Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/T1JBRYpntKp-x5NG-Us5z3HLffA.roa
File:                     T1JBRYpntKp-x5NG-Us5z3HLffA.roa (raw, json)
Hash identifier:          6LA5d64jJPj1jpbtek6+X7kxfUdYpdxWjC/2h3sU6hQ=
Subject key identifier:   4F:52:41:45:8A:67:B4:AA:7E:C7:93:46:F9:4B:39:CF:71:CB:7D:F0
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01942369DA71EBC5AA0A2FBE917638F8964E
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/T1JBRYpntKp-x5NG-Us5z3HLffA.roa
Signing time:             Wed 01 Jan 2025 19:48:47 +0000
ROA not before:           Wed 01 Jan 2025 19:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212913
IP address blocks:        45.140.19.0/24 maxlen: 24
                          94.103.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:da:71:eb:c5:aa:0a:2f:be:91:76:38:f8:96:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 19:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f5241458a67b4aa7ec79346f94b39cf71cb7df0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:17:69:4c:a4:a0:5c:1d:f9:2d:b4:52:86:92:
                    af:53:6c:a3:e1:fd:7a:43:33:55:6e:3f:e8:ab:e8:
                    83:0f:89:2a:c4:8f:32:40:09:5a:c5:11:3c:23:5a:
                    61:b0:df:1d:76:6c:4b:c4:f3:3b:0c:2c:56:85:df:
                    9d:12:5a:fb:2d:e1:b6:5c:b4:b5:a5:f1:5b:0b:8c:
                    0a:28:7b:43:68:c7:52:d2:12:93:77:bf:26:7e:37:
                    e6:ec:b2:8b:a3:fd:81:74:b4:3e:21:b8:3e:d9:84:
                    ee:29:92:25:c9:51:c8:84:a3:22:78:26:69:9e:42:
                    54:10:4e:0d:f9:b7:d6:d6:ff:8c:a5:cc:68:dd:39:
                    d8:b8:6f:7e:70:a8:68:e9:ee:2d:e6:88:25:37:15:
                    e5:f2:66:fe:e1:e7:51:99:e8:ea:b7:f6:53:ad:0f:
                    d3:b3:6a:94:32:70:ae:c5:94:69:88:e2:67:fe:62:
                    8e:9a:a9:7e:31:50:62:fa:34:80:8a:a4:60:b9:90:
                    88:5a:e4:88:e4:e4:4b:e6:8b:f8:72:72:e2:9f:f2:
                    c2:a8:c7:bb:cb:9d:64:c1:3a:04:32:93:58:bd:93:
                    40:34:49:a9:56:05:20:07:4b:a0:01:95:38:54:1f:
                    7e:4a:f9:4f:aa:00:fa:40:f3:ca:4e:3f:06:95:7c:
                    2a:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:52:41:45:8A:67:B4:AA:7E:C7:93:46:F9:4B:39:CF:71:CB:7D:F0
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/T1JBRYpntKp-x5NG-Us5z3HLffA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.19.0/24
                  94.103.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:8f:7e:41:07:fa:6a:f9:40:e1:d0:31:0a:5f:24:cb:3b:fc:
         e0:c5:09:8c:87:8d:ce:c7:c3:48:55:81:0a:30:b4:1c:35:fe:
         1d:9d:8e:f3:60:72:b4:54:71:96:13:18:fc:51:5d:98:d7:f2:
         85:ad:41:4f:05:6b:18:d2:df:df:1b:7d:96:f9:6e:b2:90:5d:
         28:cd:fd:fd:81:2d:88:d2:92:02:04:33:4c:60:00:70:aa:f5:
         4a:0d:0d:cc:09:fe:bd:ec:2c:68:4b:b9:ed:af:81:0a:4e:99:
         0a:e3:a6:3b:83:b5:50:01:86:2e:52:c2:52:f2:a8:5c:d5:2d:
         8b:1e:ba:39:59:8c:12:83:cf:82:34:8a:75:c0:b1:6b:2c:be:
         da:f2:ad:c7:ce:23:82:77:92:91:cb:c5:d2:3f:24:32:88:7b:
         af:a5:ff:10:47:1c:ba:4b:c6:8f:01:a2:a6:f5:50:39:3d:93:
         6e:86:16:4c:43:04:80:db:d8:28:b6:82:5a:90:56:f6:f7:60:
         ab:ce:21:2d:42:22:95:22:56:63:42:0c:53:4f:18:28:79:e1:
         b3:3f:7d:48:83:92:bf:fb:9b:ce:78:a8:2d:5f:f0:a7:16:80:
         92:1d:af:93:47:4b:4f:12:da:9f:eb:e5:3b:66:bf:57:82:c6:
         93:db:32:9a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjadpx68WqCi++kXY4+JZOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTAxMTk0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjUyNDE0NThhNjdiNGFhN2VjNzkzNDZmOTRiMzljZjcxY2I3ZGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRdpTKSgXB35LbRShpKvU2yj4f16
QzNVbj/oq+iDD4kqxI8yQAlaxRE8I1phsN8ddmxLxPM7DCxWhd+dElr7LeG2XLS1
pfFbC4wKKHtDaMdS0hKTd78mfjfm7LKLo/2BdLQ+Ibg+2YTuKZIlyVHIhKMieCZp
nkJUEE4N+bfW1v+Mpcxo3TnYuG9+cKho6e4t5oglNxXl8mb+4edRmejqt/ZTrQ/T
s2qUMnCuxZRpiOJn/mKOmql+MVBi+jSAiqRguZCIWuSI5ORL5ov4cnLin/LCqMe7
y51kwToEMpNYvZNANEmpVgUgB0ugAZU4VB9+SvlPqgD6QPPKTj8GlXwq0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE9SQUWKZ7SqfseTRvlLOc9xy33wMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvVDFKQlJZcG50S3AteDVORy1VczV6M0hMZmZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYwTAwQA
Xme3MA0GCSqGSIb3DQEBCwUAA4IBAQCMj35BB/pq+UDh0DEKXyTLO/zgxQmMh43O
x8NIVYEKMLQcNf4dnY7zYHK0VHGWExj8UV2Y1/KFrUFPBWsY0t/fG32W+W6ykF0o
zf39gS2I0pICBDNMYABwqvVKDQ3MCf697CxoS7ntr4EKTpkK46Y7g7VQAYYuUsJS
8qhc1S2LHro5WYwSg8+CNIp1wLFrLL7a8q3HziOCd5KRy8XSPyQyiHuvpf8QRxy6
S8aPAaKm9VA5PZNuhhZMQwSA29gotoJakFb292CrziEtQiKVIlZjQgxTTxgoeeGz
P31Ig5K/+5vOeKgtX/CnFoCSHa+TR0tPEtqf6+U7Zr9XgsaT2zKa
-----END CERTIFICATE-----