Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/EV1aSDbnyDbzpRXAQrNfNst7LdM.roa
File:                     EV1aSDbnyDbzpRXAQrNfNst7LdM.roa (raw, json)
Hash identifier:          JkVoJQ5I6cv9XOkwrUu9zRo//UKv/0lBk4gOmo2rBok=
Subject key identifier:   11:5D:5A:48:36:E7:C8:36:F3:A5:15:C0:42:B3:5F:36:CB:7B:2D:D3
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       018CC64B688F3C5ADD1895D2DD57B27051E0
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/EV1aSDbnyDbzpRXAQrNfNst7LdM.roa
Signing time:             Mon 01 Jan 2024 18:31:19 +0000
ROA not before:           Mon 01 Jan 2024 18:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133861
IP address blocks:        45.136.12.0/22 maxlen: 24
                          45.144.139.0/24 maxlen: 24
                          45.144.136.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 14:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:68:8f:3c:5a:dd:18:95:d2:dd:57:b2:70:51:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Jan  1 18:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=115d5a4836e7c836f3a515c042b35f36cb7b2dd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:b2:51:76:f6:08:77:72:5e:9d:84:43:3b:06:
                    1e:22:f9:fb:b2:cb:26:f7:92:6b:c3:0d:52:d6:d0:
                    a8:87:7e:a5:4f:08:0e:71:0a:98:73:c4:83:43:34:
                    a6:35:51:8a:be:f2:d8:72:46:51:aa:e1:89:98:1d:
                    a6:a8:df:8b:28:1d:a7:fb:36:6a:34:48:b3:c3:f4:
                    c4:46:05:8d:20:7c:fe:de:98:38:97:42:32:13:72:
                    1b:00:77:30:1c:e3:7e:8b:2a:c9:08:13:33:17:d6:
                    c7:bd:4f:3a:16:05:53:5c:cb:d6:3c:64:3c:41:77:
                    61:f9:52:46:c4:91:a6:42:78:7e:f3:40:e9:d0:36:
                    33:99:c3:35:9f:ce:78:dc:69:12:0f:9d:4d:cd:e6:
                    bd:9b:1c:83:b3:19:8d:8e:c2:13:e5:39:44:b2:30:
                    18:38:da:bb:18:4b:62:6b:a4:ec:ea:44:fc:3b:d7:
                    32:7f:94:be:19:e0:f9:d7:e3:b3:43:fb:5d:db:49:
                    cd:3e:1b:67:f4:98:0b:ff:23:a5:82:c2:03:80:ea:
                    80:eb:b8:00:02:03:1d:a4:8c:ce:96:80:06:2c:d2:
                    e9:5a:37:49:0f:ff:55:47:6c:e9:2c:18:78:61:0b:
                    14:0a:b1:0c:08:88:97:db:76:15:a9:df:26:0f:00:
                    12:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:5D:5A:48:36:E7:C8:36:F3:A5:15:C0:42:B3:5F:36:CB:7B:2D:D3
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/EV1aSDbnyDbzpRXAQrNfNst7LdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.12.0/22
                  45.144.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:33:f8:48:41:41:1f:a7:7b:c6:ce:d6:9f:61:e0:30:ff:74:
         c9:07:01:5a:23:c6:98:5e:4e:c1:c0:a1:4e:d3:59:ca:38:bb:
         d2:cf:f1:4f:ae:d6:e7:44:ba:01:39:e4:84:a9:37:49:8b:ad:
         a6:21:c3:b3:2e:5a:87:40:2b:5b:fd:4a:f9:c8:92:a1:fe:25:
         e5:65:8d:3a:6a:4a:04:7f:a4:56:f9:75:95:8d:d0:bf:3c:51:
         13:13:2e:ca:81:96:26:75:1a:e9:77:d5:d4:41:ab:1a:28:93:
         7e:3d:d4:bc:13:b1:c9:c2:98:32:f2:83:ee:b3:f1:26:fa:f6:
         af:f4:86:14:14:f0:52:e9:cc:77:04:02:31:9b:69:eb:86:87:
         96:37:15:4b:56:14:b5:6f:18:e5:1d:63:ff:51:fc:51:f9:f9:
         a7:51:d0:81:57:a7:dd:d6:dc:ae:08:f8:05:8a:9c:40:52:21:
         d9:e6:22:b8:b1:d6:29:fd:f1:2e:b6:f4:8e:ad:16:e3:d6:cd:
         bd:b5:4c:48:16:5b:95:57:31:88:f9:2b:6b:dd:29:89:fd:af:
         b0:5b:2a:93:d5:41:33:3e:03:20:f0:d7:ce:4c:23:43:12:73:
         ce:72:6e:f4:d4:e0:c3:39:7f:74:52:d4:18:44:96:15:92:3d:
         b3:60:9a:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS2iPPFrdGJXS3VeycFHgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjQwMTAxMTgzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTVkNWE0ODM2ZTdjODM2ZjNhNTE1YzA0MmIzNWYzNmNiN2IyZGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLJRdvYId3JenYRDOwYeIvn7sssm
95Jrww1S1tCoh36lTwgOcQqYc8SDQzSmNVGKvvLYckZRquGJmB2mqN+LKB2n+zZq
NEizw/TERgWNIHz+3pg4l0IyE3IbAHcwHON+iyrJCBMzF9bHvU86FgVTXMvWPGQ8
QXdh+VJGxJGmQnh+80Dp0DYzmcM1n8543GkSD51Nzea9mxyDsxmNjsIT5TlEsjAY
ONq7GEtia6Ts6kT8O9cyf5S+GeD51+OzQ/td20nNPhtn9JgL/yOlgsIDgOqA67gA
AgMdpIzOloAGLNLpWjdJD/9VR2zpLBh4YQsUCrEMCIiX23YVqd8mDwASVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBFdWkg258g286UVwEKzXzbLey3TMB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEvRVYxYVNEYm55RGJ6cFJYQVFyTmZOc3Q3TGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLYgMAwQC
LZCIMA0GCSqGSIb3DQEBCwUAA4IBAQCmM/hIQUEfp3vGztafYeAw/3TJBwFaI8aY
Xk7BwKFO01nKOLvSz/FPrtbnRLoBOeSEqTdJi62mIcOzLlqHQCtb/Ur5yJKh/iXl
ZY06akoEf6RW+XWVjdC/PFETEy7KgZYmdRrpd9XUQasaKJN+PdS8E7HJwpgy8oPu
s/Em+vav9IYUFPBS6cx3BAIxm2nrhoeWNxVLVhS1bxjlHWP/UfxR+fmnUdCBV6fd
1tyuCPgFipxAUiHZ5iK4sdYp/fEutvSOrRbj1s29tUxIFluVVzGI+Str3SmJ/a+w
WyqT1UEzPgMg8NfOTCNDEnPOcm701ODDOX90UtQYRJYVkj2zYJpK
-----END CERTIFICATE-----