Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/v7KHKA9Gv3M_MNtLx-v2tqBsAis.roa
File:                     v7KHKA9Gv3M_MNtLx-v2tqBsAis.roa (raw, json)
Hash identifier:          h1BxJWmT2WOCx6cyv//ByM7HquCCTNawwAC/Jscu1Yc=
Subject key identifier:   BF:B2:87:28:0F:46:BF:73:3F:30:DB:4B:C7:EB:F6:B6:A0:6C:02:2B
Certificate issuer:       /CN=5cf31afc36cb6955007fe97ed4a5e3185d2271ba
Certificate serial:       018F107E11A9E2FB55A8F32CAEEF87540E5B
Authority key identifier: 5C:F3:1A:FC:36:CB:69:55:00:7F:E9:7E:D4:A5:E3:18:5D:22:71:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XPMa_DbLaVUAf-l-1KXjGF0icbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/v7KHKA9Gv3M_MNtLx-v2tqBsAis.roa
Signing time:             Wed 24 Apr 2024 14:24:08 +0000
ROA not before:           Wed 24 Apr 2024 14:24:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        45.92.104.0/24 maxlen: 24
                          45.92.105.0/24 maxlen: 24
                          45.92.106.0/24 maxlen: 24
                          45.92.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/XPMa_DbLaVUAf-l-1KXjGF0icbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/XPMa_DbLaVUAf-l-1KXjGF0icbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XPMa_DbLaVUAf-l-1KXjGF0icbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:10:7e:11:a9:e2:fb:55:a8:f3:2c:ae:ef:87:54:0e:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cf31afc36cb6955007fe97ed4a5e3185d2271ba
        Validity
            Not Before: Apr 24 14:24:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfb287280f46bf733f30db4bc7ebf6b6a06c022b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:c0:79:7b:17:80:b0:bc:59:f8:5a:f5:e8:c2:
                    65:9d:d8:97:7b:d1:c6:e8:16:0d:1e:b3:2e:67:7c:
                    54:96:2b:b4:a4:12:c6:02:53:19:1c:b1:10:40:a7:
                    80:4e:b8:5d:eb:8b:ba:26:6d:ba:a1:10:ca:8b:7e:
                    e3:a4:d8:d8:78:6a:e7:66:b7:37:40:f1:08:71:66:
                    89:1f:63:92:58:62:27:c1:47:bb:fe:3f:05:42:c8:
                    a5:15:ad:be:06:f7:c9:97:c2:63:0e:ce:ba:e4:97:
                    ca:6b:85:15:aa:0c:cf:0f:3a:f4:98:ca:47:5a:ad:
                    22:23:1c:e3:7b:ee:cc:b8:9f:c8:ee:8b:74:52:c6:
                    2c:5e:9f:44:fd:02:b7:38:13:a6:bd:7b:ef:f6:f1:
                    80:5d:91:72:ad:6e:29:87:7f:c5:ce:2f:bc:9b:48:
                    49:b6:30:35:8b:7e:46:a5:35:58:4c:c2:61:4b:c2:
                    cf:ca:42:0b:ff:54:9e:a6:7c:8a:41:c1:96:67:7c:
                    7d:a6:0d:4e:4e:06:d5:88:b8:cb:6e:d9:ba:c8:62:
                    43:d1:a4:1d:c0:53:af:a5:07:0d:33:cc:35:dd:e5:
                    87:60:a7:51:f7:e0:8a:74:3b:59:a8:00:b4:1a:78:
                    c3:0a:04:e4:35:fd:73:0b:26:6f:fb:7e:79:66:c0:
                    1e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:B2:87:28:0F:46:BF:73:3F:30:DB:4B:C7:EB:F6:B6:A0:6C:02:2B
            X509v3 Authority Key Identifier:
