Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/2e9677-c5dd-4a31-a8e7-168f21508c74/1/7kav7ynlT__54lgPeSQjuoj5MUs.roa
File:                     7kav7ynlT__54lgPeSQjuoj5MUs.roa (raw, json)
Hash identifier:          b+2B3lVGn++CvNO41lq9DuB++/+YjIyJeGIWJ3rHVM0=
Subject key identifier:   EE:46:AF:EF:29:E5:4F:FF:F9:E2:58:0F:79:24:23:BA:88:F9:31:4B
Certificate issuer:       /CN=22acf66f0019c556331bef9ecd8df652782a63f8
Certificate serial:       018CC5DC6EB005FE9725F7B9F5D8193002FA
Authority key identifier: 22:AC:F6:6F:00:19:C5:56:33:1B:EF:9E:CD:8D:F6:52:78:2A:63:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iqz2bwAZxVYzG--ezY32UngqY_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/2e9677-c5dd-4a31-a8e7-168f21508c74/1/7kav7ynlT__54lgPeSQjuoj5MUs.roa
Signing time:             Mon 01 Jan 2024 16:30:06 +0000
ROA not before:           Mon 01 Jan 2024 16:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62321
IP address blocks:        45.89.8.0/24 maxlen: 24
                          2a0e:b40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/2e9677-c5dd-4a31-a8e7-168f21508c74/1/Iqz2bwAZxVYzG--ezY32UngqY_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/2e9677-c5dd-4a31-a8e7-168f21508c74/1/Iqz2bwAZxVYzG--ezY32UngqY_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iqz2bwAZxVYzG--ezY32UngqY_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 12:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:6e:b0:05:fe:97:25:f7:b9:f5:d8:19:30:02:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22acf66f0019c556331bef9ecd8df652782a63f8
        Validity
            Not Before: Jan  1 16:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee46afef29e54ffff9e2580f792423ba88f9314b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:13:24:16:1f:21:1e:ea:89:fa:3c:c2:05:04:
                    cf:f7:10:5d:e3:a9:4e:8a:e5:f4:d3:f1:c5:17:34:
                    8b:fe:d2:2b:cb:fd:20:c0:39:72:11:f9:d6:33:4a:
                    30:72:24:a9:54:0f:80:fe:fd:8f:90:86:a2:42:ba:
                    c5:ee:5b:54:64:2a:77:89:29:ba:45:38:75:cd:6f:
                    a2:2c:9b:62:f0:d7:cb:4c:fb:33:b8:50:be:87:82:
                    12:13:d4:8e:eb:82:b0:b5:26:7f:d4:d0:f8:55:36:
                    60:36:b6:5f:b4:36:88:42:2e:f3:b8:6b:28:a5:41:
                    d9:a4:a6:9c:48:b4:69:f7:bd:25:bc:a8:1d:95:d0:
                    79:e1:f0:c7:10:a2:90:bb:b9:10:03:f4:4c:0d:64:
                    f4:f6:26:16:5c:27:57:94:9d:ea:d6:5a:cd:5e:6e:
                    d9:a6:7d:20:4a:48:f1:7e:b8:aa:29:d7:cf:ee:c2:
                    14:c3:a5:f2:db:a6:5b:5e:bc:0c:06:63:6c:fd:f1:
                    b4:98:f9:01:c4:60:24:c9:29:67:a6:28:f5:17:16:
                    fc:09:b5:14:e4:36:98:d2:a2:e4:ba:b1:7c:ef:e2:
                    63:0b:a7:9b:c1:80:12:df:1c:74:5f:54:08:6b:83:
                    95:3c:d0:26:57:5c:6f:64:35:fc:6b:43:92:ed:a1:
                    d3:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:46:AF:EF:29:E5:4F:FF:F9:E2:58:0F:79:24:23:BA:88:F9:31:4B
            X509v3 Authority Key Identifier:
