Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/eataSK8CK7l0e74zDhMEktiv298.roa
File:                     eataSK8CK7l0e74zDhMEktiv298.roa (raw, json)
Hash identifier:          2wSnaBtVI2oQWyZU1mBSovWaCNS0PpJ9WDqe8cYeY7w=
Subject key identifier:   79:AB:5A:48:AF:02:2B:B9:74:7B:BE:33:0E:13:04:92:D8:AF:DB:DF
Certificate issuer:       /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial:       018CC56DE9D3E8C2B9A33DB8B549020E692E
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/eataSK8CK7l0e74zDhMEktiv298.roa
Signing time:             Mon 01 Jan 2024 14:29:23 +0000
ROA not before:           Mon 01 Jan 2024 14:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207279
IP address blocks:        45.143.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e9:d3:e8:c2:b9:a3:3d:b8:b5:49:02:0e:69:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
        Validity
            Not Before: Jan  1 14:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79ab5a48af022bb9747bbe330e130492d8afdbdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:5c:80:f8:6b:f3:cd:8e:d6:50:50:f1:6f:c1:
                    6c:f5:9f:20:f0:30:e1:8d:a6:49:4e:08:75:9f:8e:
                    5e:d5:5f:33:84:19:68:c0:ba:dd:77:ce:29:13:89:
                    b9:c2:aa:9e:fc:b0:2b:05:35:d0:91:74:83:73:54:
                    1a:a7:1a:a4:fd:f2:9f:a6:09:aa:a7:45:29:f6:a3:
                    cc:f5:f6:f9:74:03:59:e7:63:af:16:00:10:13:c2:
                    89:e2:4e:d7:9e:8e:36:ab:6c:06:13:53:3d:99:35:
                    54:1b:5e:86:23:af:4e:3c:19:b4:13:46:4e:7e:bd:
                    99:80:65:99:dd:e4:cd:d0:3a:75:d2:78:88:9f:c9:
                    93:51:89:91:a0:47:b4:88:9f:ca:aa:ec:51:62:c0:
                    0c:a2:9d:46:e4:c8:0f:59:c1:91:e3:ef:82:ae:66:
                    33:2f:a8:74:2d:7c:13:e9:a1:d8:0a:7a:73:23:94:
                    df:91:d8:5a:79:fa:c0:3c:8a:0d:c9:70:29:e2:f0:
                    68:05:99:ad:52:4a:00:cc:6d:b3:f9:98:a1:6e:04:
                    2a:7f:00:45:d1:32:ae:38:fd:34:2c:e3:d7:ff:09:
                    1b:22:ce:2a:21:06:f2:e1:74:26:d5:2e:96:01:ff:
                    81:62:f9:6d:41:8c:63:83:87:b6:cf:15:a0:55:fe:
                    20:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:AB:5A:48:AF:02:2B:B9:74:7B:BE:33:0E:13:04:92:D8:AF:DB:DF
            X509v3 Authority Key Identifier:
                keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/eataSK8CK7l0e74zDhMEktiv298.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:cb:65:76:f1:18:67:f8:54:66:67:86:f8:1e:e0:73:d2:cb:
         6d:36:48:94:34:41:9d:bc:37:e7:7d:93:12:d2:67:c0:35:22:
         0b:63:18:be:f6:3d:bd:ba:ae:ff:90:79:de:b7:fb:a8:54:76:
         5a:0c:ba:3f:e4:d5:d6:06:c3:f8:a2:fc:c9:c1:39:f5:ca:a7:
         42:b8:e3:c5:b5:dc:9f:19:cd:17:25:a7:bf:5a:03:b0:d3:71:
         5d:b3:db:d2:4b:12:a5:e1:17:35:8e:b9:9f:3c:66:c2:4f:dc:
         50:be:62:ae:79:59:0d:cb:28:7f:e6:c0:7f:e2:7c:bb:9b:32:
         e3:a1:24:1c:6f:f1:16:9a:20:a6:41:40:46:e5:7c:9b:e7:26:
         13:6c:dc:f8:51:9d:b7:e2:16:7d:ff:82:98:1c:66:a9:3e:99:
         c7:89:cb:49:d9:eb:ee:67:fc:ce:49:fe:a0:ee:fe:e9:af:25:
         f3:b2:d5:40:66:89:bd:75:82:11:ee:b1:b3:c3:5b:3a:93:7f:
         8b:29:1f:72:88:eb:c2:9e:40:d2:c7:47:f9:92:5b:34:99:88:
         13:db:ab:59:14:09:c3:1d:eb:e1:96:bf:7c:33:f9:74:a4:ea:
         a4:3e:d8:b4:e0:7d:90:5d:40:e1:c3:ea:7c:9c:dc:4e:1e:93:
         50:a9:19:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbenT6MK5oz24tUkCDmkuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjQwMTAxMTQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWFiNWE0OGFmMDIyYmI5NzQ3YmJlMzMwZTEzMDQ5MmQ4YWZkYmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhVyA+GvzzY7WUFDxb8Fs9Z8g8DDh
jaZJTgh1n45e1V8zhBlowLrdd84pE4m5wqqe/LArBTXQkXSDc1Qapxqk/fKfpgmq
p0Up9qPM9fb5dANZ52OvFgAQE8KJ4k7Xno42q2wGE1M9mTVUG16GI69OPBm0E0ZO
fr2ZgGWZ3eTN0Dp10niIn8mTUYmRoEe0iJ/KquxRYsAMop1G5MgPWcGR4++CrmYz
L6h0LXwT6aHYCnpzI5TfkdhaefrAPIoNyXAp4vBoBZmtUkoAzG2z+ZihbgQqfwBF
0TKuOP00LOPX/wkbIs4qIQby4XQm1S6WAf+BYvltQYxjg4e2zxWgVf4gjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmrWkivAiu5dHu+Mw4TBJLYr9vfMB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvZWF0YVNLOENLN2wwZTc0ekRoTUVrdGl2Mjk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY9jMA0G
CSqGSIb3DQEBCwUAA4IBAQB9y2V28Rhn+FRmZ4b4HuBz0sttNkiUNEGdvDfnfZMS
0mfANSILYxi+9j29uq7/kHnet/uoVHZaDLo/5NXWBsP4ovzJwTn1yqdCuOPFtdyf
Gc0XJae/WgOw03Fds9vSSxKl4Rc1jrmfPGbCT9xQvmKueVkNyyh/5sB/4ny7mzLj
oSQcb/EWmiCmQUBG5Xyb5yYTbNz4UZ234hZ9/4KYHGapPpnHictJ2evuZ/zOSf6g
7v7pryXzstVAZom9dYIR7rGzw1s6k3+LKR9yiOvCnkDSx0f5kls0mYgT26tZFAnD
Hevhlr98M/l0pOqkPti04H2QXUDhw+p8nNxOHpNQqRnC
-----END CERTIFICATE-----