Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/4bcb1b-ff41-48e0-8db8-6212ac49ca3b/1/ipEAS-vliJq9f0TrdRYNcNmvrJg.roa
File:                     ipEAS-vliJq9f0TrdRYNcNmvrJg.roa (raw, json)
Hash identifier:          y8Bmpp47o5v9W4xZWrPh2vrrtuYuc6uyQBidt4ucGps=
Subject key identifier:   8A:91:00:4B:EB:E5:88:9A:BD:7F:44:EB:75:16:0D:70:D9:AF:AC:98
Certificate issuer:       /CN=ddb71471373bb0603c356eeded4b918292b5beee
Certificate serial:       018CC6B942320A878B719A97DA824E638F15
Authority key identifier: DD:B7:14:71:37:3B:B0:60:3C:35:6E:ED:ED:4B:91:82:92:B5:BE:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3bcUcTc7sGA8NW7t7UuRgpK1vu4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/4bcb1b-ff41-48e0-8db8-6212ac49ca3b/1/ipEAS-vliJq9f0TrdRYNcNmvrJg.roa
Signing time:             Mon 01 Jan 2024 20:31:19 +0000
ROA not before:           Mon 01 Jan 2024 20:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33915
IP address blocks:        145.8.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/4bcb1b-ff41-48e0-8db8-6212ac49ca3b/1/3bcUcTc7sGA8NW7t7UuRgpK1vu4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/4bcb1b-ff41-48e0-8db8-6212ac49ca3b/1/3bcUcTc7sGA8NW7t7UuRgpK1vu4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3bcUcTc7sGA8NW7t7UuRgpK1vu4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:42:32:0a:87:8b:71:9a:97:da:82:4e:63:8f:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddb71471373bb0603c356eeded4b918292b5beee
        Validity
            Not Before: Jan  1 20:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a91004bebe5889abd7f44eb75160d70d9afac98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:9e:74:7b:3d:36:a1:d8:79:85:56:c2:f9:91:
                    ca:62:fc:f7:61:78:d8:8b:22:0b:81:d2:46:97:42:
                    71:1a:bd:da:60:4e:81:d4:0d:f5:f0:7d:b6:b4:87:
                    d9:0f:f8:2c:4b:4a:20:27:9b:ef:73:df:bb:29:53:
                    56:23:f2:35:f4:87:f5:4f:f2:59:c4:fa:4a:05:8d:
                    c2:07:46:fc:90:ab:bd:97:23:b5:00:f7:e4:1c:c1:
                    95:d3:26:0f:44:81:4e:75:30:ca:7f:da:1a:d8:83:
                    95:cf:2b:0b:e0:cc:a7:28:f0:44:91:55:44:af:52:
                    43:bb:38:b5:31:d7:58:be:ed:4a:cd:da:dd:23:4f:
                    2b:70:94:04:75:88:bb:85:f0:b0:f7:95:05:c0:b3:
                    fc:13:99:c5:04:fe:77:b7:f1:16:6c:09:ea:57:b1:
                    b6:b9:11:36:cd:8b:a4:73:4c:73:8a:20:4a:3c:48:
                    67:1e:6c:3a:25:a0:a0:f4:69:49:d5:b8:dc:39:30:
                    a0:0e:b4:84:46:4c:32:ba:5a:19:7e:44:f6:ab:e2:
                    b6:24:39:1d:fc:61:a6:2b:55:c7:6d:29:e2:c5:83:
                    83:17:ad:34:de:66:77:e9:60:93:7d:51:fe:2c:c0:
                    ea:b9:a1:90:1f:78:ff:8f:41:b3:ab:09:1e:ed:5c:
                    cf:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:91:00:4B:EB:E5:88:9A:BD:7F:44:EB:75:16:0D:70:D9:AF:AC:98
            X509v3 Authority Key Identifier:
                keyid:DD:B7:14:71:37:3B:B0:60:3C:35:6E:ED:ED:4B:91:82:92:B5:BE:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3bcUcTc7sGA8NW7t7UuRgpK1vu4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/4bcb1b-ff41-48e0-8db8-6212ac49ca3b/1/ipEAS-vliJq9f0TrdRYNcNmvrJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/4bcb1b-ff41-48e0-8db8-6212ac49ca3b/1/3bcUcTc7sGA8NW7t7UuRgpK1vu4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.8.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:74:af:24:f8:d3:94:42:91:e1:04:e1:bd:f2:51:b3:bb:11:
         f0:dd:49:12:ce:a9:cd:de:a6:1b:81:db:bf:9b:38:c4:0c:f1:
         e0:32:52:f5:a9:1c:4b:0c:83:9e:8c:28:4f:e7:e8:9b:e6:20:
         12:bf:35:ff:2e:04:4f:c0:8c:51:d9:0b:97:3b:c5:94:fd:25:
         24:88:ee:d0:e6:6b:c9:4d:f2:f1:d0:34:2c:aa:d1:97:8e:71:
         e9:e4:3d:15:76:29:16:16:5e:46:1c:9e:85:82:e5:64:93:a5:
         36:f6:00:21:cf:fb:9e:38:b2:0d:ae:0e:23:62:28:5f:26:da:
         49:2f:93:01:5c:13:ac:8a:27:f0:49:e2:3f:1b:42:cc:fe:ed:
         29:da:f2:fd:f3:fa:0c:53:6e:44:b1:d5:11:13:b9:14:ee:38:
         96:c5:7f:26:0a:c2:2b:d3:91:ba:78:ad:55:27:a2:9a:29:1a:
         76:eb:ce:6c:a8:3f:bd:15:bb:50:c0:5d:a6:0b:5c:86:c0:8b:
         5c:ed:b4:fd:33:80:12:92:08:08:b5:a8:05:77:3a:f1:37:9c:
         08:ff:d4:f3:c4:53:59:f8:f3:87:f8:5a:40:b9:c6:d3:90:d8:
         d0:9b:23:c3:53:d4:48:0b:48:bd:35:5e:23:72:00:21:f9:fa:
         9e:5d:a6:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuUIyCoeLcZqX2oJOY48VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkYjcxNDcxMzczYmIwNjAzYzM1NmVlZGVkNGI5MTgyOTJi
NWJlZWUwHhcNMjQwMTAxMjAzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTkxMDA0YmViZTU4ODlhYmQ3ZjQ0ZWI3NTE2MGQ3MGQ5YWZhYzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmp50ez02odh5hVbC+ZHKYvz3YXjY
iyILgdJGl0JxGr3aYE6B1A318H22tIfZD/gsS0ogJ5vvc9+7KVNWI/I19If1T/JZ
xPpKBY3CB0b8kKu9lyO1APfkHMGV0yYPRIFOdTDKf9oa2IOVzysL4MynKPBEkVVE
r1JDuzi1MddYvu1KzdrdI08rcJQEdYi7hfCw95UFwLP8E5nFBP53t/EWbAnqV7G2
uRE2zYukc0xziiBKPEhnHmw6JaCg9GlJ1bjcOTCgDrSERkwyuloZfkT2q+K2JDkd
/GGmK1XHbSnixYODF6003mZ36WCTfVH+LMDquaGQH3j/j0Gzqwke7VzPxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIqRAEvr5YiavX9E63UWDXDZr6yYMB8GA1UdIwQY
MBaAFN23FHE3O7BgPDVu7e1LkYKStb7uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2JjVWNUYzdzR0E4Tlc3dDdVdVJncEsxdnU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy80YmNiMWItZmY0MS00OGUwLThkYjgt
NjIxMmFjNDljYTNiLzEvaXBFQVMtdmxpSnE5ZjBUcmRSWU5jTm12ckpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy80YmNiMWItZmY0MS00OGUwLThkYjgtNjIxMmFjNDljYTNi
LzEvM2JjVWNUYzdzR0E4Tlc3dDdVdVJncEsxdnU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkQi0MA0G
CSqGSIb3DQEBCwUAA4IBAQBVdK8k+NOUQpHhBOG98lGzuxHw3UkSzqnN3qYbgdu/
mzjEDPHgMlL1qRxLDIOejChP5+ib5iASvzX/LgRPwIxR2QuXO8WU/SUkiO7Q5mvJ
TfLx0DQsqtGXjnHp5D0VdikWFl5GHJ6FguVkk6U29gAhz/ueOLINrg4jYihfJtpJ
L5MBXBOsiifwSeI/G0LM/u0p2vL98/oMU25EsdURE7kU7jiWxX8mCsIr05G6eK1V
J6KaKRp2685sqD+9FbtQwF2mC1yGwItc7bT9M4ASkggItagFdzrxN5wI/9TzxFNZ
+POH+FpAucbTkNjQmyPDU9RIC0i9NV4jcgAh+fqeXaZ+
-----END CERTIFICATE-----