Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/7d5480-60a7-4193-bf34-bd849b04d10a/1/7xLD-PV04YPConQRcedZigBjckc.roa
File:                     7xLD-PV04YPConQRcedZigBjckc.roa (raw, json)
Hash identifier:          NXeMznNoNLYXgCc/avCXgYJaStZQEf5O6Ct2aOLBbXE=
Subject key identifier:   EF:12:C3:F8:F5:74:E1:83:C2:A2:74:11:71:E7:59:8A:00:63:72:47
Certificate issuer:       /CN=59bff5f16ecb268b1597da1b3ad30af40fce7717
Certificate serial:       018CC6B7BA51BC4EA96078BAB721D571472D
Authority key identifier: 59:BF:F5:F1:6E:CB:26:8B:15:97:DA:1B:3A:D3:0A:F4:0F:CE:77:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wb_18W7LJosVl9obOtMK9A_Odxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/7d5480-60a7-4193-bf34-bd849b04d10a/1/7xLD-PV04YPConQRcedZigBjckc.roa
Signing time:             Mon 01 Jan 2024 20:29:38 +0000
ROA not before:           Mon 01 Jan 2024 20:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54113
IP address blocks:        185.199.109.0/24 maxlen: 24
                          185.199.108.0/22 maxlen: 22
                          185.199.110.0/24 maxlen: 24
                          185.199.111.0/24 maxlen: 24
                          185.199.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/7d5480-60a7-4193-bf34-bd849b04d10a/1/Wb_18W7LJosVl9obOtMK9A_Odxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/7d5480-60a7-4193-bf34-bd849b04d10a/1/Wb_18W7LJosVl9obOtMK9A_Odxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wb_18W7LJosVl9obOtMK9A_Odxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:ba:51:bc:4e:a9:60:78:ba:b7:21:d5:71:47:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59bff5f16ecb268b1597da1b3ad30af40fce7717
        Validity
            Not Before: Jan  1 20:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef12c3f8f574e183c2a2741171e7598a00637247
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:43:57:14:19:6d:87:64:15:1e:26:de:df:25:
                    7f:f7:7c:1e:40:fd:12:e7:79:b0:44:30:cf:5b:90:
                    d4:db:81:cf:06:7e:86:cd:46:be:71:c6:8e:5c:91:
                    04:57:3a:6b:64:2b:51:00:ae:8a:2b:52:04:a5:22:
                    6c:ef:8b:ef:91:2b:7b:e2:6a:fd:78:7d:ea:0e:4c:
                    5a:bd:fe:c6:2a:9d:64:34:d5:b8:f8:b8:e9:2e:7d:
                    07:36:62:72:f9:16:cb:dd:a0:31:ad:23:72:6e:42:
                    55:9d:cb:93:bb:15:2b:1c:3b:b8:ce:54:2a:07:67:
                    00:56:ff:1b:88:6c:be:0c:59:90:de:95:8b:cb:79:
                    7f:18:e4:79:54:21:49:5e:29:34:4a:c5:8e:d7:48:
                    79:01:87:90:47:9a:90:86:06:b2:fd:c0:75:90:56:
                    c8:07:a4:2a:c7:1a:43:52:92:dd:22:d4:45:ea:50:
                    eb:56:6f:f1:45:4d:fd:9e:71:04:f8:d9:a0:90:fc:
                    68:8e:54:f4:b8:2f:5d:4b:9f:d3:69:e8:44:64:e1:
                    03:45:08:40:f6:4a:13:eb:19:68:9f:c4:4f:05:48:
                    6b:26:d1:30:74:e8:62:8b:6e:60:7f:a6:c4:69:95:
                    19:e5:43:f7:28:e9:6f:82:14:aa:77:be:5a:d8:20:
                    ce:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:12:C3:F8:F5:74:E1:83:C2:A2:74:11:71:E7:59:8A:00:63:72:47
