Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/12fc41-89dd-4a21-aa34-76525841dc28/1/7weK3gN3ufeTxRDesy-CigbgHF4.roa
File:                     7weK3gN3ufeTxRDesy-CigbgHF4.roa (raw, json)
Hash identifier:          6DB06+uJ6z7Fb1LGF2xFFmVf/7wKUIWbjMulS4MPmgc=
Subject key identifier:   EF:07:8A:DE:03:77:B9:F7:93:C5:10:DE:B3:2F:82:8A:06:E0:1C:5E
Certificate issuer:       /CN=ced410ea6867ef63f959bad6b21b691cadff87d4
Certificate serial:       018CC56E46891703E7C8427D917F62547A7B
Authority key identifier: CE:D4:10:EA:68:67:EF:63:F9:59:BA:D6:B2:1B:69:1C:AD:FF:87:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ztQQ6mhn72P5WbrWshtpHK3_h9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/12fc41-89dd-4a21-aa34-76525841dc28/1/7weK3gN3ufeTxRDesy-CigbgHF4.roa
Signing time:             Mon 01 Jan 2024 14:29:47 +0000
ROA not before:           Mon 01 Jan 2024 14:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42053
IP address blocks:        45.152.92.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/12fc41-89dd-4a21-aa34-76525841dc28/1/ztQQ6mhn72P5WbrWshtpHK3_h9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/12fc41-89dd-4a21-aa34-76525841dc28/1/ztQQ6mhn72P5WbrWshtpHK3_h9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ztQQ6mhn72P5WbrWshtpHK3_h9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:46:89:17:03:e7:c8:42:7d:91:7f:62:54:7a:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ced410ea6867ef63f959bad6b21b691cadff87d4
        Validity
            Not Before: Jan  1 14:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef078ade0377b9f793c510deb32f828a06e01c5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:60:bd:b6:2e:de:e0:e5:b9:95:9e:4f:64:9d:
                    f1:3d:90:0b:b5:f3:e6:fe:76:73:d4:17:07:46:c5:
                    91:b6:59:49:40:0b:62:e0:4d:db:ad:12:22:b8:ec:
                    2a:e4:fa:30:e2:f9:91:c7:2f:97:14:00:bd:a6:55:
                    5d:47:15:aa:a7:44:df:5b:b7:62:cb:f5:43:d1:40:
                    9b:89:0a:4c:15:97:59:56:c0:5c:4b:a7:6c:a5:c4:
                    b3:3c:34:e4:85:d3:ee:22:91:6d:8b:63:c0:2c:d4:
                    27:69:53:09:72:a7:89:21:11:91:10:31:3e:54:2a:
                    49:47:32:5d:9f:31:64:c5:66:a1:73:d8:f7:f6:cd:
                    af:04:67:83:c2:ca:a5:b0:4c:0e:15:44:11:ac:57:
                    76:37:d4:1b:36:28:dc:a8:ef:75:53:cb:e8:b6:c5:
                    19:51:51:06:53:78:e3:bd:4a:2a:d0:b2:9f:26:84:
                    aa:89:78:30:a6:aa:e8:cd:84:91:ac:46:f6:30:ea:
                    a1:66:e1:7a:c2:67:32:77:05:7e:a0:9d:a5:b3:e6:
                    0e:f4:fe:e1:eb:63:e1:0c:f8:95:38:fd:80:bb:f8:
                    e7:ea:ff:2c:08:ca:bb:ef:b4:a0:b4:b4:12:62:08:
                    78:95:f2:41:66:cf:7a:6c:08:0c:32:a1:1d:0d:24:
                    38:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:07:8A:DE:03:77:B9:F7:93:C5:10:DE:B3:2F:82:8A:06:E0:1C:5E
            X509v3 Authority Key Identifier:
                keyid:CE:D4:10:EA:68:67:EF:63:F9:59:BA:D6:B2:1B:69:1C:AD:FF:87:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ztQQ6mhn72P5WbrWshtpHK3_h9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/12fc41-89dd-4a21-aa34-76525841dc28/1/7weK3gN3ufeTxRDesy-CigbgHF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/12fc41-89dd-4a21-aa34-76525841dc28/1/ztQQ6mhn72P5WbrWshtpHK3_h9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:6b:11:4c:86:1f:a5:37:97:fa:c1:90:39:60:5f:ef:b6:3f:
         ec:7e:41:38:c1:3f:f4:89:7d:2c:25:0e:05:57:dc:7a:55:95:
         c7:5d:96:19:bf:f2:94:8f:3c:12:f6:5a:1f:bb:65:18:ad:c4:
         18:5c:7d:04:d6:fc:95:0f:f3:44:22:e3:37:b1:c3:59:53:03:
         98:a8:08:7c:d0:b9:8f:43:e6:ff:35:67:e1:73:e2:e7:ba:2f:
         29:77:06:3f:bc:a3:cf:f6:ba:be:9d:13:10:fe:da:73:2a:6c:
         2c:7e:1d:d5:d5:58:57:6c:1e:04:3b:bf:d3:94:bf:82:fd:fe:
         21:7a:6c:b1:8a:87:8d:e3:2f:5f:e9:75:78:be:af:3c:64:70:
         79:73:64:9b:35:c9:c2:d1:3b:08:04:67:d7:b8:e3:9a:05:b9:
         2e:f5:d6:a5:4f:39:af:43:ee:fc:d1:f8:1e:45:4b:5f:e0:cd:
         25:c3:85:b4:8d:fb:bf:eb:0a:5c:c3:35:65:be:4c:16:98:8d:
         3c:26:f2:5f:9b:eb:45:8a:84:14:39:21:e1:ab:3b:8f:79:bb:
         69:f6:c6:00:cb:5c:b9:ad:be:62:74:4e:71:64:86:3b:19:21:
         ac:79:3d:50:b6:9b:fc:c2:ac:6d:3b:23:aa:7b:83:a2:da:54:
         6d:1c:11:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbkaJFwPnyEJ9kX9iVHp7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlZDQxMGVhNjg2N2VmNjNmOTU5YmFkNmIyMWI2OTFjYWRm
Zjg3ZDQwHhcNMjQwMTAxMTQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjA3OGFkZTAzNzdiOWY3OTNjNTEwZGViMzJmODI4YTA2ZTAxYzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGC9ti7e4OW5lZ5PZJ3xPZALtfPm
/nZz1BcHRsWRtllJQAti4E3brRIiuOwq5Pow4vmRxy+XFAC9plVdRxWqp0TfW7di
y/VD0UCbiQpMFZdZVsBcS6dspcSzPDTkhdPuIpFti2PALNQnaVMJcqeJIRGREDE+
VCpJRzJdnzFkxWahc9j39s2vBGeDwsqlsEwOFUQRrFd2N9QbNijcqO91U8votsUZ
UVEGU3jjvUoq0LKfJoSqiXgwpqrozYSRrEb2MOqhZuF6wmcydwV+oJ2ls+YO9P7h
62PhDPiVOP2Au/jn6v8sCMq777SgtLQSYgh4lfJBZs96bAgMMqEdDSQ48QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO8Hit4Dd7n3k8UQ3rMvgooG4BxeMB8GA1UdIwQY
MBaAFM7UEOpoZ+9j+Vm61rIbaRyt/4fUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenRRUTZtaG43MlA1V2JyV3NodHBISzNfaDlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8xMmZjNDEtODlkZC00YTIxLWFhMzQt
NzY1MjU4NDFkYzI4LzEvN3dlSzNnTjN1ZmVUeFJEZXN5LUNpZ2JnSEY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8xMmZjNDEtODlkZC00YTIxLWFhMzQtNzY1MjU4NDFkYzI4
LzEvenRRUTZtaG43MlA1V2JyV3NodHBISzNfaDlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZhcMA0G
CSqGSIb3DQEBCwUAA4IBAQAhaxFMhh+lN5f6wZA5YF/vtj/sfkE4wT/0iX0sJQ4F
V9x6VZXHXZYZv/KUjzwS9lofu2UYrcQYXH0E1vyVD/NEIuM3scNZUwOYqAh80LmP
Q+b/NWfhc+Lnui8pdwY/vKPP9rq+nRMQ/tpzKmwsfh3V1VhXbB4EO7/TlL+C/f4h
emyxioeN4y9f6XV4vq88ZHB5c2SbNcnC0TsIBGfXuOOaBbku9dalTzmvQ+780fge
RUtf4M0lw4W0jfu/6wpcwzVlvkwWmI08JvJfm+tFioQUOSHhqzuPebtp9sYAy1y5
rb5idE5xZIY7GSGseT1Qtpv8wqxtOyOqe4Oi2lRtHBGz
-----END CERTIFICATE-----