Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/VOYYaorrwYKNf0xls-mZgRORt64.roa
File:                     VOYYaorrwYKNf0xls-mZgRORt64.roa (raw, json)
Hash identifier:          3tsmovsGVw3/eUDNiSECrKzOOkPpsWV2xyfJl+nYzxs=
Subject key identifier:   54:E6:18:6A:8A:EB:C1:82:8D:7F:4C:65:B3:E9:99:81:13:91:B7:AE
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       0191EAF150B20B067F39F3820021FF313213
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/VOYYaorrwYKNf0xls-mZgRORt64.roa
Signing time:             Fri 13 Sep 2024 10:32:49 +0000
ROA not before:           Fri 13 Sep 2024 10:32:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214200
IP address blocks:        45.130.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ea:f1:50:b2:0b:06:7f:39:f3:82:00:21:ff:31:32:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Sep 13 10:32:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54e6186a8aebc1828d7f4c65b3e999811391b7ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b6:35:0c:75:1a:5a:00:d7:5f:ee:6c:fe:33:
                    47:f8:c8:e8:2a:03:9e:cf:25:44:12:b1:02:4f:31:
                    66:4d:5e:c8:78:0d:44:2f:00:83:4c:fd:b1:5c:f2:
                    11:b1:9c:11:f6:f2:bb:0f:03:3e:c2:24:98:52:a8:
                    12:5f:41:f7:15:d2:3d:89:24:3b:8b:4b:b8:3a:19:
                    ea:99:a1:52:16:cd:41:92:83:2b:03:98:6c:5a:b4:
                    4f:0b:ee:e1:9e:8a:a2:8d:e1:55:1b:25:79:61:a7:
                    8d:8d:fd:ac:2d:f6:b5:49:25:b2:10:1f:61:60:df:
                    36:ce:d5:a6:59:a1:31:7d:54:f8:01:3d:d4:75:a0:
                    63:9b:ad:05:a3:8e:5b:d5:c3:34:01:55:e7:34:15:
                    49:a9:a4:ea:a5:fc:c3:2b:a9:d4:b2:1c:58:e8:00:
                    ec:f5:92:9d:30:ae:5e:c2:c4:46:11:43:0a:10:ca:
                    f4:34:ab:1f:0c:0a:93:67:ff:c2:c0:5d:33:cc:e0:
                    25:1b:bd:62:8e:7b:60:62:0f:7f:3f:8a:57:43:d8:
                    3c:bb:14:38:7a:03:1d:d4:f4:b6:e1:2c:c1:ad:9a:
                    c4:09:b7:41:54:f9:2f:81:85:93:69:44:8b:eb:db:
                    3e:d5:bd:0b:de:de:52:43:0f:12:0b:1b:1a:5a:89:
                    98:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:E6:18:6A:8A:EB:C1:82:8D:7F:4C:65:B3:E9:99:81:13:91:B7:AE
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/VOYYaorrwYKNf0xls-mZgRORt64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:b4:93:df:21:cf:46:91:fb:f2:a0:66:c2:be:dd:34:18:af:
         cf:52:14:1e:97:1d:f4:88:30:4e:59:62:3c:ae:db:2f:99:03:
         2d:5b:fd:e1:29:3a:58:89:a2:19:c4:b3:a6:f9:49:e5:43:de:
         73:bb:05:31:0f:b4:34:20:95:30:45:be:22:37:0a:48:71:ad:
         6a:70:e8:97:44:f4:1f:36:fb:b1:e9:16:01:a4:86:4b:72:30:
         a3:fe:88:07:79:fe:4b:76:13:6c:c7:c5:cf:96:80:05:13:c5:
         2d:20:fe:e2:9c:8c:80:48:ab:0d:30:18:ed:e9:40:4a:d6:6f:
         b2:4f:be:c1:0b:24:f1:a0:b0:ec:71:a1:72:73:0e:20:75:2d:
         64:c1:86:c5:9b:13:0d:f2:9d:63:fd:9c:94:15:ea:91:9b:44:
         eb:30:07:52:50:1c:a8:c9:13:c3:c1:6c:10:e7:54:ff:54:39:
         c3:d0:55:41:bb:33:6b:d6:6d:30:cf:13:18:20:fe:56:45:88:
         59:83:05:bb:ab:bb:7e:83:45:99:bb:43:d8:aa:5b:15:e1:c3:
         a7:5d:5d:19:f3:7d:50:fa:f6:4a:69:0e:29:b6:30:b2:e3:1e:
         b1:de:f1:33:8e:73:ce:c8:f5:d8:ad:24:43:9f:fd:75:62:e0:
         08:8e:40:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHq8VCyCwZ/OfOCACH/MTITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwOTEzMTAzMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGU2MTg2YThhZWJjMTgyOGQ3ZjRjNjViM2U5OTk4MTEzOTFiN2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7Y1DHUaWgDXX+5s/jNH+MjoKgOe
zyVEErECTzFmTV7IeA1ELwCDTP2xXPIRsZwR9vK7DwM+wiSYUqgSX0H3FdI9iSQ7
i0u4OhnqmaFSFs1BkoMrA5hsWrRPC+7hnoqijeFVGyV5YaeNjf2sLfa1SSWyEB9h
YN82ztWmWaExfVT4AT3UdaBjm60Fo45b1cM0AVXnNBVJqaTqpfzDK6nUshxY6ADs
9ZKdMK5ewsRGEUMKEMr0NKsfDAqTZ//CwF0zzOAlG71ijntgYg9/P4pXQ9g8uxQ4
egMd1PS24SzBrZrECbdBVPkvgYWTaUSL69s+1b0L3t5SQw8SCxsaWomYGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFTmGGqK68GCjX9MZbPpmYETkbeuMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvVk9ZWWFvcnJ3WUtOZjB4bHMtbVpnUk9SdDY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYKVMA0G
CSqGSIb3DQEBCwUAA4IBAQBatJPfIc9GkfvyoGbCvt00GK/PUhQelx30iDBOWWI8
rtsvmQMtW/3hKTpYiaIZxLOm+UnlQ95zuwUxD7Q0IJUwRb4iNwpIca1qcOiXRPQf
Nvux6RYBpIZLcjCj/ogHef5LdhNsx8XPloAFE8UtIP7inIyASKsNMBjt6UBK1m+y
T77BCyTxoLDscaFycw4gdS1kwYbFmxMN8p1j/ZyUFeqRm0TrMAdSUByoyRPDwWwQ
51T/VDnD0FVBuzNr1m0wzxMYIP5WRYhZgwW7q7t+g0WZu0PYqlsV4cOnXV0Z831Q
+vZKaQ4ptjCy4x6x3vEzjnPOyPXYrSRDn/11YuAIjkBL
-----END CERTIFICATE-----