Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/0d362c-f863-4d40-80bd-85fc5fd90fd8/1/EoXBaS4ZTvqXMd1BioEj1TWRM3U.roa
File:                     EoXBaS4ZTvqXMd1BioEj1TWRM3U.roa (raw, json)
Hash identifier:          J9pv9gV47fUyPNs+JzaoN9eiYGcFVGc9Ik8zCIihkZM=
Subject key identifier:   12:85:C1:69:2E:19:4E:FA:97:31:DD:41:8A:81:23:D5:35:91:33:75
Certificate issuer:       /CN=127af6c693573a2270c9237875456c2df0b503c2
Certificate serial:       018CC5003F73BB7792EC92CD79EF002CDA0C
Authority key identifier: 12:7A:F6:C6:93:57:3A:22:70:C9:23:78:75:45:6C:2D:F0:B5:03:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Enr2xpNXOiJwySN4dUVsLfC1A8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/0d362c-f863-4d40-80bd-85fc5fd90fd8/1/EoXBaS4ZTvqXMd1BioEj1TWRM3U.roa
Signing time:             Mon 01 Jan 2024 12:29:36 +0000
ROA not before:           Mon 01 Jan 2024 12:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208296
IP address blocks:        45.141.40.0/22 maxlen: 24
                          2a13:5b40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/0d362c-f863-4d40-80bd-85fc5fd90fd8/1/Enr2xpNXOiJwySN4dUVsLfC1A8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/0d362c-f863-4d40-80bd-85fc5fd90fd8/1/Enr2xpNXOiJwySN4dUVsLfC1A8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Enr2xpNXOiJwySN4dUVsLfC1A8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:3f:73:bb:77:92:ec:92:cd:79:ef:00:2c:da:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=127af6c693573a2270c9237875456c2df0b503c2
        Validity
            Not Before: Jan  1 12:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1285c1692e194efa9731dd418a8123d535913375
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:25:28:bb:0d:72:7a:5d:9e:a1:b5:b4:32:e1:
                    35:22:8e:9e:79:da:8b:ef:56:b0:46:41:a3:5e:56:
                    d8:ac:23:d8:7b:80:fa:1c:aa:01:65:29:1f:94:ce:
                    be:94:cd:bd:e9:b2:b2:30:12:67:66:d6:31:80:a6:
                    d7:93:18:5b:99:b3:ce:83:3e:25:53:2f:df:74:28:
                    c0:fa:c5:09:c2:00:92:50:52:65:43:0b:e7:4e:11:
                    f0:35:77:3f:24:2a:fa:79:ea:03:31:23:52:58:15:
                    b3:6e:33:63:f4:55:d6:c3:95:f8:63:4e:74:9e:1e:
                    30:08:25:e7:d8:0f:39:4c:62:0e:e7:e2:ab:27:76:
                    a0:58:d5:f2:43:f2:d8:01:cb:a0:97:0c:68:4a:14:
                    43:b1:d5:69:07:58:0d:af:99:83:f4:f3:d5:ea:01:
                    64:4f:c8:b4:56:60:00:92:c0:08:50:5d:2d:79:e4:
                    6a:0e:38:88:be:34:d0:56:1c:bc:d1:50:5b:c8:10:
                    92:9c:cb:a0:aa:63:d8:0d:e3:8b:53:81:5d:63:74:
                    7a:55:ad:4b:f6:75:24:1c:63:e8:e7:42:9a:71:7e:
                    0f:0c:4a:01:a8:37:6b:4c:fb:85:e6:9e:20:32:97:
                    6c:f0:a1:ba:9a:23:a8:a3:59:e4:53:d0:9b:8b:bf:
                    80:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:85:C1:69:2E:19:4E:FA:97:31:DD:41:8A:81:23:D5:35:91:33:75
            X509v3 Authority Key Identifier:
