Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/OPxMPHXLCcQ4EgbplesI-It_HZw.roa
File:                     OPxMPHXLCcQ4EgbplesI-It_HZw.roa (raw, json)
Hash identifier:          jTY/bXTFzRrhjhtMHx+sAVKCn3L2roill9SeL+P90Qo=
Subject key identifier:   38:FC:4C:3C:75:CB:09:C4:38:12:06:E9:95:EB:08:F8:8B:7F:1D:9C
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01942369D0F09C377F763AED2B5DC88CB4CE
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/OPxMPHXLCcQ4EgbplesI-It_HZw.roa
Signing time:             Wed 01 Jan 2025 19:48:44 +0000
ROA not before:           Wed 01 Jan 2025 19:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58033
IP address blocks:        45.135.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:d0:f0:9c:37:7f:76:3a:ed:2b:5d:c8:8c:b4:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 19:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38fc4c3c75cb09c4381206e995eb08f88b7f1d9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:34:3f:f7:dc:19:e5:2f:cb:88:89:25:2e:26:
                    a7:47:9f:38:3f:b5:a2:23:c2:0d:61:27:68:f0:c3:
                    4d:02:ab:7e:b1:15:98:80:22:ea:2c:29:a8:f2:b9:
                    37:d3:e7:90:55:39:ab:ea:3e:8e:b2:c7:e5:dd:ac:
                    42:2b:73:fb:35:98:36:ec:ef:7f:d3:2d:75:60:fa:
                    60:c8:e9:3d:6f:e2:dd:3e:b1:ae:1c:b8:43:e5:8e:
                    35:58:45:5a:90:b2:9f:66:93:d2:f0:57:f9:c7:ea:
                    50:62:2b:59:5e:e8:a9:9d:09:f0:8a:db:d3:84:18:
                    75:c8:d5:1a:cb:cb:61:08:9d:da:d4:06:d2:88:dd:
                    99:3d:7c:d6:6e:63:e2:fe:23:42:d8:ba:21:c2:a8:
                    ed:7c:39:a3:6d:c5:80:e3:5b:2b:41:3f:03:be:1e:
                    f4:74:2b:1c:60:26:57:cf:62:1a:db:81:dd:b8:0f:
                    4c:9d:d2:e1:07:37:e2:e4:7b:d6:1c:f6:da:e4:bb:
                    8c:6b:5b:24:97:22:e6:0f:0d:f6:fe:9c:5a:f9:82:
                    98:aa:a1:7a:17:b6:10:83:d3:da:8d:89:c1:2f:98:
                    53:c9:05:27:be:c0:f2:47:d1:5d:8c:7b:ed:35:22:
                    fb:be:61:8f:53:80:1c:f5:e6:c8:74:af:61:e6:67:
                    2d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:FC:4C:3C:75:CB:09:C4:38:12:06:E9:95:EB:08:F8:8B:7F:1D:9C
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/OPxMPHXLCcQ4EgbplesI-It_HZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:e7:fd:8c:e8:cf:51:f4:88:05:59:f7:53:86:a6:f6:3b:23:
         9a:cd:d1:21:1a:6d:b6:8f:a7:e9:4d:47:df:9b:8c:53:6f:99:
         43:6f:93:1a:fb:06:b6:76:87:77:5f:74:8c:4f:a1:82:4f:61:
         41:58:c9:a3:3c:04:df:e8:76:b8:a7:13:d7:78:e2:0f:fa:a3:
         f7:f9:12:9e:4c:5f:23:22:fd:e0:18:4d:c6:9f:5c:6c:d8:bd:
         ce:8e:70:94:43:9e:ae:b0:e7:dd:bd:cb:bb:bc:ce:9c:d3:e8:
         01:c3:8b:0d:ef:6c:5f:a2:82:09:09:61:b4:9d:7f:2f:c1:fb:
         6f:13:53:f0:ed:83:b1:d8:80:ed:a7:d4:bd:75:55:09:42:54:
         41:43:1d:6a:9a:65:e8:8b:f5:92:6b:3e:b5:f0:b6:97:7b:a8:
         7b:96:9c:48:36:5c:a9:1c:70:ca:4c:1b:75:99:47:a2:2b:6b:
         54:51:85:98:3f:e0:19:e5:8e:d9:13:bc:37:00:54:ee:b8:6a:
         d3:e7:a9:38:7f:0b:24:d1:92:8d:50:dd:e0:d1:2d:b2:4b:ab:
         e1:be:5e:c2:39:fb:ed:15:34:f7:6f:b0:1a:77:ca:b9:ea:7d:
         c5:48:de:24:07:72:05:87:cc:04:99:6b:20:a1:e0:25:96:12:
         a9:36:51:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjadDwnDd/djrtK13IjLTOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTAxMTk0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGZjNGMzYzc1Y2IwOWM0MzgxMjA2ZTk5NWViMDhmODhiN2YxZDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTQ/99wZ5S/LiIklLianR584P7Wi
I8INYSdo8MNNAqt+sRWYgCLqLCmo8rk30+eQVTmr6j6Ossfl3axCK3P7NZg27O9/
0y11YPpgyOk9b+LdPrGuHLhD5Y41WEVakLKfZpPS8Ff5x+pQYitZXuipnQnwitvT
hBh1yNUay8thCJ3a1AbSiN2ZPXzWbmPi/iNC2LohwqjtfDmjbcWA41srQT8Dvh70
dCscYCZXz2Ia24HduA9MndLhBzfi5HvWHPba5LuMa1sklyLmDw32/pxa+YKYqqF6
F7YQg9PajYnBL5hTyQUnvsDyR9FdjHvtNSL7vmGPU4Ac9ebIdK9h5mctSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDj8TDx1ywnEOBIG6ZXrCPiLfx2cMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvT1B4TVBIWExDY1E0RWdicGxlc0ktSXRfSFp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYeFMA0G
CSqGSIb3DQEBCwUAA4IBAQBa5/2M6M9R9IgFWfdThqb2OyOazdEhGm22j6fpTUff
m4xTb5lDb5Ma+wa2dod3X3SMT6GCT2FBWMmjPATf6Ha4pxPXeOIP+qP3+RKeTF8j
Iv3gGE3Gn1xs2L3OjnCUQ56usOfdvcu7vM6c0+gBw4sN72xfooIJCWG0nX8vwftv
E1Pw7YOx2IDtp9S9dVUJQlRBQx1qmmXoi/WSaz618LaXe6h7lpxINlypHHDKTBt1
mUeiK2tUUYWYP+AZ5Y7ZE7w3AFTuuGrT56k4fwsk0ZKNUN3g0S2yS6vhvl7COfvt
FTT3b7Aad8q56n3FSN4kB3IFh8wEmWsgoeAllhKpNlHt
-----END CERTIFICATE-----