Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/b8e03e-c398-4eee-8939-f909d79a44ad/1/nHESsVuzNZmMEl-7jaMZidfT5Pc.roa
File:                     nHESsVuzNZmMEl-7jaMZidfT5Pc.roa (raw, json)
Hash identifier:          FWiRIPxVpP0li0iI99stEWsNwhyaq1DAScbQbBJqKGg=
Subject key identifier:   9C:71:12:B1:5B:B3:35:99:8C:12:5F:BB:8D:A3:19:89:D7:D3:E4:F7
Certificate issuer:       /CN=779290311e6e9cfa5e517fabb0d96fa9a71c3da1
Certificate serial:       018CC5010E8533C7B0C733AFD5E900F56080
Authority key identifier: 77:92:90:31:1E:6E:9C:FA:5E:51:7F:AB:B0:D9:6F:A9:A7:1C:3D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d5KQMR5unPpeUX-rsNlvqaccPaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/b8e03e-c398-4eee-8939-f909d79a44ad/1/nHESsVuzNZmMEl-7jaMZidfT5Pc.roa
Signing time:             Mon 01 Jan 2024 12:30:29 +0000
ROA not before:           Mon 01 Jan 2024 12:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208071
IP address blocks:        45.159.160.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/b8e03e-c398-4eee-8939-f909d79a44ad/1/d5KQMR5unPpeUX-rsNlvqaccPaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/b8e03e-c398-4eee-8939-f909d79a44ad/1/d5KQMR5unPpeUX-rsNlvqaccPaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d5KQMR5unPpeUX-rsNlvqaccPaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:0e:85:33:c7:b0:c7:33:af:d5:e9:00:f5:60:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=779290311e6e9cfa5e517fabb0d96fa9a71c3da1
        Validity
            Not Before: Jan  1 12:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c7112b15bb335998c125fbb8da31989d7d3e4f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:85:25:c0:f5:3e:ee:a0:54:1e:b0:90:5c:59:
                    97:3b:35:08:00:07:72:57:23:af:16:ef:f1:bf:86:
                    3f:7c:ee:fc:91:82:cf:fd:93:e3:87:bc:c8:1c:70:
                    20:10:68:d9:4c:d5:c7:90:51:eb:12:f1:13:d7:19:
                    6a:c6:fa:d6:45:09:81:39:67:80:00:22:b2:74:67:
                    73:db:08:fa:d1:e2:33:7f:9b:8b:95:41:96:89:2e:
                    81:cf:f3:70:cf:9f:2a:6d:8c:eb:c9:62:65:ca:c1:
                    fc:43:40:8a:04:e5:c2:d1:70:52:36:22:58:a5:6b:
                    6d:dc:b1:74:d4:01:9e:ca:d1:6d:c4:01:ee:f4:40:
                    a9:50:8a:d2:ba:9a:cb:c0:d1:64:fc:d0:7c:ee:bf:
                    ba:ed:3d:d6:02:e8:55:49:f2:97:0a:a2:0b:2a:d9:
                    4b:c4:09:90:6f:f2:ae:48:0c:de:21:0c:ce:7e:31:
                    d9:f2:8b:ac:e7:6f:99:62:1a:e9:5d:f9:7b:1f:e0:
                    84:a3:9b:74:59:c1:75:8b:b3:82:ab:be:4e:eb:73:
                    4c:b1:c1:a2:16:e5:30:9a:63:2a:9e:be:83:61:c6:
                    b9:d8:60:20:db:9b:fc:84:8f:39:60:b6:13:51:ae:
                    03:4e:36:c6:67:e9:13:a4:a9:68:b6:38:69:3c:99:
                    39:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:71:12:B1:5B:B3:35:99:8C:12:5F:BB:8D:A3:19:89:D7:D3:E4:F7
            X509v3 Authority Key Identifier:
