Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/c7afb1-f00f-49d7-9f11-6e6361bea989/1/c7-iOxX0UXmpP1ztGfXozWTlrKU.roa
File:                     c7-iOxX0UXmpP1ztGfXozWTlrKU.roa (raw, json)
Hash identifier:          lfri44X7fCySoQ2ESDjmqNZkCnjnlbX1oqjdi6uXUyQ=
Subject key identifier:   73:BF:A2:3B:15:F4:51:79:A9:3F:5C:ED:19:F5:E8:CD:64:E5:AC:A5
Certificate issuer:       /CN=487689024f16e7bc2e909706c06d91903c5c7dac
Certificate serial:       018CC2DB02AA51C0BB922DAF6EEA0B01B1B0
Authority key identifier: 48:76:89:02:4F:16:E7:BC:2E:90:97:06:C0:6D:91:90:3C:5C:7D:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SHaJAk8W57wukJcGwG2RkDxcfaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/c7afb1-f00f-49d7-9f11-6e6361bea989/1/c7-iOxX0UXmpP1ztGfXozWTlrKU.roa
Signing time:             Mon 01 Jan 2024 02:29:42 +0000
ROA not before:           Mon 01 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208015
IP address blocks:        45.92.112.0/22 maxlen: 22
                          2a0e:20c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/c7afb1-f00f-49d7-9f11-6e6361bea989/1/SHaJAk8W57wukJcGwG2RkDxcfaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/c7afb1-f00f-49d7-9f11-6e6361bea989/1/SHaJAk8W57wukJcGwG2RkDxcfaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SHaJAk8W57wukJcGwG2RkDxcfaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:02:aa:51:c0:bb:92:2d:af:6e:ea:0b:01:b1:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=487689024f16e7bc2e909706c06d91903c5c7dac
        Validity
            Not Before: Jan  1 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73bfa23b15f45179a93f5ced19f5e8cd64e5aca5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:00:f1:0a:d5:0a:b3:43:f4:96:dd:94:47:3e:
                    ad:5e:4d:53:7b:4f:37:3b:3e:25:b4:ca:62:66:87:
                    17:75:cf:60:ab:7e:1d:08:07:da:3b:bd:82:13:06:
                    b3:a8:c4:58:67:ac:47:f8:06:6b:57:ba:b6:7e:f3:
                    f9:d0:f4:c1:fc:9d:0e:30:0a:76:cb:9b:f8:dc:52:
                    b7:62:bf:c5:9b:75:1f:09:91:57:44:b4:bc:a4:da:
                    34:90:7b:a1:0b:45:c9:0c:5f:54:e6:fc:0b:78:47:
                    df:91:52:c5:1f:9c:42:8d:a2:af:a8:2d:32:0b:c1:
                    01:6d:85:f4:47:d9:71:6f:63:c6:fa:b9:70:89:a1:
                    08:23:ea:6f:88:06:54:9f:88:fc:d1:fb:e7:81:2d:
                    98:ea:84:af:a1:da:ed:43:f7:03:32:78:b0:70:59:
                    c5:f8:ed:ac:81:cd:15:8c:8d:de:61:aa:22:23:68:
                    22:28:d6:73:b8:f7:f2:0a:f5:0f:4d:6e:7f:79:c2:
                    97:a3:35:ff:dd:3f:65:3a:92:24:8a:cd:eb:2a:b6:
                    f2:8d:d6:ba:56:aa:12:87:48:79:84:5e:61:40:b9:
                    a9:ed:11:f6:a4:99:0a:24:7f:57:9b:c1:f0:71:1d:
                    dc:8f:14:b3:ec:6e:68:09:4d:50:ca:61:c1:d3:d4:
                    29:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:BF:A2:3B:15:F4:51:79:A9:3F:5C:ED:19:F5:E8:CD:64:E5:AC:A5
            X509v3 Authority Key Identifier:
