Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/g7z1EqpCsBQj3T7AQDwJ4PvrG7w.roa
File:                     g7z1EqpCsBQj3T7AQDwJ4PvrG7w.roa (raw, json)
Hash identifier:          x5XaIeBMijpV4o4gEqGRwHaw4Ow93GtIRVwZqWw4iao=
Subject key identifier:   83:BC:F5:12:AA:42:B0:14:23:DD:3E:C0:40:3C:09:E0:FB:EB:1B:BC
Certificate issuer:       /CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
Certificate serial:       018CC56E7B9BF42B2D618A1C598B055993F3
Authority key identifier: 17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/g7z1EqpCsBQj3T7AQDwJ4PvrG7w.roa
Signing time:             Mon 01 Jan 2024 14:30:01 +0000
ROA not before:           Mon 01 Jan 2024 14:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42708
IP address blocks:        178.212.224.0/24 maxlen: 24
                          91.198.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:7b:9b:f4:2b:2d:61:8a:1c:59:8b:05:59:93:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
        Validity
            Not Before: Jan  1 14:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83bcf512aa42b01423dd3ec0403c09e0fbeb1bbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:77:c5:45:79:4e:e0:25:96:c2:c8:20:33:38:
                    9b:76:b3:9d:fc:ac:65:d3:35:5b:65:f6:85:35:f2:
                    67:aa:ac:3b:80:32:50:d2:c1:52:a4:23:c5:7f:ce:
                    80:35:23:9c:6e:c1:fb:4f:d8:7b:29:2d:13:23:0d:
                    d7:ef:0a:ff:99:41:3f:30:df:67:95:a3:fa:45:71:
                    92:59:52:27:23:e1:cb:c6:f8:f9:eb:29:81:2d:13:
                    9a:f8:e2:de:08:d9:09:9c:6e:97:4f:3f:7e:9e:80:
                    dd:cf:3e:69:ee:16:e9:da:e6:69:2b:f6:e0:64:ab:
                    6a:70:e8:e5:20:44:4a:af:2d:fe:45:b8:ec:7a:9a:
                    9e:a6:2b:66:57:11:3a:e4:ff:2c:78:64:c9:89:34:
                    ac:de:9d:d1:87:7b:67:d0:a8:b0:de:2f:ff:3e:4b:
                    8d:5a:82:20:7f:8e:6a:94:0b:9d:2b:c0:8b:ba:4b:
                    d9:d4:7a:0a:3a:b2:33:bb:c7:ef:a4:7e:9e:d7:10:
                    f9:e3:9b:c5:ef:c5:65:e2:46:c2:78:57:f3:83:60:
                    8e:47:66:1c:bf:73:21:2b:a5:a8:5c:34:e2:15:02:
                    0d:a8:1d:0e:f4:b9:cb:b8:da:a4:85:8b:8b:c5:f3:
                    19:6e:a0:32:12:85:20:3f:1d:df:e3:dd:ed:62:7c:
                    e1:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:BC:F5:12:AA:42:B0:14:23:DD:3E:C0:40:3C:09:E0:FB:EB:1B:BC
            X509v3 Authority Key Identifier:
                keyid:17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/g7z1EqpCsBQj3T7AQDwJ4PvrG7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.200.0/24
                  178.212.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:50:77:82:a9:65:5d:bf:c1:2c:11:21:fc:68:55:f5:c8:29:
         a9:cd:e0:f3:02:4b:93:91:cb:e5:e4:7e:da:56:ee:71:3a:5b:
         9e:dc:38:15:89:29:86:bf:05:7c:f9:b1:7d:38:6b:71:da:44:
         17:bd:f6:d4:69:4d:4d:3b:14:97:45:29:80:12:06:35:17:fa:
         65:7c:0b:6e:10:0b:75:55:3b:2a:6c:0b:c3:7a:f7:24:11:52:
         de:f1:79:6b:fa:30:c8:37:43:b7:54:c2:ea:f3:4c:e7:de:10:
         46:16:d2:37:29:7f:0c:f7:f2:b9:5f:fb:8f:c1:6d:25:b9:e3:
         18:4c:0f:d7:01:61:ef:57:56:59:3c:51:45:7e:c7:d4:f2:33:
         78:c6:7d:a0:44:7b:a0:83:59:30:cc:c5:58:5c:81:cf:0b:b4:
         44:e1:cd:da:e0:c2:b8:51:f0:c2:30:56:bc:07:2f:d4:79:7f:
         3f:df:28:a6:68:6a:b9:4e:b8:59:e5:72:b5:c9:d5:e6:e8:c6:
         fe:84:39:0b:ca:5f:fc:70:96:64:26:72:1d:21:ab:2a:f5:f7:
         48:6e:a7:6f:25:5a:29:fe:06:79:e1:60:1e:3b:7a:48:10:cf:
         06:94:d8:0c:f8:69:a0:d8:88:05:9a:bd:d1:d8:29:73:37:03:
         10:97:31:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbnub9CstYYocWYsFWZPzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YjUwNDJmYzIwZDliYWIxNjc2ZTA5YWY3ZmYxYmE1YmZh
ZGFlNzUwHhcNMjQwMTAxMTQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2JjZjUxMmFhNDJiMDE0MjNkZDNlYzA0MDNjMDllMGZiZWIxYmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHfFRXlO4CWWwsggMzibdrOd/Kxl
0zVbZfaFNfJnqqw7gDJQ0sFSpCPFf86ANSOcbsH7T9h7KS0TIw3X7wr/mUE/MN9n
laP6RXGSWVInI+HLxvj56ymBLROa+OLeCNkJnG6XTz9+noDdzz5p7hbp2uZpK/bg
ZKtqcOjlIERKry3+RbjsepqepitmVxE65P8seGTJiTSs3p3Rh3tn0Kiw3i//PkuN
WoIgf45qlAudK8CLukvZ1HoKOrIzu8fvpH6e1xD545vF78Vl4kbCeFfzg2COR2Yc
v3MhK6WoXDTiFQINqB0O9LnLuNqkhYuLxfMZbqAyEoUgPx3f493tYnzhgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIO89RKqQrAUI90+wEA8CeD76xu8MB8GA1UdIwQY
MBaAFBe1BC/CDZurFnbgmvf/G6W/ra51MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQt
YmM2Nzk0ZTk1ZTVhLzEvZzd6MUVxcENzQlFqM1Q3QVFEd0o0UHZyRzd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQtYmM2Nzk0ZTk1ZTVh
LzEvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8bIAwQA
stTgMA0GCSqGSIb3DQEBCwUAA4IBAQDDUHeCqWVdv8EsESH8aFX1yCmpzeDzAkuT
kcvl5H7aVu5xOlue3DgViSmGvwV8+bF9OGtx2kQXvfbUaU1NOxSXRSmAEgY1F/pl
fAtuEAt1VTsqbAvDevckEVLe8Xlr+jDIN0O3VMLq80zn3hBGFtI3KX8M9/K5X/uP
wW0lueMYTA/XAWHvV1ZZPFFFfsfU8jN4xn2gRHugg1kwzMVYXIHPC7RE4c3a4MK4
UfDCMFa8By/UeX8/3yimaGq5TrhZ5XK1ydXm6Mb+hDkLyl/8cJZkJnIdIasq9fdI
bqdvJVop/gZ54WAeO3pIEM8GlNgM+Gmg2IgFmr3R2ClzNwMQlzGy
-----END CERTIFICATE-----