Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/dxDHiWZSI0UaIHekmjGJ3sxW6wY.roa
File:                     dxDHiWZSI0UaIHekmjGJ3sxW6wY.roa (raw, json)
Hash identifier:          miwDVBoTIblNIC6j43ewfXiSRHSZo0go2veqU8bISQ4=
Subject key identifier:   77:10:C7:89:66:52:23:45:1A:20:77:A4:9A:31:89:DE:CC:56:EB:06
Certificate issuer:       /CN=09ee7ee0f75b7164ac7596197c7f121d6fca1576
Certificate serial:       019426D9CF2268716E89CE2DD69FC30BF422
Authority key identifier: 09:EE:7E:E0:F7:5B:71:64:AC:75:96:19:7C:7F:12:1D:6F:CA:15:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/dxDHiWZSI0UaIHekmjGJ3sxW6wY.roa
Signing time:             Thu 02 Jan 2025 11:49:56 +0000
ROA not before:           Thu 02 Jan 2025 11:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        216.245.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 17:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:cf:22:68:71:6e:89:ce:2d:d6:9f:c3:0b:f4:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09ee7ee0f75b7164ac7596197c7f121d6fca1576
        Validity
            Not Before: Jan  2 11:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7710c789665223451a2077a49a3189decc56eb06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:46:d4:f1:28:df:2d:a7:41:dc:c1:9e:f6:6f:
                    77:b6:4a:b5:9f:2d:19:4c:79:ca:f9:03:ca:b0:0e:
                    f6:28:70:4e:fd:3e:62:ef:be:2b:34:91:84:33:7e:
                    74:38:2b:64:03:35:3a:97:2c:0c:99:2f:b8:a6:36:
                    2e:7e:44:1e:c1:23:74:7e:ec:f5:24:21:da:5d:ce:
                    84:68:7f:46:52:38:84:57:f1:04:20:37:83:68:62:
                    df:0c:59:96:0e:15:71:d3:76:df:ac:c0:34:11:e4:
                    c5:46:21:22:4b:49:6a:4c:5e:b9:b3:0d:d3:55:de:
                    0f:89:dd:11:9e:b7:3e:ba:90:b1:c6:f6:fa:4d:2b:
                    6a:20:0d:35:47:96:89:90:37:c5:d4:c2:c7:09:22:
                    80:f6:22:01:ec:3f:e8:84:92:42:75:aa:fd:dd:90:
                    60:0e:92:8f:29:7d:a9:f6:4f:2e:ae:43:b8:fe:6d:
                    82:3b:a8:c3:91:d4:b9:7c:76:ac:34:50:da:72:fc:
                    60:d1:66:51:f5:c7:16:18:ff:b0:da:e6:37:89:c7:
                    2c:e4:a6:c8:d1:76:0e:e0:49:d8:2d:d7:40:41:a1:
                    71:03:0b:25:c3:e0:da:9c:1b:64:3e:a3:6e:20:52:
                    b6:9d:a4:60:7c:ff:26:5e:92:93:df:a8:f9:7a:18:
                    fe:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:10:C7:89:66:52:23:45:1A:20:77:A4:9A:31:89:DE:CC:56:EB:06
            X509v3 Authority Key Identifier:
                keyid:09:EE:7E:E0:F7:5B:71:64:AC:75:96:19:7C:7F:12:1D:6F:CA:15:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/dxDHiWZSI0UaIHekmjGJ3sxW6wY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.245.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:bd:3e:1d:75:6f:93:5d:c3:6e:7c:6b:18:c3:c5:ba:40:a2:
         eb:c4:64:83:89:cc:ea:f1:16:fc:57:7d:e9:36:d1:de:cd:67:
         a2:ef:a0:00:a5:31:bc:0b:45:95:00:dd:a2:2e:d2:83:cf:33:
         91:6b:68:67:48:22:7c:af:fc:91:f1:7d:1a:cf:0d:90:30:f5:
         93:e1:bc:3d:26:cb:c9:3f:d1:6a:79:6b:6c:d1:46:40:36:e1:
         97:95:71:43:80:9e:ca:7e:31:c0:dc:e9:f8:03:fc:97:cb:5b:
         c4:e8:34:8c:60:00:70:c6:99:ca:f8:91:36:2d:b1:7d:0d:b6:
         7f:e2:0f:60:f4:82:b0:2d:31:d5:27:fb:6f:3b:7d:2e:53:02:
         85:91:ef:6a:42:9c:5e:19:b3:93:2e:f4:fb:59:2c:08:74:0b:
         67:ea:d6:aa:cd:0d:68:ef:87:f7:cd:e6:85:d4:94:1a:a0:b7:
         94:70:83:fd:36:c3:22:a5:00:c8:71:20:4f:32:7e:a8:77:c1:
         56:e8:e2:de:4b:de:8d:41:38:5b:ba:3c:99:00:c7:be:7c:50:
         68:f8:1b:b0:9e:f4:10:c4:82:6a:be:83:9a:c4:60:66:3f:ad:
         07:07:60:be:c6:c0:db:2d:a4:22:78:29:a5:f3:20:65:59:03:
         e4:12:a1:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2c8iaHFuic4t1p/DC/QiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZWU3ZWUwZjc1YjcxNjRhYzc1OTYxOTdjN2YxMjFkNmZj
YTE1NzYwHhcNMjUwMTAyMTE0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzEwYzc4OTY2NTIyMzQ1MWEyMDc3YTQ5YTMxODlkZWNjNTZlYjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUbU8SjfLadB3MGe9m93tkq1ny0Z
THnK+QPKsA72KHBO/T5i774rNJGEM350OCtkAzU6lywMmS+4pjYufkQewSN0fuz1
JCHaXc6EaH9GUjiEV/EEIDeDaGLfDFmWDhVx03bfrMA0EeTFRiEiS0lqTF65sw3T
Vd4Pid0Rnrc+upCxxvb6TStqIA01R5aJkDfF1MLHCSKA9iIB7D/ohJJCdar93ZBg
DpKPKX2p9k8urkO4/m2CO6jDkdS5fHasNFDacvxg0WZR9ccWGP+w2uY3iccs5KbI
0XYO4EnYLddAQaFxAwslw+DanBtkPqNuIFK2naRgfP8mXpKT36j5ehj+9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHcQx4lmUiNFGiB3pJoxid7MVusGMB8GA1UdIwQY
MBaAFAnufuD3W3FkrHWWGXx/Eh1vyhV2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2U1LTRQZGJjV1NzZFpZWmZIOFNIV19LRlhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9kYmU1MGEtMmNhMS00MzYyLWI1ZTct
NjY4M2M4ZmM5ZTViLzEvZHhESGlXWlNJMFVhSUhla21qR0ozc3hXNndZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9kYmU1MGEtMmNhMS00MzYyLWI1ZTctNjY4M2M4ZmM5ZTVi
LzEvQ2U1LTRQZGJjV1NzZFpZWmZIOFNIV19LRlhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2PVQMA0G
CSqGSIb3DQEBCwUAA4IBAQARvT4ddW+TXcNufGsYw8W6QKLrxGSDiczq8Rb8V33p
NtHezWei76AApTG8C0WVAN2iLtKDzzORa2hnSCJ8r/yR8X0azw2QMPWT4bw9JsvJ
P9FqeWts0UZANuGXlXFDgJ7KfjHA3On4A/yXy1vE6DSMYABwxpnK+JE2LbF9DbZ/
4g9g9IKwLTHVJ/tvO30uUwKFke9qQpxeGbOTLvT7WSwIdAtn6taqzQ1o74f3zeaF
1JQaoLeUcIP9NsMipQDIcSBPMn6od8FW6OLeS96NQThbujyZAMe+fFBo+BuwnvQQ
xIJqvoOaxGBmP60HB2C+xsDbLaQieCml8yBlWQPkEqGf
-----END CERTIFICATE-----