Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/0EaNrCUku3zmYAlQDUDzn6v2BII.roa
File:                     0EaNrCUku3zmYAlQDUDzn6v2BII.roa (raw, json)
Hash identifier:          ftzSd+m3WbKh9woBexxQyHXNGGLbencgrX80eFZ32Eg=
Subject key identifier:   D0:46:8D:AC:25:24:BB:7C:E6:60:09:50:0D:40:F3:9F:AB:F6:04:82
Certificate issuer:       /CN=c8d5e37178d8524c72660a1d796165999e586622
Certificate serial:       019427B5BF43103821EE24A6404317BE4421
Authority key identifier: C8:D5:E3:71:78:D8:52:4C:72:66:0A:1D:79:61:65:99:9E:58:66:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/0EaNrCUku3zmYAlQDUDzn6v2BII.roa
Signing time:             Thu 02 Jan 2025 15:50:09 +0000
ROA not before:           Thu 02 Jan 2025 15:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198521
IP address blocks:        45.15.52.0/24 maxlen: 32
                          45.15.54.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:bf:43:10:38:21:ee:24:a6:40:43:17:be:44:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8d5e37178d8524c72660a1d796165999e586622
        Validity
            Not Before: Jan  2 15:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0468dac2524bb7ce66009500d40f39fabf60482
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:20:37:07:53:c5:6c:d6:be:ab:05:ae:d4:16:
                    e3:f5:04:53:f1:54:bf:f4:4f:2c:ae:34:3f:c0:02:
                    66:e0:21:83:86:ed:9b:86:bc:01:6e:d9:55:5d:7d:
                    7a:50:72:2b:50:f3:61:c3:de:70:35:07:4e:74:3e:
                    0f:bb:7d:90:a7:45:bf:47:5a:6b:da:78:f2:90:02:
                    cf:2f:d1:7e:c6:2f:d9:23:46:84:cc:03:f1:58:38:
                    6b:fc:8a:5b:9f:1c:87:50:87:82:ec:e0:8f:a9:19:
                    8a:38:fe:23:c2:3c:a9:2e:b6:bd:9c:2d:73:71:d2:
                    a8:ae:b6:51:5a:6f:de:fb:0a:78:4b:ef:fe:41:fc:
                    9c:1f:09:59:a9:2f:14:63:58:b7:0b:b5:60:24:72:
                    cb:87:c9:55:0c:af:ac:25:54:65:8f:99:36:b6:60:
                    9d:1b:53:32:ab:dc:78:c5:5c:91:d5:fd:a3:e9:c0:
                    e1:34:a9:08:b3:c4:95:38:b2:c0:eb:95:6d:33:02:
                    d4:4c:93:42:db:76:c9:fe:22:2b:41:52:eb:4f:f0:
                    3f:7c:f9:cd:07:dd:8c:2a:49:28:3d:52:fa:03:4e:
                    21:96:93:6b:13:fc:bf:15:fc:ee:cb:c9:90:42:11:
                    58:18:e9:7a:4e:0d:a7:ad:e8:6c:02:bc:e9:4e:a3:
                    37:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:46:8D:AC:25:24:BB:7C:E6:60:09:50:0D:40:F3:9F:AB:F6:04:82
            X509v3 Authority Key Identifier:
                keyid:C8:D5:E3:71:78:D8:52:4C:72:66:0A:1D:79:61:65:99:9E:58:66:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/0EaNrCUku3zmYAlQDUDzn6v2BII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.52.0/24
