Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/c1364a-0501-4faf-bcfa-aae1447603c0/1/7mxv4ndcgPA5KCQlRSMYSGl-rgs.roa
File:                     7mxv4ndcgPA5KCQlRSMYSGl-rgs.roa (raw, json)
Hash identifier:          Q5LGOnd8oq6RKWGwoRxkQDDXGAn5B+HigBFyrPRqNBM=
Subject key identifier:   EE:6C:6F:E2:77:5C:80:F0:39:28:24:25:45:23:18:48:69:7E:AE:0B
Certificate issuer:       /CN=042d9f4d6aff383c59e9de7802dbee024ee887dc
Certificate serial:       018F3310C76BDA571F1B30638AA4AA005ED6
Authority key identifier: 04:2D:9F:4D:6A:FF:38:3C:59:E9:DE:78:02:DB:EE:02:4E:E8:87:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BC2fTWr_ODxZ6d54AtvuAk7oh9w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/c1364a-0501-4faf-bcfa-aae1447603c0/1/7mxv4ndcgPA5KCQlRSMYSGl-rgs.roa
Signing time:             Wed 01 May 2024 07:31:28 +0000
ROA not before:           Wed 01 May 2024 07:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60068
IP address blocks:        151.248.104.96/27 maxlen: 27
                          151.248.104.128/27 maxlen: 27

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/c1364a-0501-4faf-bcfa-aae1447603c0/1/BC2fTWr_ODxZ6d54AtvuAk7oh9w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/c1364a-0501-4faf-bcfa-aae1447603c0/1/BC2fTWr_ODxZ6d54AtvuAk7oh9w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BC2fTWr_ODxZ6d54AtvuAk7oh9w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:33:10:c7:6b:da:57:1f:1b:30:63:8a:a4:aa:00:5e:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=042d9f4d6aff383c59e9de7802dbee024ee887dc
        Validity
            Not Before: May  1 07:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee6c6fe2775c80f03928242545231848697eae0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:7b:52:5c:9a:04:ce:ce:c6:ea:fe:80:52:41:
                    0c:b4:a7:4b:03:a1:d8:e2:93:db:11:72:eb:98:fc:
                    bf:11:7f:c3:92:39:59:c5:76:8d:c3:9c:c5:30:91:
                    7e:5f:99:06:f9:c5:76:0d:f7:c4:16:85:2d:ce:b4:
                    9b:c3:c9:6d:6c:cc:01:92:8f:6a:39:e5:b5:f0:9c:
                    79:d3:7e:69:89:15:b8:7f:23:24:1e:2b:15:3f:25:
                    06:24:fa:a6:bd:92:2f:8e:8a:b8:01:6a:10:7f:b9:
                    31:ba:20:15:40:e0:d1:84:30:6f:7b:42:c1:87:7e:
                    36:a0:50:5b:0f:a7:5f:fc:4f:ac:5c:2d:d7:8b:9f:
                    27:a9:e3:71:fe:a9:9b:35:52:57:1e:ad:c8:55:99:
                    ae:f5:67:0e:af:e5:c9:fc:90:3a:c2:94:41:34:2a:
                    e7:fe:b4:80:09:4a:c4:03:0f:c8:37:0f:88:64:e6:
                    ff:7d:58:f3:31:be:0b:2b:76:a9:b3:9c:13:67:9f:
                    fd:90:dc:ac:45:68:53:36:80:34:6d:be:13:c8:ef:
                    d1:42:5e:9e:7d:19:be:57:95:1c:f9:50:37:55:ef:
                    b9:bb:ff:1f:5a:1d:14:8f:1c:7e:7a:51:d2:23:c7:
                    79:40:e4:5a:ae:53:d8:46:b7:56:ae:bb:ab:16:0b:
                    80:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:6C:6F:E2:77:5C:80:F0:39:28:24:25:45:23:18:48:69:7E:AE:0B
            X509v3 Authority Key Identifier:
