Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/nXnLSn6KTvTXoI_yeqxYGFdDKA4.roa
File:                     nXnLSn6KTvTXoI_yeqxYGFdDKA4.roa (raw, json)
Hash identifier:          XaYIX4T+E+pwMZrGkpwCveg2ThjPSbiHwBXo9nXViuk=
Subject key identifier:   9D:79:CB:4A:7E:8A:4E:F4:D7:A0:8F:F2:7A:AC:58:18:57:43:28:0E
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       0190FE92B18E578F15D6F94AE08E85886307
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/nXnLSn6KTvTXoI_yeqxYGFdDKA4.roa
Signing time:             Mon 29 Jul 2024 12:59:04 +0000
ROA not before:           Mon 29 Jul 2024 12:59:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47204
IP address blocks:        45.131.48.0/24 maxlen: 24
                          45.131.49.0/24 maxlen: 24
                          45.131.50.0/24 maxlen: 24
                          80.76.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fe:92:b1:8e:57:8f:15:d6:f9:4a:e0:8e:85:88:63:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jul 29 12:59:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d79cb4a7e8a4ef4d7a08ff27aac58185743280e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:45:84:1e:d2:af:b0:16:c3:45:01:2d:c7:0d:
                    f7:61:4b:61:ca:b0:8d:eb:99:14:a6:b0:aa:8a:47:
                    8d:b0:b1:c9:fa:af:33:ee:9b:e1:d8:e8:93:18:1e:
                    00:51:06:32:ab:fe:24:17:9f:42:5a:58:a7:e6:8c:
                    8e:2d:9a:a6:2d:73:c1:49:24:c2:cb:b7:bf:a4:b6:
                    7d:dc:ce:8f:c7:c1:22:1d:c7:d8:00:54:3c:b5:cc:
                    ea:05:3f:7e:78:d6:7d:f6:78:88:af:86:57:c9:93:
                    ab:d3:ff:27:2e:f8:ee:5d:19:77:52:e8:01:8c:0d:
                    0d:e1:3e:d6:fa:b0:da:d0:f9:29:7f:93:d5:a2:08:
                    92:5b:25:3e:f5:56:74:60:94:3f:d5:20:f7:e9:e0:
                    21:56:d3:39:18:cd:e2:24:b6:da:db:01:ac:4b:d6:
                    21:39:10:7a:f9:fc:fb:a9:37:1b:57:29:13:d6:e8:
                    39:cb:9c:21:04:65:f9:8d:4d:68:f0:10:09:8e:04:
                    7d:d1:b5:c7:d6:a6:68:22:d9:3f:6c:a9:5d:5e:31:
                    83:bb:26:a1:9f:d0:1a:e1:aa:eb:66:2d:17:bb:a5:
                    b0:8b:10:f9:58:82:c6:79:8a:50:1d:a8:06:d6:b6:
                    19:68:94:69:33:cd:69:67:3c:4a:7f:de:12:47:a7:
                    b9:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:79:CB:4A:7E:8A:4E:F4:D7:A0:8F:F2:7A:AC:58:18:57:43:28:0E
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/nXnLSn6KTvTXoI_yeqxYGFdDKA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.48.0-45.131.50.255
                  80.76.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:e3:85:ce:66:c5:d2:d2:64:5e:0f:dc:7e:49:5c:b4:ce:a2:
         b1:b1:58:37:a9:b5:e0:b3:be:b9:1e:c1:94:12:03:29:b6:65:
         5e:56:9e:16:cb:3a:42:ac:85:26:9b:81:49:83:7b:56:96:98:
         b2:99:cb:35:4f:67:5b:00:5e:19:d6:1a:4d:4e:1a:7b:f3:6c:
         16:75:91:e6:09:74:c8:81:a1:7f:f6:c1:c7:a2:df:0d:99:ad:
         3a:a8:28:8d:ae:4b:ea:61:51:08:9a:b6:ae:de:a3:6f:47:62:
         c2:9c:99:de:09:41:12:8d:d4:e7:92:9b:69:a8:a7:45:6d:3d:
         b3:3f:f3:35:1b:63:eb:76:ac:15:c5:54:55:92:e0:bf:2b:2d:
         a1:63:ba:78:50:1e:39:6b:11:e3:8d:5d:f3:96:7b:f6:4a:47:
         1f:bd:23:44:24:98:da:d5:ff:05:4f:18:30:bf:c3:41:1c:ec:
         09:8e:c8:63:9f:00:d1:99:ca:48:12:f3:45:d3:19:f6:59:dd:
         65:a2:3c:ba:ea:b8:49:45:78:30:4e:08:cd:00:82:9e:cc:b2:
         5f:ca:42:10:fb:6a:69:ff:84:68:18:89:40:74:a8:ec:03:ef:
         36:f1:f6:4d:91:ae:e7:33:4e:54:a7:33:db:95:d5:94:fd:07:
         dc:26:cb:9d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZD+krGOV48V1vlK4I6FiGMHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwNzI5MTI1OTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDc5Y2I0YTdlOGE0ZWY0ZDdhMDhmZjI3YWFjNTgxODU3NDMyODBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukWEHtKvsBbDRQEtxw33YUthyrCN
65kUprCqikeNsLHJ+q8z7pvh2OiTGB4AUQYyq/4kF59CWlin5oyOLZqmLXPBSSTC
y7e/pLZ93M6Px8EiHcfYAFQ8tczqBT9+eNZ99niIr4ZXyZOr0/8nLvjuXRl3UugB
jA0N4T7W+rDa0Pkpf5PVogiSWyU+9VZ0YJQ/1SD36eAhVtM5GM3iJLba2wGsS9Yh
ORB6+fz7qTcbVykT1ug5y5whBGX5jU1o8BAJjgR90bXH1qZoItk/bKldXjGDuyah
n9Aa4arrZi0Xu6WwixD5WILGeYpQHagG1rYZaJRpM81pZzxKf94SR6e5oQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJ15y0p+ik7016CP8nqsWBhXQygOMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvblhuTFNuNktUdlRYb0lfeWVxeFlHRmRES0E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAQtgzAD
BAAtgzIDBABQTD8wDQYJKoZIhvcNAQELBQADggEBAHXjhc5mxdLSZF4P3H5JXLTO
orGxWDepteCzvrkewZQSAym2ZV5WnhbLOkKshSabgUmDe1aWmLKZyzVPZ1sAXhnW
Gk1OGnvzbBZ1keYJdMiBoX/2wcei3w2ZrTqoKI2uS+phUQiatq7eo29HYsKcmd4J
QRKN1OeSm2mop0VtPbM/8zUbY+t2rBXFVFWS4L8rLaFjunhQHjlrEeONXfOWe/ZK
Rx+9I0QkmNrV/wVPGDC/w0Ec7AmOyGOfANGZykgS80XTGfZZ3WWiPLrquElFeDBO
CM0Agp7Msl/KQhD7amn/hGgYiUB0qOwD7zbx9k2RruczTlSnM9uV1ZT9B9wmy50=
-----END CERTIFICATE-----