Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/fbf160-63c8-4e04-9100-e6343c34a0be/1/_7g4esXxGIxS-ErNGqEeA-Z5kDM.roa
File:                     _7g4esXxGIxS-ErNGqEeA-Z5kDM.roa (raw, json)
Hash identifier:          I7Pg98pvGoa56nM5RHPWEp9fADPBgssy/gnQhw+G+VU=
Subject key identifier:   FF:B8:38:7A:C5:F1:18:8C:52:F8:4A:CD:1A:A1:1E:03:E6:79:90:33
Certificate issuer:       /CN=5b78c511a62c2e5b94f0693df6af947e5de210c0
Certificate serial:       018CC2DABEA510B87CB362545050CE3AE9CB
Authority key identifier: 5B:78:C5:11:A6:2C:2E:5B:94:F0:69:3D:F6:AF:94:7E:5D:E2:10:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W3jFEaYsLluU8Gk99q-Ufl3iEMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/fbf160-63c8-4e04-9100-e6343c34a0be/1/_7g4esXxGIxS-ErNGqEeA-Z5kDM.roa
Signing time:             Mon 01 Jan 2024 02:29:24 +0000
ROA not before:           Mon 01 Jan 2024 02:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212773
IP address blocks:        185.160.156.0/22 maxlen: 22
                          2a07:be80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/fbf160-63c8-4e04-9100-e6343c34a0be/1/W3jFEaYsLluU8Gk99q-Ufl3iEMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/fbf160-63c8-4e04-9100-e6343c34a0be/1/W3jFEaYsLluU8Gk99q-Ufl3iEMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W3jFEaYsLluU8Gk99q-Ufl3iEMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:be:a5:10:b8:7c:b3:62:54:50:50:ce:3a:e9:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b78c511a62c2e5b94f0693df6af947e5de210c0
        Validity
            Not Before: Jan  1 02:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffb8387ac5f1188c52f84acd1aa11e03e6799033
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:62:80:23:e3:b9:58:0a:d9:63:35:67:e5:5b:
                    bf:0f:bc:91:8d:8c:3d:6e:ff:bb:87:08:5e:6b:97:
                    90:7f:cb:55:64:4d:92:f1:42:2a:b5:72:ad:60:3e:
                    f4:8e:4c:b9:b7:04:04:d7:8a:42:0d:fc:37:5e:14:
                    0b:b2:a5:b7:96:24:5f:ea:44:f7:f4:43:d7:be:c9:
                    f4:18:8f:c6:4a:5c:5d:3d:c1:18:ca:ae:08:6a:69:
                    bf:be:8a:89:c0:a4:47:5b:0c:f9:64:dd:fd:f1:df:
                    7d:9f:52:7c:43:0e:00:bc:b1:ff:cb:91:f8:38:ce:
                    3d:3d:ad:aa:14:72:90:27:9c:12:4d:f1:b0:19:ee:
                    11:c7:4c:dc:8d:97:cf:d7:d0:66:61:c3:31:82:28:
                    2a:7d:93:0b:42:84:dc:85:5d:ed:e7:51:5b:6d:f5:
                    04:e5:ad:35:8b:18:42:e1:76:2f:e5:da:7e:cc:79:
                    32:2a:dd:bd:ae:71:d8:51:57:67:e3:c2:9c:de:09:
                    86:60:3e:da:57:5c:16:4d:7a:e1:c5:82:7f:45:bb:
                    15:29:08:10:a1:50:70:64:ec:2b:ed:54:d9:ea:06:
                    cb:f8:2e:16:c2:7e:dd:66:3c:51:bb:dc:88:23:2f:
                    3a:51:88:9a:ae:52:62:49:23:2e:94:b0:7f:76:34:
                    e4:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:B8:38:7A:C5:F1:18:8C:52:F8:4A:CD:1A:A1:1E:03:E6:79:90:33
            X509v3 Authority Key Identifier:
