Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/7R56_1SMoDLDij3kiNZrmfbQydU.roa
File:                     7R56_1SMoDLDij3kiNZrmfbQydU.roa (raw, json)
Hash identifier:          9tDCQRGfj/ixWua0clGoXTxSGSck22qxVLGw0KSNpkQ=
Subject key identifier:   ED:1E:7A:FF:54:8C:A0:32:C3:8A:3D:E4:88:D6:6B:99:F6:D0:C9:D5
Certificate issuer:       /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial:       018CC26D2B96B636DAF99851083B66E5AD07
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/7R56_1SMoDLDij3kiNZrmfbQydU.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30848
IP address blocks:        45.131.76.0/23 maxlen: 24
                          45.90.20.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2b:96:b6:36:da:f9:98:51:08:3b:66:e5:ad:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed1e7aff548ca032c38a3de488d66b99f6d0c9d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:54:02:ab:32:9a:24:6b:e5:1c:a4:cb:c9:b9:
                    40:af:30:a8:fb:df:cf:61:c4:53:9e:b2:60:67:2b:
                    45:43:0b:40:5e:99:37:18:e9:42:e2:66:4e:51:0f:
                    04:19:2a:4b:d8:9a:d3:b0:73:26:d7:6e:60:20:9d:
                    ff:ca:9a:3c:3c:50:61:5f:3c:15:3c:22:28:2e:9a:
                    c6:08:d9:d1:19:99:d0:ca:35:9e:e3:7e:28:4a:03:
                    51:12:1a:02:13:04:20:79:d7:95:8a:9a:85:4f:c7:
                    65:c5:b8:c3:57:33:ac:71:5e:f6:e2:c6:b3:97:5f:
                    35:0e:98:bf:aa:0d:c7:a9:90:b1:dd:d3:70:c6:1c:
                    09:bd:c4:ab:4e:53:12:5c:1b:42:39:96:f5:6d:ae:
                    a7:07:b5:cc:71:4a:4a:e2:b9:fb:9e:fe:89:02:02:
                    96:aa:f5:b8:2f:32:1c:06:ea:9e:6b:fe:a8:2b:cf:
                    52:ae:d5:a3:a8:9f:ea:05:b4:25:c4:9c:fb:4a:d9:
                    7f:e0:62:64:06:d2:5e:76:3a:2e:ae:24:1c:e5:d9:
                    a3:34:53:9e:05:9e:a0:d9:f9:4a:9e:3b:d3:ef:56:
                    ab:8f:31:c8:64:59:2d:f9:2d:f6:5b:25:8e:e5:88:
                    d2:2b:d5:11:66:8b:91:14:e2:ce:09:c6:1a:5c:61:
                    2b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:1E:7A:FF:54:8C:A0:32:C3:8A:3D:E4:88:D6:6B:99:F6:D0:C9:D5
            X509v3 Authority Key Identifier:
                keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/7R56_1SMoDLDij3kiNZrmfbQydU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.20.0/22
                  45.131.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:cd:c9:b9:b0:3a:49:9d:cc:d3:ac:a3:02:60:e8:ea:b6:4d:
         c9:f8:bd:52:8e:c6:2e:b5:b7:92:12:53:23:49:40:41:b6:12:
         29:30:51:9f:ad:d9:68:d2:b9:3f:73:02:30:e9:e3:68:3f:fd:
         e3:2e:65:7f:9c:7c:01:c9:39:0d:c5:73:dd:02:c8:d7:99:e5:
         96:ad:dc:84:d2:56:b2:69:0f:74:b8:f6:19:e5:6f:b7:43:07:
         5f:a1:cc:aa:c3:75:28:a6:65:5f:ac:b8:57:f3:b9:97:24:27:
         26:a8:7f:b6:cf:37:6d:cf:c0:07:39:b5:3e:a7:f6:0b:b8:ec:
         95:1d:d6:8c:d2:5e:fd:82:fc:ce:90:13:88:3c:5f:f8:90:d8:
         59:19:ca:23:de:8b:40:85:89:44:7d:42:90:b4:f7:90:b1:2e:
         12:fb:9a:38:70:ea:af:33:21:01:00:25:a3:c4:56:88:74:6e:
         65:4b:d6:b9:8b:a6:19:33:13:6d:74:62:9d:82:8a:a5:76:2a:
         8d:24:6e:39:c7:e3:a1:c0:8f:ef:6b:e7:02:85:1f:c5:d6:3d:
         af:7f:c3:36:51:19:90:9d:20:09:0b:bb:74:64:28:32:cf:2b:
         2d:eb:da:b3:b0:60:43:5b:10:5e:c7:c5:98:30:12:58:ab:f1:
         00:16:31:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbSuWtjba+ZhRCDtm5a0HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDFlN2FmZjU0OGNhMDMyYzM4YTNkZTQ4OGQ2NmI5OWY2ZDBjOWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1QCqzKaJGvlHKTLyblArzCo+9/P
YcRTnrJgZytFQwtAXpk3GOlC4mZOUQ8EGSpL2JrTsHMm125gIJ3/ypo8PFBhXzwV
PCIoLprGCNnRGZnQyjWe434oSgNREhoCEwQgedeVipqFT8dlxbjDVzOscV724saz
l181Dpi/qg3HqZCx3dNwxhwJvcSrTlMSXBtCOZb1ba6nB7XMcUpK4rn7nv6JAgKW
qvW4LzIcBuqea/6oK89SrtWjqJ/qBbQlxJz7Stl/4GJkBtJedjouriQc5dmjNFOe
BZ6g2flKnjvT71arjzHIZFkt+S32WyWO5YjSK9URZouRFOLOCcYaXGErvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO0eev9UjKAyw4o95IjWa5n20MnVMB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvN1I1Nl8xU01vRExEaWoza2lOWnJtZmJReWRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTktYjBiMzVhMzRlMzg4
LzEvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVoUAwQB
LYNMMA0GCSqGSIb3DQEBCwUAA4IBAQAgzcm5sDpJnczTrKMCYOjqtk3J+L1SjsYu
tbeSElMjSUBBthIpMFGfrdlo0rk/cwIw6eNoP/3jLmV/nHwByTkNxXPdAsjXmeWW
rdyE0layaQ90uPYZ5W+3Qwdfocyqw3UopmVfrLhX87mXJCcmqH+2zzdtz8AHObU+
p/YLuOyVHdaM0l79gvzOkBOIPF/4kNhZGcoj3otAhYlEfUKQtPeQsS4S+5o4cOqv
MyEBACWjxFaIdG5lS9a5i6YZMxNtdGKdgoqldiqNJG45x+OhwI/va+cChR/F1j2v
f8M2URmQnSAJC7t0ZCgyzyst69qzsGBDWxBex8WYMBJYq/EAFjHC
-----END CERTIFICATE-----