Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/dS8w-YBWr-PiVjzqqlZuD05NjTY.roa
File:                     dS8w-YBWr-PiVjzqqlZuD05NjTY.roa (raw, json)
Hash identifier:          amegDYbZJ6hTvXdv2U6xTot3bOZ+YelYCP1DdGyoADs=
Subject key identifier:   75:2F:30:F9:80:56:AF:E3:E2:56:3C:EA:AA:56:6E:0F:4E:4D:8D:36
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       0195607ED6F5E97DFEFBED75F9D73F8E0438
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/dS8w-YBWr-PiVjzqqlZuD05NjTY.roa
Signing time:             Tue 04 Mar 2025 09:31:20 +0000
ROA not before:           Tue 04 Mar 2025 09:31:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55286
IP address blocks:        45.153.48.0/24 maxlen: 24
                          92.119.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:60:7e:d6:f5:e9:7d:fe:fb:ed:75:f9:d7:3f:8e:04:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Mar  4 09:31:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=752f30f98056afe3e2563ceaaa566e0f4e4d8d36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:73:0e:64:a7:b2:5d:ad:15:93:3e:01:8e:f7:
                    05:25:c4:0f:84:97:9f:ef:a7:b1:f0:1c:35:f7:5c:
                    62:9b:41:f7:ab:43:0b:9a:ae:f9:07:70:92:0b:62:
                    91:55:55:70:92:de:da:f0:d5:8a:e5:da:8d:88:5d:
                    b1:94:75:77:d6:bd:49:81:49:fa:6c:53:66:1d:48:
                    3f:f3:e9:bf:e4:2c:88:13:c4:4d:90:96:f0:5f:62:
                    94:02:0c:17:ab:9c:be:a2:a6:57:77:72:59:6e:b9:
                    73:1f:04:0e:ea:ab:df:b3:fd:8a:95:00:cf:91:55:
                    d6:2c:73:02:82:32:52:4e:e1:0e:f6:ee:20:c4:d9:
                    71:e6:71:7b:ff:11:83:16:c9:b1:fe:e9:d1:a9:e1:
                    5f:fa:6c:04:62:e1:2f:02:ee:db:94:a3:a9:7b:d0:
                    cb:b8:3a:04:76:4e:d7:d3:f2:b0:fb:8b:16:36:2d:
                    b9:cb:5b:b6:2a:1f:d4:f9:64:24:21:e7:b3:b0:d6:
                    2c:b6:c2:8c:3f:d8:2a:a3:b0:d3:35:65:3d:81:c0:
                    29:5f:15:d5:3d:94:ec:42:9e:8a:58:dd:25:88:9b:
                    54:a1:76:96:c5:7c:13:9b:58:33:a4:e3:93:34:84:
                    55:24:91:06:d2:b1:6a:35:b2:b5:5a:28:f4:d2:44:
                    9e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:2F:30:F9:80:56:AF:E3:E2:56:3C:EA:AA:56:6E:0F:4E:4D:8D:36
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/dS8w-YBWr-PiVjzqqlZuD05NjTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.48.0/24
                  92.119.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:68:a8:0b:19:19:45:f0:4b:1a:df:82:2b:c0:7b:08:a9:2a:
         a5:f6:ec:c0:a7:5d:38:75:2d:6c:25:34:1d:b5:51:17:8e:48:
         db:03:1b:7a:50:72:38:93:d2:3b:d8:54:57:f9:8d:14:ab:10:
         ac:4d:0d:bb:7e:4f:32:c1:a8:ef:d5:af:7a:22:5a:fb:e8:90:
         b0:e5:99:df:ec:af:1b:94:b3:57:23:6d:63:80:d6:55:15:24:
         d6:e9:4e:77:d4:0e:f2:d1:d3:82:10:4d:11:41:a4:a0:6e:3d:
         63:fc:9b:3d:1a:9f:e4:2a:12:da:5f:14:37:36:99:77:d2:a8:
         39:e7:b5:40:20:d0:d4:58:e7:34:6d:32:2f:db:6c:87:ff:ec:
         4c:81:e5:af:2d:a3:f6:ae:98:93:71:d4:d8:dc:97:86:e8:b1:
         eb:8e:d1:52:e9:d7:09:55:c5:45:7a:27:ed:be:b9:2d:63:96:
         f5:a6:83:6c:9d:6c:14:f0:17:95:d4:c8:b2:e6:cf:f8:df:f2:
         53:53:a8:41:91:77:15:72:4a:fa:9f:5d:14:41:17:3f:60:4a:
         51:09:fb:cd:e1:88:50:7e:58:6f:6c:f2:81:c5:8b:0f:1c:5b:
         72:fd:e7:c5:ff:af:37:c3:57:14:31:00:63:c4:fa:45:5c:a0:
         cc:bf:44:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZVgftb16X3+++11+dc/jgQ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMzA0MDkzMTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTJmMzBmOTgwNTZhZmUzZTI1NjNjZWFhYTU2NmUwZjRlNGQ4ZDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHMOZKeyXa0Vkz4BjvcFJcQPhJef
76ex8Bw191xim0H3q0MLmq75B3CSC2KRVVVwkt7a8NWK5dqNiF2xlHV31r1JgUn6
bFNmHUg/8+m/5CyIE8RNkJbwX2KUAgwXq5y+oqZXd3JZbrlzHwQO6qvfs/2KlQDP
kVXWLHMCgjJSTuEO9u4gxNlx5nF7/xGDFsmx/unRqeFf+mwEYuEvAu7blKOpe9DL
uDoEdk7X0/Kw+4sWNi25y1u2Kh/U+WQkIeezsNYstsKMP9gqo7DTNWU9gcApXxXV
PZTsQp6KWN0liJtUoXaWxXwTm1gzpOOTNIRVJJEG0rFqNbK1Wij00kSeqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHUvMPmAVq/j4lY86qpWbg9OTY02MB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvZFM4dy1ZQldyLVBpVmp6cXFsWnVEMDVOalRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZkwAwQA
XHeBMA0GCSqGSIb3DQEBCwUAA4IBAQA5aKgLGRlF8Esa34IrwHsIqSql9uzAp104
dS1sJTQdtVEXjkjbAxt6UHI4k9I72FRX+Y0UqxCsTQ27fk8ywajv1a96Ilr76JCw
5Znf7K8blLNXI21jgNZVFSTW6U531A7y0dOCEE0RQaSgbj1j/Js9Gp/kKhLaXxQ3
Npl30qg557VAINDUWOc0bTIv22yH/+xMgeWvLaP2rpiTcdTY3JeG6LHrjtFS6dcJ
VcVFeiftvrktY5b1poNsnWwU8BeV1Miy5s/43/JTU6hBkXcVckr6n10UQRc/YEpR
CfvN4YhQflhvbPKBxYsPHFty/efF/683w1cUMQBjxPpFXKDMv0RB
-----END CERTIFICATE-----