Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/EEzCfGegHPEpdqTqvMRMlcFre1Y.roa
File:                     EEzCfGegHPEpdqTqvMRMlcFre1Y.roa (raw, json)
Hash identifier:          uwoju1vAFdOs3H0Q+w/qT7aEQBJpMP98DiaXonyIQ9M=
Subject key identifier:   10:4C:C2:7C:67:A0:1C:F1:29:76:A4:EA:BC:C4:4C:95:C1:6B:7B:56
Certificate issuer:       /CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
Certificate serial:       01941FFA9C6E83ECEB8335EC2ADA67B69329
Authority key identifier: E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/EEzCfGegHPEpdqTqvMRMlcFre1Y.roa
Signing time:             Wed 01 Jan 2025 03:48:25 +0000
ROA not before:           Wed 01 Jan 2025 03:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     46261
IP address blocks:        45.135.138.0/24 maxlen: 24
                          45.135.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 00:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:9c:6e:83:ec:eb:83:35:ec:2a:da:67:b6:93:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
        Validity
            Not Before: Jan  1 03:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=104cc27c67a01cf12976a4eabcc44c95c16b7b56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:bd:85:30:68:b9:32:33:6f:2c:6a:83:7d:0b:
                    15:ff:f1:3e:b4:8e:cb:02:91:5e:93:56:fd:26:cc:
                    2f:6b:1a:e3:d0:c8:90:27:ad:8e:86:ff:8c:cf:9a:
                    f0:a0:fc:df:82:06:69:75:5b:2c:23:56:cf:24:f3:
                    c1:dc:ea:0c:33:70:2c:93:97:bf:74:a1:3d:b0:e0:
                    07:58:e9:b2:23:cb:2e:0b:f0:8a:fb:d1:1c:dc:25:
                    4e:31:7f:02:d0:d4:1b:8b:ea:3d:6f:92:17:62:da:
                    3f:fa:8d:0d:75:13:aa:05:ca:ed:c8:6b:93:fd:49:
                    00:b4:2a:87:67:81:43:34:aa:64:b7:b4:b6:50:0a:
                    9a:76:6f:cc:de:6a:87:87:2f:c3:71:5f:0c:05:02:
                    15:ec:d5:38:bc:a5:e8:f5:1d:5f:37:3c:50:0b:37:
                    3d:37:46:50:96:06:54:70:0a:12:92:da:04:fa:95:
                    7e:84:b0:7f:4a:a7:01:0b:60:d6:42:15:22:42:16:
                    08:10:df:d1:a8:0e:49:26:1f:11:a8:03:c1:58:2a:
                    9d:62:ae:48:e3:ba:a0:65:d1:b1:f1:13:25:e9:72:
                    eb:fa:53:d8:de:49:d3:f5:fa:e1:1b:c6:41:a5:09:
                    e3:8e:43:50:23:28:65:10:9f:18:f7:63:7e:f0:df:
                    33:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:4C:C2:7C:67:A0:1C:F1:29:76:A4:EA:BC:C4:4C:95:C1:6B:7B:56
            X509v3 Authority Key Identifier:
                keyid:E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/EEzCfGegHPEpdqTqvMRMlcFre1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:ea:97:4f:ed:38:5b:40:f3:90:ff:c7:86:57:a9:d5:a2:a7:
         d9:fe:50:fa:9f:89:db:c7:40:61:a8:39:33:9a:e8:d1:c0:d8:
         5d:36:62:99:6f:c4:c5:d5:21:f2:ed:d9:92:d3:33:95:94:f8:
         bf:81:0e:2f:51:5e:62:11:5f:32:02:bb:ec:41:88:d9:49:86:
         44:48:b2:a5:5d:62:1b:86:81:3a:10:81:33:7e:13:e7:9c:69:
         f1:e5:2a:b8:ee:bb:3c:81:42:4e:6c:83:6a:ac:55:a1:ce:f9:
         cd:34:53:6d:00:ea:21:c0:e7:d3:ec:a5:dd:36:4c:27:b3:32:
         9e:33:b7:b8:51:0c:52:de:ca:9a:27:a5:43:8f:8b:27:e1:c4:
         c8:cf:56:60:34:64:15:f7:4f:78:20:ed:18:2b:df:3b:7e:b2:
         12:77:c6:37:3d:65:cf:7d:bb:c6:c5:cb:56:0c:62:30:d0:e3:
         79:80:e7:81:a0:9f:49:fc:54:fa:d0:41:10:c9:12:bd:bf:6a:
         88:28:b8:a0:9d:07:32:f7:5b:4b:85:d6:89:ec:62:5d:a8:b8:
         69:ad:8e:6a:39:ce:97:69:f7:17:4a:6a:57:c0:b7:c5:af:95:
         0d:ee:df:e4:cf:46:a3:dd:eb:13:1f:9b:e5:c0:6b:e3:50:71:
         34:6d:a2:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+pxug+zrgzXsKtpntpMpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NmQwZGFiMzQ3YTM4ZTJiODdiNWEyMmEyZjdjOWUyMWMx
OGM5YmMwHhcNMjUwMTAxMDM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDRjYzI3YzY3YTAxY2YxMjk3NmE0ZWFiY2M0NGM5NWMxNmI3YjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApr2FMGi5MjNvLGqDfQsV//E+tI7L
ApFek1b9Jswvaxrj0MiQJ62Ohv+Mz5rwoPzfggZpdVssI1bPJPPB3OoMM3Ask5e/
dKE9sOAHWOmyI8suC/CK+9Ec3CVOMX8C0NQbi+o9b5IXYto/+o0NdROqBcrtyGuT
/UkAtCqHZ4FDNKpkt7S2UAqadm/M3mqHhy/DcV8MBQIV7NU4vKXo9R1fNzxQCzc9
N0ZQlgZUcAoSktoE+pV+hLB/SqcBC2DWQhUiQhYIEN/RqA5JJh8RqAPBWCqdYq5I
47qgZdGx8RMl6XLr+lPY3knT9frhG8ZBpQnjjkNQIyhlEJ8Y92N+8N8zuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBBMwnxnoBzxKXak6rzETJXBa3tWMB8GA1UdIwQY
MBaAFOdtDas0ejjiuHtaIqL3yeIcGMm8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDkt
YmQzYmZjOTliZGE5LzEvRUV6Q2ZHZWdIUEVwZHFUcXZNUk1sY0ZyZTFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDktYmQzYmZjOTliZGE5
LzEvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYeKMA0G
CSqGSIb3DQEBCwUAA4IBAQAt6pdP7ThbQPOQ/8eGV6nVoqfZ/lD6n4nbx0BhqDkz
mujRwNhdNmKZb8TF1SHy7dmS0zOVlPi/gQ4vUV5iEV8yArvsQYjZSYZESLKlXWIb
hoE6EIEzfhPnnGnx5Sq47rs8gUJObINqrFWhzvnNNFNtAOohwOfT7KXdNkwnszKe
M7e4UQxS3sqaJ6VDj4sn4cTIz1ZgNGQV9094IO0YK987frISd8Y3PWXPfbvGxctW
DGIw0ON5gOeBoJ9J/FT60EEQyRK9v2qIKLignQcy91tLhdaJ7GJdqLhprY5qOc6X
afcXSmpXwLfFr5UN7t/kz0aj3esTH5vlwGvjUHE0baIz
-----END CERTIFICATE-----