Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/332548-99a1-4fba-b249-28d5d00dc0cb/1/t7XrVT3OJp-mxb3waGyiNAxlVwA.roa
File:                     t7XrVT3OJp-mxb3waGyiNAxlVwA.roa (raw, json)
Hash identifier:          Hm7E/uwBNronEw4kfnWdxqzR1xa9K+DC6PBRvTGKssg=
Subject key identifier:   B7:B5:EB:55:3D:CE:26:9F:A6:C5:BD:F0:68:6C:A2:34:0C:65:57:00
Certificate issuer:       /CN=abdc639a367adaf9b3382d09bda05ee545433159
Certificate serial:       018CE902736C918D6B98CA97B1BBD8744E0C
Authority key identifier: AB:DC:63:9A:36:7A:DA:F9:B3:38:2D:09:BD:A0:5E:E5:45:43:31:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q9xjmjZ62vmzOC0JvaBe5UVDMVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/332548-99a1-4fba-b249-28d5d00dc0cb/1/t7XrVT3OJp-mxb3waGyiNAxlVwA.roa
Signing time:             Mon 08 Jan 2024 12:18:21 +0000
ROA not before:           Mon 08 Jan 2024 12:18:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        5.42.203.0/24 maxlen: 24
                          2a12:1840::/39 maxlen: 39
                          2a12:1840:200::/39 maxlen: 39

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/332548-99a1-4fba-b249-28d5d00dc0cb/1/q9xjmjZ62vmzOC0JvaBe5UVDMVk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/332548-99a1-4fba-b249-28d5d00dc0cb/1/q9xjmjZ62vmzOC0JvaBe5UVDMVk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q9xjmjZ62vmzOC0JvaBe5UVDMVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 10:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e9:02:73:6c:91:8d:6b:98:ca:97:b1:bb:d8:74:4e:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abdc639a367adaf9b3382d09bda05ee545433159
        Validity
            Not Before: Jan  8 12:18:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7b5eb553dce269fa6c5bdf0686ca2340c655700
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:64:b5:67:1b:a0:ae:e1:13:f1:3c:be:b0:03:
                    7b:df:a2:ca:9a:fb:3b:db:42:db:dc:4a:16:8c:71:
                    7d:e2:07:11:92:50:38:b6:b2:ef:7e:db:fb:9b:20:
                    5f:70:7f:83:c8:d6:cf:8f:08:0a:45:c3:4a:2c:66:
                    e2:fd:6f:bb:ad:38:08:29:10:ac:ad:7b:c0:88:8d:
                    37:92:8f:80:4f:22:73:cd:c4:d5:e7:a9:82:1a:23:
                    79:85:9b:b6:ee:ab:61:59:8d:5c:2e:a9:24:8d:3f:
                    14:a8:76:13:68:20:72:ed:54:53:23:eb:be:a0:80:
                    cd:b1:53:85:16:a8:53:4f:df:9d:0b:11:8f:66:e9:
                    c6:31:ef:7b:da:c8:8f:64:50:e5:fe:54:ef:8c:ac:
                    95:bd:62:b8:1e:b0:32:93:bb:88:fb:27:cc:3b:5f:
                    c3:87:43:77:d1:e0:83:57:68:fd:ff:50:08:6c:25:
                    d3:9f:57:9b:06:2d:d8:62:3f:75:f3:5f:77:c2:b3:
                    9e:d7:ad:38:60:c1:45:cd:2c:e4:0f:8c:c0:33:d8:
                    f8:97:8c:f6:49:b5:d1:0c:34:65:64:07:ce:be:7b:
                    30:c1:ea:ec:c3:91:e2:68:14:42:2b:88:05:ce:70:
                    d8:ff:43:8e:05:4f:f2:ca:6a:fe:ad:4d:fb:58:a5:
                    f5:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:B5:EB:55:3D:CE:26:9F:A6:C5:BD:F0:68:6C:A2:34:0C:65:57:00
            X509v3 Authority Key Identifier:
                keyid:AB:DC:63:9A:36:7A:DA:F9:B3:38:2D:09:BD:A0:5E:E5:45:43:31:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q9xjmjZ62vmzOC0JvaBe5UVDMVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/332548-99a1-4fba-b249-28d5d00dc0cb/1/t7XrVT3OJp-mxb3waGyiNAxlVwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/332548-99a1-4fba-b249-28d5d00dc0cb/1/q9xjmjZ62vmzOC0JvaBe5UVDMVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.203.0/24
                IPv6:
                  2a12:1840::/38

    Signature Algorithm: sha256WithRSAEncryption
         32:06:01:d0:2f:36:62:3e:be:60:24:cd:df:04:3c:11:3f:1c:
         a9:5a:04:85:40:cd:80:c0:cf:40:44:af:d3:91:a3:c5:1d:6a:
         d0:16:9f:da:09:49:37:fd:16:46:ba:5d:4b:74:76:1c:70:2c:
         bb:30:09:7f:0a:ae:52:14:79:16:19:f2:06:b7:08:26:32:99:
         f3:2c:9f:b2:b2:a2:a5:5d:18:3d:86:f2:1f:af:d2:21:84:e4:
         23:a3:de:01:3e:d0:18:fe:e7:fa:6c:56:3a:5f:9c:16:0e:c6:
         eb:fe:42:48:19:32:dc:50:c9:13:9f:e2:73:ad:6c:1f:66:ba:
         63:aa:8e:c8:64:c6:c3:d9:13:d7:24:d5:13:a6:f7:7f:0c:7c:
         df:e8:5f:d9:94:c1:fc:e3:c2:ab:b2:05:c5:5f:31:f8:dc:55:
         a0:77:b6:78:a0:7f:40:5c:e1:18:70:86:af:51:2c:2d:a5:44:
         19:86:f4:9c:76:24:56:68:fd:af:78:1d:f7:9a:6f:3d:4e:6a:
         33:5d:8d:20:40:c3:06:ba:6d:ac:d7:29:89:3a:f5:d8:da:b7:
         2b:37:50:47:67:51:73:4f:ff:55:ff:ae:3a:d6:a3:d4:70:65:
         bf:b6:40:57:5e:05:6c:c1:9b:a1:ae:a7:a3:56:49:a2:c3:b3:
         96:47:95:36
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzpAnNskY1rmMqXsbvYdE4MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiZGM2MzlhMzY3YWRhZjliMzM4MmQwOWJkYTA1ZWU1NDU0
MzMxNTkwHhcNMjQwMTA4MTIxODIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2I1ZWI1NTNkY2UyNjlmYTZjNWJkZjA2ODZjYTIzNDBjNjU1NzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmS1ZxugruET8Ty+sAN736LKmvs7
20Lb3EoWjHF94gcRklA4trLvftv7myBfcH+DyNbPjwgKRcNKLGbi/W+7rTgIKRCs
rXvAiI03ko+ATyJzzcTV56mCGiN5hZu27qthWY1cLqkkjT8UqHYTaCBy7VRTI+u+
oIDNsVOFFqhTT9+dCxGPZunGMe972siPZFDl/lTvjKyVvWK4HrAyk7uI+yfMO1/D
h0N30eCDV2j9/1AIbCXTn1ebBi3YYj918193wrOe1604YMFFzSzkD4zAM9j4l4z2
SbXRDDRlZAfOvnswwersw5HiaBRCK4gFznDY/0OOBU/yymr+rU37WKX16wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFLe161U9ziafpsW98GhsojQMZVcAMB8GA1UdIwQY
MBaAFKvcY5o2etr5szgtCb2gXuVFQzFZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTl4am1qWjYydm16T0MwSnZhQmU1VVZETVZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni8zMzI1NDgtOTlhMS00ZmJhLWIyNDkt
MjhkNWQwMGRjMGNiLzEvdDdYclZUM09KcC1teGIzd2FHeWlOQXhsVndBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni8zMzI1NDgtOTlhMS00ZmJhLWIyNDktMjhkNWQwMGRjMGNi
LzEvcTl4am1qWjYydm16T0MwSnZhQmU1VVZETVZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQABSrLMA4E
AgACMAgDBgIqEhhAADANBgkqhkiG9w0BAQsFAAOCAQEAMgYB0C82Yj6+YCTN3wQ8
ET8cqVoEhUDNgMDPQESv05GjxR1q0Baf2glJN/0WRrpdS3R2HHAsuzAJfwquUhR5
FhnyBrcIJjKZ8yyfsrKipV0YPYbyH6/SIYTkI6PeAT7QGP7n+mxWOl+cFg7G6/5C
SBky3FDJE5/ic61sH2a6Y6qOyGTGw9kT1yTVE6b3fwx83+hf2ZTB/OPCq7IFxV8x
+NxVoHe2eKB/QFzhGHCGr1EsLaVEGYb0nHYkVmj9r3gd95pvPU5qM12NIEDDBrpt
rNcpiTr12Nq3KzdQR2dRc0//Vf+uOtaj1HBlv7ZAV14FbMGboa6no1ZJosOzlkeV
Ng==
-----END CERTIFICATE-----