Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/4e1b5b-0b7e-4004-bf9d-114039d5a9e1/1/__nIxld0yW3Er5mK9fyQQ4UBJ_I.roa
File:                     __nIxld0yW3Er5mK9fyQQ4UBJ_I.roa (raw, json)
Hash identifier:          V7gnTI9wfH6Us0CsjG+HaIaSPJbBrpXrWFPNeXqaPbk=
Subject key identifier:   FF:F9:C8:C6:57:74:C9:6D:C4:AF:99:8A:F5:FC:90:43:85:01:27:F2
Certificate issuer:       /CN=0dce7e26ac1de4de6dff75aba004a1cfca787664
Certificate serial:       018CCA2B6E3257ABAA0DAC8DD9ACB812D8C3
Authority key identifier: 0D:CE:7E:26:AC:1D:E4:DE:6D:FF:75:AB:A0:04:A1:CF:CA:78:76:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dc5-Jqwd5N5t_3WroAShz8p4dmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/4e1b5b-0b7e-4004-bf9d-114039d5a9e1/1/__nIxld0yW3Er5mK9fyQQ4UBJ_I.roa
Signing time:             Tue 02 Jan 2024 12:34:53 +0000
ROA not before:           Tue 02 Jan 2024 12:34:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208028
IP address blocks:        45.80.140.0/29 maxlen: 29
                          45.80.140.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/4e1b5b-0b7e-4004-bf9d-114039d5a9e1/1/Dc5-Jqwd5N5t_3WroAShz8p4dmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/4e1b5b-0b7e-4004-bf9d-114039d5a9e1/1/Dc5-Jqwd5N5t_3WroAShz8p4dmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dc5-Jqwd5N5t_3WroAShz8p4dmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:6e:32:57:ab:aa:0d:ac:8d:d9:ac:b8:12:d8:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0dce7e26ac1de4de6dff75aba004a1cfca787664
        Validity
            Not Before: Jan  2 12:34:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fff9c8c65774c96dc4af998af5fc9043850127f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:06:9e:c8:4e:30:45:a8:1d:2d:ae:69:67:fe:
                    99:53:cd:3b:47:6b:64:1e:41:0f:2a:19:f5:7a:f0:
                    f5:bd:e4:d4:a1:ed:f0:f6:2e:93:c1:f1:db:32:01:
                    22:05:e2:f1:21:d7:2b:b3:a1:1e:db:33:ea:e7:53:
                    fc:a0:6d:82:7d:73:bc:5a:36:02:82:3f:14:f0:0c:
                    c8:68:4e:89:9a:c9:c4:7f:d0:bd:b3:08:17:92:ec:
                    96:d2:d5:04:6a:a9:e3:49:a2:75:bb:82:fd:65:88:
                    99:88:b8:c3:f8:6d:31:79:ac:fa:cf:14:99:9d:b5:
                    92:a5:ff:40:7c:6d:09:08:e5:c2:f1:a2:e1:af:8d:
                    58:99:0e:25:15:19:f1:c6:78:97:50:8d:53:76:05:
                    19:1e:d4:83:4d:cd:eb:52:ec:92:64:69:c8:c7:ae:
                    71:9c:50:f2:4a:e0:8e:fb:eb:21:ca:9d:3e:84:d0:
                    92:52:83:6d:32:cc:32:49:d6:bf:a6:b1:b6:68:75:
                    70:be:26:34:16:4d:54:3e:7f:c1:4d:94:5e:f6:8b:
                    dc:ac:0e:54:6b:e3:c9:21:6b:d1:46:d7:71:80:05:
                    01:82:fb:f5:58:2e:0f:9e:05:a2:10:52:6f:c1:f4:
                    d8:bd:d6:be:99:45:78:26:b7:52:5e:61:8b:a0:18:
                    21:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:F9:C8:C6:57:74:C9:6D:C4:AF:99:8A:F5:FC:90:43:85:01:27:F2
            X509v3 Authority Key Identifier:
