Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/0f50bb-1fe1-4c83-8c88-e35d2d5f00f8/1/Ei6l_bnLqEQTXYxnlSeKfSYPb5s.roa
File:                     Ei6l_bnLqEQTXYxnlSeKfSYPb5s.roa (raw, json)
Hash identifier:          Irorup1J3VtLVyfrHhoR4xThAclYVS4SPcSOCgwMLAU=
Subject key identifier:   12:2E:A5:FD:B9:CB:A8:44:13:5D:8C:67:95:27:8A:7D:26:0F:6F:9B
Certificate issuer:       /CN=d98ac0b1066d0defcb1695643dcbaa0739975ca8
Certificate serial:       018CC56E5BA0D3F79CB834DB8D39BB8E9665
Authority key identifier: D9:8A:C0:B1:06:6D:0D:EF:CB:16:95:64:3D:CB:AA:07:39:97:5C:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2YrAsQZtDe_LFpVkPcuqBzmXXKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/0f50bb-1fe1-4c83-8c88-e35d2d5f00f8/1/Ei6l_bnLqEQTXYxnlSeKfSYPb5s.roa
Signing time:             Mon 01 Jan 2024 14:29:53 +0000
ROA not before:           Mon 01 Jan 2024 14:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207725
IP address blocks:        45.137.232.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/0f50bb-1fe1-4c83-8c88-e35d2d5f00f8/1/2YrAsQZtDe_LFpVkPcuqBzmXXKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/0f50bb-1fe1-4c83-8c88-e35d2d5f00f8/1/2YrAsQZtDe_LFpVkPcuqBzmXXKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2YrAsQZtDe_LFpVkPcuqBzmXXKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:5b:a0:d3:f7:9c:b8:34:db:8d:39:bb:8e:96:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d98ac0b1066d0defcb1695643dcbaa0739975ca8
        Validity
            Not Before: Jan  1 14:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=122ea5fdb9cba844135d8c6795278a7d260f6f9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:73:0d:1d:ea:50:2d:d5:8c:6f:96:50:b6:63:
                    38:ae:22:24:dd:67:50:4b:2c:4f:2a:ed:df:ed:21:
                    e0:60:3b:c4:77:89:05:c2:fa:8e:be:74:95:77:43:
                    30:e7:c1:2e:0e:c5:25:15:cb:ae:8e:cd:05:84:32:
                    95:67:bd:59:6b:5c:bd:0f:e2:47:13:5c:f6:ac:37:
                    c2:c6:26:65:75:64:7b:58:fd:45:6d:be:3f:a2:4e:
                    cc:c0:30:5f:44:3e:7c:78:00:b5:28:c9:30:82:ff:
                    d3:be:18:30:b8:57:79:0f:67:77:97:fe:d9:bd:a4:
                    d5:a1:99:57:57:9e:37:9f:f4:07:32:6c:4f:1c:59:
                    d5:7e:1d:c3:a4:68:36:b6:7e:76:78:41:bc:58:71:
                    ec:7b:32:b4:8c:b8:8d:4f:b1:6d:e8:e0:eb:18:ff:
                    29:01:6e:ba:a2:f5:40:0f:0c:ba:4a:c5:18:fc:20:
                    25:17:06:92:1a:7b:01:92:87:69:e0:f7:fc:44:31:
                    5e:87:cb:41:db:f4:f4:84:d4:62:ba:99:4c:ea:05:
                    c5:09:0e:b2:2e:7b:4f:cc:74:07:8c:03:8e:02:46:
                    2d:1f:58:d7:36:09:d0:50:3d:06:9a:82:bb:ae:16:
                    36:8f:7a:cc:a8:31:f0:ad:1c:33:60:c0:60:a4:ef:
                    46:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:2E:A5:FD:B9:CB:A8:44:13:5D:8C:67:95:27:8A:7D:26:0F:6F:9B
            X509v3 Authority Key Identifier:
                keyid:D9:8A:C0:B1:06:6D:0D:EF:CB:16:95:64:3D:CB:AA:07:39:97:5C:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2YrAsQZtDe_LFpVkPcuqBzmXXKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/0f50bb-1fe1-4c83-8c88-e35d2d5f00f8/1/Ei6l_bnLqEQTXYxnlSeKfSYPb5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/0f50bb-1fe1-4c83-8c88-e35d2d5f00f8/1/2YrAsQZtDe_LFpVkPcuqBzmXXKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:8b:7d:53:d0:55:9e:f9:e4:8e:05:02:81:db:4d:ea:eb:de:
         88:8b:e0:ce:ca:78:f3:5f:c3:40:8c:76:19:40:c3:b6:60:78:
         97:59:fa:22:59:d1:1f:b1:62:a0:27:da:b2:cf:cc:41:7a:ba:
         e1:ff:ac:23:1f:4a:d5:4b:86:ab:44:04:09:95:82:2e:98:97:
         f0:8f:ec:be:81:bb:47:0e:b4:68:e6:21:b3:35:f8:76:1e:f1:
         7d:91:75:1e:18:12:84:4f:ca:3e:94:29:87:6d:0d:bb:80:12:
         1e:93:81:61:0e:83:3e:55:5c:64:18:c7:38:da:30:b0:c4:68:
         a2:fe:89:4d:b9:1d:d9:90:06:34:12:84:1f:dd:e0:e7:3e:87:
         10:2e:d9:a2:e3:c1:1c:4d:da:eb:f3:51:5f:9d:fd:f9:39:b1:
         60:b7:25:44:c6:b7:13:58:3e:3a:db:0b:01:ae:c7:5b:65:b0:
         39:65:77:9f:87:29:06:97:49:9f:5c:28:84:7e:f7:b7:b4:0f:
         c3:9c:d5:b7:b7:33:a5:fe:a4:a3:36:c4:b8:0d:77:c0:44:f7:
         35:3d:74:3f:70:2f:ed:7b:23:e2:c8:91:43:f0:39:1e:85:c2:
         5b:d5:3c:e7:0d:31:bb:e1:58:32:af:51:29:92:64:58:37:54:
         03:2c:22:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFblug0/ecuDTbjTm7jpZlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5OGFjMGIxMDY2ZDBkZWZjYjE2OTU2NDNkY2JhYTA3Mzk5
NzVjYTgwHhcNMjQwMTAxMTQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjJlYTVmZGI5Y2JhODQ0MTM1ZDhjNjc5NTI3OGE3ZDI2MGY2ZjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXMNHepQLdWMb5ZQtmM4riIk3WdQ
SyxPKu3f7SHgYDvEd4kFwvqOvnSVd0Mw58EuDsUlFcuujs0FhDKVZ71Za1y9D+JH
E1z2rDfCxiZldWR7WP1Fbb4/ok7MwDBfRD58eAC1KMkwgv/TvhgwuFd5D2d3l/7Z
vaTVoZlXV543n/QHMmxPHFnVfh3DpGg2tn52eEG8WHHsezK0jLiNT7Ft6ODrGP8p
AW66ovVADwy6SsUY/CAlFwaSGnsBkodp4Pf8RDFeh8tB2/T0hNRiuplM6gXFCQ6y
LntPzHQHjAOOAkYtH1jXNgnQUD0GmoK7rhY2j3rMqDHwrRwzYMBgpO9GkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBIupf25y6hEE12MZ5Unin0mD2+bMB8GA1UdIwQY
MBaAFNmKwLEGbQ3vyxaVZD3Lqgc5l1yoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMllyQXNRWnREZV9MRnBWa1BjdXFCem1YWEtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8wZjUwYmItMWZlMS00YzgzLThjODgt
ZTM1ZDJkNWYwMGY4LzEvRWk2bF9ibkxxRVFUWFl4bmxTZUtmU1lQYjVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8wZjUwYmItMWZlMS00YzgzLThjODgtZTM1ZDJkNWYwMGY4
LzEvMllyQXNRWnREZV9MRnBWa1BjdXFCem1YWEtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYnoMA0G
CSqGSIb3DQEBCwUAA4IBAQAfi31T0FWe+eSOBQKB203q696Ii+DOynjzX8NAjHYZ
QMO2YHiXWfoiWdEfsWKgJ9qyz8xBerrh/6wjH0rVS4arRAQJlYIumJfwj+y+gbtH
DrRo5iGzNfh2HvF9kXUeGBKET8o+lCmHbQ27gBIek4FhDoM+VVxkGMc42jCwxGii
/olNuR3ZkAY0EoQf3eDnPocQLtmi48EcTdrr81Ffnf35ObFgtyVExrcTWD462wsB
rsdbZbA5ZXefhykGl0mfXCiEfve3tA/DnNW3tzOl/qSjNsS4DXfARPc1PXQ/cC/t
eyPiyJFD8DkehcJb1TznDTG74Vgyr1EpkmRYN1QDLCJv
-----END CERTIFICATE-----