                keyid:48:76:89:02:4F:16:E7:BC:2E:90:97:06:C0:6D:91:90:3C:5C:7D:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SHaJAk8W57wukJcGwG2RkDxcfaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/c7afb1-f00f-49d7-9f11-6e6361bea989/1/c7-iOxX0UXmpP1ztGfXozWTlrKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/c7afb1-f00f-49d7-9f11-6e6361bea989/1/SHaJAk8W57wukJcGwG2RkDxcfaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.112.0/22
                IPv6:
                  2a0e:20c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:48:b4:c8:d3:7c:ec:fc:67:c6:17:64:26:54:1a:81:2a:3c:
         a1:6d:8a:d2:f0:7f:24:76:93:4e:f2:57:7f:ec:6b:71:3e:cb:
         0c:04:73:27:cc:fd:5c:a4:3c:95:37:1f:4c:f3:39:5c:0d:e9:
         b1:6c:45:9c:7c:e9:af:41:f5:58:fc:73:64:6c:db:bb:7b:35:
         f1:9c:a6:65:1a:13:c2:20:41:75:3e:d8:b2:a8:ad:9c:7d:d3:
         9d:c3:89:8c:f6:0e:c8:83:b9:7b:33:2b:32:6e:d9:74:f2:13:
         ee:1c:82:fc:4d:11:cb:4c:47:12:84:ed:94:05:aa:1b:8d:75:
         5d:e3:40:96:bc:6c:50:f2:c8:02:8f:85:16:67:3e:dc:1b:e4:
         d8:44:41:dd:18:49:5c:55:0b:1e:8a:7b:9a:2e:d0:2e:ad:c2:
         62:5c:68:ef:29:c3:fd:9b:2a:7d:bf:cb:0c:31:3f:9d:9c:c4:
         54:6b:a1:3a:d9:78:06:41:45:e6:ba:9b:cd:10:c8:4f:a9:f6:
         86:de:d5:b1:a0:fd:ea:e2:0d:64:5d:78:ed:27:32:87:c2:db:
         3b:1e:06:1b:1a:7e:20:f1:65:22:e0:c6:28:00:b9:f4:08:63:
         45:64:e6:d8:25:05:5b:7e:ad:70:2d:d6:8a:c7:47:0b:6d:7a:
         f3:4d:63:8e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2wKqUcC7ki2vbuoLAbGwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4NzY4OTAyNGYxNmU3YmMyZTkwOTcwNmMwNmQ5MTkwM2M1
YzdkYWMwHhcNMjQwMTAxMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2JmYTIzYjE1ZjQ1MTc5YTkzZjVjZWQxOWY1ZThjZDY0ZTVhY2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwDxCtUKs0P0lt2URz6tXk1Te083
Oz4ltMpiZocXdc9gq34dCAfaO72CEwazqMRYZ6xH+AZrV7q2fvP50PTB/J0OMAp2
y5v43FK3Yr/Fm3UfCZFXRLS8pNo0kHuhC0XJDF9U5vwLeEffkVLFH5xCjaKvqC0y
C8EBbYX0R9lxb2PG+rlwiaEII+pviAZUn4j80fvngS2Y6oSvodrtQ/cDMniwcFnF
+O2sgc0VjI3eYaoiI2giKNZzuPfyCvUPTW5/ecKXozX/3T9lOpIkis3rKrbyjda6
VqoSh0h5hF5hQLmp7RH2pJkKJH9Xm8HwcR3cjxSz7G5oCU1QymHB09QpCQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHO/ojsV9FF5qT9c7Rn16M1k5aylMB8GA1UdIwQY
MBaAFEh2iQJPFue8LpCXBsBtkZA8XH2sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0hhSkFrOFc1N3d1a0pjR3dHMlJrRHhjZmF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9jN2FmYjEtZjAwZi00OWQ3LTlmMTEt
NmU2MzYxYmVhOTg5LzEvYzctaU94WDBVWG1wUDF6dEdmWG96V1RscktVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9jN2FmYjEtZjAwZi00OWQ3LTlmMTEtNmU2MzYxYmVhOTg5
LzEvU0hhSkFrOFc1N3d1a0pjR3dHMlJrRHhjZmF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVxwMA0E
AgACMAcDBQMqDiDAMA0GCSqGSIb3DQEBCwUAA4IBAQCYSLTI03zs/GfGF2QmVBqB
KjyhbYrS8H8kdpNO8ld/7GtxPssMBHMnzP1cpDyVNx9M8zlcDemxbEWcfOmvQfVY
/HNkbNu7ezXxnKZlGhPCIEF1PtiyqK2cfdOdw4mM9g7Ig7l7Mysybtl08hPuHIL8
TRHLTEcShO2UBaobjXVd40CWvGxQ8sgCj4UWZz7cG+TYREHdGElcVQseinuaLtAu
rcJiXGjvKcP9myp9v8sMMT+dnMRUa6E62XgGQUXmupvNEMhPqfaG3tWxoP3q4g1k
XXjtJzKHwts7HgYbGn4g8WUi4MYoALn0CGNFZObYJQVbfq1wLdaKx0cLbXrzTWOO
-----END CERTIFICATE-----