Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/7cZbkQqr-SEdfr0tEW8C1Pix35Y.roa
File:                     7cZbkQqr-SEdfr0tEW8C1Pix35Y.roa (raw, json)
Hash identifier:          xSjPvHmjy6FdGTZKdoGxVAJ1Yq148v83DxivVL7nC44=
Subject key identifier:   ED:C6:5B:91:0A:AB:F9:21:1D:7E:BD:2D:11:6F:02:D4:F8:B1:DF:96
Certificate issuer:       /CN=003b2c3871069002ad0b2f42b0cbf5e92e3be4b3
Certificate serial:       0196B8D295A99C1AE65350F243C6CB76C0E9
Authority key identifier: 00:3B:2C:38:71:06:90:02:AD:0B:2F:42:B0:CB:F5:E9:2E:3B:E4:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ADssOHEGkAKtCy9CsMv16S475LM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/7cZbkQqr-SEdfr0tEW8C1Pix35Y.roa
Signing time:             Sat 10 May 2025 06:12:10 +0000
ROA not before:           Sat 10 May 2025 06:12:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215220
IP address blocks:        45.152.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/ADssOHEGkAKtCy9CsMv16S475LM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/ADssOHEGkAKtCy9CsMv16S475LM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ADssOHEGkAKtCy9CsMv16S475LM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 18:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b8:d2:95:a9:9c:1a:e6:53:50:f2:43:c6:cb:76:c0:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=003b2c3871069002ad0b2f42b0cbf5e92e3be4b3
        Validity
            Not Before: May 10 06:12:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=edc65b910aabf9211d7ebd2d116f02d4f8b1df96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ca:23:f3:00:c3:da:5a:20:c3:a1:60:9e:50:
                    0d:38:fe:90:78:0b:fb:f4:46:70:85:92:1d:24:a9:
                    c5:f7:19:72:25:39:fd:4f:fd:d2:32:a1:8d:a8:ac:
                    57:ad:78:0a:ef:c2:7f:f7:77:14:54:d4:0f:d5:fd:
                    99:bb:d7:cf:a2:01:68:97:2a:96:be:83:2f:0e:5e:
                    47:73:be:c5:25:6f:36:85:c5:fa:f9:96:49:1b:e7:
                    d1:f1:56:cc:44:76:72:60:1c:77:d3:42:92:b8:52:
                    3a:31:07:85:61:a6:3b:ef:16:1b:5a:08:0c:b5:c5:
                    66:2e:0b:9a:39:49:a9:a3:6f:6d:60:e0:28:29:ce:
                    de:13:be:a7:fd:4a:06:c4:e8:e5:2d:32:2f:75:41:
                    9d:8a:38:d9:f2:31:f7:93:81:a8:1f:27:8b:0d:9d:
                    6c:aa:f4:c9:5e:18:b6:c4:eb:d2:40:bb:12:8f:9a:
                    1f:d7:ed:ac:a5:49:2c:aa:9a:75:4f:bc:d8:f8:94:
                    fb:84:d7:ce:ed:1b:70:f9:f7:f1:09:48:fb:cd:02:
                    74:45:09:ba:2c:4d:56:ee:f7:ee:9d:5d:2d:80:b4:
                    b8:3f:3c:7e:dc:f3:62:b1:32:ea:af:a5:5d:3a:05:
                    29:15:a0:3e:ef:e6:27:4f:ed:81:3a:7f:14:c7:ca:
                    0e:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:C6:5B:91:0A:AB:F9:21:1D:7E:BD:2D:11:6F:02:D4:F8:B1:DF:96
            X509v3 Authority Key Identifier:
                keyid:00:3B:2C:38:71:06:90:02:AD:0B:2F:42:B0:CB:F5:E9:2E:3B:E4:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ADssOHEGkAKtCy9CsMv16S475LM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/7cZbkQqr-SEdfr0tEW8C1Pix35Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/ADssOHEGkAKtCy9CsMv16S475LM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:90:c5:6b:47:4a:7a:b9:92:2d:0d:3c:3f:4a:b5:12:67:08:
         84:f9:a4:7b:95:e8:1c:0b:24:2c:66:2a:5f:55:a1:d5:88:a6:
         53:ac:87:26:b8:62:ed:27:11:e7:19:18:61:14:d8:6b:c1:9c:
         d8:f9:64:38:b7:2d:94:b6:92:12:73:7f:bc:5f:ff:79:96:e9:
         f9:c2:60:ed:6b:83:fe:e5:32:b9:b6:29:14:48:4a:8b:39:b7:
         97:2b:a0:b6:3b:82:7b:12:d6:3c:8f:05:b1:2d:3f:14:33:75:
         a7:ea:83:a6:c5:6f:4d:78:b6:28:1a:40:1d:58:69:18:23:29:
         f8:02:ac:06:c3:fa:54:83:cb:af:ba:2e:db:d0:16:a1:13:68:
         65:7a:f1:20:b1:28:ac:1b:a3:97:cd:9d:12:77:bd:70:9e:93:
         e6:50:32:8a:70:14:b9:cc:6e:89:2b:e9:17:27:0d:b3:02:69:
         17:ab:2f:ea:df:fd:68:92:07:92:15:c6:c7:8c:18:ca:90:11:
         86:61:3f:f1:cb:42:0f:1d:0e:4a:1b:bd:77:27:e5:04:6c:20:
         29:d3:1e:b0:88:da:11:d5:b2:50:aa:3b:52:0e:4d:f0:79:a1:
         04:40:44:f3:f7:92:97:f5:cc:c3:f9:60:08:5d:95:99:61:a0:
         cd:71:55:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa40pWpnBrmU1DyQ8bLdsDpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwM2IyYzM4NzEwNjkwMDJhZDBiMmY0MmIwY2JmNWU5MmUz
YmU0YjMwHhcNMjUwNTEwMDYxMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGM2NWI5MTBhYWJmOTIxMWQ3ZWJkMmQxMTZmMDJkNGY4YjFkZjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMoj8wDD2logw6FgnlANOP6QeAv7
9EZwhZIdJKnF9xlyJTn9T/3SMqGNqKxXrXgK78J/93cUVNQP1f2Zu9fPogFolyqW
voMvDl5Hc77FJW82hcX6+ZZJG+fR8VbMRHZyYBx300KSuFI6MQeFYaY77xYbWggM
tcVmLguaOUmpo29tYOAoKc7eE76n/UoGxOjlLTIvdUGdijjZ8jH3k4GoHyeLDZ1s
qvTJXhi2xOvSQLsSj5of1+2spUksqpp1T7zY+JT7hNfO7Rtw+ffxCUj7zQJ0RQm6
LE1W7vfunV0tgLS4Pzx+3PNisTLqr6VdOgUpFaA+7+YnT+2BOn8Ux8oObwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO3GW5EKq/khHX69LRFvAtT4sd+WMB8GA1UdIwQY
MBaAFAA7LDhxBpACrQsvQrDL9ekuO+SzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQURzc09IRUdrQUt0Q3k5Q3NNdjE2UzQ3NUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kOTY2ODgtMmQ5OC00NjM0LTg2ZGIt
YjM1YTBhMTQ1M2ZiLzEvN2NaYmtRcXItU0VkZnIwdEVXOEMxUGl4MzVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kOTY2ODgtMmQ5OC00NjM0LTg2ZGItYjM1YTBhMTQ1M2Zi
LzEvQURzc09IRUdrQUt0Q3k5Q3NNdjE2UzQ3NUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZgXMA0G
CSqGSIb3DQEBCwUAA4IBAQB/kMVrR0p6uZItDTw/SrUSZwiE+aR7legcCyQsZipf
VaHViKZTrIcmuGLtJxHnGRhhFNhrwZzY+WQ4ty2UtpISc3+8X/95lun5wmDta4P+
5TK5tikUSEqLObeXK6C2O4J7EtY8jwWxLT8UM3Wn6oOmxW9NeLYoGkAdWGkYIyn4
AqwGw/pUg8uvui7b0BahE2hlevEgsSisG6OXzZ0Sd71wnpPmUDKKcBS5zG6JK+kX
Jw2zAmkXqy/q3/1okgeSFcbHjBjKkBGGYT/xy0IPHQ5KG713J+UEbCAp0x6wiNoR
1bJQqjtSDk3weaEEQETz95KX9czD+WAIXZWZYaDNcVV9
-----END CERTIFICATE-----