Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/K-EGJgUk_S4vTdbwk_KxOImM7Yg.roa
File:                     K-EGJgUk_S4vTdbwk_KxOImM7Yg.roa (raw, json)
Hash identifier:          +VISPEKbyDnR7EayuNO6GrWDjnqVJ1G8JME7YBn/H8I=
Subject key identifier:   2B:E1:06:26:05:24:FD:2E:2F:4D:D6:F0:93:F2:B1:38:89:8C:ED:88
Certificate issuer:       /CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
Certificate serial:       018EE737518ECFCD4E2A1CE4CD17DCCACACA
Authority key identifier: 5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/K-EGJgUk_S4vTdbwk_KxOImM7Yg.roa
Signing time:             Tue 16 Apr 2024 14:02:25 +0000
ROA not before:           Tue 16 Apr 2024 14:02:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        45.89.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e7:37:51:8e:cf:cd:4e:2a:1c:e4:cd:17:dc:ca:ca:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
        Validity
            Not Before: Apr 16 14:02:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2be106260524fd2e2f4dd6f093f2b138898ced88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:9d:b3:2e:1f:fd:60:6a:8c:cf:4e:cf:1a:e4:
                    32:ba:cc:64:cf:90:15:c9:38:81:d1:75:a3:41:77:
                    5f:e8:fa:87:78:b8:df:cb:51:31:7e:fe:8c:84:9a:
                    a9:cd:6c:85:19:8c:31:53:80:97:41:33:2d:da:34:
                    66:40:4f:6a:f0:50:fd:3d:10:4f:50:dc:fb:2f:06:
                    d9:87:fb:ef:31:c0:ab:11:38:04:e6:a1:53:da:9b:
                    99:19:a4:42:ab:6c:b8:72:84:93:ab:db:4f:61:6d:
                    0e:b6:6b:79:c2:b5:c0:9e:1a:65:dd:b4:0b:f4:cf:
                    0b:64:1e:b3:6e:9e:6b:f2:86:a5:85:5c:60:fa:c3:
                    fd:25:a9:c4:8c:6a:14:15:8f:18:2d:5b:dc:d3:c5:
                    61:4c:5e:8b:e1:4c:1f:39:30:78:5b:49:76:ab:15:
                    ab:48:2b:8b:b9:11:bd:39:aa:fe:1b:87:2b:08:fb:
                    74:a5:fd:fe:a7:9e:a7:78:b9:5c:95:1e:67:bf:98:
                    05:50:ff:09:3e:c3:a8:9b:e5:d9:f4:48:b6:17:4d:
                    11:f2:85:e8:04:8c:56:80:0d:2b:3f:59:b3:5d:83:
                    95:9c:f2:94:71:36:ba:cb:29:56:0e:9d:e0:ef:1b:
                    b1:7e:97:2f:49:15:74:c0:f4:24:11:18:e4:e1:e2:
                    97:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:E1:06:26:05:24:FD:2E:2F:4D:D6:F0:93:F2:B1:38:89:8C:ED:88
            X509v3 Authority Key Identifier:
                keyid:5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/K-EGJgUk_S4vTdbwk_KxOImM7Yg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:82:99:93:7c:bb:bb:5b:39:a6:1e:0b:ae:71:cd:f9:7e:8a:
         d9:e8:21:dd:52:23:fe:81:84:71:c9:23:49:12:aa:59:9f:6a:
         99:51:de:66:10:c7:94:d2:e5:99:45:1d:1d:85:74:24:45:af:
         f8:e9:11:c8:00:ce:de:a1:be:b5:b8:e8:97:33:65:43:c7:78:
         1a:a7:90:2e:9c:db:ec:3a:89:56:30:4b:65:c6:17:67:38:14:
         0f:b4:81:0c:24:22:7c:d1:9f:fe:d0:53:e3:5f:0d:07:c4:4f:
         37:d4:dd:fa:64:38:b8:a8:b0:08:18:0c:11:91:86:63:ef:9e:
         64:9b:23:85:b8:40:d5:d0:b7:05:58:e7:37:d8:4a:81:71:fe:
         a4:01:1a:35:38:02:bc:b6:36:12:f4:7e:a0:f2:fc:58:e9:2d:
         41:27:9d:0d:99:0b:73:ee:a1:65:02:e5:c0:9e:10:65:07:a3:
         c6:66:b3:f2:e0:8c:61:fe:65:d8:cf:d9:86:0d:ca:10:18:a3:
         90:4c:93:38:02:cb:ab:56:c0:0d:09:69:7e:88:61:28:35:d2:
         ba:36:a5:56:85:cc:06:8e:b3:d6:66:cd:1e:5f:9c:3b:e8:91:
         75:dc:63:c6:2a:5d:5f:c1:5d:2e:27:bc:36:fd:2d:fe:df:00:
         fe:0a:2a:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7nN1GOz81OKhzkzRfcysrKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZWUwZDdlNzMwODRhNDJlNGM3ZjcxMThmMjM4M2ZjZmYz
NjliYTQwHhcNMjQwNDE2MTQwMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmUxMDYyNjA1MjRmZDJlMmY0ZGQ2ZjA5M2YyYjEzODg5OGNlZDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZ2zLh/9YGqMz07PGuQyusxkz5AV
yTiB0XWjQXdf6PqHeLjfy1Exfv6MhJqpzWyFGYwxU4CXQTMt2jRmQE9q8FD9PRBP
UNz7LwbZh/vvMcCrETgE5qFT2puZGaRCq2y4coSTq9tPYW0Otmt5wrXAnhpl3bQL
9M8LZB6zbp5r8oalhVxg+sP9JanEjGoUFY8YLVvc08VhTF6L4UwfOTB4W0l2qxWr
SCuLuRG9Oar+G4crCPt0pf3+p56neLlclR5nv5gFUP8JPsOom+XZ9Ei2F00R8oXo
BIxWgA0rP1mzXYOVnPKUcTa6yylWDp3g7xuxfpcvSRV0wPQkERjk4eKX4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCvhBiYFJP0uL03W8JPysTiJjO2IMB8GA1UdIwQY
MBaAFF7uDX5zCEpC5Mf3EY8jg/z/NpukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgt
ZGRjMjY2NTY0NmNjLzEvSy1FR0pnVWtfUzR2VGRid2tfS3hPSW1NN1lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgtZGRjMjY2NTY0NmNj
LzEvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVkcMA0G
CSqGSIb3DQEBCwUAA4IBAQAHgpmTfLu7WzmmHguucc35forZ6CHdUiP+gYRxySNJ
EqpZn2qZUd5mEMeU0uWZRR0dhXQkRa/46RHIAM7eob61uOiXM2VDx3gap5AunNvs
OolWMEtlxhdnOBQPtIEMJCJ80Z/+0FPjXw0HxE831N36ZDi4qLAIGAwRkYZj755k
myOFuEDV0LcFWOc32EqBcf6kARo1OAK8tjYS9H6g8vxY6S1BJ50NmQtz7qFlAuXA
nhBlB6PGZrPy4Ixh/mXYz9mGDcoQGKOQTJM4AsurVsANCWl+iGEoNdK6NqVWhcwG
jrPWZs0eX5w76JF13GPGKl1fwV0uJ7w2/S3+3wD+Cir3
-----END CERTIFICATE-----