Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/cFPqj6TXSA_v9dKl9Q4ETv29SNo.roa
File:                     cFPqj6TXSA_v9dKl9Q4ETv29SNo.roa (raw, json)
Hash identifier:          EyrOZd/Ml7QsLqrhZoSqUf64eNeDbpMIyGU3CusMcp0=
Subject key identifier:   70:53:EA:8F:A4:D7:48:0F:EF:F5:D2:A5:F5:0E:04:4E:FD:BD:48:DA
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01942369D83E987158640771F6D0AA27C841
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/cFPqj6TXSA_v9dKl9Q4ETv29SNo.roa
Signing time:             Wed 01 Jan 2025 19:48:46 +0000
ROA not before:           Wed 01 Jan 2025 19:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        45.135.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:d8:3e:98:71:58:64:07:71:f6:d0:aa:27:c8:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 19:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7053ea8fa4d7480feff5d2a5f50e044efdbd48da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:2f:b7:fc:7e:50:29:49:f2:72:10:bb:f3:97:
                    8d:b8:f5:86:b6:5f:7f:75:ab:a7:ba:b9:f2:2e:00:
                    b8:cf:fb:dd:00:8a:3f:79:6d:7b:17:92:f6:67:a1:
                    55:36:64:5d:8a:79:73:db:9f:97:e5:17:3d:64:8b:
                    38:ce:d6:18:b8:23:0e:58:ce:17:7b:17:65:9a:54:
                    4e:60:f9:5f:a2:3c:ba:29:49:e8:e3:37:7c:aa:2f:
                    87:b8:e0:0e:c3:22:d8:60:b4:f7:60:0e:fc:94:6d:
                    6f:1e:ba:1b:b4:98:76:ca:7e:04:0b:74:79:44:af:
                    3a:4a:df:1e:ff:60:a2:61:d0:94:fb:29:1d:90:65:
                    f6:b0:3c:b7:f5:63:20:64:93:41:b5:d7:b1:79:80:
                    9e:cd:6a:37:5a:c3:27:04:f6:54:1d:1c:1d:66:97:
                    5d:da:03:80:2e:21:7d:8c:56:30:a9:e0:c6:82:75:
                    f1:2e:f4:44:51:1b:4e:45:76:0f:72:f2:90:1a:0d:
                    1e:98:c1:b1:05:52:8b:48:bc:26:15:5a:d3:2e:b7:
                    b3:bd:da:33:f1:2e:8f:72:98:69:75:0f:88:31:d2:
                    57:89:2b:75:19:44:ff:ed:55:be:29:0d:ce:a7:15:
                    16:85:76:05:08:18:19:b7:6e:6e:25:88:28:3c:bf:
                    e1:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:53:EA:8F:A4:D7:48:0F:EF:F5:D2:A5:F5:0E:04:4E:FD:BD:48:DA
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/cFPqj6TXSA_v9dKl9Q4ETv29SNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:d1:17:28:fe:a3:8e:d6:8a:70:ab:7b:00:fc:aa:ce:7b:e7:
         ef:b6:92:76:79:cf:23:9e:05:d0:32:6b:50:c2:8f:de:d2:19:
         af:55:2b:4b:e1:0a:ae:01:00:6f:22:3c:03:e8:f5:ef:85:45:
         e1:ff:5f:90:09:de:0e:97:e7:96:00:22:49:45:82:b5:45:72:
         ed:e0:6c:61:4d:ea:aa:07:ba:76:b9:4c:e3:ab:90:ad:2d:fe:
         b9:32:ed:ec:cf:87:6e:cf:fc:0f:83:5b:c6:88:5e:8a:81:57:
         3a:a2:43:5b:cc:f7:f8:ea:b8:37:97:a9:c7:bf:cf:55:cf:e2:
         7e:56:99:09:3a:1c:00:e3:92:68:57:bd:08:00:16:4e:76:fc:
         d9:8f:ba:12:f3:5c:da:a3:3b:e5:60:a4:0a:d6:22:95:73:cc:
         3d:1f:ab:d2:90:8f:3a:6a:2b:d4:23:1e:30:be:50:61:56:7e:
         35:36:71:0f:c5:fc:b2:3b:cc:24:2e:52:57:77:1c:0f:75:5b:
         5c:6a:e1:07:88:47:9a:b9:be:49:27:dc:89:e3:da:ea:40:43:
         c9:91:c8:22:ae:ef:de:8e:dc:1d:38:01:59:50:dd:3b:0d:fd:
         54:bf:c8:2b:2c:7c:1e:8c:43:20:67:ff:d1:26:bd:65:fa:3a:
         55:cd:74:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjadg+mHFYZAdx9tCqJ8hBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTAxMTk0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDUzZWE4ZmE0ZDc0ODBmZWZmNWQyYTVmNTBlMDQ0ZWZkYmQ0OGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsy+3/H5QKUnychC785eNuPWGtl9/
daunurnyLgC4z/vdAIo/eW17F5L2Z6FVNmRdinlz25+X5Rc9ZIs4ztYYuCMOWM4X
exdlmlROYPlfojy6KUno4zd8qi+HuOAOwyLYYLT3YA78lG1vHrobtJh2yn4EC3R5
RK86St8e/2CiYdCU+ykdkGX2sDy39WMgZJNBtdexeYCezWo3WsMnBPZUHRwdZpdd
2gOALiF9jFYwqeDGgnXxLvREURtORXYPcvKQGg0emMGxBVKLSLwmFVrTLrezvdoz
8S6PcphpdQ+IMdJXiSt1GUT/7VW+KQ3OpxUWhXYFCBgZt25uJYgoPL/hcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBT6o+k10gP7/XSpfUOBE79vUjaMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvY0ZQcWo2VFhTQV92OWRLbDlRNEVUdjI5U05vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYfrMA0G
CSqGSIb3DQEBCwUAA4IBAQAq0Rco/qOO1opwq3sA/KrOe+fvtpJ2ec8jngXQMmtQ
wo/e0hmvVStL4QquAQBvIjwD6PXvhUXh/1+QCd4Ol+eWACJJRYK1RXLt4GxhTeqq
B7p2uUzjq5CtLf65Mu3sz4duz/wPg1vGiF6KgVc6okNbzPf46rg3l6nHv89Vz+J+
VpkJOhwA45JoV70IABZOdvzZj7oS81zaozvlYKQK1iKVc8w9H6vSkI86aivUIx4w
vlBhVn41NnEPxfyyO8wkLlJXdxwPdVtcauEHiEeaub5JJ9yJ49rqQEPJkcgiru/e
jtwdOAFZUN07Df1Uv8grLHwejEMgZ//RJr1l+jpVzXSh
-----END CERTIFICATE-----