Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/8ebsjlBIYaW42lwRSLlh5ESHdz0.roa
File:                     8ebsjlBIYaW42lwRSLlh5ESHdz0.roa (raw, json)
Hash identifier:          S8p/MgQxehtZ3Kv+qsghSdX48yKJwhbJ/k4FhUvEI0Y=
Subject key identifier:   F1:E6:EC:8E:50:48:61:A5:B8:DA:5C:11:48:B9:61:E4:44:87:77:3D
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01942369DD13634AFCDDD5B5712309ED1925
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/8ebsjlBIYaW42lwRSLlh5ESHdz0.roa
Signing time:             Wed 01 Jan 2025 19:48:47 +0000
ROA not before:           Wed 01 Jan 2025 19:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214787
IP address blocks:        45.142.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:dd:13:63:4a:fc:dd:d5:b5:71:23:09:ed:19:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 19:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1e6ec8e504861a5b8da5c1148b961e44487773d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b5:8d:96:ca:51:9c:78:36:b8:71:7c:5a:18:
                    82:29:15:5f:5c:03:7d:75:2a:ea:a0:ea:a4:60:c7:
                    0a:75:97:cb:b2:b6:9e:86:7d:62:db:b8:b4:c6:46:
                    bb:33:40:46:81:1f:c9:91:84:f3:a7:0e:95:c0:7e:
                    a2:75:d7:5f:cb:b0:92:e4:fd:05:4c:66:5f:f9:9b:
                    b3:24:df:ed:76:c3:be:06:6b:e6:6d:be:bc:8e:c8:
                    a4:e3:5b:21:d7:f2:ee:af:6d:81:77:ca:cc:17:3b:
                    89:fe:38:88:67:c6:fb:a0:26:12:cd:ed:ba:9c:e5:
                    9e:a3:89:38:be:97:02:99:2f:79:28:fa:e5:3b:f5:
                    38:c8:d6:8c:e6:b7:e7:26:ab:84:52:40:cd:ec:ee:
                    2c:9a:7c:83:39:8e:31:18:2a:f8:c7:fd:86:f7:b1:
                    f4:de:a6:c0:b1:01:e3:df:99:29:44:31:a8:11:cc:
                    ce:c7:47:c0:8c:09:00:11:29:47:1b:da:7e:23:c3:
                    cc:d2:a9:6a:b3:d7:4a:61:62:65:cb:75:f5:bb:2b:
                    73:54:bc:e4:d4:97:8d:bc:d7:a4:f6:1d:84:33:94:
                    f2:cd:b7:d4:a9:ce:3a:b0:4e:6e:c2:33:a5:ad:7b:
                    bb:a3:75:48:fb:4d:76:5e:66:c6:c1:05:23:b3:f2:
                    a0:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:E6:EC:8E:50:48:61:A5:B8:DA:5C:11:48:B9:61:E4:44:87:77:3D
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/8ebsjlBIYaW42lwRSLlh5ESHdz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:06:33:e5:28:4b:1c:41:8c:ab:62:11:23:3b:33:2c:e5:30:
         be:db:62:db:c0:ac:0d:f3:a3:83:9f:e4:d4:17:93:6c:d6:16:
         31:e4:e5:2c:8d:e2:4c:c0:b3:f9:05:ea:09:c2:9e:ec:b2:31:
         a8:0f:81:fa:18:07:75:d8:88:55:7f:76:be:aa:a6:1a:84:3c:
         ed:91:46:05:27:cb:b3:3d:f7:85:4c:e9:4a:eb:2a:5a:2b:af:
         88:1d:8f:7a:d4:42:23:0c:6d:e2:f7:0d:b1:5c:af:92:cb:ee:
         6b:b9:4b:de:06:2f:85:95:cb:31:dc:e2:61:02:28:e4:96:db:
         43:3f:40:5c:74:a7:f6:f2:78:76:1b:90:90:c7:4a:71:89:80:
         05:d2:47:05:59:be:d4:51:0f:fa:fe:e4:75:60:ff:cb:64:19:
         34:07:59:b8:77:3e:23:5f:5e:41:58:1c:0d:22:d2:ed:e0:36:
         48:8b:5c:ec:6b:3c:2a:4f:80:fc:95:e6:1e:a3:cb:df:71:66:
         9f:b6:38:da:e4:90:76:4a:d5:51:87:f7:43:db:07:64:ea:e1:
         d5:a5:f9:41:db:0d:ee:88:19:e5:d3:13:5c:57:12:5f:5a:a9:
         49:66:2c:d0:df:e6:16:4d:6c:f7:5a:c6:37:71:91:95:91:39:
         1a:9a:dc:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjad0TY0r83dW1cSMJ7RklMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTAxMTk0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWU2ZWM4ZTUwNDg2MWE1YjhkYTVjMTE0OGI5NjFlNDQ0ODc3NzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbWNlspRnHg2uHF8WhiCKRVfXAN9
dSrqoOqkYMcKdZfLsraehn1i27i0xka7M0BGgR/JkYTzpw6VwH6idddfy7CS5P0F
TGZf+ZuzJN/tdsO+Bmvmbb68jsik41sh1/Lur22Bd8rMFzuJ/jiIZ8b7oCYSze26
nOWeo4k4vpcCmS95KPrlO/U4yNaM5rfnJquEUkDN7O4smnyDOY4xGCr4x/2G97H0
3qbAsQHj35kpRDGoEczOx0fAjAkAESlHG9p+I8PM0qlqs9dKYWJly3X1uytzVLzk
1JeNvNek9h2EM5TyzbfUqc46sE5uwjOlrXu7o3VI+012XmbGwQUjs/KgFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHm7I5QSGGluNpcEUi5YeREh3c9MB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvOGVic2psQklZYVc0Mmx3UlNMbGg1RVNIZHowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY4tMA0G
CSqGSIb3DQEBCwUAA4IBAQAWBjPlKEscQYyrYhEjOzMs5TC+22LbwKwN86ODn+TU
F5Ns1hYx5OUsjeJMwLP5BeoJwp7ssjGoD4H6GAd12IhVf3a+qqYahDztkUYFJ8uz
PfeFTOlK6ypaK6+IHY961EIjDG3i9w2xXK+Sy+5ruUveBi+Flcsx3OJhAijklttD
P0BcdKf28nh2G5CQx0pxiYAF0kcFWb7UUQ/6/uR1YP/LZBk0B1m4dz4jX15BWBwN
ItLt4DZIi1zsazwqT4D8leYeo8vfcWaftjja5JB2StVRh/dD2wdk6uHVpflB2w3u
iBnl0xNcVxJfWqlJZizQ3+YWTWz3WsY3cZGVkTkamtz/
-----END CERTIFICATE-----