Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/Eu6WQ9oTjR5VUsT6WpyKQC903o4.roa
File:                     Eu6WQ9oTjR5VUsT6WpyKQC903o4.roa (raw, json)
Hash identifier:          /fZXy32EM2zFQrLM6ToiH9M/hwDNezBrBE5KaIWYSNo=
Subject key identifier:   12:EE:96:43:DA:13:8D:1E:55:52:C4:FA:5A:9C:8A:40:2F:74:DE:8E
Certificate issuer:       /CN=85add8eaaeb3a478d7e5df3e7ee1c323f166bf28
Certificate serial:       0190A1D3DBD7F710E9A7019EC13BCD9EAA5C
Authority key identifier: 85:AD:D8:EA:AE:B3:A4:78:D7:E5:DF:3E:7E:E1:C3:23:F1:66:BF:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/Eu6WQ9oTjR5VUsT6WpyKQC903o4.roa
Signing time:             Thu 11 Jul 2024 12:45:34 +0000
ROA not before:           Thu 11 Jul 2024 12:45:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        45.84.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a1:d3:db:d7:f7:10:e9:a7:01:9e:c1:3b:cd:9e:aa:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85add8eaaeb3a478d7e5df3e7ee1c323f166bf28
        Validity
            Not Before: Jul 11 12:45:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12ee9643da138d1e5552c4fa5a9c8a402f74de8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:06:95:98:a9:a5:81:d4:7c:b7:46:76:98:a0:
                    b3:46:d8:aa:72:de:d2:fc:36:d5:72:7d:2b:1c:c0:
                    cd:e5:d5:7a:ab:a6:5f:fb:9c:e3:74:3a:b5:3f:be:
                    ec:96:71:b2:35:6d:3b:15:27:32:bd:d7:96:85:c7:
                    3b:fd:df:32:1a:6e:02:f9:10:6c:28:ac:f1:75:f1:
                    81:ed:13:02:13:fe:44:44:e4:81:d7:bd:0c:bf:8c:
                    fc:5f:6b:7b:ac:6a:ac:b0:02:b2:c6:17:c1:12:22:
                    05:8b:3d:bc:72:f9:e5:f4:b9:7a:ce:c9:9d:e3:91:
                    2c:1f:53:cb:5d:17:f3:9b:12:47:57:a0:76:34:be:
                    47:03:d7:e8:6f:07:68:2e:b7:fa:04:9a:0d:01:93:
                    da:c2:f9:cf:4c:b0:89:57:07:fc:82:f2:7f:94:12:
                    fe:6b:99:21:0b:fb:86:41:2d:e1:87:3b:72:72:54:
                    ae:e8:49:b8:b9:ce:13:eb:0b:d3:d5:35:c1:b5:03:
                    41:e8:bc:b8:e3:73:96:24:f3:5f:a7:32:c0:bc:9f:
                    28:e0:9a:c4:4b:24:70:1e:0d:de:94:af:c8:16:ce:
                    c0:aa:89:02:56:61:b2:da:ca:35:d6:bb:62:21:c9:
                    80:41:a4:cd:7c:93:62:ee:75:88:d2:fa:7e:f5:d3:
                    91:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:EE:96:43:DA:13:8D:1E:55:52:C4:FA:5A:9C:8A:40:2F:74:DE:8E
            X509v3 Authority Key Identifier:
                keyid:85:AD:D8:EA:AE:B3:A4:78:D7:E5:DF:3E:7E:E1:C3:23:F1:66:BF:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/Eu6WQ9oTjR5VUsT6WpyKQC903o4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:5e:23:12:fd:7f:40:a5:d3:71:a0:b8:9b:16:d5:49:57:29:
         73:74:f3:2d:1f:87:d7:3c:a3:aa:f5:37:46:b1:0a:91:fe:e9:
         0d:e5:1b:63:0c:02:a5:86:b5:d3:f0:bf:88:61:4d:cb:86:36:
         e2:96:28:0d:e7:50:49:03:fb:72:d6:70:fc:21:b5:17:c7:79:
         b6:9a:68:f3:07:b9:89:2a:46:49:4e:69:43:e4:90:9a:8e:70:
         c9:79:21:32:43:6b:04:cb:f6:e3:8f:d1:93:5a:f3:45:84:d1:
         1a:29:d3:87:0d:94:77:7a:85:ec:20:44:d1:53:94:28:fd:9a:
         22:53:07:28:d0:e0:97:9d:a6:f0:5b:79:7e:31:38:ec:85:98:
         71:94:ca:de:6f:75:c0:cb:e2:5b:92:1c:40:54:53:ee:d6:cb:
         5c:78:56:5a:bf:39:ed:72:d2:37:41:bd:fa:05:85:80:66:c8:
         15:06:b2:e8:18:0c:ae:f0:ed:44:58:a2:11:09:05:13:1d:7b:
         2f:4f:14:2f:72:48:50:cb:28:16:70:a3:81:ea:3b:24:3f:22:
         40:07:7f:c5:54:db:64:1a:61:63:68:f9:59:d2:ce:28:fa:9c:
         87:08:76:d6:cd:8f:ac:17:31:f0:0f:dc:92:65:a1:90:be:ca:
         f8:d5:39:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCh09vX9xDppwGewTvNnqpcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YWRkOGVhYWViM2E0NzhkN2U1ZGYzZTdlZTFjMzIzZjE2
NmJmMjgwHhcNMjQwNzExMTI0NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmVlOTY0M2RhMTM4ZDFlNTU1MmM0ZmE1YTljOGE0MDJmNzRkZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzAaVmKmlgdR8t0Z2mKCzRtiqct7S
/DbVcn0rHMDN5dV6q6Zf+5zjdDq1P77slnGyNW07FScyvdeWhcc7/d8yGm4C+RBs
KKzxdfGB7RMCE/5EROSB170Mv4z8X2t7rGqssAKyxhfBEiIFiz28cvnl9Ll6zsmd
45EsH1PLXRfzmxJHV6B2NL5HA9fobwdoLrf6BJoNAZPawvnPTLCJVwf8gvJ/lBL+
a5khC/uGQS3hhztyclSu6Em4uc4T6wvT1TXBtQNB6Ly443OWJPNfpzLAvJ8o4JrE
SyRwHg3elK/IFs7AqokCVmGy2so11rtiIcmAQaTNfJNi7nWI0vp+9dORtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBLulkPaE40eVVLE+lqcikAvdN6OMB8GA1UdIwQY
MBaAFIWt2Oqus6R41+XfPn7hwyPxZr8oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGEzWTZxNnpwSGpYNWQ4LWZ1SERJX0ZtdnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9kNDRkZDAtMDViNy00NDI3LWEwODIt
MWI3ZWMzOGU5ZjQ0LzEvRXU2V1E5b1RqUjVWVXNUNldweUtRQzkwM280LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9kNDRkZDAtMDViNy00NDI3LWEwODItMWI3ZWMzOGU5ZjQ0
LzEvaGEzWTZxNnpwSGpYNWQ4LWZ1SERJX0ZtdnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVTuMA0G
CSqGSIb3DQEBCwUAA4IBAQCmXiMS/X9ApdNxoLibFtVJVylzdPMtH4fXPKOq9TdG
sQqR/ukN5RtjDAKlhrXT8L+IYU3LhjbiligN51BJA/ty1nD8IbUXx3m2mmjzB7mJ
KkZJTmlD5JCajnDJeSEyQ2sEy/bjj9GTWvNFhNEaKdOHDZR3eoXsIETRU5Qo/Zoi
Uwco0OCXnabwW3l+MTjshZhxlMreb3XAy+JbkhxAVFPu1stceFZavzntctI3Qb36
BYWAZsgVBrLoGAyu8O1EWKIRCQUTHXsvTxQvckhQyygWcKOB6jskPyJAB3/FVNtk
GmFjaPlZ0s4o+pyHCHbWzY+sFzHwD9ySZaGQvsr41TnS
-----END CERTIFICATE-----