Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/jYxwotstcCrhBJ4PlJXkQOSPMcE.roa
File:                     jYxwotstcCrhBJ4PlJXkQOSPMcE.roa (raw, json)
Hash identifier:          snZpQUJdVwCBigxOkdrPlPBJZy7daW9U1nX41o2r6HI=
Subject key identifier:   8D:8C:70:A2:DB:2D:70:2A:E1:04:9E:0F:94:95:E4:40:E4:8F:31:C1
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01942369D21868F07DD0923E276BAF33FB7C
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/jYxwotstcCrhBJ4PlJXkQOSPMcE.roa
Signing time:             Wed 01 Jan 2025 19:48:45 +0000
ROA not before:           Wed 01 Jan 2025 19:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59692
IP address blocks:        45.148.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:d2:18:68:f0:7d:d0:92:3e:27:6b:af:33:fb:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 19:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d8c70a2db2d702ae1049e0f9495e440e48f31c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a6:1f:3d:f7:1f:2f:cd:9b:93:ca:64:9d:b2:
                    ad:bd:83:92:fb:d2:82:75:3a:8b:63:4f:10:0f:7b:
                    99:0c:77:f2:f7:a9:93:a9:13:19:14:88:ac:bc:dd:
                    28:05:9e:6c:14:b6:99:e1:d3:54:de:cc:7d:9c:78:
                    ee:4f:6c:7e:15:97:be:22:a3:4e:05:b4:07:59:29:
                    1b:54:c4:ca:cf:98:f8:47:9c:9e:4e:bb:8a:6a:6b:
                    52:b1:b2:92:83:f2:2a:68:94:de:97:b7:87:4d:64:
                    76:4b:f2:bb:70:0d:44:cf:da:a7:62:8d:35:ea:2b:
                    b6:7a:16:20:b1:fa:6e:25:eb:8a:8c:61:fb:46:8c:
                    f6:5e:1a:54:9c:c3:6f:13:cc:56:35:c5:71:0d:dd:
                    11:24:8a:b2:ff:01:3f:73:bb:4c:fb:0b:b4:14:fc:
                    e7:17:70:b7:1a:78:65:7e:bf:6d:7b:49:77:a1:42:
                    a5:16:37:0f:ab:03:1b:41:1e:e3:ae:8d:47:d0:9c:
                    77:66:d2:f2:a8:33:ec:8b:e6:58:01:57:41:4d:53:
                    92:b1:9a:3d:36:b5:2e:39:c1:b7:e3:cb:af:8e:fb:
                    94:59:fe:bb:0c:b2:c4:09:d8:1a:f4:e6:6f:94:39:
                    a0:d6:92:ac:ef:be:2e:f0:9f:8a:7c:ee:0f:63:07:
                    6d:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:8C:70:A2:DB:2D:70:2A:E1:04:9E:0F:94:95:E4:40:E4:8F:31:C1
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/jYxwotstcCrhBJ4PlJXkQOSPMcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:0b:92:80:8e:f4:43:fb:69:a8:45:51:ec:4d:15:cf:d4:fc:
         7c:49:c8:34:e5:a9:1e:b0:55:4d:13:9f:ed:7d:88:3f:3d:4f:
         e6:7b:e4:6e:2e:54:6c:2d:58:9f:9d:cc:02:7e:21:15:fd:cd:
         9b:89:34:aa:72:42:15:ec:b7:94:9a:18:f2:b0:62:af:b4:c7:
         8c:03:f5:5a:79:8e:63:72:10:f4:a5:a8:4e:51:7b:d1:d9:d3:
         e5:7d:ba:cc:38:f6:96:e5:f9:8d:fa:90:81:d3:58:1f:5a:36:
         b4:83:0d:17:37:81:b4:05:90:6d:db:95:b0:b5:40:a3:b7:8f:
         34:d4:65:22:2f:12:75:3d:70:ec:0a:67:ef:c5:a9:04:f0:bb:
         65:15:d1:12:05:9c:24:97:87:b8:5e:84:a1:98:0a:5b:66:ac:
         91:05:e9:e4:cf:e1:45:d2:8b:78:71:fd:c8:9b:37:17:6a:12:
         0f:4c:dd:4f:f5:b8:12:e5:75:13:61:8d:e4:f0:53:a4:46:ff:
         6b:b2:0d:c5:90:dc:81:7f:86:ff:9e:d9:cf:0b:da:95:43:7e:
         70:6c:89:d5:c4:bc:ff:6f:72:a6:52:0a:11:11:10:9c:84:ad:
         c3:f1:19:93:eb:8a:e9:cc:e3:ec:99:98:1b:df:03:03:b1:63:
         1d:a9:e1:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjadIYaPB90JI+J2uvM/t8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTAxMTk0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDhjNzBhMmRiMmQ3MDJhZTEwNDllMGY5NDk1ZTQ0MGU0OGYzMWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqYfPfcfL82bk8pknbKtvYOS+9KC
dTqLY08QD3uZDHfy96mTqRMZFIisvN0oBZ5sFLaZ4dNU3sx9nHjuT2x+FZe+IqNO
BbQHWSkbVMTKz5j4R5yeTruKamtSsbKSg/IqaJTel7eHTWR2S/K7cA1Ez9qnYo01
6iu2ehYgsfpuJeuKjGH7Roz2XhpUnMNvE8xWNcVxDd0RJIqy/wE/c7tM+wu0FPzn
F3C3Gnhlfr9te0l3oUKlFjcPqwMbQR7jro1H0Jx3ZtLyqDPsi+ZYAVdBTVOSsZo9
NrUuOcG348uvjvuUWf67DLLECdga9OZvlDmg1pKs774u8J+KfO4PYwdtBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2McKLbLXAq4QSeD5SV5EDkjzHBMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvall4d290c3RjQ3JoQko0UGxKWGtRT1NQTWNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZSkMA0G
CSqGSIb3DQEBCwUAA4IBAQAnC5KAjvRD+2moRVHsTRXP1Px8Scg05akesFVNE5/t
fYg/PU/me+RuLlRsLVifncwCfiEV/c2biTSqckIV7LeUmhjysGKvtMeMA/VaeY5j
chD0pahOUXvR2dPlfbrMOPaW5fmN+pCB01gfWja0gw0XN4G0BZBt25WwtUCjt480
1GUiLxJ1PXDsCmfvxakE8LtlFdESBZwkl4e4XoShmApbZqyRBenkz+FF0ot4cf3I
mzcXahIPTN1P9bgS5XUTYY3k8FOkRv9rsg3FkNyBf4b/ntnPC9qVQ35wbInVxLz/
b3KmUgoRERCchK3D8RmT64rpzOPsmZgb3wMDsWMdqeHf
-----END CERTIFICATE-----