Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/ex7NAlE3jXKw1H0iXwyO0B6YHcU.roa
File:                     ex7NAlE3jXKw1H0iXwyO0B6YHcU.roa (raw, json)
Hash identifier:          2zjms1Gqidcvafr5r+t2HDhyyVbRaCi7a303Q8yBW6M=
Subject key identifier:   7B:1E:CD:02:51:37:8D:72:B0:D4:7D:22:5F:0C:8E:D0:1E:98:1D:C5
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       0190C5A309562375408056623DBBF65A5791
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/ex7NAlE3jXKw1H0iXwyO0B6YHcU.roa
Signing time:             Thu 18 Jul 2024 11:38:34 +0000
ROA not before:           Thu 18 Jul 2024 11:38:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152179
IP address blocks:        45.8.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c5:a3:09:56:23:75:40:80:56:62:3d:bb:f6:5a:57:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jul 18 11:38:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b1ecd0251378d72b0d47d225f0c8ed01e981dc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6f:d9:ab:2a:06:25:7d:55:fc:4f:52:11:0e:
                    94:84:50:53:a5:e7:0d:52:8d:c3:a3:3a:e4:1f:bb:
                    69:fd:28:33:7c:c8:74:ed:c3:1b:ac:91:e1:b8:ab:
                    c7:be:0a:aa:ff:02:3a:54:84:5e:c3:2c:da:22:3e:
                    d5:b8:fc:c9:9e:7a:0b:49:88:c5:f3:65:e2:94:a8:
                    ea:cf:4f:21:78:b6:20:ad:b5:e9:81:bd:2f:44:f4:
                    cf:83:d7:51:25:44:0d:16:4d:20:99:ee:c7:26:02:
                    cd:53:39:31:ad:fa:25:95:d2:02:e4:d0:dd:3b:a1:
                    ab:c7:4d:8f:ad:17:f9:c8:97:95:e9:e5:ce:62:87:
                    d6:cc:9b:cc:16:c8:1a:ae:49:0b:f1:a5:80:5f:b4:
                    a6:c6:97:9b:78:01:1c:27:c5:bd:c0:66:5f:f1:15:
                    d4:18:0b:36:5d:18:64:cf:f7:50:d5:e6:c5:7b:2b:
                    39:2d:bb:0c:f3:28:45:05:05:cc:7e:c1:86:e7:b9:
                    62:8c:44:ad:6f:a1:07:de:c2:85:26:c8:14:e2:06:
                    5a:04:86:e1:2d:ce:d8:fc:22:63:13:4b:87:f6:be:
                    85:01:d9:7a:33:d5:21:a4:d5:3f:8b:2b:76:45:cf:
                    34:7b:62:74:2b:fe:fb:70:b2:1c:91:22:9d:17:12:
                    ea:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:1E:CD:02:51:37:8D:72:B0:D4:7D:22:5F:0C:8E:D0:1E:98:1D:C5
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/ex7NAlE3jXKw1H0iXwyO0B6YHcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:05:5f:f2:e6:31:d5:07:69:90:3a:ac:e6:3f:45:6d:de:56:
         13:a8:d3:26:ca:2d:5b:54:bb:e6:68:3b:14:30:79:49:bc:2f:
         a2:ec:79:83:b3:58:05:87:4e:f7:9e:18:ff:1e:a3:94:a7:dd:
         d0:58:f7:6f:ea:90:09:d6:0b:49:6f:ac:8a:12:2c:db:f7:a9:
         e8:0d:ab:11:21:34:7e:f2:4d:1d:59:2a:96:43:10:20:38:0f:
         be:6b:60:2f:0a:b2:d8:0a:51:0a:85:56:c9:01:0c:8d:c3:be:
         e7:11:a1:da:18:50:d9:ba:fd:bd:55:a2:e5:aa:c4:66:5e:85:
         40:69:51:8b:b7:7d:90:a4:76:cf:53:aa:75:8c:50:32:a9:0f:
         6b:32:51:d7:d9:34:a6:8b:5d:ec:bd:7b:5a:cd:86:3f:7f:97:
         43:0e:09:fa:3a:45:ae:b4:83:df:9e:66:b1:51:9a:1b:37:6d:
         a8:a6:1c:d1:b5:8e:0b:7b:b8:1a:e3:9a:51:ce:10:3c:05:5e:
         e9:52:73:37:4b:28:0b:64:6c:58:b8:5b:52:7c:24:9e:47:e4:
         15:83:8e:cb:7d:02:75:e9:15:86:cd:2d:db:79:a9:47:78:b4:
         56:ff:04:c5:3a:4d:ad:2c:f8:80:33:1b:2e:28:89:06:d7:fa:
         2c:16:36:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDFowlWI3VAgFZiPbv2WleRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwNzE4MTEzODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjFlY2QwMjUxMzc4ZDcyYjBkNDdkMjI1ZjBjOGVkMDFlOTgxZGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtm/ZqyoGJX1V/E9SEQ6UhFBTpecN
Uo3DozrkH7tp/SgzfMh07cMbrJHhuKvHvgqq/wI6VIRewyzaIj7VuPzJnnoLSYjF
82XilKjqz08heLYgrbXpgb0vRPTPg9dRJUQNFk0gme7HJgLNUzkxrfolldIC5NDd
O6Grx02PrRf5yJeV6eXOYofWzJvMFsgarkkL8aWAX7SmxpebeAEcJ8W9wGZf8RXU
GAs2XRhkz/dQ1ebFeys5LbsM8yhFBQXMfsGG57lijEStb6EH3sKFJsgU4gZaBIbh
Lc7Y/CJjE0uH9r6FAdl6M9UhpNU/iyt2Rc80e2J0K/77cLIckSKdFxLqPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHsezQJRN41ysNR9Il8MjtAemB3FMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvZXg3TkFsRTNqWEt3MUgwaVh3eU8wQjZZSGNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQi/MA0G
CSqGSIb3DQEBCwUAA4IBAQAoBV/y5jHVB2mQOqzmP0Vt3lYTqNMmyi1bVLvmaDsU
MHlJvC+i7HmDs1gFh073nhj/HqOUp93QWPdv6pAJ1gtJb6yKEizb96noDasRITR+
8k0dWSqWQxAgOA++a2AvCrLYClEKhVbJAQyNw77nEaHaGFDZuv29VaLlqsRmXoVA
aVGLt32QpHbPU6p1jFAyqQ9rMlHX2TSmi13svXtazYY/f5dDDgn6OkWutIPfnmax
UZobN22ophzRtY4Le7ga45pRzhA8BV7pUnM3SygLZGxYuFtSfCSeR+QVg47LfQJ1
6RWGzS3bealHeLRW/wTFOk2tLPiAMxsuKIkG1/osFjaa
-----END CERTIFICATE-----