Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/7gABtph01csXg82SiRa9y1wD9hs.roa
File:                     7gABtph01csXg82SiRa9y1wD9hs.roa (raw, json)
Hash identifier:          Vwzc2iPRpdJRiaLHzHnKdQXz9b7Nrl1ZrGa0t/yZq9Y=
Subject key identifier:   EE:00:01:B6:98:74:D5:CB:17:83:CD:92:89:16:BD:CB:5C:03:F6:1B
Certificate issuer:       /CN=27484956736549eab3b06e23aab89ca5993a8076
Certificate serial:       019281237F5378A0893E908D3A8AEDF0D1D8
Authority key identifier: 27:48:49:56:73:65:49:EA:B3:B0:6E:23:AA:B8:9C:A5:99:3A:80:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J0hJVnNlSeqzsG4jqricpZk6gHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/7gABtph01csXg82SiRa9y1wD9hs.roa
Signing time:             Sat 12 Oct 2024 14:30:40 +0000
ROA not before:           Sat 12 Oct 2024 14:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        45.84.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/J0hJVnNlSeqzsG4jqricpZk6gHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/J0hJVnNlSeqzsG4jqricpZk6gHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J0hJVnNlSeqzsG4jqricpZk6gHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:81:23:7f:53:78:a0:89:3e:90:8d:3a:8a:ed:f0:d1:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27484956736549eab3b06e23aab89ca5993a8076
        Validity
            Not Before: Oct 12 14:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee0001b69874d5cb1783cd928916bdcb5c03f61b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f7:2c:57:ea:ef:dc:6b:2b:1a:e0:32:df:ab:
                    8d:d4:c3:e5:50:c4:5f:ef:30:08:1f:b7:19:94:3e:
                    3a:33:31:8a:06:1e:44:a2:42:49:bb:c7:44:10:6d:
                    bf:7f:1f:3d:10:ba:af:77:48:86:2d:05:ee:25:d0:
                    ee:b5:2e:22:60:13:8f:52:4c:49:7a:39:71:89:26:
                    ae:2e:05:5c:18:bb:64:70:dd:e0:fe:d1:56:75:33:
                    89:3b:7f:c6:e6:73:3f:82:75:b5:bb:17:2b:48:58:
                    99:bc:a7:0f:04:e9:15:62:38:f7:26:52:ea:da:26:
                    d9:09:c5:82:0a:89:0d:d9:e2:51:1d:2f:16:e8:5b:
                    95:a2:a5:60:77:56:5e:d1:d0:e6:c4:d0:a4:4f:69:
                    aa:8a:f7:48:d7:f0:34:ee:a3:5e:b3:5f:22:87:24:
                    bc:18:0e:12:5e:f0:8a:d7:8d:0b:97:3f:72:a7:1c:
                    c7:25:62:b1:f5:7d:dc:5e:69:6b:27:85:c5:e1:68:
                    8d:01:cc:53:16:fe:41:b3:f5:af:6c:d1:6e:2b:2c:
                    af:4d:59:da:c0:2b:c4:71:67:4a:6b:ec:c5:ba:e4:
                    3a:e9:26:79:e1:ad:7c:2f:86:10:ad:e3:57:a3:d2:
                    d3:f3:79:47:b9:e3:4c:c0:c6:7a:29:26:20:b6:88:
                    3a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:00:01:B6:98:74:D5:CB:17:83:CD:92:89:16:BD:CB:5C:03:F6:1B
            X509v3 Authority Key Identifier:
