Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/11nno4TV9OCTCYbOR_5J_BjHI50.roa
File:                     11nno4TV9OCTCYbOR_5J_BjHI50.roa (raw, json)
Hash identifier:          8tvrpdRC47hZL7cHDq8nH5YIKko8PSiKJjXXk7wbhSE=
Subject key identifier:   D7:59:E7:A3:84:D5:F4:E0:93:09:86:CE:47:FE:49:FC:18:C7:23:9D
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01942369CBFE612CFE36FFE522DE0820CFD1
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/11nno4TV9OCTCYbOR_5J_BjHI50.roa
Signing time:             Wed 01 Jan 2025 19:48:43 +0000
ROA not before:           Wed 01 Jan 2025 19:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48120
IP address blocks:        45.88.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:cb:fe:61:2c:fe:36:ff:e5:22:de:08:20:cf:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 19:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d759e7a384d5f4e0930986ce47fe49fc18c7239d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f1:f9:f2:e0:23:33:1f:56:f4:7b:c9:68:80:
                    0b:96:f9:58:3e:12:7d:b4:ed:6a:1c:34:03:51:8c:
                    e7:88:16:15:05:03:6b:96:d6:ab:e3:20:79:2d:f3:
                    57:6f:f9:88:ea:6b:08:33:ea:02:62:92:e6:02:3f:
                    96:30:61:b4:60:57:f8:6f:04:43:b9:b4:48:15:6b:
                    21:2d:b8:a1:5d:e7:bd:54:69:78:13:7e:7a:7f:71:
                    a1:28:66:fd:ef:ea:67:06:dd:00:19:2c:04:c3:59:
                    80:cb:c5:eb:14:7e:58:9f:f4:72:f1:90:e3:99:57:
                    ab:f0:ee:51:ed:9c:7b:11:07:ed:8a:09:b7:40:af:
                    a6:36:ea:3d:9c:14:42:ab:9a:32:76:57:25:f1:65:
                    7c:3b:54:19:25:3e:07:25:b8:0a:03:26:45:8f:95:
                    82:5d:e9:e6:42:ab:bc:fe:0d:b9:7e:ef:d0:b2:f7:
                    4d:a3:6d:84:4c:e5:21:fe:21:92:b7:dc:74:4f:1b:
                    50:8d:94:c0:10:a5:6e:0f:31:9e:5f:a6:2c:40:18:
                    6d:47:ca:27:f9:94:c0:3a:61:81:52:f9:37:5c:6b:
                    29:47:3f:21:78:4c:35:19:a3:1c:0f:91:8e:19:24:
                    16:05:f9:7c:a8:cc:4e:76:c5:90:ab:2e:cb:a6:6c:
                    a4:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:59:E7:A3:84:D5:F4:E0:93:09:86:CE:47:FE:49:FC:18:C7:23:9D
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/11nno4TV9OCTCYbOR_5J_BjHI50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:32:c0:e1:3a:35:2d:5b:b3:01:79:16:07:d0:76:58:f1:a8:
         eb:76:76:76:b9:c9:7f:5d:e8:aa:df:61:b3:f7:e0:27:f1:89:
         98:83:4f:67:f2:df:0d:d9:d4:5b:9d:e3:5b:f0:6c:4a:49:7d:
         bf:54:c6:29:e2:70:2f:f9:d4:a8:05:e7:82:61:e2:67:7e:85:
         71:6d:13:3a:a0:c0:84:f3:ff:2a:4e:77:bb:aa:13:fc:1d:ec:
         25:23:d9:3d:20:7e:72:f4:97:5f:f5:b8:35:69:88:25:93:c3:
         47:e1:19:e8:7a:0e:fc:6a:78:6d:94:25:00:45:c6:a8:48:24:
         37:58:3d:7e:97:52:b9:bd:b1:55:b8:43:84:2b:f3:d0:e3:a9:
         7f:fa:91:06:5e:b2:3e:fa:71:6d:39:24:b1:23:b1:1e:74:d2:
         dc:9d:ec:9d:64:16:cd:6f:3f:42:b4:9f:29:ab:dd:b7:4d:02:
         0c:00:e5:c8:e1:39:d4:9b:5a:c7:82:6c:33:bd:b3:19:5b:0c:
         e8:8e:6a:c2:4f:32:8c:19:7e:25:9e:b0:9d:4b:8d:e8:fd:fa:
         cf:a1:3f:31:68:34:6f:76:54:e4:5c:b3:55:4c:6e:4f:fc:4e:
         38:d9:47:67:77:1d:9b:7a:74:61:cc:08:cb:0a:50:b4:3e:44:
         bb:0d:15:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjacv+YSz+Nv/lIt4IIM/RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTAxMTk0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzU5ZTdhMzg0ZDVmNGUwOTMwOTg2Y2U0N2ZlNDlmYzE4YzcyMzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/H58uAjMx9W9HvJaIALlvlYPhJ9
tO1qHDQDUYzniBYVBQNrltar4yB5LfNXb/mI6msIM+oCYpLmAj+WMGG0YFf4bwRD
ubRIFWshLbihXee9VGl4E356f3GhKGb97+pnBt0AGSwEw1mAy8XrFH5Yn/Ry8ZDj
mVer8O5R7Zx7EQftigm3QK+mNuo9nBRCq5oydlcl8WV8O1QZJT4HJbgKAyZFj5WC
XenmQqu8/g25fu/QsvdNo22ETOUh/iGSt9x0TxtQjZTAEKVuDzGeX6YsQBhtR8on
+ZTAOmGBUvk3XGspRz8heEw1GaMcD5GOGSQWBfl8qMxOdsWQqy7LpmykWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNdZ56OE1fTgkwmGzkf+SfwYxyOdMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvMTFubm80VFY5T0NUQ1liT1JfNUpfQmpISTUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVjSMA0G
CSqGSIb3DQEBCwUAA4IBAQBDMsDhOjUtW7MBeRYH0HZY8ajrdnZ2ucl/Xeiq32Gz
9+An8YmYg09n8t8N2dRbneNb8GxKSX2/VMYp4nAv+dSoBeeCYeJnfoVxbRM6oMCE
8/8qTne7qhP8HewlI9k9IH5y9Jdf9bg1aYglk8NH4Rnoeg78anhtlCUARcaoSCQ3
WD1+l1K5vbFVuEOEK/PQ46l/+pEGXrI++nFtOSSxI7EedNLcneydZBbNbz9CtJ8p
q923TQIMAOXI4TnUm1rHgmwzvbMZWwzojmrCTzKMGX4lnrCdS43o/frPoT8xaDRv
dlTkXLNVTG5P/E442Udndx2benRhzAjLClC0PkS7DRUW
-----END CERTIFICATE-----