Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/e_7xtGo8m9rE_Bfwf7PpFP8t06M.roa
File:                     e_7xtGo8m9rE_Bfwf7PpFP8t06M.roa (raw, json)
Hash identifier:          92n+V3P3KZnjbQeHq9SM3SBaOnWJca8CU3llq0tBJFE=
Subject key identifier:   7B:FE:F1:B4:6A:3C:9B:DA:C4:FC:17:F0:7F:B3:E9:14:FF:2D:D3:A3
Certificate issuer:       /CN=5b0329066138bb5564571fc3c29ee953e5c1c7a3
Certificate serial:       018E0A0767448606A238304A79A62DE3CDD2
Authority key identifier: 5B:03:29:06:61:38:BB:55:64:57:1F:C3:C2:9E:E9:53:E5:C1:C7:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/e_7xtGo8m9rE_Bfwf7PpFP8t06M.roa
Signing time:             Mon 04 Mar 2024 15:14:01 +0000
ROA not before:           Mon 04 Mar 2024 15:14:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        45.154.152.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0a:07:67:44:86:06:a2:38:30:4a:79:a6:2d:e3:cd:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b0329066138bb5564571fc3c29ee953e5c1c7a3
        Validity
            Not Before: Mar  4 15:14:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7bfef1b46a3c9bdac4fc17f07fb3e914ff2dd3a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c3:ca:ed:e6:29:2c:a7:2c:7e:65:db:16:f9:
                    25:db:05:0c:cd:15:66:f0:b2:ce:de:84:53:6f:a8:
                    63:fe:fa:f2:35:f5:40:4e:cd:bc:66:d9:f3:d8:c4:
                    c4:6e:20:6c:93:13:8f:ae:a9:3c:94:67:39:14:80:
                    49:49:36:fd:38:ce:84:39:bf:72:6c:0b:f0:f2:6d:
                    f2:b4:ab:38:92:a9:a3:ce:d1:76:3d:cf:bc:35:9e:
                    15:77:9b:ff:7e:84:4c:29:93:ca:d4:dc:00:8b:df:
                    12:c8:46:a2:21:d9:15:69:35:33:1b:90:14:96:ec:
                    3f:39:10:02:7f:d4:41:8e:8a:a4:9f:b0:54:65:ba:
                    b0:cc:24:1c:7f:ba:9f:62:70:3b:26:2d:b5:3a:48:
                    32:e0:9e:f8:1e:99:70:ac:97:6e:b5:a5:d2:3e:32:
                    fe:84:ef:da:a3:ab:05:27:3f:93:ea:a3:52:cb:6d:
                    fa:d5:50:33:08:d9:e3:d3:68:95:cb:42:24:38:9f:
                    aa:90:95:82:ec:75:9b:e1:87:eb:47:7d:15:c1:f9:
                    53:a6:8b:ed:95:31:51:f0:e7:93:ae:1a:7e:cb:c5:
                    8a:f4:90:6a:b0:91:a9:c5:f8:a0:bb:e9:72:7b:b7:
                    55:de:7b:c6:87:58:d4:35:29:4a:df:ff:94:ef:36:
                    c9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:FE:F1:B4:6A:3C:9B:DA:C4:FC:17:F0:7F:B3:E9:14:FF:2D:D3:A3
            X509v3 Authority Key Identifier:
                keyid:5B:03:29:06:61:38:BB:55:64:57:1F:C3:C2:9E:E9:53:E5:C1:C7:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/e_7xtGo8m9rE_Bfwf7PpFP8t06M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:56:76:59:bb:f4:01:59:09:26:07:56:27:59:f1:7f:a4:45:
