Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/7X_plhmrvkux1oibBja4OB7LETs.roa
File:                     7X_plhmrvkux1oibBja4OB7LETs.roa (raw, json)
Hash identifier:          gnMgxFgUS9IL4J+87g7lZ1R3Q2jpCUYTvtTDs50/e2w=
Subject key identifier:   ED:7F:E9:96:19:AB:BE:4B:B1:D6:88:9B:06:36:B8:38:1E:CB:11:3B
Certificate issuer:       /CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
Certificate serial:       01969BF0C79EA48948D6A9208156D3BFE9B3
Authority key identifier: 6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/7X_plhmrvkux1oibBja4OB7LETs.roa
Signing time:             Sun 04 May 2025 15:36:10 +0000
ROA not before:           Sun 04 May 2025 15:36:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     268581
IP address blocks:        45.140.192.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9b:f0:c7:9e:a4:89:48:d6:a9:20:81:56:d3:bf:e9:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
        Validity
            Not Before: May  4 15:36:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed7fe99619abbe4bb1d6889b0636b8381ecb113b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:33:2e:61:52:d2:90:76:9b:78:a6:c6:b1:c3:
                    c0:56:13:71:6c:39:61:bf:69:b4:e0:33:62:a7:9d:
                    5a:38:da:f6:2b:cc:62:7b:8a:e6:2f:73:bb:6b:f6:
                    cf:63:ea:8b:29:b0:82:cd:19:1f:49:6d:39:3b:cf:
                    78:6c:9d:6b:b3:2a:dd:55:34:f8:bd:9b:18:15:a7:
                    cb:94:73:60:4d:2b:cf:55:d0:5c:47:1b:3f:52:23:
                    14:ef:f7:d7:d9:05:3c:4e:57:bf:9d:9b:3a:96:dd:
                    60:db:5d:e9:bf:e8:e3:cc:c8:7c:11:9e:e4:e6:bd:
                    7c:be:0e:f7:a5:77:bc:de:d7:11:d7:18:5e:ac:63:
                    7e:ac:cd:00:ae:15:ea:a3:31:00:e4:1e:25:54:2e:
                    4a:41:f7:4d:3a:0f:6c:a3:fe:65:cd:ff:56:ad:ad:
                    d6:68:13:a6:08:57:ea:83:0a:7f:a4:20:48:3b:8e:
                    9a:be:34:4d:cf:a3:b1:5c:07:97:c4:d5:6a:11:80:
                    c7:41:d5:b9:74:61:d6:55:de:82:f3:fd:45:48:8a:
                    e7:bb:4f:2f:60:52:e8:9e:f9:ee:a2:9d:64:11:ec:
                    93:ed:d8:30:37:bc:96:d9:34:7c:a3:cf:62:21:34:
                    eb:d3:11:28:d3:f0:7d:48:04:8d:38:6b:e5:53:4a:
                    5c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:7F:E9:96:19:AB:BE:4B:B1:D6:88:9B:06:36:B8:38:1E:CB:11:3B
            X509v3 Authority Key Identifier:
                keyid:6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/7X_plhmrvkux1oibBja4OB7LETs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:01:9b:c9:eb:e2:01:c8:0e:77:8c:d2:72:84:8a:15:f4:99:
         98:43:0c:e0:79:fd:32:6e:88:c7:23:90:4b:4f:01:b5:56:70:
         bf:06:ec:8a:7c:33:2c:f6:c6:86:13:b8:76:12:c9:c5:de:0f:
         11:00:97:2f:00:c7:79:40:6d:ac:3d:eb:02:e1:bd:60:39:1a:
         b0:f5:5b:bd:7f:39:21:5f:13:34:19:0a:e4:4c:18:ed:db:a8:
         e1:19:71:6d:71:49:c7:78:46:d1:34:76:97:49:d6:0f:f9:98:
         d6:70:92:7f:18:fc:69:7c:13:59:6a:d2:38:94:4c:27:57:c4:
         01:6d:a4:39:a3:ec:ac:25:46:e3:96:dd:3a:b6:a5:c9:8d:6c:
         07:81:40:8a:0e:d4:43:7f:f4:fd:f9:93:91:1d:f7:73:29:3c:
         a9:a3:7c:54:4c:ff:6e:67:8d:a5:c4:c1:b4:6f:9f:0f:71:ee:
         9c:49:56:d5:0a:9f:d3:47:bd:c0:f5:27:26:73:1b:03:fe:51:
         38:af:7f:73:a4:50:e1:e6:22:16:99:3e:7e:8e:bf:61:5e:eb:
         30:77:d2:df:20:ec:39:11:e6:fe:b6:da:ec:0e:17:f4:19:15:
         f9:d6:b7:71:33:b1:a6:b0:ea:4b:00:6d:8a:c0:94:2e:29:de:
         9a:e1:8c:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZab8MeepIlI1qkggVbTv+mzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZDk4YzJjNTRiMGNiZWExMzRlMjdhOTgxY2ZkZGU3MzIz
NmUwNTUwHhcNMjUwNTA0MTUzNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDdmZTk5NjE5YWJiZTRiYjFkNjg4OWIwNjM2YjgzODFlY2IxMTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTMuYVLSkHabeKbGscPAVhNxbDlh
v2m04DNip51aONr2K8xie4rmL3O7a/bPY+qLKbCCzRkfSW05O894bJ1rsyrdVTT4
vZsYFafLlHNgTSvPVdBcRxs/UiMU7/fX2QU8Tle/nZs6lt1g213pv+jjzMh8EZ7k
5r18vg73pXe83tcR1xherGN+rM0ArhXqozEA5B4lVC5KQfdNOg9so/5lzf9Wra3W
aBOmCFfqgwp/pCBIO46avjRNz6OxXAeXxNVqEYDHQdW5dGHWVd6C8/1FSIrnu08v
YFLonvnuop1kEeyT7dgwN7yW2TR8o89iITTr0xEo0/B9SASNOGvlU0pcNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO1/6ZYZq75LsdaImwY2uDgeyxE7MB8GA1UdIwQY
MBaAFGzZjCxUsMvqE04nqYHP3ecyNuBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWIt
ZDM3ZGY2MzRhOTI5LzEvN1hfcGxobXJ2a3V4MW9pYkJqYTRPQjdMRVRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWItZDM3ZGY2MzRhOTI5
LzEvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYzAMA0G
CSqGSIb3DQEBCwUAA4IBAQBiAZvJ6+IByA53jNJyhIoV9JmYQwzgef0ybojHI5BL
TwG1VnC/BuyKfDMs9saGE7h2EsnF3g8RAJcvAMd5QG2sPesC4b1gORqw9Vu9fzkh
XxM0GQrkTBjt26jhGXFtcUnHeEbRNHaXSdYP+ZjWcJJ/GPxpfBNZatI4lEwnV8QB
baQ5o+ysJUbjlt06tqXJjWwHgUCKDtRDf/T9+ZORHfdzKTypo3xUTP9uZ42lxMG0
b58Pce6cSVbVCp/TR73A9ScmcxsD/lE4r39zpFDh5iIWmT5+jr9hXuswd9LfIOw5
Eeb+ttrsDhf0GRX51rdxM7GmsOpLAG2KwJQuKd6a4YzM
-----END CERTIFICATE-----