:17:9a:1a:25:72:85:78:d1:b8:83:58:b9:d7:53:2c:51:05:
         cb:3a:97:cf:8a:1f:1e:c1:43:eb:97:0d:61:7b:00:3b:79:a3:
         8c:71:46:17:ce:22:15:1b:c4:63:31:2f:58:c9:bf:3b:59:c4:
         b5:1d:72:d7:07:9c:19:50:11:7e:e5:4f:49:55:32:4b:07:4d:
         79:7a:e7:9c:24:4d:d4:a1:04:86:66:ba:8b:24:00:c7:65:95:
         b4:2f:0f:99:71:ad:86:a2:ba:8e:d3:a7:91:9c:25:6a:d6:08:
         95:28:d0:58
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKmWOwDnzesMYRsGptMTfWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNTUxNmFmNGI3NGExMTQyYmVmMTNjM2ZkNzA3MDU5ZTYx
YTZiOTUwHhcNMjQwMTAyMTQzNDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjVjNmUwMGNmMjVlZGU4NDViN2E4Mzc3ZDgzYTI3ZGEzYTJkNmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9i2jjXEj5yhk1OxmuipIk6AYKV3
0JChG9N5wU4uvH6F/t0IDNF/NxiHeICDI16Cysza8kuT3YuGvZP8iXgVCuopfUrf
c6kjlbdW3Gb/Hs6lGjHS19Q1w14VHGajti959K1CP9Fyyx86cTLeTQnc44/7/Uzk
fp3N1v2DTmXaJsfRXS4l8t8rXAMQ26v0Jqp4JxFN8qWU/NNQiMlAHLuXmsjajiBb
bLRtgWJ5SXJN+gWoMKoqIf6zJ038DOuBPezcZGtRCF05d4rI188LO6MjkRRamAhr
9sQ7VWV+tBowvt7Tx2OQj8sXY5p7V6559APHZLT525htmvcnxMNbm36QTQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPtcbgDPJe3oRbeoN32Don2jotbZMB8GA1UdIwQY
MBaAFHtVFq9LdKEUK+8Tw/1wcFnmGmuVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTFVV3IwdDBvUlFyN3hQRF9YQndXZVlhYTVVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9kYzhlMTMtNmRkMy00NGY5LTkwZjYt
N2NkMWY2NTJkOTI1LzEvMS0xeHVBTThsN2VoRnQ2ZzNmWU9pZmFPaTF0ay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTcvZGM4ZTEzLTZkZDMtNDRmOS05MGY2LTdjZDFmNjUyZDky
NS8xL2UxVVdyMHQwb1JRcjd4UERfWEJ3V2VZYWE1VS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAtBggrBgEFBQcBBwEB/wQeMBwwGgQCAAEwFDAMAwQDbc2Y
AwQAbc2cAwQBuQaEMA0GCSqGSIb3DQEBCwUAA4IBAQA7aiCIQKssXONrZAC78ViZ
fWvO835IrC5VIVvebfwok/KVTFpwlzcHNEgkmH155SBi0QAQfbRfrN4DvXpj8YhI
UvtITFf4isH7VUUBqVmRtHWM3cgq6iJuOKTcO6tzezaIXomvEzV+GR8taf5VzlA1
dJdAF4jAYInQdEm1nzUu9NvdNbqNXC4U33eqaxsGQrlKF5oaJXKFeNG4g1i511Ms
UQXLOpfPih8ewUPrlw1hewA7eaOMcUYXziIVG8RjMS9Yyb87WcS1HXLXB5wZUBF+
5U9JVTJLB015euecJE3UoQSGZrqLJADHZZW0Lw+Zca2GorqO06eRnCVq1giVKNBY
-----END CERTIFICATE-----