Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/74jXiLa-_j0hesRpncVsl5vAk7s.roa
File:                     74jXiLa-_j0hesRpncVsl5vAk7s.roa (raw, json)
Hash identifier:          ElJXA9lbidyaqFEjqQR964bVwEa8s9eopJlA87X8KhQ=
Subject key identifier:   EF:88:D7:88:B6:BE:FE:3D:21:7A:C4:69:9D:C5:6C:97:9B:C0:93:BB
Certificate issuer:       /CN=e7c07db9880133c5cdce005bca111b552cd14c53
Certificate serial:       018EFCD655073CEA392B89F6A19A451A4107
Authority key identifier: E7:C0:7D:B9:88:01:33:C5:CD:CE:00:5B:CA:11:1B:55:2C:D1:4C:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/74jXiLa-_j0hesRpncVsl5vAk7s.roa
Signing time:             Sat 20 Apr 2024 18:48:08 +0000
ROA not before:           Sat 20 Apr 2024 18:48:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47536
IP address blocks:        45.12.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:fc:d6:55:07:3c:ea:39:2b:89:f6:a1:9a:45:1a:41:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7c07db9880133c5cdce005bca111b552cd14c53
        Validity
            Not Before: Apr 20 18:48:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef88d788b6befe3d217ac4699dc56c979bc093bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6c:9f:58:1e:b3:8c:89:95:c8:94:86:39:2f:
                    30:bf:56:d1:c2:87:17:3c:e7:88:c2:ba:eb:18:8a:
                    7e:82:29:bd:22:2d:e6:4a:30:24:d1:11:4f:eb:a0:
                    c5:fb:cf:e3:ff:63:93:12:e7:8c:cb:ce:ca:9c:8c:
                    ef:a5:96:ca:be:1b:54:42:c9:dc:0e:26:61:1b:e2:
                    1f:38:f2:6a:f2:32:c2:b8:e1:d5:09:bf:12:be:97:
                    52:3e:a3:3b:8e:fc:bf:17:1a:1a:3c:ac:a3:83:2d:
                    5e:7b:53:f3:60:f1:9e:75:b6:61:fa:31:01:76:06:
                    cd:89:87:ed:41:f1:1a:b0:e9:d7:2d:83:ae:41:c7:
                    a5:a1:71:98:fc:ba:73:6a:d8:e7:29:ff:85:96:e5:
                    58:b1:da:eb:88:6e:5c:a6:6d:57:78:74:2c:b1:ea:
                    e0:c5:fc:53:2e:99:77:75:c5:d4:92:4d:e7:8f:b9:
                    59:9e:0c:26:fb:ac:52:f5:5d:a2:59:5c:c3:00:f6:
                    cf:6d:83:ae:35:17:4d:2a:19:21:74:ed:49:1d:71:
                    da:e8:15:60:0e:12:b1:c9:23:76:06:b3:65:7a:6d:
                    6b:4a:ce:3c:47:df:85:a4:ee:a6:4a:40:f2:77:6d:
                    44:c5:56:95:96:b6:c0:49:4f:c3:fe:21:1d:d2:b0:
                    9a:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:88:D7:88:B6:BE:FE:3D:21:7A:C4:69:9D:C5:6C:97:9B:C0:93:BB
            X509v3 Authority Key Identifier:
                keyid:E7:C0:7D:B9:88:01:33:C5:CD:CE:00:5B:CA:11:1B:55:2C:D1:4C:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/74jXiLa-_j0hesRpncVsl5vAk7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:88:2c:cf:ef:c6:5e:03:34:dd:e7:64:de:38:a8:e5:3e:01:
