Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/EEe4kviaoOaRAlXUsQ8khbzXdfM.roa
File:                     EEe4kviaoOaRAlXUsQ8khbzXdfM.roa (raw, json)
Hash identifier:          T+PjLiW7h53Ujf5UZIxn9gd03FjxCMK/yqiKdbNrdog=
Subject key identifier:   10:47:B8:92:F8:9A:A0:E6:91:02:55:D4:B1:0F:24:85:BC:D7:75:F3
Certificate issuer:       /CN=5fc065098574629d4a7e2d2b2055aa7bf2302fee
Certificate serial:       019422FAE8AF0EB8BE2AA80DB81E9F34532C
Authority key identifier: 5F:C0:65:09:85:74:62:9D:4A:7E:2D:2B:20:55:AA:7B:F2:30:2F:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/EEe4kviaoOaRAlXUsQ8khbzXdfM.roa
Signing time:             Wed 01 Jan 2025 17:47:36 +0000
ROA not before:           Wed 01 Jan 2025 17:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215250
IP address blocks:        45.91.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:e8:af:0e:b8:be:2a:a8:0d:b8:1e:9f:34:53:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fc065098574629d4a7e2d2b2055aa7bf2302fee
        Validity
            Not Before: Jan  1 17:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1047b892f89aa0e6910255d4b10f2485bcd775f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:aa:6e:72:19:88:ec:b7:9f:87:1b:75:a1:66:
                    d6:a1:d8:2f:dc:a2:66:ca:87:41:c7:1e:33:6c:9a:
                    d0:23:65:fb:a2:bc:07:04:1e:97:a4:8f:df:a6:db:
                    94:7a:68:cd:c5:ec:dd:06:1c:1f:26:74:e1:49:a1:
                    28:b7:76:e4:4b:b9:ac:c3:3e:73:78:35:ca:aa:85:
                    cb:1e:ca:8d:de:c6:29:5f:e5:0d:54:45:4e:05:c9:
                    85:db:3d:24:f1:8f:0d:fa:b0:f2:6a:80:13:b8:62:
                    51:fa:94:74:c9:03:80:9f:eb:e7:a0:5d:a2:88:74:
                    85:6d:32:b0:45:ac:38:e6:f0:4a:99:b3:f4:51:c6:
                    45:7a:be:04:8e:71:58:95:93:5e:7b:ea:00:57:f4:
                    47:3b:63:9f:4b:ce:d0:30:38:4d:86:8e:84:40:ea:
                    84:71:b4:21:93:d4:82:d3:63:eb:78:47:09:7c:66:
                    86:9c:e5:20:96:ed:de:1d:e7:28:dd:f6:95:d9:aa:
                    c2:01:24:21:5a:dd:49:88:ec:b1:f6:d0:8b:31:0c:
                    94:ac:bb:4c:89:a2:08:13:31:b3:2e:06:69:51:7d:
                    70:69:6f:49:e5:ab:d3:8e:22:4f:b6:b3:39:ca:99:
                    ef:31:ad:0c:ec:2d:b3:2d:52:d5:56:48:3e:e3:a1:
                    dd:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:47:B8:92:F8:9A:A0:E6:91:02:55:D4:B1:0F:24:85:BC:D7:75:F3
            X509v3 Authority Key Identifier:
                keyid:5F:C0:65:09:85:74:62:9D:4A:7E:2D:2B:20:55:AA:7B:F2:30:2F:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/EEe4kviaoOaRAlXUsQ8khbzXdfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:3c:03:9b:da:16:88:0b:95:ae:d1:a9:60:c0:ee:18:e5:3f:
         aa:f7:62:85:4b:a0:a9:c9:6d:f3:e5:6d:b8:27:76:f1:bb:8f:
         07:0d:51:02:a6:3e:f5:3c:cc:b5:09:bd:52:ba:5b:00:1e:ee:
         26:d8:fa:06:05:6b:b6:c9:34:54:b1:a3:52:69:21:84:39:9a:
         a7:d5:de:70:ab:43:af:2e:c0:88:95:12:e9:3a:c7:75:ae:e0:
         a6:22:90:c0:9a:31:69:1d:67:7e:e2:4d:2b:c2:f1:31:bf:9e:
         7f:8d:6c:cd:ed:26:16:d8:55:0e:ae:9a:9c:93:10:ad:fe:c4:
         91:8b:35:cb:ac:e4:a8:9a:45:99:80:f8:3a:ce:98:f7:09:1f:
         78:69:6b:5d:97:fe:dc:ae:bd:33:ff:a6:5d:56:9f:ad:a4:55:
         cf:65:dc:bc:6d:86:84:0d:fb:86:50:c6:da:15:f6:3d:64:64:
         ef:d8:8e:a8:c9:a1:69:d2:77:ae:06:99:29:b6:04:5f:d9:c7:
         11:9d:4a:6d:cc:f5:33:af:c9:3e:ef:ea:c6:32:26:c0:95:c8:
         f1:5d:b9:ce:af:cd:b9:24:62:f1:b3:bf:4e:ce:0c:90:07:ba:
         19:17:d2:dd:ec:45:aa:53:88:36:20:56:50:ef:e4:60:36:06:
         d9:53:65:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+uivDri+KqgNuB6fNFMsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYzA2NTA5ODU3NDYyOWQ0YTdlMmQyYjIwNTVhYTdiZjIz
MDJmZWUwHhcNMjUwMTAxMTc0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDQ3Yjg5MmY4OWFhMGU2OTEwMjU1ZDRiMTBmMjQ4NWJjZDc3NWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6puchmI7Lefhxt1oWbWodgv3KJm
yodBxx4zbJrQI2X7orwHBB6XpI/fptuUemjNxezdBhwfJnThSaEot3bkS7mswz5z
eDXKqoXLHsqN3sYpX+UNVEVOBcmF2z0k8Y8N+rDyaoATuGJR+pR0yQOAn+vnoF2i
iHSFbTKwRaw45vBKmbP0UcZFer4EjnFYlZNee+oAV/RHO2OfS87QMDhNho6EQOqE
cbQhk9SC02PreEcJfGaGnOUglu3eHeco3faV2arCASQhWt1JiOyx9tCLMQyUrLtM
iaIIEzGzLgZpUX1waW9J5avTjiJPtrM5ypnvMa0M7C2zLVLVVkg+46Hd1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBBHuJL4mqDmkQJV1LEPJIW813XzMB8GA1UdIwQY
MBaAFF/AZQmFdGKdSn4tKyBVqnvyMC/uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDhCbENZVjBZcDFLZmkwcklGV3FlX0l3TC00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9iZmZhMDMtMWNkNi00MDM0LWE3YmQt
ODU3NTk5NjgzYzNlLzEvRUVlNGt2aWFvT2FSQWxYVXNROGtoYnpYZGZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9iZmZhMDMtMWNkNi00MDM0LWE3YmQtODU3NTk5NjgzYzNl
LzEvWDhCbENZVjBZcDFLZmkwcklGV3FlX0l3TC00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVsMMA0G
CSqGSIb3DQEBCwUAA4IBAQBxPAOb2haIC5Wu0algwO4Y5T+q92KFS6CpyW3z5W24
J3bxu48HDVECpj71PMy1Cb1SulsAHu4m2PoGBWu2yTRUsaNSaSGEOZqn1d5wq0Ov
LsCIlRLpOsd1ruCmIpDAmjFpHWd+4k0rwvExv55/jWzN7SYW2FUOrpqckxCt/sSR
izXLrOSomkWZgPg6zpj3CR94aWtdl/7crr0z/6ZdVp+tpFXPZdy8bYaEDfuGUMba
FfY9ZGTv2I6oyaFp0neuBpkptgRf2ccRnUptzPUzr8k+7+rGMibAlcjxXbnOr825
JGLxs79OzgyQB7oZF9Ld7EWqU4g2IFZQ7+RgNgbZU2WG
-----END CERTIFICATE-----