Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/VIAEJyAVRK1Cqz0QDFm6dSl2YSQ.roa
File:                     VIAEJyAVRK1Cqz0QDFm6dSl2YSQ.roa (raw, json)
Hash identifier:          N1vnYX0ybuRpIzWGyVykJHoWj1kQEfOnCzVUd4ptXkA=
Subject key identifier:   54:80:04:27:20:15:44:AD:42:AB:3D:10:0C:59:BA:75:29:76:61:24
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01948EA8118DFA12210E3D6853A127477FE7
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/VIAEJyAVRK1Cqz0QDFm6dSl2YSQ.roa
Signing time:             Wed 22 Jan 2025 15:36:06 +0000
ROA not before:           Wed 22 Jan 2025 15:36:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14616
IP address blocks:        45.153.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:8e:a8:11:8d:fa:12:21:0e:3d:68:53:a1:27:47:7f:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan 22 15:36:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54800427201544ad42ab3d100c59ba7529766124
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:95:c2:96:78:cc:4b:c8:09:47:07:95:74:f3:
                    94:bc:f3:46:95:6f:de:71:da:33:bf:cb:6e:91:eb:
                    0d:23:2c:d5:fe:c0:3c:b4:58:c5:95:dd:5d:9f:99:
                    36:40:30:a1:8d:0a:a4:18:5d:82:37:68:84:33:cf:
                    5e:9a:c0:b0:fe:b4:1e:b9:67:12:38:f6:9a:bd:6a:
                    45:41:34:ad:56:b1:ec:1a:11:f4:35:a6:4b:2c:b4:
                    e3:b4:ea:8d:c9:79:a7:07:77:43:94:43:d5:b2:85:
                    d3:8c:8a:33:72:22:3a:73:fa:74:a8:1e:64:83:ba:
                    59:53:39:e6:ed:62:4e:81:2d:c4:b7:24:e4:30:d3:
                    9b:d5:f6:8f:9e:00:ad:f6:6f:0c:8e:ff:4f:d5:7c:
                    12:b4:de:77:47:b6:7f:6e:96:56:92:85:11:08:c8:
                    3c:b6:cc:2c:62:64:c5:1a:68:8b:ac:c9:8c:5d:b7:
                    5a:11:e9:77:5d:7c:cc:99:63:2e:1c:af:0a:22:e2:
                    1a:a1:1a:54:b5:b9:a4:74:f4:ee:c0:4d:c6:87:e8:
                    d5:5c:cc:a6:4a:d6:fe:f6:a3:df:fa:83:da:0f:86:
                    fc:fa:38:34:35:f8:09:e4:4e:a8:6a:f7:37:59:77:
                    24:40:58:f8:23:03:36:01:49:89:be:11:13:bb:c5:
                    ec:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:80:04:27:20:15:44:AD:42:AB:3D:10:0C:59:BA:75:29:76:61:24
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/VIAEJyAVRK1Cqz0QDFm6dSl2YSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:d0:ea:68:c7:e3:20:a7:45:40:5b:f7:c0:3f:4e:49:73:32:
         14:2c:46:7c:30:41:47:de:7e:21:cb:8f:01:62:19:c0:57:43:
         02:5c:0b:ff:bf:a3:36:57:7a:ef:d7:4c:1d:a7:5b:01:a2:ed:
         8a:3a:82:5f:42:ff:2f:cf:0f:91:e7:5c:82:a6:13:38:c2:27:
         51:79:92:32:1d:4b:d5:f5:6d:6f:ed:4f:35:1f:30:ac:2d:50:
         03:ee:a8:e6:8d:0e:ba:4d:86:b6:37:ef:ae:f2:18:cc:af:8c:
         96:5e:e1:e2:67:fe:c5:40:a5:67:8e:84:13:a6:bb:0e:70:11:
         18:c9:a6:c8:4f:14:9d:21:83:74:0e:59:0c:50:e5:53:5c:2d:
         52:c0:74:f1:fb:4e:99:6a:24:1e:8f:73:63:87:fe:55:ee:1c:
         52:2c:34:84:71:7c:56:25:41:08:5b:d1:22:86:e0:15:ab:20:
         67:39:6c:6b:8c:f5:4f:78:57:3c:8a:84:58:51:c8:67:52:46:
         e5:fe:ca:2b:9d:0c:85:3f:51:61:c1:d5:ac:f4:29:87:39:d8:
         d0:16:c2:e2:9c:69:30:b0:1c:75:e6:f4:42:c8:c2:20:75:d2:
         ba:7d:e3:a7:42:f6:27:69:38:20:b3:89:1e:01:aa:a7:fa:10:
         fb:91:60:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSOqBGN+hIhDj1oU6EnR3/nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTIyMTUzNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDgwMDQyNzIwMTU0NGFkNDJhYjNkMTAwYzU5YmE3NTI5NzY2MTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJXClnjMS8gJRweVdPOUvPNGlW/e
cdozv8tukesNIyzV/sA8tFjFld1dn5k2QDChjQqkGF2CN2iEM89emsCw/rQeuWcS
OPaavWpFQTStVrHsGhH0NaZLLLTjtOqNyXmnB3dDlEPVsoXTjIozciI6c/p0qB5k
g7pZUznm7WJOgS3EtyTkMNOb1faPngCt9m8Mjv9P1XwStN53R7Z/bpZWkoURCMg8
tswsYmTFGmiLrMmMXbdaEel3XXzMmWMuHK8KIuIaoRpUtbmkdPTuwE3Gh+jVXMym
Stb+9qPf+oPaD4b8+jg0NfgJ5E6oavc3WXckQFj4IwM2AUmJvhETu8XsTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFSABCcgFUStQqs9EAxZunUpdmEkMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvVklBRUp5QVZSSzFDcXowUURGbTZkU2wyWVNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZnkMA0G
CSqGSIb3DQEBCwUAA4IBAQAB0Opox+Mgp0VAW/fAP05JczIULEZ8MEFH3n4hy48B
YhnAV0MCXAv/v6M2V3rv10wdp1sBou2KOoJfQv8vzw+R51yCphM4widReZIyHUvV
9W1v7U81HzCsLVAD7qjmjQ66TYa2N++u8hjMr4yWXuHiZ/7FQKVnjoQTprsOcBEY
yabITxSdIYN0DlkMUOVTXC1SwHTx+06ZaiQej3Njh/5V7hxSLDSEcXxWJUEIW9Ei
huAVqyBnOWxrjPVPeFc8ioRYUchnUkbl/sornQyFP1FhwdWs9CmHOdjQFsLinGkw
sBx15vRCyMIgddK6feOnQvYnaTggs4keAaqn+hD7kWBc
-----END CERTIFICATE-----