Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/fuvY2x3HsIO6gagsFqqITiQ_yGw.roa
File:                     fuvY2x3HsIO6gagsFqqITiQ_yGw.roa (raw, json)
Hash identifier:          SuZo82ra513kqunDJrOE76D6k1ULI5qVhzPv0+Hxb8s=
Subject key identifier:   7E:EB:D8:DB:1D:C7:B0:83:BA:81:A8:2C:16:AA:88:4E:24:3F:C8:6C
Certificate issuer:       /CN=ebf385ced090dbf1d044734e12a270ee6b841c96
Certificate serial:       01941FFA2FDB0CBE73001DA43164FFC39A98
Authority key identifier: EB:F3:85:CE:D0:90:DB:F1:D0:44:73:4E:12:A2:70:EE:6B:84:1C:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_OFztCQ2_HQRHNOEqJw7muEHJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/fuvY2x3HsIO6gagsFqqITiQ_yGw.roa
Signing time:             Wed 01 Jan 2025 03:47:57 +0000
ROA not before:           Wed 01 Jan 2025 03:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        45.141.88.0/24 maxlen: 24
                          45.141.89.0/24 maxlen: 24
                          45.141.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/6_OFztCQ2_HQRHNOEqJw7muEHJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/6_OFztCQ2_HQRHNOEqJw7muEHJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6_OFztCQ2_HQRHNOEqJw7muEHJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:2f:db:0c:be:73:00:1d:a4:31:64:ff:c3:9a:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebf385ced090dbf1d044734e12a270ee6b841c96
        Validity
            Not Before: Jan  1 03:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7eebd8db1dc7b083ba81a82c16aa884e243fc86c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2b:57:77:25:d8:4f:33:7c:08:80:52:0f:93:
                    c0:78:ce:79:22:19:1c:13:f4:0a:d5:5d:18:20:2a:
                    a9:46:2f:18:11:d1:97:8b:e4:90:aa:5c:58:45:ee:
                    b5:a7:75:a2:28:4f:53:35:f3:85:fe:04:e4:fa:da:
                    7f:8b:6c:c7:95:a5:98:a7:e2:95:f4:f2:01:78:7d:
                    2b:c6:c4:02:9e:93:39:81:e0:61:8c:99:8b:31:2b:
                    d3:06:f7:9c:2d:6e:fe:e6:4d:26:a7:89:71:7e:12:
                    7b:74:81:58:bd:6c:1f:0f:eb:aa:ef:16:41:ea:f3:
                    cd:97:39:30:d9:6d:b3:74:10:49:32:19:5e:19:84:
                    f8:d5:ae:82:c8:38:0f:1a:39:31:ef:06:cf:86:cc:
                    48:82:8d:6a:4b:34:a8:95:3f:36:c8:53:67:3a:4c:
                    48:90:fc:a1:e2:8f:37:3b:6d:70:ea:53:42:17:60:
                    dd:be:5f:1b:fa:5b:c3:00:87:eb:1d:61:19:4b:b0:
                    01:9a:bf:51:e1:8e:35:32:39:26:59:1a:69:3b:f4:
                    98:73:3c:b8:2a:6e:11:ef:9d:5d:98:83:37:fa:49:
                    db:d1:1c:d6:d7:9d:7b:3e:81:75:7f:03:b0:fa:a7:
                    77:ba:49:e1:df:15:53:bc:dd:6c:cd:1e:9d:09:65:
                    fc:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:EB:D8:DB:1D:C7:B0:83:BA:81:A8:2C:16:AA:88:4E:24:3F:C8:6C
            X509v3 Authority Key Identifier:
                keyid:EB:F3:85:CE:D0:90:DB:F1:D0:44:73:4E:12:A2:70:EE:6B:84:1C:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_OFztCQ2_HQRHNOEqJw7muEHJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/fuvY2x3HsIO6gagsFqqITiQ_yGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/6_OFztCQ2_HQRHNOEqJw7muEHJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.88.0-45.141.90.255

    Signature Algorithm: sha256WithRSAEncryption
         41:c4:8e:dd:7f:28:b5:8e:45:33:12:2d:4c:70:3c:b6:38:6e:
         60:a3:66:6d:4a:c5:c4:1a:b3:09:75:c3:5b:2c:c9:47:81:b9:
         4a:f8:14:28:75:5c:ec:1b:e4:d4:f4:3e:a2:c1:2d:db:95:99:
         9c:f2:9b:7b:68:4f:f6:bf:68:60:df:5f:a8:45:75:c8:06:21:
         74:53:c6:0e:42:83:83:b1:f4:80:15:80:6f:38:3c:35:3d:4d:
         b8:b6:fe:9a:95:8a:30:03:14:79:c6:e7:86:3f:1e:34:ea:3a:
         f8:5d:62:21:b8:bd:ae:39:03:b8:cd:c5:b2:21:9b:0a:46:05:
         fc:ac:e9:cd:72:33:5e:94:e3:64:d1:4d:fd:3a:4b:a4:8f:fa:
         a0:53:68:d7:88:46:72:9d:6a:80:9d:eb:46:99:b4:62:c2:7c:
         76:15:54:c4:a5:a2:76:b0:01:de:24:1a:be:b7:5d:da:65:29:
         d4:5d:ae:b7:27:2b:08:6f:e7:5c:71:c9:e4:56:a3:91:6c:2e:
         c9:d6:48:57:0c:2f:b1:2d:bd:4b:7f:c3:0c:09:02:97:b9:fb:
         17:ed:3c:3c:94:75:7e:f1:d8:c4:c3:91:d2:72:14:35:8c:6b:
         6e:1a:6a:84:9f:e9:2f:2e:d9:09:29:0b:ab:90:8c:9f:30:e2:
         21:e0:d2:7e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQf+i/bDL5zAB2kMWT/w5qYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZjM4NWNlZDA5MGRiZjFkMDQ0NzM0ZTEyYTI3MGVlNmI4
NDFjOTYwHhcNMjUwMTAxMDM0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWViZDhkYjFkYzdiMDgzYmE4MWE4MmMxNmFhODg0ZTI0M2ZjODZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCtXdyXYTzN8CIBSD5PAeM55Ihkc
E/QK1V0YICqpRi8YEdGXi+SQqlxYRe61p3WiKE9TNfOF/gTk+tp/i2zHlaWYp+KV
9PIBeH0rxsQCnpM5geBhjJmLMSvTBvecLW7+5k0mp4lxfhJ7dIFYvWwfD+uq7xZB
6vPNlzkw2W2zdBBJMhleGYT41a6CyDgPGjkx7wbPhsxIgo1qSzSolT82yFNnOkxI
kPyh4o83O21w6lNCF2Ddvl8b+lvDAIfrHWEZS7ABmr9R4Y41MjkmWRppO/SYczy4
Km4R751dmIM3+knb0RzW1517PoF1fwOw+qd3uknh3xVTvN1szR6dCWX8KQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFH7r2Nsdx7CDuoGoLBaqiE4kP8hsMB8GA1UdIwQY
MBaAFOvzhc7QkNvx0ERzThKicO5rhByWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9PRnp0Q1EyX0hRUkhOT0VxSnc3bXVFSEpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8xYTllMTQtN2ZiNC00ODliLTkwYmUt
NDY1ZDIyM2IyMzJlLzEvZnV2WTJ4M0hzSU82Z2Fnc0ZxcUlUaVFfeUd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8xYTllMTQtN2ZiNC00ODliLTkwYmUtNDY1ZDIyM2IyMzJl
LzEvNl9PRnp0Q1EyX0hRUkhOT0VxSnc3bXVFSEpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAMtjVgD
BAAtjVowDQYJKoZIhvcNAQELBQADggEBAEHEjt1/KLWORTMSLUxwPLY4bmCjZm1K
xcQaswl1w1ssyUeBuUr4FCh1XOwb5NT0PqLBLduVmZzym3toT/a/aGDfX6hFdcgG
IXRTxg5Cg4Ox9IAVgG84PDU9Tbi2/pqVijADFHnG54Y/HjTqOvhdYiG4va45A7jN
xbIhmwpGBfys6c1yM16U42TRTf06S6SP+qBTaNeIRnKdaoCd60aZtGLCfHYVVMSl
onawAd4kGr63XdplKdRdrrcnKwhv51xxyeRWo5FsLsnWSFcML7EtvUt/wwwJApe5
+xftPDyUdX7x2MTDkdJyFDWMa24aaoSf6S8u2QkpC6uQjJ8w4iHg0n4=
-----END CERTIFICATE-----