                keyid:5B:78:C5:11:A6:2C:2E:5B:94:F0:69:3D:F6:AF:94:7E:5D:E2:10:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W3jFEaYsLluU8Gk99q-Ufl3iEMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/fbf160-63c8-4e04-9100-e6343c34a0be/1/_7g4esXxGIxS-ErNGqEeA-Z5kDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/fbf160-63c8-4e04-9100-e6343c34a0be/1/W3jFEaYsLluU8Gk99q-Ufl3iEMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.156.0/22
                IPv6:
                  2a07:be80::/29

    Signature Algorithm: sha256WithRSAEncryption
         84:dd:f2:31:55:5d:5f:9d:9c:05:14:e7:56:d6:57:56:40:fa:
         41:8d:6c:12:63:a9:88:93:43:ac:d2:bf:70:d5:94:59:67:52:
         3f:2e:ba:13:44:8e:5a:7a:bc:88:1e:2e:cc:54:bc:b5:45:21:
         7b:e8:d1:b7:8b:08:f3:09:4d:0f:07:88:5e:b2:96:33:22:a4:
         0b:01:15:5d:93:ed:f1:d9:81:6c:94:b1:32:10:a9:de:3d:a7:
         f2:b1:76:07:67:76:f8:d2:d1:af:a0:29:c6:30:03:54:68:c3:
         53:53:f1:73:dd:02:93:d5:69:ff:e1:28:a6:45:82:34:88:75:
         c7:3e:4a:6e:25:e1:29:4e:0b:42:5b:50:29:a1:5e:30:95:3c:
         90:24:d4:aa:10:07:59:fd:19:21:30:5f:77:a8:dd:8a:8d:9c:
         94:42:f8:8f:09:f3:96:92:3c:af:f4:b3:5d:ac:ae:f5:70:3c:
         9d:9e:e5:c2:df:e9:ce:ce:45:bd:5e:b1:47:8e:ed:39:0d:ab:
         e8:05:fa:a8:53:9d:1c:53:30:96:34:4d:89:b2:97:96:e2:ba:
         c1:28:9c:ff:80:26:ef:5c:e5:b2:95:3d:4d:c7:60:f8:f1:7c:
         9e:7e:8e:04:9c:03:54:88:d5:3b:df:72:06:e8:f7:71:47:cd:
         9a:c5:72:7b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2r6lELh8s2JUUFDOOunLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNzhjNTExYTYyYzJlNWI5NGYwNjkzZGY2YWY5NDdlNWRl
MjEwYzAwHhcNMjQwMTAxMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmI4Mzg3YWM1ZjExODhjNTJmODRhY2QxYWExMWUwM2U2Nzk5MDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmKAI+O5WArZYzVn5Vu/D7yRjYw9
bv+7hwhea5eQf8tVZE2S8UIqtXKtYD70jky5twQE14pCDfw3XhQLsqW3liRf6kT3
9EPXvsn0GI/GSlxdPcEYyq4Iamm/voqJwKRHWwz5ZN398d99n1J8Qw4AvLH/y5H4
OM49Pa2qFHKQJ5wSTfGwGe4Rx0zcjZfP19BmYcMxgigqfZMLQoTchV3t51FbbfUE
5a01ixhC4XYv5dp+zHkyKt29rnHYUVdn48Kc3gmGYD7aV1wWTXrhxYJ/RbsVKQgQ
oVBwZOwr7VTZ6gbL+C4Wwn7dZjxRu9yIIy86UYiarlJiSSMulLB/djTkvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP+4OHrF8RiMUvhKzRqhHgPmeZAzMB8GA1UdIwQY
MBaAFFt4xRGmLC5blPBpPfavlH5d4hDAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzNqRkVhWXNMbHVVOEdrOTlxLVVmbDNpRU1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9mYmYxNjAtNjNjOC00ZTA0LTkxMDAt
ZTYzNDNjMzRhMGJlLzEvXzdnNGVzWHhHSXhTLUVyTkdxRWVBLVo1a0RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9mYmYxNjAtNjNjOC00ZTA0LTkxMDAtZTYzNDNjMzRhMGJl
LzEvVzNqRkVhWXNMbHVVOEdrOTlxLVVmbDNpRU1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaCcMA0E
AgACMAcDBQMqB76AMA0GCSqGSIb3DQEBCwUAA4IBAQCE3fIxVV1fnZwFFOdW1ldW
QPpBjWwSY6mIk0Os0r9w1ZRZZ1I/LroTRI5aeryIHi7MVLy1RSF76NG3iwjzCU0P
B4hespYzIqQLARVdk+3x2YFslLEyEKnePafysXYHZ3b40tGvoCnGMANUaMNTU/Fz
3QKT1Wn/4SimRYI0iHXHPkpuJeEpTgtCW1ApoV4wlTyQJNSqEAdZ/RkhMF93qN2K
jZyUQviPCfOWkjyv9LNdrK71cDydnuXC3+nOzkW9XrFHju05DavoBfqoU50cUzCW
NE2JspeW4rrBKJz/gCbvXOWylT1Nx2D48Xyefo4EnANUiNU733IG6PdxR82axXJ7
-----END CERTIFICATE-----