Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/qSRuvkg8yKcbA8oUg4FLjzAh4NY.roa
File:                     qSRuvkg8yKcbA8oUg4FLjzAh4NY.roa (raw, json)
Hash identifier:          I1foIeecrx7feWymGh6JX+U4ApFXa05lrAylBPlAszY=
Subject key identifier:   A9:24:6E:BE:48:3C:C8:A7:1B:03:CA:14:83:81:4B:8F:30:21:E0:D6
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018F72C15C673474772B2091B6128345E63D
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/qSRuvkg8yKcbA8oUg4FLjzAh4NY.roa
Signing time:             Mon 13 May 2024 16:20:25 +0000
ROA not before:           Mon 13 May 2024 16:20:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212913
IP address blocks:        45.140.19.0/24 maxlen: 24
                          94.103.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 04:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:72:c1:5c:67:34:74:77:2b:20:91:b6:12:83:45:e6:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: May 13 16:20:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9246ebe483cc8a71b03ca1483814b8f3021e0d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d7:66:45:69:2d:62:97:f2:cc:64:b7:32:49:
                    89:2a:6e:ea:3b:4d:4e:1a:77:4a:cc:59:5f:9d:a5:
                    a7:e6:8d:63:20:53:d3:e1:1a:47:57:0a:97:8c:97:
                    00:b8:b6:5c:e9:31:99:38:07:6c:e5:82:4b:e0:b3:
                    1d:76:00:52:6f:f6:cb:6f:a0:64:ff:f6:8a:c3:6f:
                    67:cb:2c:c9:27:f8:79:fb:ee:ff:66:22:dd:77:6a:
                    83:d9:5b:7f:d5:10:4b:54:c4:26:e4:2c:21:d9:13:
                    2a:c8:d9:e7:2b:c6:17:25:9b:8f:2b:09:20:31:5f:
                    80:4c:b0:b6:c6:c8:c6:23:70:b2:28:e9:52:a9:04:
                    a1:31:fa:12:67:ce:ed:7f:2a:c9:83:86:8b:2c:e9:
                    f8:b6:ce:2b:dc:c8:98:32:47:a4:44:dc:bd:5f:04:
                    ad:80:10:12:54:1a:a5:60:7a:3a:06:07:a3:f9:69:
                    a3:e6:d3:b4:a6:8c:55:01:99:ba:10:7f:c7:b5:b9:
                    a7:67:c0:75:a9:2b:07:67:65:13:a1:f8:97:3b:9d:
                    4c:41:ae:78:d9:79:f2:87:cd:4f:42:01:e6:23:eb:
                    3a:09:51:32:3d:42:6a:75:0f:85:de:7e:9a:4d:a9:
                    0e:77:d3:d7:6a:09:b9:23:f0:69:1f:d5:52:21:8d:
                    50:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:24:6E:BE:48:3C:C8:A7:1B:03:CA:14:83:81:4B:8F:30:21:E0:D6
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/qSRuvkg8yKcbA8oUg4FLjzAh4NY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.19.0/24
                  94.103.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:5f:0c:80:1f:6a:6a:fd:4b:fb:65:b0:03:20:53:92:0d:88:
         55:01:1f:85:68:96:f1:c2:d0:04:98:2b:7a:51:5f:75:73:f8:
         3f:93:7c:06:8e:0f:4c:50:6e:d7:60:66:5e:1a:eb:1c:c5:01:
         63:d6:54:a5:9f:2e:5a:4c:17:fd:68:bc:2f:df:a9:a2:f7:58:
         63:c0:55:51:e9:a2:af:a1:b7:4c:97:0b:31:cd:70:bc:9d:e1:
         0c:2c:d0:ed:61:97:84:81:62:b4:ba:73:3b:5f:e9:03:ea:fd:
         cf:c0:74:8f:fa:25:fd:90:21:0d:38:50:2d:fd:0a:29:f5:e4:
         1b:7c:8a:56:89:da:57:c0:e6:ad:f0:e8:fa:66:63:f8:59:3f:
         ce:99:6f:68:ab:82:82:1b:12:64:b0:6f:41:73:ec:98:9c:61:
         35:ec:87:5a:91:02:28:8a:0d:e0:8c:35:d3:21:3d:fa:8d:8e:
         ea:99:ae:72:ce:94:79:e7:00:1e:e3:49:65:f0:6b:85:0f:79:
         99:57:f7:7e:0d:ec:91:dc:bd:fe:f8:64:d2:c5:7b:87:60:e6:
         e6:79:aa:b2:2c:b9:0e:c7:4c:24:65:2c:99:a4:c5:3f:73:ac:
         69:4b:4c:0c:b6:d0:c4:f5:77:c4:8c:8f:5c:7c:fe:1c:69:48:
         b9:2b:03:08
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9ywVxnNHR3KyCRthKDReY9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwNTEzMTYyMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTI0NmViZTQ4M2NjOGE3MWIwM2NhMTQ4MzgxNGI4ZjMwMjFlMGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztdmRWktYpfyzGS3MkmJKm7qO01O
GndKzFlfnaWn5o1jIFPT4RpHVwqXjJcAuLZc6TGZOAds5YJL4LMddgBSb/bLb6Bk
//aKw29nyyzJJ/h5++7/ZiLdd2qD2Vt/1RBLVMQm5Cwh2RMqyNnnK8YXJZuPKwkg
MV+ATLC2xsjGI3CyKOlSqQShMfoSZ87tfyrJg4aLLOn4ts4r3MiYMkekRNy9XwSt
gBASVBqlYHo6Bgej+Wmj5tO0poxVAZm6EH/HtbmnZ8B1qSsHZ2UTofiXO51MQa54
2Xnyh81PQgHmI+s6CVEyPUJqdQ+F3n6aTakOd9PXagm5I/BpH9VSIY1Q1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKkkbr5IPMinGwPKFIOBS48wIeDWMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvcVNSdXZrZzh5S2NiQThvVWc0RkxqekFoNE5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYwTAwQA
Xme3MA0GCSqGSIb3DQEBCwUAA4IBAQCTXwyAH2pq/Uv7ZbADIFOSDYhVAR+FaJbx
wtAEmCt6UV91c/g/k3wGjg9MUG7XYGZeGuscxQFj1lSlny5aTBf9aLwv36mi91hj
wFVR6aKvobdMlwsxzXC8neEMLNDtYZeEgWK0unM7X+kD6v3PwHSP+iX9kCENOFAt
/Qop9eQbfIpWidpXwOat8Oj6ZmP4WT/OmW9oq4KCGxJksG9Bc+yYnGE17IdakQIo
ig3gjDXTIT36jY7qma5yzpR55wAe40ll8GuFD3mZV/d+DeyR3L3++GTSxXuHYObm
eaqyLLkOx0wkZSyZpMU/c6xpS0wMttDE9XfEjI9cfP4caUi5KwMI
-----END CERTIFICATE-----