                keyid:77:92:90:31:1E:6E:9C:FA:5E:51:7F:AB:B0:D9:6F:A9:A7:1C:3D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5KQMR5unPpeUX-rsNlvqaccPaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b8e03e-c398-4eee-8939-f909d79a44ad/1/nHESsVuzNZmMEl-7jaMZidfT5Pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b8e03e-c398-4eee-8939-f909d79a44ad/1/d5KQMR5unPpeUX-rsNlvqaccPaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:37:9a:f4:f7:e5:3a:3d:1c:40:98:ae:be:60:d7:97:bd:d4:
         07:83:90:29:42:7a:07:e3:29:98:a6:20:87:6b:36:70:f2:0a:
         eb:67:af:52:4d:32:68:10:56:57:fe:27:19:ca:9e:04:01:83:
         b7:e7:dc:03:94:ee:1e:c3:a0:60:4d:17:d1:0e:67:3a:33:c6:
         13:d4:a9:99:7b:b0:b4:11:51:8e:94:9a:a7:34:7c:84:68:c2:
         b3:e2:de:f8:84:ba:82:43:e2:70:73:85:e3:bd:f2:af:ae:73:
         71:00:17:ed:9b:dd:14:60:a0:fe:5f:20:4b:a5:cc:38:a0:c1:
         d3:95:83:37:3c:99:76:35:c4:7a:5b:3b:bd:d6:0f:42:cf:8e:
         0f:f4:42:b0:23:bc:b3:e1:38:4a:e2:af:91:e3:62:7f:3a:90:
         7e:cb:b6:42:46:88:d5:91:1f:1f:7b:12:20:c2:6d:00:fc:54:
         f2:3d:5f:99:44:46:c6:88:a7:32:b4:6a:db:eb:b7:52:eb:46:
         59:b7:20:bd:3b:cc:d0:12:e2:75:1c:4b:de:31:f3:df:72:f8:
         ce:5e:ff:12:70:c2:1b:71:53:84:16:4a:9e:3b:6c:2c:70:0b:
         89:fc:92:2c:bc:9c:97:18:0b:bb:bd:57:c1:39:c6:4c:cf:e5:
         e0:da:40:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQ6FM8ewxzOv1ekA9WCAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3OTI5MDMxMWU2ZTljZmE1ZTUxN2ZhYmIwZDk2ZmE5YTcx
YzNkYTEwHhcNMjQwMTAxMTIzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzcxMTJiMTViYjMzNTk5OGMxMjVmYmI4ZGEzMTk4OWQ3ZDNlNGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIUlwPU+7qBUHrCQXFmXOzUIAAdy
VyOvFu/xv4Y/fO78kYLP/ZPjh7zIHHAgEGjZTNXHkFHrEvET1xlqxvrWRQmBOWeA
ACKydGdz2wj60eIzf5uLlUGWiS6Bz/Nwz58qbYzryWJlysH8Q0CKBOXC0XBSNiJY
pWtt3LF01AGeytFtxAHu9ECpUIrSuprLwNFk/NB87r+67T3WAuhVSfKXCqILKtlL
xAmQb/KuSAzeIQzOfjHZ8ous52+ZYhrpXfl7H+CEo5t0WcF1i7OCq75O63NMscGi
FuUwmmMqnr6DYca52GAg25v8hI85YLYTUa4DTjbGZ+kTpKlotjhpPJk5IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxxErFbszWZjBJfu42jGYnX0+T3MB8GA1UdIwQY
MBaAFHeSkDEebpz6XlF/q7DZb6mnHD2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDVLUU1SNXVuUHBlVVgtcnNObHZxYWNjUGFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9iOGUwM2UtYzM5OC00ZWVlLTg5Mzkt
ZjkwOWQ3OWE0NGFkLzEvbkhFU3NWdXpOWm1NRWwtN2phTVppZGZUNVBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9iOGUwM2UtYzM5OC00ZWVlLTg5MzktZjkwOWQ3OWE0NGFk
LzEvZDVLUU1SNXVuUHBlVVgtcnNObHZxYWNjUGFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ+gMA0G
CSqGSIb3DQEBCwUAA4IBAQBUN5r09+U6PRxAmK6+YNeXvdQHg5ApQnoH4ymYpiCH
azZw8grrZ69STTJoEFZX/icZyp4EAYO359wDlO4ew6BgTRfRDmc6M8YT1KmZe7C0
EVGOlJqnNHyEaMKz4t74hLqCQ+Jwc4XjvfKvrnNxABftm90UYKD+XyBLpcw4oMHT
lYM3PJl2NcR6Wzu91g9Cz44P9EKwI7yz4ThK4q+R42J/OpB+y7ZCRojVkR8fexIg
wm0A/FTyPV+ZREbGiKcytGrb67dS60ZZtyC9O8zQEuJ1HEveMfPfcvjOXv8ScMIb
cVOEFkqeO2wscAuJ/JIsvJyXGAu7vVfBOcZMz+Xg2kCq
-----END CERTIFICATE-----