                keyid:12:7A:F6:C6:93:57:3A:22:70:C9:23:78:75:45:6C:2D:F0:B5:03:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Enr2xpNXOiJwySN4dUVsLfC1A8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/0d362c-f863-4d40-80bd-85fc5fd90fd8/1/EoXBaS4ZTvqXMd1BioEj1TWRM3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/0d362c-f863-4d40-80bd-85fc5fd90fd8/1/Enr2xpNXOiJwySN4dUVsLfC1A8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.40.0/22
                IPv6:
                  2a13:5b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         35:99:49:8e:bf:ab:1e:04:ad:fd:d9:4f:df:98:2e:44:00:49:
         61:28:87:f1:8c:11:85:4d:23:43:4d:0a:cb:49:4c:b4:89:3a:
         1b:0c:2e:21:15:b7:0b:9f:ac:41:dd:b6:67:cf:87:c8:d6:8e:
         53:10:20:ff:95:ad:be:df:8d:2f:4e:d1:97:8b:71:b9:25:f0:
         c2:4f:b3:6b:c5:af:6e:9c:1f:3a:5d:1f:93:94:3a:b8:d1:e5:
         ee:fb:a4:75:fe:6b:63:f7:03:13:63:ba:53:39:c7:83:2f:8a:
         33:85:7f:5f:e8:42:00:8b:f3:6f:98:8a:98:63:5f:d0:16:25:
         96:f0:a7:8d:45:f3:0c:29:08:d8:f4:13:07:55:66:fd:88:c2:
         6e:a4:9f:2e:0c:e4:fa:33:87:20:13:4a:d6:15:fd:f0:18:71:
         6a:25:ea:8b:fd:f7:e7:a3:0b:14:47:70:15:b1:7c:1c:aa:a6:
         f4:d4:77:66:14:50:37:b2:74:2f:65:4e:46:c7:8f:df:b1:1e:
         ce:28:70:bd:da:c5:e2:a6:36:8f:f8:02:27:07:81:7e:90:44:
         de:85:cb:11:3b:71:d5:ed:97:70:8a:bb:47:13:e2:00:24:d2:
         f3:e0:bb:de:99:c8:93:38:e2:3f:77:e4:a4:f0:e8:de:e0:2e:
         dc:d8:3b:07
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAD9zu3eS7JLNee8ALNoMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyN2FmNmM2OTM1NzNhMjI3MGM5MjM3ODc1NDU2YzJkZjBi
NTAzYzIwHhcNMjQwMTAxMTIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjg1YzE2OTJlMTk0ZWZhOTczMWRkNDE4YTgxMjNkNTM1OTEzMzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhCUouw1yel2eobW0MuE1Io6eedqL
71awRkGjXlbYrCPYe4D6HKoBZSkflM6+lM296bKyMBJnZtYxgKbXkxhbmbPOgz4l
Uy/fdCjA+sUJwgCSUFJlQwvnThHwNXc/JCr6eeoDMSNSWBWzbjNj9FXWw5X4Y050
nh4wCCXn2A85TGIO5+KrJ3agWNXyQ/LYAcuglwxoShRDsdVpB1gNr5mD9PPV6gFk
T8i0VmAAksAIUF0teeRqDjiIvjTQVhy80VBbyBCSnMugqmPYDeOLU4FdY3R6Va1L
9nUkHGPo50KacX4PDEoBqDdrTPuF5p4gMpds8KG6miOoo1nkU9Cbi7+AxQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBKFwWkuGU76lzHdQYqBI9U1kTN1MB8GA1UdIwQY
MBaAFBJ69saTVzoicMkjeHVFbC3wtQPCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW5yMnhwTlhPaUp3eVNONGRVVnNMZkMxQThJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8wZDM2MmMtZjg2My00ZDQwLTgwYmQt
ODVmYzVmZDkwZmQ4LzEvRW9YQmFTNFpUdnFYTWQxQmlvRWoxVFdSTTNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8wZDM2MmMtZjg2My00ZDQwLTgwYmQtODVmYzVmZDkwZmQ4
LzEvRW5yMnhwTlhPaUp3eVNONGRVVnNMZkMxQThJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLY0oMA0E
AgACMAcDBQMqE1tAMA0GCSqGSIb3DQEBCwUAA4IBAQA1mUmOv6seBK392U/fmC5E
AElhKIfxjBGFTSNDTQrLSUy0iTobDC4hFbcLn6xB3bZnz4fI1o5TECD/la2+340v
TtGXi3G5JfDCT7Nrxa9unB86XR+TlDq40eXu+6R1/mtj9wMTY7pTOceDL4ozhX9f
6EIAi/NvmIqYY1/QFiWW8KeNRfMMKQjY9BMHVWb9iMJupJ8uDOT6M4cgE0rWFf3w
GHFqJeqL/ffnowsUR3AVsXwcqqb01HdmFFA3snQvZU5Gx4/fsR7OKHC92sXipjaP
+AInB4F+kETehcsRO3HV7ZdwirtHE+IAJNLz4LvemciTOOI/d+Sk8Oje4C7c2DsH
-----END CERTIFICATE-----