Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/d8c85e-4198-4869-b9cd-e280b6501704/1/eZTqCsy1o9f-eq_FZSRPL4-aBD8.roa
File:                     eZTqCsy1o9f-eq_FZSRPL4-aBD8.roa (raw, json)
Hash identifier:          cQOdS5lB0S1LA9krJg3sdASUyUTn/NkoA0OQ3se0FuM=
Subject key identifier:   79:94:EA:0A:CC:B5:A3:D7:FE:7A:AF:C5:65:24:4F:2F:8F:9A:04:3F
Certificate issuer:       /CN=52702cdee043094ac2f33170125f94f7034da8f0
Certificate serial:       019421B1B4B815E8E636B8DDF74A4311337E
Authority key identifier: 52:70:2C:DE:E0:43:09:4A:C2:F3:31:70:12:5F:94:F7:03:4D:A8:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UnAs3uBDCUrC8zFwEl-U9wNNqPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/d8c85e-4198-4869-b9cd-e280b6501704/1/eZTqCsy1o9f-eq_FZSRPL4-aBD8.roa
Signing time:             Wed 01 Jan 2025 11:48:01 +0000
ROA not before:           Wed 01 Jan 2025 11:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59521
IP address blocks:        45.80.38.0/23 maxlen: 24
                          185.171.128.0/22 maxlen: 24
                          2a0a:f700::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/d8c85e-4198-4869-b9cd-e280b6501704/1/UnAs3uBDCUrC8zFwEl-U9wNNqPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/d8c85e-4198-4869-b9cd-e280b6501704/1/UnAs3uBDCUrC8zFwEl-U9wNNqPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UnAs3uBDCUrC8zFwEl-U9wNNqPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 11:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:b4:b8:15:e8:e6:36:b8:dd:f7:4a:43:11:33:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52702cdee043094ac2f33170125f94f7034da8f0
        Validity
            Not Before: Jan  1 11:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7994ea0accb5a3d7fe7aafc565244f2f8f9a043f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:9d:7e:02:73:2e:1d:b5:4c:fd:58:9a:97:10:
                    30:f4:5a:fc:4d:aa:f5:36:9f:ff:4d:9e:16:76:b8:
                    e9:d7:b8:71:cb:96:5b:69:ce:41:bc:51:3a:88:e4:
                    11:3c:f0:fb:f3:c6:cb:52:e4:73:92:07:dc:65:a5:
                    78:e0:f7:ec:7a:11:a4:12:6d:6f:b2:cf:21:5c:e7:
                    7d:07:37:67:b1:ba:2a:12:62:bc:82:02:fd:5e:e8:
                    0b:36:28:55:3f:e8:55:97:b2:d2:de:fb:b0:f2:18:
                    dd:ac:c7:52:50:c5:ac:db:e3:6a:c5:c8:05:aa:cf:
                    ef:19:81:dc:9e:36:5d:b4:ed:e0:f8:df:03:ef:46:
                    84:10:16:aa:c9:a0:79:24:b7:4a:06:01:db:24:87:
                    a6:b6:74:dc:35:95:e0:04:2a:b9:c7:58:6a:d4:69:
                    67:5c:a2:71:42:73:b2:8f:24:95:fa:62:9b:22:4a:
                    31:5c:46:8a:64:fb:71:9e:7f:1c:d8:82:6c:63:e7:
                    88:91:57:03:c1:b3:eb:0b:0e:91:61:de:64:1c:e0:
                    f7:ea:9c:c5:5d:09:35:c7:8e:4a:ed:91:6c:2f:dd:
                    f0:0e:b4:60:ea:a0:6e:8c:62:db:48:f4:a0:51:a3:
                    ba:b5:4d:37:40:aa:bc:dc:a3:4f:61:c3:6e:93:fc:
                    7c:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:94:EA:0A:CC:B5:A3:D7:FE:7A:AF:C5:65:24:4F:2F:8F:9A:04:3F
            X509v3 Authority Key Identifier:
                keyid:52:70:2C:DE:E0:43:09:4A:C2:F3:31:70:12:5F:94:F7:03:4D:A8:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UnAs3uBDCUrC8zFwEl-U9wNNqPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/d8c85e-4198-4869-b9cd-e280b6501704/1/eZTqCsy1o9f-eq_FZSRPL4-aBD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/d8c85e-4198-4869-b9cd-e280b6501704/1/UnAs3uBDCUrC8zFwEl-U9wNNqPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.38.0/23
                  185.171.128.0/22
                IPv6:
                  2a0a:f700::/29

    Signature Algorithm: sha256WithRSAEncryption
         c3:1d:f0:f9:36:66:be:29:dd:23:c1:e8:99:b1:7f:81:6f:60:
         92:f9:ae:b7:f0:53:05:e4:55:a9:33:a7:46:b0:53:f5:99:14:
         c7:a0:4a:39:c2:31:c7:6b:70:f2:06:24:06:7b:5a:44:cd:cb:
         95:93:f0:26:4a:e3:8e:11:ed:f0:35:da:ca:8f:93:7f:49:33:
         30:44:48:63:64:65:45:59:b5:85:66:74:e9:36:c9:3a:9b:62:
         88:56:f7:43:c8:22:d0:4f:28:2a:a8:26:c5:9e:51:49:23:4c:
         12:8d:40:23:3d:ec:6e:98:7f:ef:42:c7:d9:00:9b:1c:62:62:
         51:71:f9:99:b8:51:d9:ce:f0:73:9e:95:11:ef:b0:9e:7e:bb:
         69:67:7a:f6:89:a4:bc:0c:33:28:cc:1b:30:b0:da:3d:3a:f0:
         33:01:91:e7:66:3e:dd:72:cf:20:19:97:c8:aa:0a:54:04:0b:
         a8:20:d3:19:bd:79:ce:91:b0:a2:df:26:f1:b0:f1:e6:80:07:
         9a:1b:0c:dd:43:cb:cb:54:2a:fd:b3:de:67:f4:7e:cd:8f:24:
         a9:d2:de:2e:7f:7e:f2:f1:7e:49:ee:33:c6:d3:d6:49:a1:9b:
         f6:53:24:3e:ea:7b:18:92:26:7f:3e:ee:af:40:b5:d9:f3:c8:
         98:c3:e7:8b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhsbS4FejmNrjd90pDETN+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNzAyY2RlZTA0MzA5NGFjMmYzMzE3MDEyNWY5NGY3MDM0
ZGE4ZjAwHhcNMjUwMTAxMTE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTk0ZWEwYWNjYjVhM2Q3ZmU3YWFmYzU2NTI0NGYyZjhmOWEwNDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3p1+AnMuHbVM/VialxAw9Fr8Tar1
Np//TZ4Wdrjp17hxy5Zbac5BvFE6iOQRPPD788bLUuRzkgfcZaV44PfsehGkEm1v
ss8hXOd9BzdnsboqEmK8ggL9XugLNihVP+hVl7LS3vuw8hjdrMdSUMWs2+NqxcgF
qs/vGYHcnjZdtO3g+N8D70aEEBaqyaB5JLdKBgHbJIemtnTcNZXgBCq5x1hq1Gln
XKJxQnOyjySV+mKbIkoxXEaKZPtxnn8c2IJsY+eIkVcDwbPrCw6RYd5kHOD36pzF
XQk1x45K7ZFsL93wDrRg6qBujGLbSPSgUaO6tU03QKq83KNPYcNuk/x81QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHmU6grMtaPX/nqvxWUkTy+PmgQ/MB8GA1UdIwQY
MBaAFFJwLN7gQwlKwvMxcBJflPcDTajwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW5BczN1QkRDVXJDOHpGd0VsLVU5d05OcVBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9kOGM4NWUtNDE5OC00ODY5LWI5Y2Qt
ZTI4MGI2NTAxNzA0LzEvZVpUcUNzeTFvOWYtZXFfRlpTUlBMNC1hQkQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9kOGM4NWUtNDE5OC00ODY5LWI5Y2QtZTI4MGI2NTAxNzA0
LzEvVW5BczN1QkRDVXJDOHpGd0VsLVU5d05OcVBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBLVAmAwQC
uauAMA0EAgACMAcDBQMqCvcAMA0GCSqGSIb3DQEBCwUAA4IBAQDDHfD5Nma+Kd0j
weiZsX+Bb2CS+a638FMF5FWpM6dGsFP1mRTHoEo5wjHHa3DyBiQGe1pEzcuVk/Am
SuOOEe3wNdrKj5N/STMwREhjZGVFWbWFZnTpNsk6m2KIVvdDyCLQTygqqCbFnlFJ
I0wSjUAjPexumH/vQsfZAJscYmJRcfmZuFHZzvBznpUR77CefrtpZ3r2iaS8DDMo
zBswsNo9OvAzAZHnZj7dcs8gGZfIqgpUBAuoINMZvXnOkbCi3ybxsPHmgAeaGwzd
Q8vLVCr9s95n9H7NjySp0t4uf37y8X5J7jPG09ZJoZv2UyQ+6nsYkiZ/Pu6vQLXZ
88iYw+eL
-----END CERTIFICATE-----