Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/dts4R-ufYyXl3hit6PzuszByx80.roa
File:                     dts4R-ufYyXl3hit6PzuszByx80.roa (raw, json)
Hash identifier:          CLOSkmT9f7zP9boHK9KFlIVsnhIO33j9X/J6kKftdAE=
Subject key identifier:   76:DB:38:47:EB:9F:63:25:E5:DE:18:AD:E8:FC:EE:B3:30:72:C7:CD
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01942369C990DBA4B354DF8F662932AA229F
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/dts4R-ufYyXl3hit6PzuszByx80.roa
Signing time:             Wed 01 Jan 2025 19:48:42 +0000
ROA not before:           Wed 01 Jan 2025 19:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44803
IP address blocks:        45.136.70.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:c9:90:db:a4:b3:54:df:8f:66:29:32:aa:22:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 19:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76db3847eb9f6325e5de18ade8fceeb33072c7cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:6d:06:a3:77:96:b4:d3:cd:09:6e:34:e1:94:
                    e1:a9:c9:10:c6:44:0d:5c:ba:d9:b0:8f:98:2d:07:
                    69:96:17:a7:51:92:96:17:e8:6f:61:ca:9e:ce:d8:
                    6c:dd:b2:8f:1e:8d:70:82:69:75:e7:55:00:5d:d9:
                    ca:1d:ef:61:7a:b4:5d:2c:f0:bc:66:16:28:61:d0:
                    6b:5b:0f:02:df:68:bf:93:9f:15:86:23:72:36:2a:
                    c5:bb:aa:d1:cb:92:af:9d:f2:8f:e1:52:ed:97:db:
                    99:b8:75:c5:c3:f8:6b:1d:74:5b:fa:04:ec:9e:e2:
                    8f:92:1c:d8:8b:6e:82:c4:99:42:c0:51:7b:40:24:
                    ac:79:eb:a8:0f:3d:a0:57:e5:b5:e3:54:d2:85:7f:
                    cc:8c:7d:a1:05:3e:d1:53:c3:6f:ba:99:9f:85:fe:
                    24:cc:70:dd:2b:01:ef:48:10:33:b9:c5:45:59:c5:
                    08:24:08:6e:f0:23:5b:50:e3:1b:c9:8c:94:88:68:
                    9d:cf:bf:78:79:d8:10:3d:7f:db:54:71:b7:62:9a:
                    c6:3f:3d:49:39:eb:7d:ea:95:ff:fe:7e:42:de:43:
                    c5:6f:36:28:0c:11:0c:45:a3:c5:85:6f:75:29:03:
                    c3:a8:85:fb:67:fb:5b:88:7e:75:0b:11:33:86:64:
                    55:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:DB:38:47:EB:9F:63:25:E5:DE:18:AD:E8:FC:EE:B3:30:72:C7:CD
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/dts4R-ufYyXl3hit6PzuszByx80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:a3:aa:7e:77:33:be:b3:b6:b4:5d:e9:5e:b1:37:1a:75:f7:
         fd:4e:2a:b8:5e:96:36:0d:7c:bc:58:b3:49:25:63:84:05:06:
         5a:ec:1f:74:79:13:89:0c:a6:7b:c7:3b:ba:b5:92:8a:9e:4c:
         6e:66:55:fd:25:9f:7f:d4:79:20:15:4f:af:43:49:a7:14:7d:
         56:d0:b0:1a:ab:c2:47:e0:27:08:dd:02:93:cb:b4:05:b3:97:
         71:e6:43:88:ea:10:f4:0d:50:64:6a:3e:03:e0:84:3e:6f:25:
         87:65:bc:a7:4c:99:9f:7f:f9:d8:8a:a5:3d:27:30:7f:99:d8:
         b3:4e:a9:4f:74:2b:79:b8:e7:1a:00:ef:83:b2:72:9e:10:8f:
         e2:23:fd:e0:f7:7c:f3:c7:a8:26:44:7e:31:8b:d2:02:58:87:
         21:02:3b:8b:e7:72:97:5f:d0:7e:67:ff:84:a1:36:82:35:b9:
         80:cb:a8:2d:73:fc:27:49:20:26:49:bb:ae:ec:40:41:12:86:
         6e:d9:62:46:90:d4:bd:eb:40:66:81:7f:7a:9e:58:c2:67:51:
         4c:bd:06:eb:4a:c8:00:86:42:db:13:53:29:8a:7d:eb:30:8a:
         54:a7:0b:3b:99:3b:0c:7c:bc:a0:74:81:71:6c:00:03:0c:da:
         4b:7c:a2:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjacmQ26SzVN+PZikyqiKfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTAxMTk0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmRiMzg0N2ViOWY2MzI1ZTVkZTE4YWRlOGZjZWViMzMwNzJjN2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnG0Go3eWtNPNCW404ZThqckQxkQN
XLrZsI+YLQdplhenUZKWF+hvYcqezths3bKPHo1wgml151UAXdnKHe9herRdLPC8
ZhYoYdBrWw8C32i/k58VhiNyNirFu6rRy5KvnfKP4VLtl9uZuHXFw/hrHXRb+gTs
nuKPkhzYi26CxJlCwFF7QCSseeuoDz2gV+W141TShX/MjH2hBT7RU8Nvupmfhf4k
zHDdKwHvSBAzucVFWcUIJAhu8CNbUOMbyYyUiGidz794edgQPX/bVHG3YprGPz1J
Oet96pX//n5C3kPFbzYoDBEMRaPFhW91KQPDqIX7Z/tbiH51CxEzhmRVBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbbOEfrn2Ml5d4Yrej87rMwcsfNMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvZHRzNFItdWZZeVhsM2hpdDZQenVzekJ5eDgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYhGMA0G
CSqGSIb3DQEBCwUAA4IBAQBIo6p+dzO+s7a0XelesTcadff9Tiq4XpY2DXy8WLNJ
JWOEBQZa7B90eROJDKZ7xzu6tZKKnkxuZlX9JZ9/1HkgFU+vQ0mnFH1W0LAaq8JH
4CcI3QKTy7QFs5dx5kOI6hD0DVBkaj4D4IQ+byWHZbynTJmff/nYiqU9JzB/mdiz
TqlPdCt5uOcaAO+DsnKeEI/iI/3g93zzx6gmRH4xi9ICWIchAjuL53KXX9B+Z/+E
oTaCNbmAy6gtc/wnSSAmSbuu7EBBEoZu2WJGkNS960BmgX96nljCZ1FMvQbrSsgA
hkLbE1Mpin3rMIpUpws7mTsMfLygdIFxbAADDNpLfKIQ
-----END CERTIFICATE-----