         86:f4:77:f6:c8:d4:37:97:73:4c:65:8e:54:a1:27:d7:6e:76:
         78:32:4e:00:11:ce:76:15:be:40:79:9d:b6:4a:65:8d:d0:ef:
         0f:c3:37:36:ce:f3:2e:20:3c:dd:7f:76:ec:2c:de:50:d0:b2:
         94:e6:6d:95:8b:b6:9f:eb:26:ce:cd:44:bf:6c:2d:b7:32:24:
         bb:2c:9c:c1:e7:6e:f3:9e:ae:0b:e8:ba:b9:a5:56:23:4c:95:
         3e:19:57:43:c3:c4:50:08:8e:d2:44:e9:00:08:4b:36:8e:fb:
         e3:a6:ac:7e:24:b3:fe:ee:79:ae:25:7f:c7:c3:25:44:d6:b1:
         b9:3f:1f:43:d3:8e:42:40:b0:96:16:dd:19:16:67:ae:7a:a2:
         37:3a:59:e9:d8:be:3d:f9:39:bf:36:84:40:83:3d:8c:99:03:
         a2:c3:b2:fa:f4:83:6b:38:3b:56:5a:ad:7e:cd:01:82:dd:7e:
         42:57:df:c8:0f:d9:27:bf:27:1f:1b:ae:0d:e6:5d:cf:8c:89:
         bb:21:96:13:01:e3:64:7b:1a:4c:99:b8:e1:d9:6d:b1:58:62:
         2a:ba:94:b5:ee:5b:92:a5:03:3d:60:9d:b0:c3:26:f6:91:6a:
         4f:10:c9:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4KB2dEhgaiODBKeaYt483SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViMDMyOTA2NjEzOGJiNTU2NDU3MWZjM2MyOWVlOTUzZTVj
MWM3YTMwHhcNMjQwMzA0MTUxNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmZlZjFiNDZhM2M5YmRhYzRmYzE3ZjA3ZmIzZTkxNGZmMmRkM2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8PK7eYpLKcsfmXbFvkl2wUMzRVm
8LLO3oRTb6hj/vryNfVATs28Ztnz2MTEbiBskxOPrqk8lGc5FIBJSTb9OM6EOb9y
bAvw8m3ytKs4kqmjztF2Pc+8NZ4Vd5v/foRMKZPK1NwAi98SyEaiIdkVaTUzG5AU
luw/ORACf9RBjoqkn7BUZbqwzCQcf7qfYnA7Ji21Okgy4J74HplwrJdutaXSPjL+
hO/ao6sFJz+T6qNSy2361VAzCNnj02iVy0IkOJ+qkJWC7HWb4YfrR30VwflTpovt
lTFR8OeTrhp+y8WK9JBqsJGpxfigu+lye7dV3nvGh1jUNSlK3/+U7zbJPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHv+8bRqPJvaxPwX8H+z6RT/LdOjMB8GA1UdIwQY
MBaAFFsDKQZhOLtVZFcfw8Ke6VPlwcejMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3dNcEJtRTR1MVZrVnhfRHdwN3BVLVhCeDZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC83NzA5NmYtYmI4OS00MTFlLTkwZTAt
MzBjN2YzOWQ4ZTFjLzEvZV83eHRHbzhtOXJFX0Jmd2Y3UHBGUDh0MDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC83NzA5NmYtYmI4OS00MTFlLTkwZTAtMzBjN2YzOWQ4ZTFj
LzEvV3dNcEJtRTR1MVZrVnhfRHdwN3BVLVhCeDZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZqYMA0G
CSqGSIb3DQEBCwUAA4IBAQCUVnZZu/QBWQkmB1YnWfF/pEWG9Hf2yNQ3l3NMZY5U
oSfXbnZ4Mk4AEc52Fb5AeZ22SmWN0O8Pwzc2zvMuIDzdf3bsLN5Q0LKU5m2Vi7af
6ybOzUS/bC23MiS7LJzB527znq4L6Lq5pVYjTJU+GVdDw8RQCI7SROkACEs2jvvj
pqx+JLP+7nmuJX/HwyVE1rG5Px9D045CQLCWFt0ZFmeueqI3Olnp2L49+Tm/NoRA
gz2MmQOiw7L69INrODtWWq1+zQGC3X5CV9/ID9knvycfG64N5l3PjIm7IZYTAeNk
expMmbjh2W2xWGIqupS17luSpQM9YJ2wwyb2kWpPEMnb
-----END CERTIFICATE-----