Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/7SNbxxJXXlfd8b2ndEDgyOVISEg.roa
File:                     7SNbxxJXXlfd8b2ndEDgyOVISEg.roa (raw, json)
Hash identifier:          2kHaXbJOdfiKeFfL0SmwhYABZk3ZcWyJwCJZYDkDIxA=
Subject key identifier:   ED:23:5B:C7:12:57:5E:57:DD:F1:BD:A7:74:40:E0:C8:E5:48:48:48
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E0FE6D38D4A10F2CA13B6BB7AF0AE
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/7SNbxxJXXlfd8b2ndEDgyOVISEg.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49353
IP address blocks:        171.22.164.0/22 maxlen: 24
                          2a05:a780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 04:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0f:e6:d3:8d:4a:10:f2:ca:13:b6:bb:7a:f0:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed235bc712575e57ddf1bda77440e0c8e5484848
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:22:54:9c:60:e3:54:7e:1b:e8:04:86:84:34:
                    1c:d0:3e:de:b5:55:6b:d0:93:a6:d3:55:d8:7d:b3:
                    0f:5c:c5:04:9f:fc:b8:eb:a3:a2:94:5f:f5:c3:a3:
                    17:88:62:29:c0:bc:83:69:a4:dd:1a:2a:90:0e:2a:
                    38:f6:98:a1:3b:60:31:14:32:b3:ee:c4:a6:ba:5a:
                    f3:f5:d2:9b:1f:b1:dd:fa:65:0d:8b:21:1b:57:6d:
                    39:8e:a7:64:69:b1:6f:f5:1c:ca:b1:ab:0b:de:23:
                    52:ee:99:36:ee:0f:3b:ae:b6:2c:77:71:e3:db:d8:
                    12:75:de:19:42:71:6b:b8:a1:13:0d:8c:f4:65:5c:
                    8c:5a:72:d2:2a:98:33:21:ae:67:f5:96:88:4d:aa:
                    b7:6c:c7:0c:ee:dd:11:56:7f:b0:29:6a:f3:96:6e:
                    9d:b2:b4:2d:b8:d5:3b:ae:46:93:fe:07:2a:ad:32:
                    e7:3d:3b:2d:b7:08:15:11:4b:c0:d1:e1:e3:6f:63:
                    96:cd:ac:37:14:07:b1:76:29:29:56:2b:d2:e1:44:
                    34:14:4f:3b:93:9d:b9:8d:36:82:32:a8:f3:4f:70:
                    6e:6d:cc:23:a5:65:3a:99:52:15:cb:cd:90:5a:f1:
                    bf:00:88:03:37:13:b9:1a:c9:80:29:20:23:72:73:
                    69:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:23:5B:C7:12:57:5E:57:DD:F1:BD:A7:74:40:E0:C8:E5:48:48:48
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/7SNbxxJXXlfd8b2ndEDgyOVISEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.164.0/22
                IPv6:
                  2a05:a780::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:06:0b:11:fd:7d:d2:3b:ba:10:03:c7:89:52:12:0f:aa:fa:
         ab:1e:97:d7:b7:09:70:92:b2:60:77:c6:bc:0a:0c:65:fc:e5:
         8c:39:92:8b:24:2d:67:71:e6:b0:49:d2:e1:1b:83:bc:ee:b7:
         ed:b6:80:63:61:4f:15:ce:b5:52:2f:cd:3f:4e:05:46:d4:77:
         d9:9b:ed:ac:51:1b:86:42:d5:95:b4:e9:db:42:1d:40:81:55:
         ef:d2:3d:9e:a8:9f:b1:6f:98:37:6a:1f:4b:fb:bf:f3:cd:6a:
         32:fb:06:2b:52:df:e9:76:e0:1c:17:24:28:b1:13:d0:97:e6:
         fb:be:e7:a1:6f:59:07:bd:a9:ff:ee:f7:f9:cc:72:6d:a3:4f:
         29:f6:e9:b1:02:f7:86:44:ce:92:f4:96:d1:4b:6f:66:ff:2d:
         a5:54:33:4b:32:fc:19:30:68:c7:6f:32:0b:cc:15:9d:29:1e:
         5a:76:33:83:23:8e:8d:b2:94:a9:48:da:20:2f:9d:85:34:81:
         3c:19:df:4b:e7:f4:27:22:97:c5:53:4c:b0:b3:6a:0c:7a:d3:
         11:b5:b9:8d:50:f1:3b:46:03:82:ea:ec:93:c5:eb:fb:a7:bf:
         fc:73:71:be:62:a9:c2:99:5b:1b:74:b0:89:27:cf:45:c7:bb:
         96:d0:89:e7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbg/m041KEPLKE7a7evCuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDIzNWJjNzEyNTc1ZTU3ZGRmMWJkYTc3NDQwZTBjOGU1NDg0ODQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuiJUnGDjVH4b6ASGhDQc0D7etVVr
0JOm01XYfbMPXMUEn/y466OilF/1w6MXiGIpwLyDaaTdGiqQDio49pihO2AxFDKz
7sSmulrz9dKbH7Hd+mUNiyEbV205jqdkabFv9RzKsasL3iNS7pk27g87rrYsd3Hj
29gSdd4ZQnFruKETDYz0ZVyMWnLSKpgzIa5n9ZaITaq3bMcM7t0RVn+wKWrzlm6d
srQtuNU7rkaT/gcqrTLnPTsttwgVEUvA0eHjb2OWzaw3FAexdikpVivS4UQ0FE87
k525jTaCMqjzT3BubcwjpWU6mVIVy82QWvG/AIgDNxO5GsmAKSAjcnNpUQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO0jW8cSV15X3fG9p3RA4MjlSEhIMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvN1NOYnh4SlhYbGZkOGIybmRFRGd5T1ZJU0VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCqxakMA0E
AgACMAcDBQMqBaeAMA0GCSqGSIb3DQEBCwUAA4IBAQBFBgsR/X3SO7oQA8eJUhIP
qvqrHpfXtwlwkrJgd8a8Cgxl/OWMOZKLJC1nceawSdLhG4O87rfttoBjYU8VzrVS
L80/TgVG1HfZm+2sURuGQtWVtOnbQh1AgVXv0j2eqJ+xb5g3ah9L+7/zzWoy+wYr
Ut/pduAcFyQosRPQl+b7vuehb1kHvan/7vf5zHJto08p9umxAveGRM6S9JbRS29m
/y2lVDNLMvwZMGjHbzILzBWdKR5adjODI46NspSpSNogL52FNIE8Gd9L5/QnIpfF
U0yws2oMetMRtbmNUPE7RgOC6uyTxev7p7/8c3G+YqnCmVsbdLCJJ89Fx7uW0Inn
-----END CERTIFICATE-----