Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7d3565-7b00-4d81-9ab3-919eaba61b94/1/lRnPs1I47AaVBHetem50cN-N1rc.roa
File:                     lRnPs1I47AaVBHetem50cN-N1rc.roa (raw, json)
Hash identifier:          RrwoBbU+dZTWc8siwD6Ur6HWVvBcKfKLArLWeVhU/vQ=
Subject key identifier:   95:19:CF:B3:52:38:EC:06:95:04:77:AD:7A:6E:74:70:DF:8D:D6:B7
Certificate issuer:       /CN=ebbd22afb80dfada2003d40e546dafd37ff869fd
Certificate serial:       018FA3AB4A72E9C8C0EAF591729DBE28D569
Authority key identifier: EB:BD:22:AF:B8:0D:FA:DA:20:03:D4:0E:54:6D:AF:D3:7F:F8:69:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/670ir7gN-togA9QOVG2v03_4af0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7d3565-7b00-4d81-9ab3-919eaba61b94/1/lRnPs1I47AaVBHetem50cN-N1rc.roa
Signing time:             Thu 23 May 2024 04:17:42 +0000
ROA not before:           Thu 23 May 2024 04:17:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212609
IP address blocks:        45.88.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7d3565-7b00-4d81-9ab3-919eaba61b94/1/670ir7gN-togA9QOVG2v03_4af0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7d3565-7b00-4d81-9ab3-919eaba61b94/1/670ir7gN-togA9QOVG2v03_4af0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/670ir7gN-togA9QOVG2v03_4af0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a3:ab:4a:72:e9:c8:c0:ea:f5:91:72:9d:be:28:d5:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebbd22afb80dfada2003d40e546dafd37ff869fd
        Validity
            Not Before: May 23 04:17:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9519cfb35238ec06950477ad7a6e7470df8dd6b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f9:f4:6c:34:2e:f1:47:6f:ed:5e:76:60:c2:
                    48:eb:6f:9a:7a:43:69:4f:dd:67:07:24:24:24:fb:
                    44:6d:e7:1c:99:5b:88:56:c5:4f:52:62:be:72:92:
                    90:7a:39:9c:2f:65:0c:ec:06:3f:bc:0e:9d:e4:cd:
                    fd:a0:35:d5:8c:f0:d9:77:de:22:3b:e3:7d:55:72:
                    35:7e:67:c2:73:d8:14:4f:d9:0e:33:d6:ed:e5:0d:
                    3a:4e:e5:6d:83:3c:b7:6a:ac:f2:1b:ba:f8:cb:5b:
                    57:f1:d3:80:16:0a:b6:5c:7b:8b:1d:09:d1:de:31:
                    e3:3b:47:b0:25:f3:2a:da:aa:2c:c4:db:ad:bf:3c:
                    f3:b5:2c:50:fb:9e:b4:5a:f3:51:a6:19:1a:24:89:
                    12:93:29:f6:7f:95:20:43:91:ae:bf:b0:25:8c:86:
                    62:ea:36:b2:30:f6:9c:26:02:9b:84:71:be:f4:5e:
                    29:e9:f4:f9:48:1b:06:89:f0:05:4d:1c:75:9b:c6:
                    1b:e7:bb:df:b1:f5:21:6a:ce:16:c0:88:47:92:f0:
                    aa:92:ea:bd:0a:01:78:a7:cc:e6:54:d0:40:9b:fa:
                    89:28:42:32:00:38:36:34:b2:b6:46:51:43:47:d9:
                    eb:6f:e2:83:22:8a:46:62:fd:45:1a:bc:05:88:0c:
                    f6:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:19:CF:B3:52:38:EC:06:95:04:77:AD:7A:6E:74:70:DF:8D:D6:B7
            X509v3 Authority Key Identifier:
                keyid:EB:BD:22:AF:B8:0D:FA:DA:20:03:D4:0E:54:6D:AF:D3:7F:F8:69:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/670ir7gN-togA9QOVG2v03_4af0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7d3565-7b00-4d81-9ab3-919eaba61b94/1/lRnPs1I47AaVBHetem50cN-N1rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7d3565-7b00-4d81-9ab3-919eaba61b94/1/670ir7gN-togA9QOVG2v03_4af0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:d7:b4:8f:d7:c4:8c:c6:32:fe:8c:00:b7:7b:bc:86:d6:0a:
         70:af:46:c0:e9:f0:20:55:bd:61:01:20:8b:b2:2a:de:3f:81:
         39:f2:02:bc:83:e2:2e:65:0a:1e:00:f4:57:72:a6:77:71:48:
         48:36:39:52:a3:29:f4:dc:b5:0b:5a:cf:35:6a:81:94:15:e2:
         2a:27:8d:ba:b1:ca:17:8c:f2:5b:6f:b4:c1:8c:90:29:43:87:
         b6:54:86:a1:b7:07:3a:46:5e:0e:85:01:f2:75:ca:6b:91:cf:
         a8:83:6c:6d:38:4e:5d:18:98:31:58:bd:fa:c3:c4:ee:b9:a7:
         92:86:68:b7:8f:83:f8:5d:1e:a2:ae:c8:8a:d8:ca:19:55:2c:
         63:d3:e8:6e:e1:ee:70:a1:cc:07:12:28:36:1f:bb:98:7a:d5:
         cd:f7:68:89:b7:23:4f:bd:fe:df:a8:b5:08:5b:2b:fe:7f:c7:
         f7:28:a3:b4:62:9c:46:dc:98:2b:32:5f:ab:eb:b1:23:3c:9c:
         6c:74:02:ab:c9:5e:be:4e:5a:a9:df:1c:6d:f9:09:21:6d:a2:
         43:63:5d:fa:b5:8b:95:b8:a4:03:32:24:8e:50:4b:d1:a6:89:
         b1:cf:ef:b7:9b:f2:c5:bd:29:ab:05:69:07:4b:b2:b6:90:cd:
         da:80:c1:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+jq0py6cjA6vWRcp2+KNVpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYmQyMmFmYjgwZGZhZGEyMDAzZDQwZTU0NmRhZmQzN2Zm
ODY5ZmQwHhcNMjQwNTIzMDQxNzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTE5Y2ZiMzUyMzhlYzA2OTUwNDc3YWQ3YTZlNzQ3MGRmOGRkNmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPn0bDQu8Udv7V52YMJI62+aekNp
T91nByQkJPtEbeccmVuIVsVPUmK+cpKQejmcL2UM7AY/vA6d5M39oDXVjPDZd94i
O+N9VXI1fmfCc9gUT9kOM9bt5Q06TuVtgzy3aqzyG7r4y1tX8dOAFgq2XHuLHQnR
3jHjO0ewJfMq2qosxNutvzzztSxQ+560WvNRphkaJIkSkyn2f5UgQ5Guv7AljIZi
6jayMPacJgKbhHG+9F4p6fT5SBsGifAFTRx1m8Yb57vfsfUhas4WwIhHkvCqkuq9
CgF4p8zmVNBAm/qJKEIyADg2NLK2RlFDR9nrb+KDIopGYv1FGrwFiAz2awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUZz7NSOOwGlQR3rXpudHDfjda3MB8GA1UdIwQY
MBaAFOu9Iq+4DfraIAPUDlRtr9N/+Gn9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjcwaXI3Z04tdG9nQTlRT1ZHMnYwM180YWYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83ZDM1NjUtN2IwMC00ZDgxLTlhYjMt
OTE5ZWFiYTYxYjk0LzEvbFJuUHMxSTQ3QWFWQkhldGVtNTBjTi1OMXJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83ZDM1NjUtN2IwMC00ZDgxLTlhYjMtOTE5ZWFiYTYxYjk0
LzEvNjcwaXI3Z04tdG9nQTlRT1ZHMnYwM180YWYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVjhMA0G
CSqGSIb3DQEBCwUAA4IBAQCY17SP18SMxjL+jAC3e7yG1gpwr0bA6fAgVb1hASCL
sireP4E58gK8g+IuZQoeAPRXcqZ3cUhINjlSoyn03LULWs81aoGUFeIqJ426scoX
jPJbb7TBjJApQ4e2VIahtwc6Rl4OhQHydcprkc+og2xtOE5dGJgxWL36w8TuuaeS
hmi3j4P4XR6irsiK2MoZVSxj0+hu4e5wocwHEig2H7uYetXN92iJtyNPvf7fqLUI
Wyv+f8f3KKO0YpxG3JgrMl+r67EjPJxsdAKryV6+Tlqp3xxt+QkhbaJDY136tYuV
uKQDMiSOUEvRpomxz++3m/LFvSmrBWkHS7K2kM3agMGk
-----END CERTIFICATE-----