Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/e0oVEo-E3_HMh0Fdm61CFt8CKAY.roa
File:                     e0oVEo-E3_HMh0Fdm61CFt8CKAY.roa (raw, json)
Hash identifier:          JJolzt+zTlsPeRIj0OtiTeMRZroElQCnP25XjQp9khc=
Subject key identifier:   7B:4A:15:12:8F:84:DF:F1:CC:87:41:5D:9B:AD:42:16:DF:02:28:06
Certificate issuer:       /CN=5c61dcd3eb50c83d68060bcba4af152204193503
Certificate serial:       018CC42475D23C1C91AB44335724A9B90D84
Authority key identifier: 5C:61:DC:D3:EB:50:C8:3D:68:06:0B:CB:A4:AF:15:22:04:19:35:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGHc0-tQyD1oBgvLpK8VIgQZNQM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/e0oVEo-E3_HMh0Fdm61CFt8CKAY.roa
Signing time:             Mon 01 Jan 2024 08:29:32 +0000
ROA not before:           Mon 01 Jan 2024 08:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207281
IP address blocks:        45.128.120.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/XGHc0-tQyD1oBgvLpK8VIgQZNQM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/XGHc0-tQyD1oBgvLpK8VIgQZNQM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGHc0-tQyD1oBgvLpK8VIgQZNQM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:75:d2:3c:1c:91:ab:44:33:57:24:a9:b9:0d:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c61dcd3eb50c83d68060bcba4af152204193503
        Validity
            Not Before: Jan  1 08:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b4a15128f84dff1cc87415d9bad4216df022806
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:62:ad:13:67:04:ae:14:20:1f:c4:5a:a6:8f:
                    68:e7:a8:16:22:a8:ea:66:ed:ec:fa:70:ba:10:4a:
                    02:91:db:06:ad:a3:99:ba:b1:fc:9c:1e:66:e9:ae:
                    71:86:69:30:64:73:87:1a:e2:5a:85:58:2a:e7:b7:
                    dc:35:2e:36:32:1c:3f:fd:bd:43:bf:c2:31:3a:4e:
                    25:e5:23:3f:11:92:f4:5a:82:32:7a:b2:3a:6d:d2:
                    2c:7f:9e:09:1a:b3:73:ca:5e:44:9d:4b:79:3d:8e:
                    d6:f2:b0:08:ee:34:29:9e:b7:3d:93:30:b2:06:3e:
                    a8:3e:63:c4:62:2a:06:64:4b:12:38:b3:30:26:a7:
                    6a:16:88:17:98:cf:59:56:f7:1c:25:34:31:8b:ba:
                    62:64:9c:ea:97:8e:3a:3e:a8:77:80:c1:30:b7:ec:
                    6a:73:bd:3d:bd:3b:b6:b4:21:53:49:71:19:50:08:
                    28:43:02:4e:5c:7a:5d:27:93:0e:74:a3:07:6f:22:
                    53:a5:59:47:01:97:61:d4:02:ce:37:28:4a:fc:5a:
                    b3:c7:31:8f:c1:22:a4:ee:e3:ba:36:43:77:0b:3b:
                    6d:a3:33:ac:ea:c0:5b:e3:85:a9:56:c8:74:48:a7:
                    7a:ea:23:be:1b:bf:b1:d0:6b:a7:12:ff:8a:b1:20:
                    33:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:4A:15:12:8F:84:DF:F1:CC:87:41:5D:9B:AD:42:16:DF:02:28:06
            X509v3 Authority Key Identifier:
                keyid:5C:61:DC:D3:EB:50:C8:3D:68:06:0B:CB:A4:AF:15:22:04:19:35:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGHc0-tQyD1oBgvLpK8VIgQZNQM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/e0oVEo-E3_HMh0Fdm61CFt8CKAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/XGHc0-tQyD1oBgvLpK8VIgQZNQM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:7a:b4:10:88:32:b7:df:a3:a0:92:ea:d0:40:2d:e4:a4:93:
         5c:25:86:57:f1:48:80:ef:bf:cf:95:1e:fe:a1:70:5f:d9:22:
         79:fa:96:2b:80:a0:db:dd:7a:60:9d:fd:3b:e8:19:50:e6:2a:
         c6:95:12:50:88:f7:12:3e:18:54:b0:78:4b:d9:de:e5:7d:38:
         22:5c:f4:ed:2d:15:3d:8f:2e:b2:a9:17:b5:d4:00:16:f2:dd:
         04:1b:88:28:c1:6c:db:bc:62:80:f2:9d:df:ca:fb:01:d6:25:
         43:cf:9d:16:95:18:ab:97:61:9a:87:15:70:8a:ad:ed:da:a1:
         96:8b:04:9e:aa:17:ab:fc:8b:12:18:f6:a4:fa:2f:e9:74:2e:
         6f:00:4d:c2:3d:61:a2:85:09:94:fb:47:a7:f8:21:41:85:5c:
         ae:3a:93:82:c7:72:35:c9:18:15:a1:ac:44:ef:85:b2:52:b8:
         e3:5e:e6:b5:36:bc:8f:d2:25:73:d9:db:56:0d:a0:ab:35:c9:
         9a:72:5f:72:99:0e:b3:56:b8:b0:ad:7b:f6:2a:21:80:ef:c7:
         e7:3a:3a:04:68:8c:6d:bf:4c:67:f0:6f:65:e8:81:81:5f:bb:
         1a:c2:02:a9:7f:ed:c1:ba:75:b4:54:42:0b:59:d3:65:39:d8:
         de:c1:51:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJHXSPByRq0QzVySpuQ2EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNjFkY2QzZWI1MGM4M2Q2ODA2MGJjYmE0YWYxNTIyMDQx
OTM1MDMwHhcNMjQwMTAxMDgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjRhMTUxMjhmODRkZmYxY2M4NzQxNWQ5YmFkNDIxNmRmMDIyODA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmKtE2cErhQgH8Rapo9o56gWIqjq
Zu3s+nC6EEoCkdsGraOZurH8nB5m6a5xhmkwZHOHGuJahVgq57fcNS42Mhw//b1D
v8IxOk4l5SM/EZL0WoIyerI6bdIsf54JGrNzyl5EnUt5PY7W8rAI7jQpnrc9kzCy
Bj6oPmPEYioGZEsSOLMwJqdqFogXmM9ZVvccJTQxi7piZJzql446Pqh3gMEwt+xq
c709vTu2tCFTSXEZUAgoQwJOXHpdJ5MOdKMHbyJTpVlHAZdh1ALONyhK/FqzxzGP
wSKk7uO6NkN3CzttozOs6sBb44WpVsh0SKd66iO+G7+x0GunEv+KsSAzDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHtKFRKPhN/xzIdBXZutQhbfAigGMB8GA1UdIwQY
MBaAFFxh3NPrUMg9aAYLy6SvFSIEGTUDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdIYzAtdFF5RDFvQmd2THBLOFZJZ1FaTlFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80NGExNTUtNGQwMi00MDAyLThmM2Qt
YzM2ZDFjNDYwZTJmLzEvZTBvVkVvLUUzX0hNaDBGZG02MUNGdDhDS0FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80NGExNTUtNGQwMi00MDAyLThmM2QtYzM2ZDFjNDYwZTJm
LzEvWEdIYzAtdFF5RDFvQmd2THBLOFZJZ1FaTlFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYB4MA0G
CSqGSIb3DQEBCwUAA4IBAQCAerQQiDK336OgkurQQC3kpJNcJYZX8UiA77/PlR7+
oXBf2SJ5+pYrgKDb3Xpgnf076BlQ5irGlRJQiPcSPhhUsHhL2d7lfTgiXPTtLRU9
jy6yqRe11AAW8t0EG4gowWzbvGKA8p3fyvsB1iVDz50WlRirl2GahxVwiq3t2qGW
iwSeqher/IsSGPak+i/pdC5vAE3CPWGihQmU+0en+CFBhVyuOpOCx3I1yRgVoaxE
74WyUrjjXua1NryP0iVz2dtWDaCrNcmacl9ymQ6zVriwrXv2KiGA78fnOjoEaIxt
v0xn8G9l6IGBX7sawgKpf+3BunW0VEILWdNlOdjewVGZ
-----END CERTIFICATE-----