                keyid:27:48:49:56:73:65:49:EA:B3:B0:6E:23:AA:B8:9C:A5:99:3A:80:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J0hJVnNlSeqzsG4jqricpZk6gHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/7gABtph01csXg82SiRa9y1wD9hs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/J0hJVnNlSeqzsG4jqricpZk6gHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:71:a2:06:7c:4e:ec:cc:0e:fc:0b:37:e3:a5:79:c1:c3:0c:
         8e:1c:ee:66:8b:a5:b8:f0:54:ca:b6:28:ff:f8:76:8f:75:2d:
         d2:18:61:53:28:cf:ec:45:66:f9:02:94:bf:1d:69:5f:35:9a:
         32:dc:d1:9d:72:2f:4b:aa:7b:47:64:86:d8:af:17:d0:34:99:
         21:4f:e3:11:81:2b:f8:9f:db:60:84:b2:fe:ab:a7:25:0c:ce:
         9e:d6:db:55:f8:9e:67:4e:f0:50:a6:f0:82:13:94:20:57:b9:
         57:4c:9f:28:f4:98:89:fa:7d:62:ae:de:fd:c4:03:bb:7c:f3:
         7e:5d:7a:88:25:98:7e:6d:d5:bf:ac:a1:95:30:68:a9:8e:6b:
         16:ae:e1:c2:0f:63:31:a5:13:9c:71:de:b5:9a:1d:ec:b8:65:
         e0:fe:0e:b7:15:c7:79:13:bf:7c:9a:a3:1b:29:75:a4:5f:bf:
         40:da:09:12:d3:42:1e:9b:30:cc:08:72:cd:14:3f:a6:3e:f2:
         7f:91:c7:57:f8:9a:1e:74:2e:5d:54:f0:39:fb:60:3b:01:81:
         f2:51:5d:6b:9d:fa:16:79:52:2c:d7:d4:68:d7:b3:6e:bb:68:
         7e:0c:1c:ca:66:31:af:b4:64:95:ba:7d:2c:9c:8a:85:06:72:
         3f:77:ec:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKBI39TeKCJPpCNOort8NHYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NDg0OTU2NzM2NTQ5ZWFiM2IwNmUyM2FhYjg5Y2E1OTkz
YTgwNzYwHhcNMjQxMDEyMTQzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTAwMDFiNjk4NzRkNWNiMTc4M2NkOTI4OTE2YmRjYjVjMDNmNjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPcsV+rv3GsrGuAy36uN1MPlUMRf
7zAIH7cZlD46MzGKBh5EokJJu8dEEG2/fx89ELqvd0iGLQXuJdDutS4iYBOPUkxJ
ejlxiSauLgVcGLtkcN3g/tFWdTOJO3/G5nM/gnW1uxcrSFiZvKcPBOkVYjj3JlLq
2ibZCcWCCokN2eJRHS8W6FuVoqVgd1Ze0dDmxNCkT2mqivdI1/A07qNes18ihyS8
GA4SXvCK140Llz9ypxzHJWKx9X3cXmlrJ4XF4WiNAcxTFv5Bs/WvbNFuKyyvTVna
wCvEcWdKa+zFuuQ66SZ54a18L4YQreNXo9LT83lHueNMwMZ6KSYgtog6IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4AAbaYdNXLF4PNkokWvctcA/YbMB8GA1UdIwQY
MBaAFCdISVZzZUnqs7BuI6q4nKWZOoB2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjBoSlZuTmxTZXF6c0c0anFyaWNwWms2Z0hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9kZWU1NzgtZjJjNi00MWMwLWI3Mjgt
YWQxNjNhYjM1NGM4LzEvN2dBQnRwaDAxY3NYZzgyU2lSYTl5MXdEOWhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9kZWU1NzgtZjJjNi00MWMwLWI3MjgtYWQxNjNhYjM1NGM4
LzEvSjBoSlZuTmxTZXF6c0c0anFyaWNwWms2Z0hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVRmMA0G
CSqGSIb3DQEBCwUAA4IBAQBmcaIGfE7szA78CzfjpXnBwwyOHO5mi6W48FTKtij/
+HaPdS3SGGFTKM/sRWb5ApS/HWlfNZoy3NGdci9LqntHZIbYrxfQNJkhT+MRgSv4
n9tghLL+q6clDM6e1ttV+J5nTvBQpvCCE5QgV7lXTJ8o9JiJ+n1irt79xAO7fPN+
XXqIJZh+bdW/rKGVMGipjmsWruHCD2MxpROccd61mh3suGXg/g63Fcd5E798mqMb
KXWkX79A2gkS00IemzDMCHLNFD+mPvJ/kcdX+JoedC5dVPA5+2A7AYHyUV1rnfoW
eVIs19Ro17Nuu2h+DBzKZjGvtGSVun0snIqFBnI/d+xQ
-----END CERTIFICATE-----