                keyid:04:2D:9F:4D:6A:FF:38:3C:59:E9:DE:78:02:DB:EE:02:4E:E8:87:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BC2fTWr_ODxZ6d54AtvuAk7oh9w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c1364a-0501-4faf-bcfa-aae1447603c0/1/7mxv4ndcgPA5KCQlRSMYSGl-rgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c1364a-0501-4faf-bcfa-aae1447603c0/1/BC2fTWr_ODxZ6d54AtvuAk7oh9w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.248.104.96-151.248.104.159

    Signature Algorithm: sha256WithRSAEncryption
         27:a5:13:79:b8:5d:be:a8:e4:02:c7:90:04:74:df:a4:f6:c5:
         1c:a5:1b:58:34:c9:fe:2f:a6:d1:23:63:36:55:3b:e9:74:2a:
         98:03:55:3a:c2:77:61:6d:97:90:78:22:0c:23:a2:6a:e3:b7:
         cd:f8:43:87:86:2f:bf:e3:27:a3:00:2d:e0:e2:13:a0:c3:64:
         92:f2:d7:f8:c1:08:16:28:72:6c:08:ba:d7:25:6b:30:13:61:
         9c:91:04:35:7a:67:1e:7f:ec:f4:be:31:19:24:8f:6b:42:0b:
         6b:0a:4d:f9:15:5c:6a:69:ec:22:79:7d:fb:18:86:01:68:20:
         29:9e:b9:b5:1a:07:3c:3f:86:bf:88:29:f8:02:07:71:2a:60:
         0d:9e:e1:9c:2b:35:cc:fc:a3:19:95:e2:93:e3:33:72:e4:96:
         68:1b:94:f7:64:7f:9f:c6:9e:24:77:a3:5e:1b:15:cf:64:47:
         91:e5:3f:03:65:ac:31:1c:7a:5b:a9:ff:0d:a9:be:0c:84:4f:
         06:91:d1:1a:c0:94:7b:21:f3:3f:c5:19:a4:61:1c:46:8c:be:
         fe:a3:1a:4d:fd:20:a6:d3:47:54:e4:dd:26:99:7a:50:64:1b:
         48:48:be:1e:3e:ab:ba:2f:1d:48:b0:47:2c:9a:d5:d8:ae:7e:
         e6:04:1a:c0
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAY8zEMdr2lcfGzBjiqSqAF7WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0MmQ5ZjRkNmFmZjM4M2M1OWU5ZGU3ODAyZGJlZTAyNGVl
ODg3ZGMwHhcNMjQwNTAxMDczMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTZjNmZlMjc3NWM4MGYwMzkyODI0MjU0NTIzMTg0ODY5N2VhZTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArntSXJoEzs7G6v6AUkEMtKdLA6HY
4pPbEXLrmPy/EX/DkjlZxXaNw5zFMJF+X5kG+cV2DffEFoUtzrSbw8ltbMwBko9q
OeW18Jx5035piRW4fyMkHisVPyUGJPqmvZIvjoq4AWoQf7kxuiAVQODRhDBve0LB
h342oFBbD6df/E+sXC3Xi58nqeNx/qmbNVJXHq3IVZmu9WcOr+XJ/JA6wpRBNCrn
/rSACUrEAw/INw+IZOb/fVjzMb4LK3aps5wTZ5/9kNysRWhTNoA0bb4TyO/RQl6e
fRm+V5Uc+VA3Ve+5u/8fWh0Ujxx+elHSI8d5QORarlPYRrdWrrurFguAaQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFO5sb+J3XIDwOSgkJUUjGEhpfq4LMB8GA1UdIwQY
MBaAFAQtn01q/zg8WeneeALb7gJO6IfcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkMyZlRXcl9PRHhaNmQ1NEF0dnVBazdvaDl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9jMTM2NGEtMDUwMS00ZmFmLWJjZmEt
YWFlMTQ0NzYwM2MwLzEvN214djRuZGNnUEE1S0NRbFJTTVlTR2wtcmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9jMTM2NGEtMDUwMS00ZmFmLWJjZmEtYWFlMTQ0NzYwM2Mw
LzEvQkMyZlRXcl9PRHhaNmQ1NEF0dnVBazdvaDl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAATAQMA4DBQWX+Ghg
AwUFl/hogDANBgkqhkiG9w0BAQsFAAOCAQEAJ6UTebhdvqjkAseQBHTfpPbFHKUb
WDTJ/i+m0SNjNlU76XQqmANVOsJ3YW2XkHgiDCOiauO3zfhDh4Yvv+MnowAt4OIT
oMNkkvLX+MEIFihybAi61yVrMBNhnJEENXpnHn/s9L4xGSSPa0ILawpN+RVcamns
Inl9+xiGAWggKZ65tRoHPD+Gv4gp+AIHcSpgDZ7hnCs1zPyjGZXik+MzcuSWaBuU
92R/n8aeJHejXhsVz2RHkeU/A2WsMRx6W6n/Dam+DIRPBpHRGsCUeyHzP8UZpGEc
Roy+/qMaTf0gptNHVOTdJpl6UGQbSEi+Hj6rui8dSLBHLJrV2K5+5gQawA==
-----END CERTIFICATE-----