Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/97311d-af26-4b8d-a1ad-13669569d68e/1/x7DiWeezI0azoZVfTPGD-guiL4o.roa
File:                     x7DiWeezI0azoZVfTPGD-guiL4o.roa (raw, json)
Hash identifier:          A84cn+0V+Ib8WAkIZHL7mh/845uJx4pRvAWg1UeKfVk=
Subject key identifier:   C7:B0:E2:59:E7:B3:23:46:B3:A1:95:5F:4C:F1:83:FA:0B:A2:2F:8A
Certificate issuer:       /CN=7ad869e5efd483a72fd3e89978d1cc66df32b512
Certificate serial:       018DB25D6645F134CE49368C84240F165D3A
Authority key identifier: 7A:D8:69:E5:EF:D4:83:A7:2F:D3:E8:99:78:D1:CC:66:DF:32:B5:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ethp5e_Ug6cv0-iZeNHMZt8ytRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/97311d-af26-4b8d-a1ad-13669569d68e/1/x7DiWeezI0azoZVfTPGD-guiL4o.roa
Signing time:             Fri 16 Feb 2024 14:41:21 +0000
ROA not before:           Fri 16 Feb 2024 14:41:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215588
IP address blocks:        91.201.92.0/22 maxlen: 24
                          2a10:1a80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/97311d-af26-4b8d-a1ad-13669569d68e/1/ethp5e_Ug6cv0-iZeNHMZt8ytRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/97311d-af26-4b8d-a1ad-13669569d68e/1/ethp5e_Ug6cv0-iZeNHMZt8ytRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ethp5e_Ug6cv0-iZeNHMZt8ytRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b2:5d:66:45:f1:34:ce:49:36:8c:84:24:0f:16:5d:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ad869e5efd483a72fd3e89978d1cc66df32b512
        Validity
            Not Before: Feb 16 14:41:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7b0e259e7b32346b3a1955f4cf183fa0ba22f8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:cf:3e:99:a0:d6:7d:b3:c7:ac:f1:c6:79:3b:
                    5c:07:6e:f2:a9:5a:41:a9:2b:56:7e:28:d3:38:b9:
                    27:bd:83:0b:bc:f8:65:34:5e:c1:27:eb:ce:d1:0e:
                    c0:a1:66:81:34:99:8e:ed:7f:d1:81:f4:95:2c:20:
                    bb:67:15:a4:c5:94:2a:7f:3e:7f:78:1d:16:fe:1a:
                    87:60:a0:5f:0c:e6:bf:cf:2d:55:3e:c2:a3:f8:be:
                    99:25:5f:7f:9c:eb:87:d8:ee:f7:de:fa:0b:89:56:
                    92:55:99:37:d3:2c:4c:5b:d1:65:f1:da:a3:c4:7e:
                    65:a9:22:9a:cb:f9:9d:cd:2b:b7:ef:28:7b:ce:d0:
                    7c:ea:f5:05:a4:b2:9e:c8:e6:ef:b0:03:b7:b4:1d:
                    6e:5e:d2:ef:54:30:83:5a:70:55:48:7c:7f:a0:41:
                    34:0f:71:97:9d:fe:4d:06:bf:ac:1f:8e:c2:4e:fd:
                    97:4c:e1:4e:a9:46:2a:18:d1:e1:3a:5e:34:ae:08:
                    91:42:46:d4:d7:2d:a0:bb:fe:30:1b:3d:ec:1f:91:
                    94:fb:8a:71:b5:0f:0c:b3:7f:bb:e7:35:75:e0:35:
                    b7:e1:3f:d7:37:55:64:b3:1d:c5:53:7f:a6:aa:b1:
                    23:7f:2b:ce:65:15:c8:71:b4:c8:11:00:75:92:f0:
                    6e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:B0:E2:59:E7:B3:23:46:B3:A1:95:5F:4C:F1:83:FA:0B:A2:2F:8A
            X509v3 Authority Key Identifier:
                keyid:7A:D8:69:E5:EF:D4:83:A7:2F:D3:E8:99:78:D1:CC:66:DF:32:B5:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ethp5e_Ug6cv0-iZeNHMZt8ytRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/97311d-af26-4b8d-a1ad-13669569d68e/1/x7DiWeezI0azoZVfTPGD-guiL4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/97311d-af26-4b8d-a1ad-13669569d68e/1/ethp5e_Ug6cv0-iZeNHMZt8ytRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.92.0/22
                IPv6:
                  2a10:1a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:46:77:bd:f1:50:bd:8c:79:9f:64:5c:09:38:df:dc:64:4b:
         e0:5b:58:df:74:e1:98:ed:4a:71:99:52:16:2b:7a:9b:e8:b4:
         36:d3:50:d7:b2:a8:30:39:2a:18:46:05:bb:e8:91:6c:f6:36:
         68:80:89:0a:d2:f3:89:45:49:df:b3:54:c4:55:3a:49:a2:d4:
         90:fc:1d:88:a2:1b:2f:25:57:69:48:73:b4:79:1c:fd:a5:72:
         1e:5c:9f:fc:06:74:ab:bd:44:60:bc:df:8d:63:ed:8e:4e:69:
         68:74:a6:89:e9:ec:26:e1:1c:b9:43:ef:25:6c:f0:02:e6:59:
         3f:14:c4:bf:50:c0:47:a9:03:ae:72:f9:85:da:ef:91:04:49:
         b6:d0:a7:fc:33:c6:cb:75:ec:a4:db:c8:d1:75:15:ab:b1:1f:
         b5:cb:fb:6c:4c:d3:8b:fc:d4:76:5e:21:1f:90:89:90:d8:03:
         15:20:db:f5:56:4d:6e:c5:38:5d:39:a5:a9:41:3f:d8:9d:0f:
         d2:e1:fe:34:3f:57:e1:f1:c5:a3:ac:0c:4d:78:30:05:d0:76:
         04:9a:00:8c:48:e2:ab:9d:cb:b6:5c:56:7b:f1:1d:f7:c7:a3:
         42:be:cf:1d:03:29:ea:69:f6:e0:91:c6:d1:f5:d7:78:61:fe:
         68:82:40:52
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY2yXWZF8TTOSTaMhCQPFl06MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZDg2OWU1ZWZkNDgzYTcyZmQzZTg5OTc4ZDFjYzY2ZGYz
MmI1MTIwHhcNMjQwMjE2MTQ0MTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2IwZTI1OWU3YjMyMzQ2YjNhMTk1NWY0Y2YxODNmYTBiYTIyZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAis8+maDWfbPHrPHGeTtcB27yqVpB
qStWfijTOLknvYMLvPhlNF7BJ+vO0Q7AoWaBNJmO7X/RgfSVLCC7ZxWkxZQqfz5/
eB0W/hqHYKBfDOa/zy1VPsKj+L6ZJV9/nOuH2O733voLiVaSVZk30yxMW9Fl8dqj
xH5lqSKay/mdzSu37yh7ztB86vUFpLKeyObvsAO3tB1uXtLvVDCDWnBVSHx/oEE0
D3GXnf5NBr+sH47CTv2XTOFOqUYqGNHhOl40rgiRQkbU1y2gu/4wGz3sH5GU+4px
tQ8Ms3+75zV14DW34T/XN1Vksx3FU3+mqrEjfyvOZRXIcbTIEQB1kvBu9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMew4lnnsyNGs6GVX0zxg/oLoi+KMB8GA1UdIwQY
MBaAFHrYaeXv1IOnL9PomXjRzGbfMrUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXRocDVlX1VnNmN2MC1pWmVOSE1adDh5dFJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi85NzMxMWQtYWYyNi00YjhkLWExYWQt
MTM2Njk1NjlkNjhlLzEveDdEaVdlZXpJMGF6b1pWZlRQR0QtZ3VpTDRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi85NzMxMWQtYWYyNi00YjhkLWExYWQtMTM2Njk1NjlkNjhl
LzEvZXRocDVlX1VnNmN2MC1pWmVOSE1adDh5dFJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCW8lcMA0E
AgACMAcDBQMqEBqAMA0GCSqGSIb3DQEBCwUAA4IBAQAdRne98VC9jHmfZFwJON/c
ZEvgW1jfdOGY7UpxmVIWK3qb6LQ201DXsqgwOSoYRgW76JFs9jZogIkK0vOJRUnf
s1TEVTpJotSQ/B2IohsvJVdpSHO0eRz9pXIeXJ/8BnSrvURgvN+NY+2OTmlodKaJ
6ewm4Ry5Q+8lbPAC5lk/FMS/UMBHqQOucvmF2u+RBEm20Kf8M8bLdeyk28jRdRWr
sR+1y/tsTNOL/NR2XiEfkImQ2AMVINv1Vk1uxThdOaWpQT/YnQ/S4f40P1fh8cWj
rAxNeDAF0HYEmgCMSOKrncu2XFZ78R33x6NCvs8dAynqafbgkcbR9dd4Yf5ogkBS
-----END CERTIFICATE-----