Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/eoXnmAOzAb1FeGwIiNL33io49P8.roa
File:                     eoXnmAOzAb1FeGwIiNL33io49P8.roa (raw, json)
Hash identifier:          ZNWgbFFx2/BTuds7Zp6w0Qk1uq1njKw4Fr1C2l//jRU=
Subject key identifier:   7A:85:E7:98:03:B3:01:BD:45:78:6C:08:88:D2:F7:DE:2A:38:F4:FF
Certificate issuer:       /CN=049d4f66598668079353721c21935a00319f6759
Certificate serial:       018CC424B36AD0B5262FC427635F31E93FE3
Authority key identifier: 04:9D:4F:66:59:86:68:07:93:53:72:1C:21:93:5A:00:31:9F:67:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/eoXnmAOzAb1FeGwIiNL33io49P8.roa
Signing time:             Mon 01 Jan 2024 08:29:48 +0000
ROA not before:           Mon 01 Jan 2024 08:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50518
IP address blocks:        45.94.248.0/22 maxlen: 24
                          2a11:7400::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:b3:6a:d0:b5:26:2f:c4:27:63:5f:31:e9:3f:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=049d4f66598668079353721c21935a00319f6759
        Validity
            Not Before: Jan  1 08:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a85e79803b301bd45786c0888d2f7de2a38f4ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e9:fd:bb:8d:c8:36:d3:6d:7e:84:5d:fd:9c:
                    df:59:e8:b6:68:d6:e7:4d:8c:86:c5:42:bb:f5:f6:
                    07:de:6c:7f:42:ca:55:96:df:23:34:ab:ce:f4:f6:
                    f6:a4:02:5a:7b:3d:25:2a:45:df:0d:bb:79:5a:c6:
                    fc:a5:e9:01:c4:3b:69:bf:55:6a:0a:ee:17:13:36:
                    b7:42:7b:b2:f5:07:89:4a:c0:1c:86:ae:24:a9:ab:
                    84:5e:10:8c:fa:53:a2:09:2a:31:09:72:81:9b:3e:
                    cd:b1:10:8b:89:a4:cd:d5:17:aa:77:d3:b4:8a:73:
                    9f:81:f7:be:8a:db:bd:09:22:51:9c:b2:1b:5b:45:
                    b2:3d:f4:ab:f9:26:27:17:c8:8b:00:59:a2:cd:33:
                    c7:8f:38:95:45:ee:1c:ac:d5:32:d2:e7:8f:62:cf:
                    bf:f4:8b:2a:be:dd:8b:af:a9:a1:2d:2e:7a:0a:a8:
                    3c:ac:9c:c4:ed:b2:45:8d:36:2a:fe:f9:e9:19:ac:
                    f7:74:cc:7e:a5:66:77:c6:70:a7:58:8b:28:e4:98:
                    f9:8f:25:cf:44:9c:94:d1:25:b0:b1:90:fd:4d:bb:
                    15:07:39:06:fd:9f:d2:bc:c2:60:54:72:6a:b9:4b:
                    eb:fb:8c:b9:78:c4:d5:9d:80:89:c6:7a:ee:80:2e:
                    dd:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:85:E7:98:03:B3:01:BD:45:78:6C:08:88:D2:F7:DE:2A:38:F4:FF
            X509v3 Authority Key Identifier:
                keyid:04:9D:4F:66:59:86:68:07:93:53:72:1C:21:93:5A:00:31:9F:67:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/eoXnmAOzAb1FeGwIiNL33io49P8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.248.0/22
