Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/EoYtqT19_jZmc_n7cEwpjSGtOsU.roa
File:                     EoYtqT19_jZmc_n7cEwpjSGtOsU.roa (raw, json)
Hash identifier:          hkkAotU6XOY6iCyCcpO+yZgNMC6GRacfrcfYwvynbjI=
Subject key identifier:   12:86:2D:A9:3D:7D:FE:36:66:73:F9:FB:70:4C:29:8D:21:AD:3A:C5
Certificate issuer:       /CN=955fcf92798a9dbb30abd2b9fa29bfa8804220f3
Certificate serial:       0194258EE0BCACA59122B60DD86498B55B4A
Authority key identifier: 95:5F:CF:92:79:8A:9D:BB:30:AB:D2:B9:FA:29:BF:A8:80:42:20:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lV_PknmKnbswq9K5-im_qIBCIPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/EoYtqT19_jZmc_n7cEwpjSGtOsU.roa
Signing time:             Thu 02 Jan 2025 05:48:28 +0000
ROA not before:           Thu 02 Jan 2025 05:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209433
IP address blocks:        45.86.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/lV_PknmKnbswq9K5-im_qIBCIPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/lV_PknmKnbswq9K5-im_qIBCIPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lV_PknmKnbswq9K5-im_qIBCIPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:e0:bc:ac:a5:91:22:b6:0d:d8:64:98:b5:5b:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=955fcf92798a9dbb30abd2b9fa29bfa8804220f3
        Validity
            Not Before: Jan  2 05:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=12862da93d7dfe366673f9fb704c298d21ad3ac5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d1:a9:56:5d:f8:c3:2e:d1:d9:95:3a:cc:b5:
                    0a:42:52:bd:d9:98:3d:2f:40:99:7e:28:20:66:44:
                    d1:78:33:61:dd:88:38:22:2d:0a:82:50:ae:66:2f:
                    f8:df:f3:30:ae:7e:cb:97:bb:f0:a9:08:92:b8:8d:
                    d0:b6:b1:aa:6a:f9:79:f0:44:69:cf:b2:7e:db:fd:
                    c3:01:3c:11:c4:0f:15:9e:e8:64:20:78:4f:a6:b1:
                    aa:8c:49:40:aa:a6:c1:ed:09:a9:65:17:c3:32:74:
                    ca:27:d2:67:66:02:af:c1:0a:0f:fc:3e:ec:3f:98:
                    ab:97:4c:4c:1d:ae:0d:fa:b4:7d:90:2b:64:fd:30:
                    56:00:2a:50:8d:33:5f:97:db:18:e5:26:a1:e8:6c:
                    39:1c:2c:68:ce:dd:c0:94:53:cf:62:f1:db:11:13:
                    cc:f6:f8:5e:e3:df:0a:7b:22:4e:a1:88:b4:c5:73:
                    42:16:5b:89:60:42:c6:b0:c6:8f:5e:69:67:44:25:
                    d1:a6:f8:d0:1e:1b:75:8c:b0:20:1e:30:bb:d0:65:
                    bc:07:bb:ed:f7:0f:ec:b8:7e:04:58:fe:69:36:f1:
                    c8:81:b2:e7:1c:e8:47:7f:82:2f:6b:8b:42:72:07:
                    80:82:fa:6e:e3:9b:b3:ba:6b:8b:a7:19:43:e9:eb:
                    52:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:86:2D:A9:3D:7D:FE:36:66:73:F9:FB:70:4C:29:8D:21:AD:3A:C5
            X509v3 Authority Key Identifier:
                keyid:95:5F:CF:92:79:8A:9D:BB:30:AB:D2:B9:FA:29:BF:A8:80:42:20:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lV_PknmKnbswq9K5-im_qIBCIPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/EoYtqT19_jZmc_n7cEwpjSGtOsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/lV_PknmKnbswq9K5-im_qIBCIPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:4a:15:e2:fe:41:22:3b:8d:6d:54:94:75:a2:c0:89:9c:a6:
         72:d3:63:56:c6:1b:8d:21:6a:16:a2:1d:40:f7:2e:55:bc:b5:
         d5:ec:cf:85:86:bf:38:10:c1:fe:bc:18:62:6e:53:52:5c:45:
         0f:a1:dd:19:03:0f:52:3d:68:02:c4:d1:e3:f4:96:fd:5a:9a:
         35:e8:c6:92:ec:71:7d:f6:ba:91:ae:59:dd:71:6f:86:e9:31:
         8a:33:4d:33:9c:5a:5d:c7:3b:02:d2:f4:ed:24:6e:88:43:46:
         47:49:ff:d0:e0:65:d1:4d:ee:6b:fd:05:4c:6a:e4:34:85:b0:
         f7:4a:5e:75:11:a1:d5:fc:49:d9:bd:9a:f0:cf:3f:ef:59:a2:
         2c:38:7f:8c:55:c0:08:8d:a6:78:24:c7:91:12:1c:a5:be:5c:
         07:5d:d8:dd:fa:fd:00:53:5c:43:63:fe:4a:14:03:15:f5:37:
         e2:bf:08:61:78:de:ad:0c:69:05:4c:b5:19:3c:54:4a:e3:dc:
         f1:ad:ad:a3:24:d8:5f:7a:e3:55:de:a8:ee:d5:e6:14:7b:c0:
         47:e2:39:62:dd:7d:dd:0f:32:45:0f:3d:fb:c4:7c:f9:ac:c3:
         e0:9d:32:25:26:6f:1b:f1:9a:48:3b:e2:f6:f9:49:d0:35:93:
         af:10:7c:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljuC8rKWRIrYN2GSYtVtKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NWZjZjkyNzk4YTlkYmIzMGFiZDJiOWZhMjliZmE4ODA0
MjIwZjMwHhcNMjUwMTAyMDU0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjg2MmRhOTNkN2RmZTM2NjY3M2Y5ZmI3MDRjMjk4ZDIxYWQzYWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttGpVl34wy7R2ZU6zLUKQlK92Zg9
L0CZfiggZkTReDNh3Yg4Ii0KglCuZi/43/Mwrn7Ll7vwqQiSuI3QtrGqavl58ERp
z7J+2/3DATwRxA8VnuhkIHhPprGqjElAqqbB7QmpZRfDMnTKJ9JnZgKvwQoP/D7s
P5irl0xMHa4N+rR9kCtk/TBWACpQjTNfl9sY5Sah6Gw5HCxozt3AlFPPYvHbERPM
9vhe498KeyJOoYi0xXNCFluJYELGsMaPXmlnRCXRpvjQHht1jLAgHjC70GW8B7vt
9w/suH4EWP5pNvHIgbLnHOhHf4Iva4tCcgeAgvpu45uzumuLpxlD6etS+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKGLak9ff42ZnP5+3BMKY0hrTrFMB8GA1UdIwQY
MBaAFJVfz5J5ip27MKvSufopv6iAQiDzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFZfUGtubUtuYnN3cTlLNS1pbV9xSUJDSVBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9kZjE0MGEtMGFjMy00MTA1LWI4M2Et
MDUxODg2ZDBlZDRlLzEvRW9ZdHFUMTlfalptY19uN2NFd3BqU0d0T3NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9kZjE0MGEtMGFjMy00MTA1LWI4M2EtMDUxODg2ZDBlZDRl
LzEvbFZfUGtubUtuYnN3cTlLNS1pbV9xSUJDSVBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVaIMA0G
CSqGSIb3DQEBCwUAA4IBAQAVShXi/kEiO41tVJR1osCJnKZy02NWxhuNIWoWoh1A
9y5VvLXV7M+Fhr84EMH+vBhiblNSXEUPod0ZAw9SPWgCxNHj9Jb9Wpo16MaS7HF9
9rqRrlndcW+G6TGKM00znFpdxzsC0vTtJG6IQ0ZHSf/Q4GXRTe5r/QVMauQ0hbD3
Sl51EaHV/EnZvZrwzz/vWaIsOH+MVcAIjaZ4JMeREhylvlwHXdjd+v0AU1xDY/5K
FAMV9TfivwhheN6tDGkFTLUZPFRK49zxra2jJNhfeuNV3qju1eYUe8BH4jli3X3d
DzJFDz37xHz5rMPgnTIlJm8b8ZpIO+L2+UnQNZOvEHyu
-----END CERTIFICATE-----