                  45.15.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:3b:10:96:93:bd:ea:65:3b:78:30:d2:da:f9:ce:a9:a7:d5:
         18:3d:52:bc:23:d7:02:8c:fb:90:1e:d9:f8:29:29:7a:65:67:
         e4:df:53:7d:44:01:70:04:a4:9f:a6:e9:3f:ed:11:e5:c4:a6:
         b8:d1:23:2b:a2:6a:6d:f3:57:43:00:76:28:45:8e:ff:d7:37:
         e9:73:9b:da:d9:6f:35:ac:92:ec:81:42:d6:e8:23:fb:09:99:
         5b:1e:c3:c3:2e:0f:17:3f:ed:07:a4:f1:12:a2:93:e4:eb:58:
         e8:41:63:f2:cf:8e:3a:d5:60:f0:73:6e:c8:34:eb:f1:1f:bc:
         83:b6:39:20:fd:40:65:b7:ee:71:f9:a5:8b:13:ea:cb:b2:fb:
         19:d2:56:5e:1c:d4:ae:e2:45:d2:07:dd:77:82:8c:62:08:c8:
         c7:b3:a1:ba:9c:dc:3b:a7:77:65:c5:67:c8:7c:63:1d:28:fb:
         c7:73:a8:86:f0:95:03:d4:47:7a:db:c5:4d:d9:e3:74:6d:1c:
         de:04:8c:de:fd:73:6e:80:e7:49:32:f3:75:ae:f5:1e:1f:23:
         bb:b8:f4:ac:7d:24:ad:f1:23:7c:a3:62:a7:de:16:1c:30:d5:
         a6:02:d8:4d:e4:d1:75:d6:84:ab:f9:74:a7:8c:6e:17:f7:e8:
         4a:60:da:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntb9DEDgh7iSmQEMXvkQhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZDVlMzcxNzhkODUyNGM3MjY2MGExZDc5NjE2NTk5OWU1
ODY2MjIwHhcNMjUwMTAyMTU1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDQ2OGRhYzI1MjRiYjdjZTY2MDA5NTAwZDQwZjM5ZmFiZjYwNDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyA3B1PFbNa+qwWu1Bbj9QRT8VS/
9E8srjQ/wAJm4CGDhu2bhrwBbtlVXX16UHIrUPNhw95wNQdOdD4Pu32Qp0W/R1pr
2njykALPL9F+xi/ZI0aEzAPxWDhr/IpbnxyHUIeC7OCPqRmKOP4jwjypLra9nC1z
cdKorrZRWm/e+wp4S+/+QfycHwlZqS8UY1i3C7VgJHLLh8lVDK+sJVRlj5k2tmCd
G1Myq9x4xVyR1f2j6cDhNKkIs8SVOLLA65VtMwLUTJNC23bJ/iIrQVLrT/A/fPnN
B92MKkkoPVL6A04hlpNrE/y/Ffzuy8mQQhFYGOl6Tg2nrehsArzpTqM3LwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNBGjawlJLt85mAJUA1A85+r9gSCMB8GA1UdIwQY
MBaAFMjV43F42FJMcmYKHXlhZZmeWGYiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU5YamNYallVa3h5WmdvZGVXRmxtWjVZWmlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9iNTRjYTMtNzNkNS00OTg0LTg3ODIt
OWUwYWVkMmZiOGVjLzEvMEVhTnJDVWt1M3ptWUFsUURVRHpuNnYyQklJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9iNTRjYTMtNzNkNS00OTg0LTg3ODItOWUwYWVkMmZiOGVj
LzEveU5YamNYallVa3h5WmdvZGVXRmxtWjVZWmlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQ80AwQB
LQ82MA0GCSqGSIb3DQEBCwUAA4IBAQBfOxCWk73qZTt4MNLa+c6pp9UYPVK8I9cC
jPuQHtn4KSl6ZWfk31N9RAFwBKSfpuk/7RHlxKa40SMrompt81dDAHYoRY7/1zfp
c5va2W81rJLsgULW6CP7CZlbHsPDLg8XP+0HpPESopPk61joQWPyz4461WDwc27I
NOvxH7yDtjkg/UBlt+5x+aWLE+rLsvsZ0lZeHNSu4kXSB913goxiCMjHs6G6nNw7
p3dlxWfIfGMdKPvHc6iG8JUD1Ed628VN2eN0bRzeBIze/XNugOdJMvN1rvUeHyO7
uPSsfSSt8SN8o2Kn3hYcMNWmAthN5NF11oSr+XSnjG4X9+hKYNpk
-----END CERTIFICATE-----