            X509v3 Authority Key Identifier:
                keyid:59:BF:F5:F1:6E:CB:26:8B:15:97:DA:1B:3A:D3:0A:F4:0F:CE:77:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wb_18W7LJosVl9obOtMK9A_Odxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7d5480-60a7-4193-bf34-bd849b04d10a/1/7xLD-PV04YPConQRcedZigBjckc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7d5480-60a7-4193-bf34-bd849b04d10a/1/Wb_18W7LJosVl9obOtMK9A_Odxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:e8:6e:5f:7b:4c:37:8d:70:26:cd:ad:54:75:8c:b9:9b:fe:
         e5:75:7f:9f:a7:37:ab:82:39:ac:70:04:18:ae:e7:3c:80:5e:
         5a:cd:f1:3e:5d:09:e2:e1:0e:2c:49:38:4d:80:38:48:8b:80:
         a2:25:d6:42:3b:63:9e:60:70:dc:66:32:4e:55:95:9a:1b:72:
         07:54:fb:03:19:b1:cd:83:0f:f4:4b:6a:9e:54:3e:c4:a8:80:
         bc:7a:8e:48:83:40:c6:71:04:be:e1:01:91:54:77:64:b5:e4:
         a6:7e:ed:28:2f:cb:e9:33:04:4c:8d:67:3b:68:5c:29:e3:26:
         f1:04:47:07:18:8a:2b:34:26:ef:92:b5:ad:4e:52:4e:51:76:
         19:80:eb:35:26:91:b1:1d:95:19:e1:40:51:67:db:3d:d7:3b:
         a3:29:68:f2:1f:da:63:a8:e6:d5:57:11:d6:33:79:50:5f:c1:
         e1:17:1a:b4:ed:df:f7:cb:6f:e8:98:1c:2b:7e:31:31:36:08:
         4c:5a:89:18:9f:8f:54:e4:2c:f7:f4:5d:74:b8:5a:fb:b5:23:
         eb:0f:cf:c6:8f:7b:3f:62:7b:3d:b6:ac:f1:ae:fc:c7:2a:ef:
         91:13:9d:f4:56:ac:7a:6b:62:d4:c6:1d:79:30:3d:1a:27:36:
         70:16:b5:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt7pRvE6pYHi6tyHVcUctMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5YmZmNWYxNmVjYjI2OGIxNTk3ZGExYjNhZDMwYWY0MGZj
ZTc3MTcwHhcNMjQwMTAxMjAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjEyYzNmOGY1NzRlMTgzYzJhMjc0MTE3MWU3NTk4YTAwNjM3MjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwENXFBlth2QVHibe3yV/93weQP0S
53mwRDDPW5DU24HPBn6GzUa+ccaOXJEEVzprZCtRAK6KK1IEpSJs74vvkSt74mr9
eH3qDkxavf7GKp1kNNW4+LjpLn0HNmJy+RbL3aAxrSNybkJVncuTuxUrHDu4zlQq
B2cAVv8biGy+DFmQ3pWLy3l/GOR5VCFJXik0SsWO10h5AYeQR5qQhgay/cB1kFbI
B6QqxxpDUpLdItRF6lDrVm/xRU39nnEE+NmgkPxojlT0uC9dS5/TaehEZOEDRQhA
9koT6xlon8RPBUhrJtEwdOhii25gf6bEaZUZ5UP3KOlvghSqd75a2CDOTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO8Sw/j1dOGDwqJ0EXHnWYoAY3JHMB8GA1UdIwQY
MBaAFFm/9fFuyyaLFZfaGzrTCvQPzncXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2JfMThXN0xKb3NWbDlvYk90TUs5QV9PZHhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS83ZDU0ODAtNjBhNy00MTkzLWJmMzQt
YmQ4NDliMDRkMTBhLzEvN3hMRC1QVjA0WVBDb25RUmNlZFppZ0JqY2tjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS83ZDU0ODAtNjBhNy00MTkzLWJmMzQtYmQ4NDliMDRkMTBh
LzEvV2JfMThXN0xKb3NWbDlvYk90TUs5QV9PZHhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucdsMA0G
CSqGSIb3DQEBCwUAA4IBAQBa6G5fe0w3jXAmza1UdYy5m/7ldX+fpzergjmscAQY
ruc8gF5azfE+XQni4Q4sSThNgDhIi4CiJdZCO2OeYHDcZjJOVZWaG3IHVPsDGbHN
gw/0S2qeVD7EqIC8eo5Ig0DGcQS+4QGRVHdkteSmfu0oL8vpMwRMjWc7aFwp4ybx
BEcHGIorNCbvkrWtTlJOUXYZgOs1JpGxHZUZ4UBRZ9s91zujKWjyH9pjqObVVxHW
M3lQX8HhFxq07d/3y2/omBwrfjExNghMWokYn49U5Cz39F10uFr7tSPrD8/Gj3s/
Yns9tqzxrvzHKu+RE530Vqx6a2LUxh15MD0aJzZwFrXV
-----END CERTIFICATE-----