Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/EEFH9sMBYc0xZ_GEHX2t5M9Kcns.roa
File:                     EEFH9sMBYc0xZ_GEHX2t5M9Kcns.roa (raw, json)
Hash identifier:          gGAHhLeJ6eDyqwLsTt6i5riMNGglaF96k/hMNvw9c5k=
Subject key identifier:   10:41:47:F6:C3:01:61:CD:31:67:F1:84:1D:7D:AD:E4:CF:4A:72:7B
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       018CC79521FF619424037874B39C77BB3BF7
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/EEFH9sMBYc0xZ_GEHX2t5M9Kcns.roa
Signing time:             Tue 02 Jan 2024 00:31:28 +0000
ROA not before:           Tue 02 Jan 2024 00:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211557
IP address blocks:        45.141.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 23:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:21:ff:61:94:24:03:78:74:b3:9c:77:bb:3b:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Jan  2 00:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=104147f6c30161cd3167f1841d7dade4cf4a727b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:c8:67:7c:17:ed:65:e3:9b:85:03:9a:50:5f:
                    64:a6:15:a0:90:71:26:b5:45:de:fd:08:fa:af:f0:
                    ae:fe:9f:73:37:bd:59:52:94:74:29:e3:be:88:0b:
                    81:3e:33:37:47:eb:f3:6a:ef:07:a8:85:b6:37:a4:
                    7a:54:e4:36:d5:99:c0:1d:95:5b:e4:24:cf:a6:a4:
                    a5:6f:36:86:dd:21:5d:02:b4:7c:bc:ee:14:b5:07:
                    48:95:39:be:ad:1b:a2:8d:fa:d7:5e:f8:fd:13:73:
                    59:d2:7f:08:9d:7e:20:00:40:6e:73:de:91:36:54:
                    3d:06:8a:63:f1:45:fb:7b:a7:95:6a:75:4a:db:11:
                    17:32:e1:9f:8b:4c:36:5a:8b:17:bb:dd:8f:2a:10:
                    53:bd:b3:66:38:30:e6:28:08:17:2e:23:62:7a:7e:
                    9f:d6:15:ba:bf:c4:88:aa:e3:36:36:44:93:2d:6b:
                    ca:15:3c:7d:42:a0:d1:3a:5d:0b:5b:49:5e:2d:a0:
                    a1:89:ce:1b:b0:60:ee:09:10:30:ae:5f:42:28:3b:
                    47:43:c0:87:78:23:63:20:24:c1:dd:20:32:f8:f3:
                    d1:77:dd:08:b0:be:ea:f1:34:06:fa:c7:e3:f4:2c:
                    44:27:c6:99:a6:90:46:da:d7:b7:60:fa:b5:84:0d:
                    c5:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:41:47:F6:C3:01:61:CD:31:67:F1:84:1D:7D:AD:E4:CF:4A:72:7B
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/EEFH9sMBYc0xZ_GEHX2t5M9Kcns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:8f:2f:4f:22:0f:f4:cc:0b:96:d1:59:a0:12:ad:32:bf:07:
         b9:1c:74:2e:12:2a:e3:da:e5:26:cf:fd:bc:fe:83:3b:5e:36:
         94:bc:72:fa:d8:61:34:a3:dd:00:76:bf:7a:63:e9:b3:68:9c:
         69:92:ff:ac:67:b2:4b:05:0c:fb:b5:a2:a2:fe:0f:5c:83:71:
         75:b9:73:72:ba:94:bd:64:a6:40:17:68:02:62:0a:38:4c:b6:
         21:7a:73:1f:19:20:6c:48:25:c7:bb:af:e2:23:ec:ad:f2:02:
         09:d0:b4:94:8f:b9:b2:3b:a8:d8:67:7e:4d:75:0c:15:e3:27:
         35:11:f2:58:98:cb:0a:d5:8c:53:d4:ee:76:dd:f5:d0:a2:b7:
         09:76:fa:d3:3c:45:20:49:82:2d:93:72:a0:70:66:49:47:14:
         54:c0:7f:31:2c:ff:56:25:44:3d:1b:18:eb:7a:59:1a:20:b2:
         c4:e1:0b:8a:3f:6e:03:55:ad:4a:26:e2:98:4e:23:69:9e:50:
         f9:41:7b:0c:48:23:bb:b6:98:96:1f:e5:d2:56:61:5d:db:ad:
         e9:62:d0:ee:0e:46:e8:28:55:f5:3e:32:8e:0b:8e:92:47:c3:
         13:2e:64:cf:6b:9f:1c:91:01:ad:91:02:ee:17:51:9a:13:74:
         81:8c:18:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSH/YZQkA3h0s5x3uzv3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjQwMTAyMDAzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDQxNDdmNmMzMDE2MWNkMzE2N2YxODQxZDdkYWRlNGNmNGE3MjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMhnfBftZeObhQOaUF9kphWgkHEm
tUXe/Qj6r/Cu/p9zN71ZUpR0KeO+iAuBPjM3R+vzau8HqIW2N6R6VOQ21ZnAHZVb
5CTPpqSlbzaG3SFdArR8vO4UtQdIlTm+rRuijfrXXvj9E3NZ0n8InX4gAEBuc96R
NlQ9Bopj8UX7e6eVanVK2xEXMuGfi0w2WosXu92PKhBTvbNmODDmKAgXLiNien6f
1hW6v8SIquM2NkSTLWvKFTx9QqDROl0LW0leLaChic4bsGDuCRAwrl9CKDtHQ8CH
eCNjICTB3SAy+PPRd90IsL7q8TQG+sfj9CxEJ8aZppBG2te3YPq1hA3FVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBBBR/bDAWHNMWfxhB19reTPSnJ7MB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvRUVGSDlzTUJZYzB4Wl9HRUhYMnQ1TTlLY25zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY2VMA0G
CSqGSIb3DQEBCwUAA4IBAQB9jy9PIg/0zAuW0VmgEq0yvwe5HHQuEirj2uUmz/28
/oM7XjaUvHL62GE0o90Adr96Y+mzaJxpkv+sZ7JLBQz7taKi/g9cg3F1uXNyupS9
ZKZAF2gCYgo4TLYhenMfGSBsSCXHu6/iI+yt8gIJ0LSUj7myO6jYZ35NdQwV4yc1
EfJYmMsK1YxT1O523fXQorcJdvrTPEUgSYItk3KgcGZJRxRUwH8xLP9WJUQ9Gxjr
elkaILLE4QuKP24DVa1KJuKYTiNpnlD5QXsMSCO7tpiWH+XSVmFd263pYtDuDkbo
KFX1PjKOC46SR8MTLmTPa58ckQGtkQLuF1GaE3SBjBhs
-----END CERTIFICATE-----