         cd:57:b0:b7:dc:3f:df:67:8e:0d:24:06:d5:50:e6:b5:92:25:
         5d:bd:83:d3:dd:05:ef:e4:dd:96:2b:46:82:1e:79:93:33:f7:
         14:5f:5c:98:30:67:a1:04:16:ed:1f:93:01:61:d1:4a:db:2e:
         82:c1:78:7a:4f:18:6e:73:24:3f:94:7b:c8:83:4d:35:9a:9c:
         0d:ee:00:c9:18:d7:0b:8b:b8:18:1b:12:4c:da:6d:9f:36:9c:
         df:93:96:56:62:b0:6a:f2:fd:69:f8:aa:cb:4d:f8:8c:36:d3:
         2d:75:67:86:b6:11:8b:dc:5d:c2:de:88:6e:73:be:f3:ac:69:
         c3:66:df:b1:1e:4d:cb:21:3a:39:61:c3:c0:ae:2b:c7:65:93:
         61:cf:54:10:fc:40:95:d3:30:70:91:7d:b5:df:68:ec:23:7b:
         c7:c4:bb:6f:8a:8a:45:7a:48:b3:b9:9d:c4:bc:88:66:86:49:
         50:14:bd:17:d3:9e:2a:ab:7e:c7:3f:97:2a:32:ea:bf:3f:85:
         4f:49:5a:ab:dd:68:63:a8:2e:ec:be:c9:f3:e3:27:f6:c1:23:
         aa:b2:c9:3e:f1:0c:8e:d4:81:54:44:3f:56:2d:fb:f7:51:dd:
         61:c7:d0:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY781lUHPOo5K4n2oZpFGkEHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3YzA3ZGI5ODgwMTMzYzVjZGNlMDA1YmNhMTExYjU1MmNk
MTRjNTMwHhcNMjQwNDIwMTg0ODA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjg4ZDc4OGI2YmVmZTNkMjE3YWM0Njk5ZGM1NmM5NzliYzA5M2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGyfWB6zjImVyJSGOS8wv1bRwocX
POeIwrrrGIp+gim9Ii3mSjAk0RFP66DF+8/j/2OTEueMy87KnIzvpZbKvhtUQsnc
DiZhG+IfOPJq8jLCuOHVCb8SvpdSPqM7jvy/FxoaPKyjgy1ee1PzYPGedbZh+jEB
dgbNiYftQfEasOnXLYOuQceloXGY/LpzatjnKf+FluVYsdrriG5cpm1XeHQsserg
xfxTLpl3dcXUkk3nj7lZngwm+6xS9V2iWVzDAPbPbYOuNRdNKhkhdO1JHXHa6BVg
DhKxySN2BrNlem1rSs48R9+FpO6mSkDyd21ExVaVlrbASU/D/iEd0rCazQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+I14i2vv49IXrEaZ3FbJebwJO7MB8GA1UdIwQY
MBaAFOfAfbmIATPFzc4AW8oRG1Us0UxTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNThCOXVZZ0JNOFhOemdCYnloRWJWU3pSVEZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi84Y2RkNDktYzA5NC00YzZhLTkxOGMt
MGFhNDYzY2RmY2EwLzEvNzRqWGlMYS1fajBoZXNScG5jVnNsNXZBazdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi84Y2RkNDktYzA5NC00YzZhLTkxOGMtMGFhNDYzY2RmY2Ew
LzEvNThCOXVZZ0JNOFhOemdCYnloRWJWU3pSVEZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQzJMA0G
CSqGSIb3DQEBCwUAA4IBAQB7iCzP78ZeAzTd52TeOKjlPgHNV7C33D/fZ44NJAbV
UOa1kiVdvYPT3QXv5N2WK0aCHnmTM/cUX1yYMGehBBbtH5MBYdFK2y6CwXh6Txhu
cyQ/lHvIg001mpwN7gDJGNcLi7gYGxJM2m2fNpzfk5ZWYrBq8v1p+KrLTfiMNtMt
dWeGthGL3F3C3ohuc77zrGnDZt+xHk3LITo5YcPArivHZZNhz1QQ/ECV0zBwkX21
32jsI3vHxLtviopFekizuZ3EvIhmhklQFL0X054qq37HP5cqMuq/P4VPSVqr3Whj
qC7svsnz4yf2wSOqssk+8QyO1IFURD9WLfv3Ud1hx9BY
-----END CERTIFICATE-----