                keyid:0D:CE:7E:26:AC:1D:E4:DE:6D:FF:75:AB:A0:04:A1:CF:CA:78:76:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dc5-Jqwd5N5t_3WroAShz8p4dmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4e1b5b-0b7e-4004-bf9d-114039d5a9e1/1/__nIxld0yW3Er5mK9fyQQ4UBJ_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4e1b5b-0b7e-4004-bf9d-114039d5a9e1/1/Dc5-Jqwd5N5t_3WroAShz8p4dmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:11:4b:eb:90:ea:c2:87:fd:7d:f7:7a:af:d7:49:21:e9:5f:
         e1:e0:02:f5:22:c8:84:f1:a7:ff:cb:9e:9a:69:ff:63:44:c2:
         7b:2e:4e:65:91:8f:a6:69:23:05:da:24:a9:59:90:f6:7e:89:
         7c:9c:af:bd:10:be:a1:3d:61:3a:22:65:e3:a0:49:c9:e0:73:
         29:e8:50:c0:27:dd:92:88:82:97:61:d6:99:4a:09:5d:0e:25:
         4f:dc:56:df:c7:ea:a5:31:f9:95:52:ce:0a:bc:08:d4:14:cf:
         ab:5f:d5:97:8d:0b:21:6a:a6:f3:e1:95:e4:8c:5b:ce:8b:5f:
         ae:ae:f6:29:25:8e:cf:bc:7c:53:e8:9a:27:dc:03:76:40:d7:
         7e:4e:45:3a:4b:4a:31:d2:98:c5:d2:06:ee:20:fb:21:bc:9e:
         17:ec:5e:fc:76:e3:99:36:22:14:d6:33:f6:a4:5f:12:1e:14:
         c6:71:60:11:58:bd:76:eb:9a:42:24:08:df:66:05:57:b7:ca:
         8c:50:31:03:ca:ce:3d:f6:1e:bf:3e:e5:4f:c3:3c:87:99:8e:
         3a:97:55:27:62:ab:51:bb:4e:ca:37:9b:11:1d:e3:04:0e:89:
         74:72:53:38:05:f4:be:6c:6f:b6:2e:2b:a5:d3:79:51:de:3e:
         5b:50:5c:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK24yV6uqDayN2ay4EtjDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkY2U3ZTI2YWMxZGU0ZGU2ZGZmNzVhYmEwMDRhMWNmY2E3
ODc2NjQwHhcNMjQwMTAyMTIzNDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmY5YzhjNjU3NzRjOTZkYzRhZjk5OGFmNWZjOTA0Mzg1MDEyN2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQaeyE4wRagdLa5pZ/6ZU807R2tk
HkEPKhn1evD1veTUoe3w9i6TwfHbMgEiBeLxIdcrs6Ee2zPq51P8oG2CfXO8WjYC
gj8U8AzIaE6JmsnEf9C9swgXkuyW0tUEaqnjSaJ1u4L9ZYiZiLjD+G0xeaz6zxSZ
nbWSpf9AfG0JCOXC8aLhr41YmQ4lFRnxxniXUI1TdgUZHtSDTc3rUuySZGnIx65x
nFDySuCO++shyp0+hNCSUoNtMswySda/prG2aHVwviY0Fk1UPn/BTZRe9ovcrA5U
a+PJIWvRRtdxgAUBgvv1WC4PngWiEFJvwfTYvda+mUV4JrdSXmGLoBghCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/5yMZXdMltxK+ZivX8kEOFASfyMB8GA1UdIwQY
MBaAFA3OfiasHeTebf91q6AEoc/KeHZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGM1LUpxd2Q1TjV0XzNXcm9BU2h6OHA0ZG1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi80ZTFiNWItMGI3ZS00MDA0LWJmOWQt
MTE0MDM5ZDVhOWUxLzEvX19uSXhsZDB5VzNFcjVtSzlmeVFRNFVCSl9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi80ZTFiNWItMGI3ZS00MDA0LWJmOWQtMTE0MDM5ZDVhOWUx
LzEvRGM1LUpxd2Q1TjV0XzNXcm9BU2h6OHA0ZG1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVCMMA0G
CSqGSIb3DQEBCwUAA4IBAQBEEUvrkOrCh/1993qv10kh6V/h4AL1IsiE8af/y56a
af9jRMJ7Lk5lkY+maSMF2iSpWZD2fol8nK+9EL6hPWE6ImXjoEnJ4HMp6FDAJ92S
iIKXYdaZSgldDiVP3Fbfx+qlMfmVUs4KvAjUFM+rX9WXjQshaqbz4ZXkjFvOi1+u
rvYpJY7PvHxT6Jon3AN2QNd+TkU6S0ox0pjF0gbuIPshvJ4X7F78duOZNiIU1jP2
pF8SHhTGcWARWL1265pCJAjfZgVXt8qMUDEDys499h6/PuVPwzyHmY46l1UnYqtR
u07KN5sRHeMEDol0clM4BfS+bG+2Liul03lR3j5bUFyM
-----END CERTIFICATE-----