Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/5a2117-f583-445d-b72e-eba9c5cb32d0/1/0aT0Mn8F5pD4DppnM-Tq1IYx46A.roa
File:                     0aT0Mn8F5pD4DppnM-Tq1IYx46A.roa (raw, json)
Hash identifier:          1mgq0dkHNVmhuST00Vw8dULi1uuPJoQdaXC4D8JgI7w=
Subject key identifier:   D1:A4:F4:32:7F:05:E6:90:F8:0E:9A:67:33:E4:EA:D4:86:31:E3:A0
Certificate issuer:       /CN=a4929fcd61dc69dccfbe01d5ff0035b41ac95260
Certificate serial:       018CC424790F070551D18B52EC71D72BFF79
Authority key identifier: A4:92:9F:CD:61:DC:69:DC:CF:BE:01:D5:FF:00:35:B4:1A:C9:52:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJKfzWHcadzPvgHV_wA1tBrJUmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/5a2117-f583-445d-b72e-eba9c5cb32d0/1/0aT0Mn8F5pD4DppnM-Tq1IYx46A.roa
Signing time:             Mon 01 Jan 2024 08:29:33 +0000
ROA not before:           Mon 01 Jan 2024 08:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        45.150.16.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/5a2117-f583-445d-b72e-eba9c5cb32d0/1/pJKfzWHcadzPvgHV_wA1tBrJUmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/5a2117-f583-445d-b72e-eba9c5cb32d0/1/pJKfzWHcadzPvgHV_wA1tBrJUmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJKfzWHcadzPvgHV_wA1tBrJUmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:79:0f:07:05:51:d1:8b:52:ec:71:d7:2b:ff:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4929fcd61dc69dccfbe01d5ff0035b41ac95260
        Validity
            Not Before: Jan  1 08:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1a4f4327f05e690f80e9a6733e4ead48631e3a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ff:1f:af:aa:3f:22:42:bf:ea:fe:5a:9c:96:
                    51:ea:ff:6e:85:f0:aa:ef:83:34:4f:56:9d:2e:01:
                    bf:15:5d:18:95:62:ac:c3:9e:e6:95:54:52:13:17:
                    70:83:45:55:5c:2b:f2:c3:88:22:83:58:7f:d7:19:
                    bf:0f:e0:50:e3:27:0b:52:65:4f:78:e8:06:17:6a:
                    d5:00:08:a6:f8:26:7a:d3:a8:1c:fa:db:18:10:26:
                    6b:ee:00:bc:0d:68:40:05:a6:6b:04:02:de:cf:4a:
                    e1:d4:58:bd:d0:36:db:93:0f:28:63:dd:6c:ea:de:
                    f5:ae:27:18:4e:4c:f2:93:08:ec:ed:65:35:38:da:
                    b9:c5:49:ac:0d:af:26:5f:03:94:ed:fc:b7:ac:34:
                    6f:9e:ed:e4:0b:24:69:bd:ba:53:5b:01:de:90:e9:
                    7b:64:c7:47:8d:85:78:55:98:7d:fb:65:21:2f:3f:
                    16:44:8c:7e:8e:d6:df:fe:da:62:7b:4c:59:42:25:
                    49:d2:ea:20:39:0c:a9:c6:ac:45:15:a7:d8:65:16:
                    49:41:1f:1c:30:15:8a:b7:b9:c8:b1:4b:84:61:b3:
                    b8:ec:89:03:d5:0d:42:5c:25:7a:90:f3:4c:c1:23:
                    0c:24:e3:59:d5:4d:c4:c1:98:ab:95:45:bb:8c:e1:
                    c4:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:A4:F4:32:7F:05:E6:90:F8:0E:9A:67:33:E4:EA:D4:86:31:E3:A0
            X509v3 Authority Key Identifier:
                keyid:A4:92:9F:CD:61:DC:69:DC:CF:BE:01:D5:FF:00:35:B4:1A:C9:52:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJKfzWHcadzPvgHV_wA1tBrJUmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/5a2117-f583-445d-b72e-eba9c5cb32d0/1/0aT0Mn8F5pD4DppnM-Tq1IYx46A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/5a2117-f583-445d-b72e-eba9c5cb32d0/1/pJKfzWHcadzPvgHV_wA1tBrJUmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:83:3e:e7:9b:84:70:37:e1:81:2c:e7:c2:bb:d1:d2:a3:6d:
         0a:91:73:df:7c:20:d1:16:93:09:e0:38:66:fe:80:3e:f4:ff:
         0a:57:68:0d:16:98:78:49:3b:1a:08:82:9d:dc:da:75:41:b5:
         13:62:70:dc:a0:01:b6:7c:b5:46:19:94:49:3a:bd:e9:54:fc:
         3a:ba:3f:c3:e8:6d:3d:60:55:f2:da:cb:79:41:52:37:ac:22:
         3a:26:fd:75:d3:a8:92:b3:78:c6:f3:e4:a9:1b:24:95:6c:98:
         dc:e4:48:62:8e:9d:35:66:47:bc:4f:f3:b2:e5:0f:45:5d:31:
         08:85:42:8f:0d:f9:28:1c:8d:2b:36:02:c8:5f:83:dd:ae:32:
         10:ce:dc:06:44:f7:04:80:b1:f4:76:0d:56:32:8d:73:52:7b:
         7c:25:2e:be:8f:ad:ed:a3:84:58:4b:c6:46:6b:e7:cd:9e:bd:
         dd:ef:ac:60:f6:5d:2d:59:3c:2b:8d:57:13:56:94:4a:16:b6:
         ee:2f:ac:59:fc:aa:75:59:1d:cb:39:22:41:cf:aa:83:f7:f3:
         fa:39:4b:49:fc:e6:f6:2a:4c:ee:a4:9c:d3:f1:b8:ca:10:2e:
         03:89:37:2e:1b:ae:d5:bf:a5:9c:c1:03:f9:a2:2b:fe:39:f0:
         1b:3c:9b:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJHkPBwVR0YtS7HHXK/95MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OTI5ZmNkNjFkYzY5ZGNjZmJlMDFkNWZmMDAzNWI0MWFj
OTUyNjAwHhcNMjQwMTAxMDgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWE0ZjQzMjdmMDVlNjkwZjgwZTlhNjczM2U0ZWFkNDg2MzFlM2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiv8fr6o/IkK/6v5anJZR6v9uhfCq
74M0T1adLgG/FV0YlWKsw57mlVRSExdwg0VVXCvyw4gig1h/1xm/D+BQ4ycLUmVP
eOgGF2rVAAim+CZ606gc+tsYECZr7gC8DWhABaZrBALez0rh1Fi90Dbbkw8oY91s
6t71ricYTkzykwjs7WU1ONq5xUmsDa8mXwOU7fy3rDRvnu3kCyRpvbpTWwHekOl7
ZMdHjYV4VZh9+2UhLz8WRIx+jtbf/tpie0xZQiVJ0uogOQypxqxFFafYZRZJQR8c
MBWKt7nIsUuEYbO47IkD1Q1CXCV6kPNMwSMMJONZ1U3EwZirlUW7jOHEAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNGk9DJ/BeaQ+A6aZzPk6tSGMeOgMB8GA1UdIwQY
MBaAFKSSn81h3Gncz74B1f8ANbQayVJgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEpLZnpXSGNhZHpQdmdIVl93QTF0QnJKVW1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy81YTIxMTctZjU4My00NDVkLWI3MmUt
ZWJhOWM1Y2IzMmQwLzEvMGFUME1uOEY1cEQ0RHBwbk0tVHExSVl4NDZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy81YTIxMTctZjU4My00NDVkLWI3MmUtZWJhOWM1Y2IzMmQw
LzEvcEpLZnpXSGNhZHpQdmdIVl93QTF0QnJKVW1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZYQMA0G
CSqGSIb3DQEBCwUAA4IBAQB/gz7nm4RwN+GBLOfCu9HSo20KkXPffCDRFpMJ4Dhm
/oA+9P8KV2gNFph4STsaCIKd3Np1QbUTYnDcoAG2fLVGGZRJOr3pVPw6uj/D6G09
YFXy2st5QVI3rCI6Jv1106iSs3jG8+SpGySVbJjc5Ehijp01Zke8T/Oy5Q9FXTEI
hUKPDfkoHI0rNgLIX4PdrjIQztwGRPcEgLH0dg1WMo1zUnt8JS6+j63to4RYS8ZG
a+fNnr3d76xg9l0tWTwrjVcTVpRKFrbuL6xZ/Kp1WR3LOSJBz6qD9/P6OUtJ/Ob2
KkzupJzT8bjKEC4DiTcuG67Vv6WcwQP5oiv+OfAbPJsG
-----END CERTIFICATE-----