Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/0de8ShCx1WCAspVbn4ZHkROUSXM.roa
File:                     0de8ShCx1WCAspVbn4ZHkROUSXM.roa (raw, json)
Hash identifier:          sRsf74rT+7xYHAC9ATir6CQbZqDebyZoss1xu39bXDg=
Subject key identifier:   D1:D7:BC:4A:10:B1:D5:60:80:B2:95:5B:9F:86:47:91:13:94:49:73
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01942369C59B1CE914745386962749C3E136
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/0de8ShCx1WCAspVbn4ZHkROUSXM.roa
Signing time:             Wed 01 Jan 2025 19:48:41 +0000
ROA not before:           Wed 01 Jan 2025 19:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35751
IP address blocks:        45.133.32.0/22 maxlen: 22
                          193.56.188.0/24 maxlen: 24
                          193.56.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:c5:9b:1c:e9:14:74:53:86:96:27:49:c3:e1:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 19:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1d7bc4a10b1d56080b2955b9f86479113944973
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:0e:31:4d:7f:c3:e1:26:60:38:34:e5:83:6b:
                    d9:61:fa:bd:8d:30:f0:00:73:4d:ff:65:0b:62:f4:
                    e4:e6:81:89:fd:dc:da:0c:06:a8:2c:21:ec:80:15:
                    b3:5a:7a:9b:10:1a:29:05:05:b2:3c:16:0b:c7:ae:
                    25:b9:f0:7b:e0:ff:fd:c1:7a:d3:3f:12:c1:f7:11:
                    ef:d9:1d:8f:e2:8d:88:47:b7:17:8e:5c:36:93:bd:
                    a7:83:a5:64:22:4b:e5:e8:a1:32:fc:f1:9a:3c:a9:
                    9d:dc:5c:a5:f0:82:0e:8d:67:f4:76:36:ef:9b:9d:
                    33:a2:cb:b0:b2:e8:74:98:ec:9e:c4:f9:b8:72:b2:
                    1f:70:3e:47:b8:38:ee:06:3f:f4:ac:d6:2c:d3:82:
                    45:eb:f6:20:73:7f:d2:52:c6:8a:7c:f4:66:28:85:
                    e7:f9:42:7e:d9:91:d6:3d:97:b2:5a:04:08:56:29:
                    0f:0f:ab:6f:e2:9c:00:68:28:44:a1:eb:83:de:3b:
                    69:33:78:23:3c:96:d3:f6:18:28:b2:23:c2:85:0d:
                    cb:61:3c:65:0a:cd:db:92:b5:9b:62:dd:c2:ec:7c:
                    46:23:19:dc:f3:e5:d4:06:e6:38:da:ad:68:fe:83:
                    15:14:a9:d0:82:63:5d:1d:7c:02:82:2d:c9:77:28:
                    bd:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:D7:BC:4A:10:B1:D5:60:80:B2:95:5B:9F:86:47:91:13:94:49:73
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/0de8ShCx1WCAspVbn4ZHkROUSXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.32.0/22
                  193.56.188.0/24
                  193.56.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:2d:0c:84:ec:b4:cb:58:ec:65:22:9f:ee:82:e6:06:c1:f1:
         a6:04:ed:b0:31:2b:78:a4:93:a3:59:4f:94:73:34:1c:3e:9d:
         7a:d8:96:5f:93:3d:00:a9:50:ae:0a:16:77:78:01:56:ef:27:
         33:88:0f:a4:73:84:e7:e1:25:f0:43:3e:bd:13:45:e0:76:fd:
         e4:b8:32:d2:ff:41:56:ae:9b:1d:07:ab:8d:36:dc:f2:64:be:
         83:ee:e4:20:a7:40:a9:33:9f:b1:8f:51:d5:22:f1:fb:b4:0c:
         5a:35:0f:7b:05:6f:b4:89:46:8d:7d:e3:c8:0c:85:e0:85:c2:
         79:4f:86:bc:a7:fa:2b:b0:10:31:d3:c9:ae:a9:07:2c:d5:f4:
         1a:68:c1:21:35:86:f8:5d:bf:96:6d:e3:a1:bc:7f:2d:59:cc:
         cb:12:eb:3b:05:27:19:55:73:25:6c:af:49:d5:63:69:8b:a7:
         d0:0b:54:c2:4c:c6:b5:c2:25:30:0a:a3:f4:da:f3:eb:84:b4:
         9c:7f:1f:e8:49:d0:51:11:15:7f:63:e3:e7:65:21:cf:19:fb:
         81:4e:b5:a0:a6:aa:a6:1b:60:bb:6c:09:b1:b7:47:42:bd:e8:
         28:f8:90:1f:79:c1:f9:2d:7d:90:be:a5:ac:4b:84:ee:b5:17:
         81:4e:9c:fc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQjacWbHOkUdFOGlidJw+E2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTAxMTk0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWQ3YmM0YTEwYjFkNTYwODBiMjk1NWI5Zjg2NDc5MTEzOTQ0OTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0A4xTX/D4SZgODTlg2vZYfq9jTDw
AHNN/2ULYvTk5oGJ/dzaDAaoLCHsgBWzWnqbEBopBQWyPBYLx64lufB74P/9wXrT
PxLB9xHv2R2P4o2IR7cXjlw2k72ng6VkIkvl6KEy/PGaPKmd3Fyl8IIOjWf0djbv
m50zosuwsuh0mOyexPm4crIfcD5HuDjuBj/0rNYs04JF6/Ygc3/SUsaKfPRmKIXn
+UJ+2ZHWPZeyWgQIVikPD6tv4pwAaChEoeuD3jtpM3gjPJbT9hgosiPChQ3LYTxl
Cs3bkrWbYt3C7HxGIxnc8+XUBuY42q1o/oMVFKnQgmNdHXwCgi3Jdyi9hwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNHXvEoQsdVggLKVW5+GR5ETlElzMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvMGRlOFNoQ3gxV0NBc3BWYm40WkhrUk9VU1hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLYUgAwQA
wTi8AwQAwTi+MA0GCSqGSIb3DQEBCwUAA4IBAQBtLQyE7LTLWOxlIp/uguYGwfGm
BO2wMSt4pJOjWU+UczQcPp162JZfkz0AqVCuChZ3eAFW7ycziA+kc4Tn4SXwQz69
E0Xgdv3kuDLS/0FWrpsdB6uNNtzyZL6D7uQgp0CpM5+xj1HVIvH7tAxaNQ97BW+0
iUaNfePIDIXghcJ5T4a8p/orsBAx08muqQcs1fQaaMEhNYb4Xb+WbeOhvH8tWczL
Eus7BScZVXMlbK9J1WNpi6fQC1TCTMa1wiUwCqP02vPrhLScfx/oSdBRERV/Y+Pn
ZSHPGfuBTrWgpqqmG2C7bAmxt0dCvego+JAfecH5LX2QvqWsS4TutReBTpz8
-----END CERTIFICATE-----