Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/7_O0ZzsK1w5RRFNFuBHol41p94U.roa
File:                     7_O0ZzsK1w5RRFNFuBHol41p94U.roa (raw, json)
Hash identifier:          V+0vpguLz4PKF5N7a7KIsP5pnVLjeX21KLBQ6QtEFRk=
Subject key identifier:   EF:F3:B4:67:3B:0A:D7:0E:51:44:53:45:B8:11:E8:97:8D:69:F7:85
Certificate issuer:       /CN=3545a7200164912041bb931efb1feac123b43a18
Certificate serial:       018E6BECCEF18F2FDD6DEC1C04188608DD46
Authority key identifier: 35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/7_O0ZzsK1w5RRFNFuBHol41p94U.roa
Signing time:             Sat 23 Mar 2024 15:27:45 +0000
ROA not before:           Sat 23 Mar 2024 15:27:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34643
IP address blocks:        5.253.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:6b:ec:ce:f1:8f:2f:dd:6d:ec:1c:04:18:86:08:dd:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3545a7200164912041bb931efb1feac123b43a18
        Validity
            Not Before: Mar 23 15:27:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eff3b4673b0ad70e51445345b811e8978d69f785
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:44:9f:41:4e:a1:18:5b:0f:ae:f2:64:eb:95:
                    db:de:19:f9:46:50:35:10:21:bc:1d:03:87:39:3b:
                    c0:f7:07:c9:00:ff:63:7d:99:17:0c:22:b8:96:61:
                    b3:f9:16:b9:f1:28:d1:c6:4f:fa:a2:8f:7f:81:20:
                    78:6f:03:aa:17:76:be:7b:3e:c9:78:02:b8:2e:85:
                    86:08:28:56:12:bc:03:8c:63:e4:91:d1:81:fb:85:
                    98:ea:fb:08:c0:a4:31:46:f0:a6:85:a8:b0:ab:24:
                    f1:df:d7:a8:ff:76:78:c7:e5:c1:af:a2:b2:86:42:
                    a6:96:7f:41:ee:5e:c4:67:b1:86:88:10:8b:ba:ce:
                    d2:41:55:be:99:3c:65:22:f6:f5:8a:76:46:4c:0d:
                    b0:d7:6b:4f:41:fa:90:5c:b9:5e:2c:4c:c1:77:4a:
                    43:b2:68:61:f6:fa:ca:a5:91:51:ad:39:c1:ae:14:
                    c1:3c:8a:0c:11:e6:0e:7a:84:43:b1:a6:d6:a6:87:
                    2f:d2:99:19:aa:a4:27:17:73:c5:9c:ad:8a:92:c0:
                    25:d1:fc:b9:05:b5:86:ff:03:13:54:ee:82:73:03:
                    d5:6d:44:cd:e4:1b:90:2b:cc:fd:e4:f2:0b:d2:f6:
                    a6:85:02:9e:6d:02:19:a4:3d:74:64:61:cb:67:35:
                    1e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:F3:B4:67:3B:0A:D7:0E:51:44:53:45:B8:11:E8:97:8D:69:F7:85
            X509v3 Authority Key Identifier:
                keyid:35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/7_O0ZzsK1w5RRFNFuBHol41p94U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:93:30:d4:81:de:0a:e5:58:26:c9:0e:44:00:5b:1a:87:69:
         92:54:4e:14:58:d3:7d:6d:91:17:36:64:57:ac:51:45:52:c8:
         f5:67:3d:7e:7d:98:b3:b2:d4:f1:93:14:28:c2:ce:72:50:43:
         fb:05:b1:f4:35:cf:bd:d8:8c:9d:86:80:57:93:3e:f0:ab:1b:
         48:91:24:ea:10:10:dd:7b:ce:32:ee:bf:9d:11:07:2e:d8:d6:
         a1:8c:74:0a:04:c3:b2:99:8b:63:b4:67:a6:ac:09:c9:98:fb:
         14:20:57:5f:26:48:dc:7a:53:7d:47:38:c6:98:63:bc:3d:3f:
         48:25:07:ff:22:12:58:f0:19:4b:8a:9d:a9:26:bc:05:20:9e:
         f7:11:16:1f:20:f7:5b:2b:13:9c:f5:fc:fb:65:3f:c3:04:6c:
         ae:2c:8a:1c:64:a4:4c:83:2b:9c:5b:26:42:a5:37:ec:56:00:
         3e:cc:53:f5:be:df:1f:46:0c:b0:5d:9b:29:47:da:65:50:02:
         c2:ee:3a:34:03:ce:f8:b8:22:fc:55:ac:50:63:6d:0c:8a:15:
         cd:bc:ca:44:86:57:20:81:5a:8e:66:0d:80:0b:4f:00:f2:11:
         70:ae:49:13:59:00:7f:cb:81:ed:23:06:eb:e7:b3:8b:8c:09:
         08:14:74:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5r7M7xjy/dbewcBBiGCN1GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NDVhNzIwMDE2NDkxMjA0MWJiOTMxZWZiMWZlYWMxMjNi
NDNhMTgwHhcNMjQwMzIzMTUyNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmYzYjQ2NzNiMGFkNzBlNTE0NDUzNDViODExZTg5NzhkNjlmNzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0SfQU6hGFsPrvJk65Xb3hn5RlA1
ECG8HQOHOTvA9wfJAP9jfZkXDCK4lmGz+Ra58SjRxk/6oo9/gSB4bwOqF3a+ez7J
eAK4LoWGCChWErwDjGPkkdGB+4WY6vsIwKQxRvCmhaiwqyTx39eo/3Z4x+XBr6Ky
hkKmln9B7l7EZ7GGiBCLus7SQVW+mTxlIvb1inZGTA2w12tPQfqQXLleLEzBd0pD
smhh9vrKpZFRrTnBrhTBPIoMEeYOeoRDsabWpocv0pkZqqQnF3PFnK2KksAl0fy5
BbWG/wMTVO6CcwPVbUTN5BuQK8z95PIL0vamhQKebQIZpD10ZGHLZzUerQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/ztGc7CtcOUURTRbgR6JeNafeFMB8GA1UdIwQY
MBaAFDVFpyABZJEgQbuTHvsf6sEjtDoYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDkt
YWFiYjA2MmU0MGRiLzEvN19PMFp6c0sxdzVSUkZORnVCSG9sNDFwOTRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDktYWFiYjA2MmU0MGRi
LzEvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf23MA0G
CSqGSIb3DQEBCwUAA4IBAQAUkzDUgd4K5VgmyQ5EAFsah2mSVE4UWNN9bZEXNmRX
rFFFUsj1Zz1+fZizstTxkxQows5yUEP7BbH0Nc+92IydhoBXkz7wqxtIkSTqEBDd
e84y7r+dEQcu2NahjHQKBMOymYtjtGemrAnJmPsUIFdfJkjcelN9RzjGmGO8PT9I
JQf/IhJY8BlLip2pJrwFIJ73ERYfIPdbKxOc9fz7ZT/DBGyuLIocZKRMgyucWyZC
pTfsVgA+zFP1vt8fRgywXZspR9plUALC7jo0A874uCL8VaxQY20MihXNvMpEhlcg
gVqOZg2AC08A8hFwrkkTWQB/y4HtIwbr57OLjAkIFHQJ
-----END CERTIFICATE-----