                keyid:5C:F3:1A:FC:36:CB:69:55:00:7F:E9:7E:D4:A5:E3:18:5D:22:71:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XPMa_DbLaVUAf-l-1KXjGF0icbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/v7KHKA9Gv3M_MNtLx-v2tqBsAis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/XPMa_DbLaVUAf-l-1KXjGF0icbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:64:54:6c:02:d3:30:c0:33:3b:dc:9b:e7:1e:d2:16:90:d7:
         88:34:60:39:91:23:90:a9:17:9e:88:68:ff:16:28:4e:97:e3:
         71:f3:f1:a1:98:8a:ee:57:a6:56:b6:d4:16:6b:11:f3:f4:d9:
         76:58:6c:1b:54:66:53:09:26:e6:01:f8:6c:d9:91:78:2c:96:
         a7:59:3c:0e:52:89:a8:26:98:cb:7d:27:ea:83:77:2f:9a:f2:
         e3:04:8d:48:99:41:01:b6:76:5e:78:7a:c6:cd:e6:7f:ae:41:
         1e:a5:0e:02:99:de:45:21:f1:4e:1a:c3:8b:82:b2:f1:d6:88:
         a9:f8:64:44:21:e5:b6:83:3b:63:78:0d:d8:0a:b5:9e:4e:60:
         4d:22:73:f4:0d:dd:3b:f3:e5:81:88:c1:59:07:63:e0:d6:a0:
         98:1f:a9:11:d4:c5:9a:2d:e5:cb:a2:61:c8:36:a3:3c:ec:06:
         af:07:65:c9:6b:7b:17:42:70:28:1b:08:e8:3f:95:b5:00:cb:
         a4:c8:7c:3a:0c:6d:69:c9:77:f1:bd:bf:eb:47:65:5d:13:cf:
         da:12:af:66:05:a3:e4:b8:1d:a6:3c:84:75:0d:b0:cf:27:78:
         dc:1c:8d:fc:26:a4:b1:fb:a2:ce:67:24:f0:b7:59:eb:36:74:
         d2:f9:ff:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8QfhGp4vtVqPMsru+HVA5bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZjMxYWZjMzZjYjY5NTUwMDdmZTk3ZWQ0YTVlMzE4NWQy
MjcxYmEwHhcNMjQwNDI0MTQyNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmIyODcyODBmNDZiZjczM2YzMGRiNGJjN2ViZjZiNmEwNmMwMjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMB5exeAsLxZ+Fr16MJlndiXe9HG
6BYNHrMuZ3xUliu0pBLGAlMZHLEQQKeATrhd64u6Jm26oRDKi37jpNjYeGrnZrc3
QPEIcWaJH2OSWGInwUe7/j8FQsilFa2+BvfJl8JjDs665JfKa4UVqgzPDzr0mMpH
Wq0iIxzje+7MuJ/I7ot0UsYsXp9E/QK3OBOmvXvv9vGAXZFyrW4ph3/Fzi+8m0hJ
tjA1i35GpTVYTMJhS8LPykIL/1SepnyKQcGWZ3x9pg1OTgbViLjLbtm6yGJD0aQd
wFOvpQcNM8w13eWHYKdR9+CKdDtZqAC0GnjDCgTkNf1zCyZv+355ZsAeCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+yhygPRr9zPzDbS8fr9ragbAIrMB8GA1UdIwQY
MBaAFFzzGvw2y2lVAH/pftSl4xhdInG6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFBNYV9EYkxhVlVBZi1sLTFLWGpHRjBpY2JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80NThlYzMtMDQ1MS00ZTQxLTlhMzQt
NzM2ZDEyODg4Y2E4LzEvdjdLSEtBOUd2M01fTU50THgtdjJ0cUJzQWlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80NThlYzMtMDQ1MS00ZTQxLTlhMzQtNzM2ZDEyODg4Y2E4
LzEvWFBNYV9EYkxhVlVBZi1sLTFLWGpHRjBpY2JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVxoMA0G
CSqGSIb3DQEBCwUAA4IBAQBrZFRsAtMwwDM73JvnHtIWkNeINGA5kSOQqReeiGj/
FihOl+Nx8/GhmIruV6ZWttQWaxHz9Nl2WGwbVGZTCSbmAfhs2ZF4LJanWTwOUomo
JpjLfSfqg3cvmvLjBI1ImUEBtnZeeHrGzeZ/rkEepQ4Cmd5FIfFOGsOLgrLx1oip
+GREIeW2gztjeA3YCrWeTmBNInP0Dd078+WBiMFZB2Pg1qCYH6kR1MWaLeXLomHI
NqM87AavB2XJa3sXQnAoGwjoP5W1AMukyHw6DG1pyXfxvb/rR2VdE8/aEq9mBaPk
uB2mPIR1DbDPJ3jcHI38JqSx+6LOZyTwt1nrNnTS+f9c
-----END CERTIFICATE-----