Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/5b43ba-8eb5-44d3-9b87-e000e3fff93e/1/7a77qpwJeeHMoGMx7H4Hltr43LM.roa
File:                     7a77qpwJeeHMoGMx7H4Hltr43LM.roa (raw, json)
Hash identifier:          6lPWBqhGLKeKKMwcxRPlAd4DVLSSiCY4VtkMvpuCgiY=
Subject key identifier:   ED:AE:FB:AA:9C:09:79:E1:CC:A0:63:31:EC:7E:07:96:DA:F8:DC:B3
Certificate issuer:       /CN=c5721737651598f56cf7195120777d7b5316f552
Certificate serial:       018CC424567FE098C2DC0C01DBA7C0D5629C
Authority key identifier: C5:72:17:37:65:15:98:F5:6C:F7:19:51:20:77:7D:7B:53:16:F5:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xXIXN2UVmPVs9xlRIHd9e1MW9VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/5b43ba-8eb5-44d3-9b87-e000e3fff93e/1/7a77qpwJeeHMoGMx7H4Hltr43LM.roa
Signing time:             Mon 01 Jan 2024 08:29:24 +0000
ROA not before:           Mon 01 Jan 2024 08:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208766
IP address blocks:        45.85.228.0/22 maxlen: 22
                          2a0e:cc80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/5b43ba-8eb5-44d3-9b87-e000e3fff93e/1/xXIXN2UVmPVs9xlRIHd9e1MW9VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/5b43ba-8eb5-44d3-9b87-e000e3fff93e/1/xXIXN2UVmPVs9xlRIHd9e1MW9VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xXIXN2UVmPVs9xlRIHd9e1MW9VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:56:7f:e0:98:c2:dc:0c:01:db:a7:c0:d5:62:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5721737651598f56cf7195120777d7b5316f552
        Validity
            Not Before: Jan  1 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=edaefbaa9c0979e1cca06331ec7e0796daf8dcb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ed:29:b6:a8:a2:87:61:b6:03:0d:c6:9a:22:
                    07:a7:fd:4c:7c:76:b1:5a:c4:64:1e:e0:f1:79:6e:
                    34:77:43:d9:61:9b:ed:ef:0d:ff:d8:6d:85:09:fe:
                    e0:7e:7b:1d:e5:ca:c1:21:af:86:7b:bd:d7:8d:ff:
                    8f:c6:f9:85:43:a6:f5:57:0e:3b:a8:1e:d4:e4:9b:
                    62:d2:42:f9:ff:51:a1:2a:0c:f1:ed:69:74:2d:9d:
                    1d:3f:38:51:4f:6d:52:4c:4c:aa:de:4d:30:4e:ed:
                    8e:3d:bf:23:5b:1f:d8:3b:ff:ce:36:88:d8:96:af:
                    62:0c:3d:e0:41:cb:a2:a2:c8:8f:14:2b:15:c8:e7:
                    65:d4:d0:4e:cd:b0:79:b1:f9:4a:c6:a8:ff:76:9e:
                    a5:4b:5b:a3:0c:27:93:2a:05:fd:80:40:89:1e:49:
                    17:f4:f4:de:08:5d:ff:ee:cf:e2:ed:9a:bf:67:f4:
                    65:be:08:69:06:f5:e4:26:77:b6:90:9b:84:6c:ef:
                    de:c6:83:e0:87:10:ae:d5:aa:11:3f:14:3c:44:31:
                    8a:46:c0:e5:f0:43:45:4e:6a:97:52:da:5d:e8:49:
                    95:30:df:2e:f2:77:3d:2c:b1:22:b7:6d:38:e0:08:
                    98:c7:9e:71:66:60:62:9d:91:7d:d0:3b:2d:c2:95:
                    68:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:AE:FB:AA:9C:09:79:E1:CC:A0:63:31:EC:7E:07:96:DA:F8:DC:B3
            X509v3 Authority Key Identifier:
                keyid:C5:72:17:37:65:15:98:F5:6C:F7:19:51:20:77:7D:7B:53:16:F5:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xXIXN2UVmPVs9xlRIHd9e1MW9VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/5b43ba-8eb5-44d3-9b87-e000e3fff93e/1/7a77qpwJeeHMoGMx7H4Hltr43LM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/5b43ba-8eb5-44d3-9b87-e000e3fff93e/1/xXIXN2UVmPVs9xlRIHd9e1MW9VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.228.0/22
                IPv6:
                  2a0e:cc80::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:c9:2c:26:14:57:f8:e8:b2:ad:03:d9:68:e4:5e:1a:67:8d:
         d8:a6:6e:8a:d8:81:26:61:c1:25:0a:59:54:61:ef:03:a1:8c:
         f8:ae:27:22:69:23:f0:53:37:8d:2c:e6:d4:47:2e:12:93:59:
         93:c0:99:89:c5:f4:fd:df:a9:d1:13:4b:29:b3:da:09:2d:7c:
         22:24:de:20:85:15:3c:83:11:83:57:8e:e0:c6:b9:bb:d2:0d:
         ed:96:3c:46:91:f4:ca:ed:3e:c7:ad:07:dd:dc:44:8b:78:26:
         fb:a8:0d:8f:af:28:ea:17:a8:a0:7a:ab:12:29:74:2b:f9:18:
         b8:85:5e:47:61:9f:da:f5:0e:29:1a:80:4c:4e:43:98:e5:53:
         ce:7f:4c:ac:2f:98:42:30:79:5b:bd:dd:a6:25:d9:a2:d0:08:
         67:22:a5:84:14:f7:d7:17:2d:86:f0:61:1b:2d:6f:e8:1b:b6:
         66:21:4b:e2:9c:5e:f7:d4:d3:dc:5e:ed:9b:1a:5a:03:83:3e:
         e2:6f:c6:c8:ec:6e:ac:ba:22:73:f2:3a:ab:13:9f:38:de:c8:
         32:36:de:3c:f5:4f:ba:13:32:e5:62:c4:a5:4a:90:4e:1f:db:
         ea:e1:50:f4:7e:74:98:21:7a:55:2b:bc:07:58:aa:62:8e:1f:
         21:50:1f:a0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJFZ/4JjC3AwB26fA1WKcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NzIxNzM3NjUxNTk4ZjU2Y2Y3MTk1MTIwNzc3ZDdiNTMx
NmY1NTIwHhcNMjQwMTAxMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGFlZmJhYTljMDk3OWUxY2NhMDYzMzFlYzdlMDc5NmRhZjhkY2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+0ptqiih2G2Aw3GmiIHp/1MfHax
WsRkHuDxeW40d0PZYZvt7w3/2G2FCf7gfnsd5crBIa+Ge73Xjf+PxvmFQ6b1Vw47
qB7U5Jti0kL5/1GhKgzx7Wl0LZ0dPzhRT21STEyq3k0wTu2OPb8jWx/YO//ONojY
lq9iDD3gQcuiosiPFCsVyOdl1NBOzbB5sflKxqj/dp6lS1ujDCeTKgX9gECJHkkX
9PTeCF3/7s/i7Zq/Z/RlvghpBvXkJne2kJuEbO/exoPghxCu1aoRPxQ8RDGKRsDl
8ENFTmqXUtpd6EmVMN8u8nc9LLEit2044AiYx55xZmBinZF90DstwpVodwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO2u+6qcCXnhzKBjMex+B5ba+NyzMB8GA1UdIwQY
MBaAFMVyFzdlFZj1bPcZUSB3fXtTFvVSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFhJWE4yVVZtUFZzOXhsUklIZDllMU1XOVZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC81YjQzYmEtOGViNS00NGQzLTliODct
ZTAwMGUzZmZmOTNlLzEvN2E3N3Fwd0plZUhNb0dNeDdINEhsdHI0M0xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC81YjQzYmEtOGViNS00NGQzLTliODctZTAwMGUzZmZmOTNl
LzEveFhJWE4yVVZtUFZzOXhsUklIZDllMU1XOVZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVXkMA0E
AgACMAcDBQMqDsyAMA0GCSqGSIb3DQEBCwUAA4IBAQB+ySwmFFf46LKtA9lo5F4a
Z43Ypm6K2IEmYcElCllUYe8DoYz4riciaSPwUzeNLObURy4Sk1mTwJmJxfT936nR
E0sps9oJLXwiJN4ghRU8gxGDV47gxrm70g3tljxGkfTK7T7HrQfd3ESLeCb7qA2P
ryjqF6igeqsSKXQr+Ri4hV5HYZ/a9Q4pGoBMTkOY5VPOf0ysL5hCMHlbvd2mJdmi
0AhnIqWEFPfXFy2G8GEbLW/oG7ZmIUvinF731NPcXu2bGloDgz7ib8bI7G6suiJz
8jqrE5843sgyNt489U+6EzLlYsSlSpBOH9vq4VD0fnSYIXpVK7wHWKpijh8hUB+g
-----END CERTIFICATE-----