Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/EaKWPOsEC3AdultDM0xgnKuKMQw.roa
File:                     EaKWPOsEC3AdultDM0xgnKuKMQw.roa (raw, json)
Hash identifier:          ToTX7iP8fSgcvywfV//7pITdESq6M1Icc2aC2KWJxzg=
Subject key identifier:   11:A2:96:3C:EB:04:0B:70:1D:BA:5B:43:33:4C:60:9C:AB:8A:31:0C
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018CC6B7B01A7270F385A2ACF8602E24D711
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/EaKWPOsEC3AdultDM0xgnKuKMQw.roa
Signing time:             Mon 01 Jan 2024 20:29:36 +0000
ROA not before:           Mon 01 Jan 2024 20:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43297
IP address blocks:        45.145.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b0:1a:72:70:f3:85:a2:ac:f8:60:2e:24:d7:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 20:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11a2963ceb040b701dba5b43334c609cab8a310c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:97:ab:15:61:4a:01:fc:a6:d1:11:48:b5:f0:
                    d5:4f:a4:bb:72:e9:41:36:75:15:f4:6a:c2:f6:19:
                    9a:e1:13:eb:05:f7:ba:2c:c4:66:81:61:0f:0f:01:
                    e4:6f:34:be:3d:65:26:86:98:1c:11:14:33:94:16:
                    d2:bb:e6:5c:71:7d:ca:19:1d:9c:f2:ee:ce:36:81:
                    41:67:e5:8a:33:e8:97:de:db:56:82:e6:d0:db:f9:
                    f0:51:83:0f:da:f2:9b:90:55:2c:7d:b0:66:68:d2:
                    f4:0b:05:ff:0f:d2:b8:33:ae:9b:46:a3:b6:39:e9:
                    c8:2c:ac:12:ec:65:f6:a4:18:e1:b4:a9:7a:81:34:
                    82:5d:b8:c5:f8:25:5a:72:10:10:9f:d1:02:f7:52:
                    d1:7b:da:e2:45:4f:bb:7e:5d:87:96:3f:21:27:72:
                    1a:7b:dc:95:47:61:30:11:55:7a:35:fa:74:d2:c4:
                    b7:54:30:d5:8f:da:54:28:74:98:de:80:98:6a:b2:
                    81:c5:fd:b0:2e:24:70:d9:05:7d:09:4f:28:23:8b:
                    a4:5a:91:55:45:31:10:6e:89:20:0e:82:ac:6d:1f:
                    ba:6f:d9:91:46:d0:65:d0:f3:9f:cc:80:7e:1f:50:
                    58:26:e2:dc:f0:c4:24:d5:f9:5b:24:9a:e7:4f:c8:
                    f1:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:A2:96:3C:EB:04:0B:70:1D:BA:5B:43:33:4C:60:9C:AB:8A:31:0C
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/EaKWPOsEC3AdultDM0xgnKuKMQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:9d:81:fb:57:b1:e5:09:30:f5:b4:3a:f4:d6:53:ea:af:ba:
         3b:df:85:5f:cc:06:29:74:d4:e5:23:42:81:de:42:55:25:7b:
         66:55:56:69:57:49:99:9f:f2:f1:08:e9:0f:32:2f:28:92:32:
         44:04:d2:b5:c3:ab:3e:ea:52:d6:7f:e7:b5:c2:a8:49:24:42:
         8f:41:53:cc:fc:73:29:90:d2:8c:55:ff:d1:99:4c:26:b0:36:
         9a:87:71:de:78:40:ef:29:1a:20:fc:db:6c:e5:f0:4b:ec:20:
         a1:48:35:d1:fb:fd:82:16:ef:17:19:51:20:72:72:c4:63:8a:
         84:c8:07:73:74:03:1c:ad:3f:d4:7b:7d:11:43:44:49:c2:cc:
         ba:76:e5:80:83:19:b3:96:62:a0:11:da:3d:bf:df:07:c6:ed:
         09:97:f6:dc:5c:be:b4:db:95:86:ab:b2:be:00:5c:84:df:1e:
         9d:ea:1b:a6:0c:d6:d9:09:58:a2:0b:d8:b7:bb:d2:19:61:19:
         ea:96:b7:cd:58:99:23:f9:f0:e9:b5:51:d6:af:b7:2d:67:0a:
         88:6d:0d:e4:0f:30:95:2d:d5:47:f7:58:48:27:88:ce:1d:13:
         f3:5b:2e:94:52:13:40:a5:69:fd:50:a6:27:7d:e8:6f:64:8a:
         b7:52:7b:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt7AacnDzhaKs+GAuJNcRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwMTAxMjAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWEyOTYzY2ViMDQwYjcwMWRiYTViNDMzMzRjNjA5Y2FiOGEzMTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuperFWFKAfym0RFItfDVT6S7culB
NnUV9GrC9hma4RPrBfe6LMRmgWEPDwHkbzS+PWUmhpgcERQzlBbSu+ZccX3KGR2c
8u7ONoFBZ+WKM+iX3ttWgubQ2/nwUYMP2vKbkFUsfbBmaNL0CwX/D9K4M66bRqO2
OenILKwS7GX2pBjhtKl6gTSCXbjF+CVachAQn9EC91LRe9riRU+7fl2Hlj8hJ3Ia
e9yVR2EwEVV6Nfp00sS3VDDVj9pUKHSY3oCYarKBxf2wLiRw2QV9CU8oI4ukWpFV
RTEQbokgDoKsbR+6b9mRRtBl0POfzIB+H1BYJuLc8MQk1flbJJrnT8jxtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGiljzrBAtwHbpbQzNMYJyrijEMMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvRWFLV1BPc0VDM0FkdWx0RE0weGduS3VLTVF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZEBMA0G
CSqGSIb3DQEBCwUAA4IBAQA3nYH7V7HlCTD1tDr01lPqr7o734VfzAYpdNTlI0KB
3kJVJXtmVVZpV0mZn/LxCOkPMi8okjJEBNK1w6s+6lLWf+e1wqhJJEKPQVPM/HMp
kNKMVf/RmUwmsDaah3HeeEDvKRog/Nts5fBL7CChSDXR+/2CFu8XGVEgcnLEY4qE
yAdzdAMcrT/Ue30RQ0RJwsy6duWAgxmzlmKgEdo9v98Hxu0Jl/bcXL6025WGq7K+
AFyE3x6d6humDNbZCViiC9i3u9IZYRnqlrfNWJkj+fDptVHWr7ctZwqIbQ3kDzCV
LdVH91hIJ4jOHRPzWy6UUhNApWn9UKYnfehvZIq3UntZ
-----END CERTIFICATE-----