                IPv6:
                  2a11:7400::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:12:ba:4b:17:1d:fc:17:bf:ef:25:ce:c6:22:de:59:59:71:
         e6:98:d1:a5:55:7a:79:9d:3a:b8:2c:46:15:c6:d8:e1:30:40:
         a6:56:ec:76:0e:2a:3a:61:e7:d7:d2:19:f3:58:1a:78:f7:4a:
         5b:55:b6:32:48:df:02:80:61:c2:89:17:13:64:fc:76:a0:7b:
         bb:3b:18:ec:b6:da:da:cb:3e:e9:9b:55:8a:39:b5:4d:e9:1a:
         2b:ad:52:e6:80:e5:36:80:12:a6:2d:98:c2:62:3f:9e:2c:aa:
         ac:ec:45:7a:cd:2f:64:f1:10:8e:ca:22:fa:59:40:72:c8:64:
         63:89:a1:41:47:25:21:8e:9d:c5:dd:63:e0:69:99:71:b5:23:
         08:6d:b1:44:18:b3:0e:8f:3e:64:d3:10:f1:ee:b4:d8:d7:d7:
         23:3e:6a:e7:7e:df:2f:2f:b6:2b:ae:bc:7f:39:8d:91:0e:0a:
         c3:5e:6a:3c:0e:65:02:a9:ce:1d:27:46:0a:5e:0f:a1:3b:11:
         05:4a:b1:c1:7c:b5:74:fa:40:f5:84:51:8a:f4:16:4d:bf:10:
         da:5b:e9:ac:92:de:fb:e5:be:ce:53:c4:c4:48:75:7b:2f:dd:
         fc:08:54:65:bd:50:85:bd:4e:50:1b:99:9a:14:4c:73:40:6b:
         ba:85:83:5f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJLNq0LUmL8QnY18x6T/jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0OWQ0ZjY2NTk4NjY4MDc5MzUzNzIxYzIxOTM1YTAwMzE5
ZjY3NTkwHhcNMjQwMTAxMDgyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTg1ZTc5ODAzYjMwMWJkNDU3ODZjMDg4OGQyZjdkZTJhMzhmNGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiun9u43INtNtfoRd/ZzfWei2aNbn
TYyGxUK79fYH3mx/QspVlt8jNKvO9Pb2pAJaez0lKkXfDbt5Wsb8pekBxDtpv1Vq
Cu4XEza3Qnuy9QeJSsAchq4kqauEXhCM+lOiCSoxCXKBmz7NsRCLiaTN1Reqd9O0
inOfgfe+itu9CSJRnLIbW0WyPfSr+SYnF8iLAFmizTPHjziVRe4crNUy0uePYs+/
9Isqvt2Lr6mhLS56Cqg8rJzE7bJFjTYq/vnpGaz3dMx+pWZ3xnCnWIso5Jj5jyXP
RJyU0SWwsZD9TbsVBzkG/Z/SvMJgVHJquUvr+4y5eMTVnYCJxnrugC7dCwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHqF55gDswG9RXhsCIjS994qOPT/MB8GA1UdIwQY
MBaAFASdT2ZZhmgHk1NyHCGTWgAxn2dZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkoxUFpsbUdhQWVUVTNJY0laTmFBREdmWjFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9mMjNmYjYtMzIyOS00ZThiLTkzNmEt
OTI3OTU0N2VjYTU1LzEvZW9Ybm1BT3pBYjFGZUd3SWlOTDMzaW80OVA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9mMjNmYjYtMzIyOS00ZThiLTkzNmEtOTI3OTU0N2VjYTU1
LzEvQkoxUFpsbUdhQWVUVTNJY0laTmFBREdmWjFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLV74MA0E
AgACMAcDBQMqEXQAMA0GCSqGSIb3DQEBCwUAA4IBAQBEErpLFx38F7/vJc7GIt5Z
WXHmmNGlVXp5nTq4LEYVxtjhMECmVux2Dio6YefX0hnzWBp490pbVbYySN8CgGHC
iRcTZPx2oHu7Oxjsttrayz7pm1WKObVN6RorrVLmgOU2gBKmLZjCYj+eLKqs7EV6
zS9k8RCOyiL6WUByyGRjiaFBRyUhjp3F3WPgaZlxtSMIbbFEGLMOjz5k0xDx7rTY
19cjPmrnft8vL7Yrrrx/OY2RDgrDXmo8DmUCqc4dJ0YKXg+hOxEFSrHBfLV0+kD1
hFGK9BZNvxDaW+mskt775b7OU8TESHV7L938CFRlvVCFvU5QG5maFExzQGu6hYNf
-----END CERTIFICATE-----