Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/eKLh6LN7h9cesuh4hNy3r2plP40.roa
File:                     eKLh6LN7h9cesuh4hNy3r2plP40.roa (raw, json)
Hash identifier:          tje8CgfMFmueHhAmG/U0g20Bkm1+2F1vuFDSvx+flmU=
Subject key identifier:   78:A2:E1:E8:B3:7B:87:D7:1E:B2:E8:78:84:DC:B7:AF:6A:65:3F:8D
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422200D78917D7E823FCD3A9C39B1BAFA
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/eKLh6LN7h9cesuh4hNy3r2plP40.roa
Signing time:             Wed 01 Jan 2025 13:48:33 +0000
ROA not before:           Wed 01 Jan 2025 13:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9335
IP address blocks:        45.154.24.0/22 maxlen: 24
                          141.98.16.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:0d:78:91:7d:7e:82:3f:cd:3a:9c:39:b1:ba:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78a2e1e8b37b87d71eb2e87884dcb7af6a653f8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ca:1c:32:d2:44:82:93:01:d3:68:65:0f:68:
                    63:11:3f:0f:62:26:24:79:93:b4:c7:9b:cc:b2:eb:
                    5c:2b:2c:5f:a5:17:d9:bb:81:f6:f6:bd:9c:6c:54:
                    3a:14:01:75:45:1e:b0:cc:c9:7a:db:0e:1d:95:5d:
                    a9:43:46:a8:8b:e6:de:2d:f9:0c:27:26:2c:2d:63:
                    91:b2:80:d3:cf:12:be:e0:16:39:0c:90:53:c8:27:
                    cc:ea:16:19:a3:a0:f9:e8:32:24:9f:64:a5:13:12:
                    73:72:1f:a4:4c:a7:70:40:d4:d7:08:2e:4d:9c:8e:
                    a0:0e:72:f7:c6:57:07:32:c6:f0:37:51:5d:62:3e:
                    a8:05:9b:b2:df:e8:c8:1e:3d:41:f9:da:db:5d:ad:
                    38:9e:03:70:6c:05:6f:1e:ca:10:1d:7a:31:df:d6:
                    5b:15:d8:97:94:cf:da:b7:73:08:f6:bc:45:b8:5e:
                    53:76:97:f9:42:a2:7b:69:27:97:e0:2c:72:47:1b:
                    06:76:30:38:2d:f6:c0:c1:9d:0a:9a:db:4b:5e:ae:
                    07:21:c9:d1:0f:78:c5:5c:f9:a0:6c:37:12:e1:ea:
                    df:5d:bb:21:f4:8e:9a:cb:bd:d0:2a:61:19:af:ba:
                    99:98:54:4c:d6:ce:36:a4:bb:42:e5:87:8d:e4:a0:
                    70:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:A2:E1:E8:B3:7B:87:D7:1E:B2:E8:78:84:DC:B7:AF:6A:65:3F:8D
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/eKLh6LN7h9cesuh4hNy3r2plP40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.24.0/22
                  141.98.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:b7:fe:4d:91:7a:ca:d3:20:c2:2d:89:cd:e9:72:85:f0:38:
         17:58:c0:1c:a5:8c:b5:14:87:6f:5a:4f:7d:56:6f:05:2a:90:
         03:5b:86:7d:fd:e0:36:e4:01:82:3c:fb:08:70:29:9f:aa:48:
         7a:2e:7d:f6:5d:5b:07:10:cf:05:a1:5c:ac:33:cb:e7:95:a1:
         1a:4b:ed:03:a9:21:68:11:fd:b3:36:61:ad:7a:0e:df:c7:1f:
         e4:ad:48:f9:8c:59:0e:ef:36:b4:ff:67:f0:d8:70:2d:f2:18:
         b9:f7:c1:05:e2:46:ab:45:2e:7f:97:09:41:a0:77:b4:52:6c:
         be:0e:98:35:a7:1a:47:4b:86:a2:81:a1:ac:08:3b:ed:0e:b5:
         49:d8:e1:f8:38:65:13:2b:d0:0d:9a:28:d4:fa:37:a0:13:a0:
         13:e9:bc:b8:f1:88:66:d8:8b:05:6e:df:ec:4e:79:20:1d:d1:
         06:38:9c:67:75:bf:75:0b:2c:b8:b9:b7:5f:61:24:c2:ac:74:
         d9:eb:90:69:7f:00:ae:12:13:60:0b:66:d6:ef:42:b1:05:89:
         dd:3e:26:12:7e:b2:16:a4:c9:51:dd:e6:61:de:3e:fa:b2:c1:
         2d:29:13:f9:4b:95:f9:8e:77:61:60:22:e1:1b:ca:80:12:6d:
         87:83:49:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIA14kX1+gj/NOpw5sbr6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGEyZTFlOGIzN2I4N2Q3MWViMmU4Nzg4NGRjYjdhZjZhNjUzZjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsocMtJEgpMB02hlD2hjET8PYiYk
eZO0x5vMsutcKyxfpRfZu4H29r2cbFQ6FAF1RR6wzMl62w4dlV2pQ0aoi+beLfkM
JyYsLWORsoDTzxK+4BY5DJBTyCfM6hYZo6D56DIkn2SlExJzch+kTKdwQNTXCC5N
nI6gDnL3xlcHMsbwN1FdYj6oBZuy3+jIHj1B+drbXa04ngNwbAVvHsoQHXox39Zb
FdiXlM/at3MI9rxFuF5Tdpf5QqJ7aSeX4CxyRxsGdjA4LfbAwZ0KmttLXq4HIcnR
D3jFXPmgbDcS4erfXbsh9I6ay73QKmEZr7qZmFRM1s42pLtC5YeN5KBwnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHii4eize4fXHrLoeITct69qZT+NMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZUtMaDZMTjdoOWNlc3VoNGhOeTNyMnBsUDQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZoYAwQC
jWIQMA0GCSqGSIb3DQEBCwUAA4IBAQAEt/5NkXrK0yDCLYnN6XKF8DgXWMAcpYy1
FIdvWk99Vm8FKpADW4Z9/eA25AGCPPsIcCmfqkh6Ln32XVsHEM8FoVysM8vnlaEa
S+0DqSFoEf2zNmGteg7fxx/krUj5jFkO7za0/2fw2HAt8hi598EF4karRS5/lwlB
oHe0Umy+Dpg1pxpHS4aigaGsCDvtDrVJ2OH4OGUTK9ANmijU+jegE6AT6by48Yhm
2IsFbt/sTnkgHdEGOJxndb91Cyy4ubdfYSTCrHTZ65BpfwCuEhNgC2bW70KxBYnd
PiYSfrIWpMlR3eZh3j76ssEtKRP5S5X5jndhYCLhG8qAEm2Hg0kA
-----END CERTIFICATE-----