Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/bb97d9-7b81-449f-9060-bd465ce711bb/1/egM_lo5hkg5KA7_uP-5h7pmD4BM.roa
File:                     egM_lo5hkg5KA7_uP-5h7pmD4BM.roa (raw, json)
Hash identifier:          LWEk9cOjEXdGtew0n3bgwHhe3Zn8McfotK81AHI+3M0=
Subject key identifier:   7A:03:3F:96:8E:61:92:0E:4A:03:BF:EE:3F:EE:61:EE:99:83:E0:13
Certificate issuer:       /CN=9c1ee4d39cfaa1b3ac799c17f7882b8ce4e28120
Certificate serial:       019425FCEB1B73B30A55FB939F4BCAD2BB0C
Authority key identifier: 9C:1E:E4:D3:9C:FA:A1:B3:AC:79:9C:17:F7:88:2B:8C:E4:E2:81:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nB7k05z6obOseZwX94grjOTigSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/bb97d9-7b81-449f-9060-bd465ce711bb/1/egM_lo5hkg5KA7_uP-5h7pmD4BM.roa
Signing time:             Thu 02 Jan 2025 07:48:39 +0000
ROA not before:           Thu 02 Jan 2025 07:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208770
IP address blocks:        45.85.196.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/bb97d9-7b81-449f-9060-bd465ce711bb/1/nB7k05z6obOseZwX94grjOTigSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/bb97d9-7b81-449f-9060-bd465ce711bb/1/nB7k05z6obOseZwX94grjOTigSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nB7k05z6obOseZwX94grjOTigSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 03:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:eb:1b:73:b3:0a:55:fb:93:9f:4b:ca:d2:bb:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c1ee4d39cfaa1b3ac799c17f7882b8ce4e28120
        Validity
            Not Before: Jan  2 07:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a033f968e61920e4a03bfee3fee61ee9983e013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:fd:ec:68:2b:84:57:e0:b5:47:a4:f8:71:c6:
                    5e:7f:51:36:11:14:c7:d7:73:6c:c7:3d:df:0c:1e:
                    ef:42:ae:5d:b0:c0:93:17:07:c1:50:f8:e9:f6:48:
                    46:17:82:c6:11:b2:0e:03:73:e2:af:58:75:e5:f3:
                    ac:bc:66:18:90:80:e7:56:8a:33:b2:4e:26:2a:c0:
                    80:b4:4e:8c:8a:53:91:a5:ba:ab:64:05:ca:c3:cb:
                    17:33:12:14:a5:61:99:f0:dd:bc:54:9c:80:51:f7:
                    47:e7:31:61:98:6e:35:f2:43:e3:7f:e4:76:0f:59:
                    44:cb:79:29:7f:7d:c2:fd:14:5c:3e:b1:2c:90:cb:
                    55:1c:07:10:ae:cb:93:38:0d:9c:24:c3:ca:46:9e:
                    1e:df:4c:c1:03:38:27:cb:59:d8:2a:cf:2d:12:92:
                    85:a5:84:ff:f5:9c:30:f0:aa:dc:56:88:5c:10:d6:
                    ab:d5:c7:b3:39:5b:68:de:f1:27:b4:ec:44:14:8f:
                    15:0f:a0:f0:9c:eb:08:ae:08:ee:b3:18:5f:26:a6:
                    32:98:01:8d:96:d0:23:03:67:b3:3c:f7:57:38:d2:
                    6e:2c:ab:80:ee:06:be:4e:9f:44:e9:24:1c:a3:a1:
                    21:09:30:31:67:2b:c0:38:96:e6:52:ab:ac:80:4a:
                    91:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:03:3F:96:8E:61:92:0E:4A:03:BF:EE:3F:EE:61:EE:99:83:E0:13
            X509v3 Authority Key Identifier:
                keyid:9C:1E:E4:D3:9C:FA:A1:B3:AC:79:9C:17:F7:88:2B:8C:E4:E2:81:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nB7k05z6obOseZwX94grjOTigSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/bb97d9-7b81-449f-9060-bd465ce711bb/1/egM_lo5hkg5KA7_uP-5h7pmD4BM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/bb97d9-7b81-449f-9060-bd465ce711bb/1/nB7k05z6obOseZwX94grjOTigSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:a2:f1:10:e9:01:9d:ac:e7:3a:aa:c7:71:08:e5:50:4b:e6:
         d3:b6:d6:96:77:b1:a0:f8:a4:d3:e7:7c:6a:a1:03:80:1c:00:
         e8:ac:fb:42:8d:93:6e:8f:01:4d:fb:d9:ff:a2:14:b3:1a:ab:
         23:cd:d1:cf:be:fa:e8:20:07:e2:a6:ab:ad:49:b9:88:b1:0e:
         0d:07:4e:b1:e5:8b:f0:8f:e5:e0:5e:f8:17:1a:14:69:d0:b5:
         1d:5c:49:c9:ca:44:df:c7:0a:a8:d0:fa:78:44:28:22:34:d4:
         34:f2:2d:5e:fb:03:12:0d:f4:14:bb:06:2d:4d:36:fd:84:0d:
         78:87:32:d7:19:fc:c7:93:ae:42:bb:bc:25:51:97:4f:e8:e3:
         d9:4d:87:18:f5:85:72:3a:e5:0b:6c:ea:a0:3b:4f:f1:83:fd:
         7d:68:d4:20:75:d3:36:80:d6:11:6c:36:06:2d:22:d7:03:8a:
         67:77:07:e5:ae:ea:82:5e:80:7d:d2:8f:12:ef:f6:02:c1:3f:
         55:83:62:ca:88:40:2b:d0:5f:eb:11:ec:0a:ef:0e:5e:b7:d0:
         2e:a0:a3:45:43:98:e3:e8:77:25:66:24:fd:52:21:6b:e8:77:
         97:d5:71:23:5f:ac:62:f2:e1:79:06:fc:46:02:73:3f:4e:e2:
         43:1c:5c:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/Osbc7MKVfuTn0vK0rsMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMWVlNGQzOWNmYWExYjNhYzc5OWMxN2Y3ODgyYjhjZTRl
MjgxMjAwHhcNMjUwMTAyMDc0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTAzM2Y5NjhlNjE5MjBlNGEwM2JmZWUzZmVlNjFlZTk5ODNlMDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/3saCuEV+C1R6T4ccZef1E2ERTH
13Nsxz3fDB7vQq5dsMCTFwfBUPjp9khGF4LGEbIOA3Pir1h15fOsvGYYkIDnVooz
sk4mKsCAtE6MilORpbqrZAXKw8sXMxIUpWGZ8N28VJyAUfdH5zFhmG418kPjf+R2
D1lEy3kpf33C/RRcPrEskMtVHAcQrsuTOA2cJMPKRp4e30zBAzgny1nYKs8tEpKF
pYT/9Zww8KrcVohcENar1cezOVto3vEntOxEFI8VD6DwnOsIrgjusxhfJqYymAGN
ltAjA2ezPPdXONJuLKuA7ga+Tp9E6SQco6EhCTAxZyvAOJbmUqusgEqR9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHoDP5aOYZIOSgO/7j/uYe6Zg+ATMB8GA1UdIwQY
MBaAFJwe5NOc+qGzrHmcF/eIK4zk4oEgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkI3azA1ejZvYk9zZVp3WDk0Z3JqT1RpZ1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9iYjk3ZDktN2I4MS00NDlmLTkwNjAt
YmQ0NjVjZTcxMWJiLzEvZWdNX2xvNWhrZzVLQTdfdVAtNWg3cG1ENEJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9iYjk3ZDktN2I4MS00NDlmLTkwNjAtYmQ0NjVjZTcxMWJi
LzEvbkI3azA1ejZvYk9zZVp3WDk0Z3JqT1RpZ1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVXEMA0G
CSqGSIb3DQEBCwUAA4IBAQArovEQ6QGdrOc6qsdxCOVQS+bTttaWd7Gg+KTT53xq
oQOAHADorPtCjZNujwFN+9n/ohSzGqsjzdHPvvroIAfipqutSbmIsQ4NB06x5Yvw
j+XgXvgXGhRp0LUdXEnJykTfxwqo0Pp4RCgiNNQ08i1e+wMSDfQUuwYtTTb9hA14
hzLXGfzHk65Cu7wlUZdP6OPZTYcY9YVyOuULbOqgO0/xg/19aNQgddM2gNYRbDYG
LSLXA4pndwflruqCXoB90o8S7/YCwT9Vg2LKiEAr0F/rEewK7w5et9AuoKNFQ5jj
6HclZiT9UiFr6HeX1XEjX6xi8uF5BvxGAnM/TuJDHFy4
-----END CERTIFICATE-----