                keyid:22:AC:F6:6F:00:19:C5:56:33:1B:EF:9E:CD:8D:F6:52:78:2A:63:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iqz2bwAZxVYzG--ezY32UngqY_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/2e9677-c5dd-4a31-a8e7-168f21508c74/1/7kav7ynlT__54lgPeSQjuoj5MUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/2e9677-c5dd-4a31-a8e7-168f21508c74/1/Iqz2bwAZxVYzG--ezY32UngqY_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.8.0/24
                IPv6:
                  2a0e:b40::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:5a:ca:bb:6f:55:20:f1:c0:05:15:c0:84:00:d9:24:09:3c:
         93:51:5a:72:93:bc:bf:72:83:e4:e4:7d:18:8d:9b:92:7f:be:
         92:38:fd:88:58:83:59:69:71:38:bf:84:7e:da:25:c7:3a:8a:
         85:51:7f:84:2b:79:38:7f:a6:ad:d9:6c:8c:9b:69:e5:c9:54:
         4b:5f:16:14:ff:07:f5:04:a8:27:90:df:1f:3c:40:3f:9b:93:
         5f:be:c1:f0:1a:8f:0e:e7:36:dd:96:07:c4:9e:be:af:59:f3:
         56:25:53:57:ab:9b:e2:0b:5e:d1:8d:98:80:9d:c5:65:3a:b5:
         4b:15:ef:d9:c3:43:e7:99:a6:1c:7a:2e:da:87:93:54:bf:fd:
         23:0e:42:e5:92:e3:01:5c:ae:6b:e6:dd:6b:8e:1c:12:77:af:
         71:76:34:c4:61:6f:3b:9b:af:12:e7:96:cf:02:8e:57:84:23:
         40:19:08:73:14:e7:b6:41:94:80:30:79:d2:af:6f:f0:2f:49:
         e7:70:0a:d4:17:3a:83:d7:bd:82:ee:07:8b:f8:0a:7a:62:a3:
         08:f0:1c:e6:5b:fd:17:71:ad:b2:0f:36:4a:2f:93:66:82:c2:
         0a:0e:63:f7:8e:8b:65:2e:14:c5:52:08:71:77:7f:17:5c:1c:
         37:5d:7a:4f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3G6wBf6XJfe59dgZMAL6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYWNmNjZmMDAxOWM1NTYzMzFiZWY5ZWNkOGRmNjUyNzgy
YTYzZjgwHhcNMjQwMTAxMTYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTQ2YWZlZjI5ZTU0ZmZmZjllMjU4MGY3OTI0MjNiYTg4ZjkzMTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBMkFh8hHuqJ+jzCBQTP9xBd46lO
iuX00/HFFzSL/tIry/0gwDlyEfnWM0owciSpVA+A/v2PkIaiQrrF7ltUZCp3iSm6
RTh1zW+iLJti8NfLTPszuFC+h4ISE9SO64KwtSZ/1ND4VTZgNrZftDaIQi7zuGso
pUHZpKacSLRp970lvKgdldB54fDHEKKQu7kQA/RMDWT09iYWXCdXlJ3q1lrNXm7Z
pn0gSkjxfriqKdfP7sIUw6Xy26ZbXrwMBmNs/fG0mPkBxGAkySlnpij1Fxb8CbUU
5DaY0qLkurF87+JjC6ebwYAS3xx0X1QIa4OVPNAmV1xvZDX8a0OS7aHTxQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFO5Gr+8p5U//+eJYD3kkI7qI+TFLMB8GA1UdIwQY
MBaAFCKs9m8AGcVWMxvvns2N9lJ4KmP4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXF6MmJ3QVp4Vll6Ry0tZXpZMzJVbmdxWV9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8yZTk2NzctYzVkZC00YTMxLWE4ZTct
MTY4ZjIxNTA4Yzc0LzEvN2thdjd5bmxUX181NGxnUGVTUWp1b2o1TVVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8yZTk2NzctYzVkZC00YTMxLWE4ZTctMTY4ZjIxNTA4Yzc0
LzEvSXF6MmJ3QVp4Vll6Ry0tZXpZMzJVbmdxWV9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALVkIMA8E
AgACMAkDBwAqDgtAAAAwDQYJKoZIhvcNAQELBQADggEBAHBayrtvVSDxwAUVwIQA
2SQJPJNRWnKTvL9yg+TkfRiNm5J/vpI4/YhYg1lpcTi/hH7aJcc6ioVRf4QreTh/
pq3ZbIybaeXJVEtfFhT/B/UEqCeQ3x88QD+bk1++wfAajw7nNt2WB8Sevq9Z81Yl
U1erm+ILXtGNmICdxWU6tUsV79nDQ+eZphx6LtqHk1S//SMOQuWS4wFcrmvm3WuO
HBJ3r3F2NMRhbzubrxLnls8CjleEI0AZCHMU57ZBlIAwedKvb/AvSedwCtQXOoPX
vYLuB4v4CnpiowjwHOZb/RdxrbIPNkovk2aCwgoOY/eOi2UuFMVSCHF3fxdcHDdd
ek8=
-----END CERTIFICATE-----