Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/oC4FBoVmUTDGCKYSWcpxVu5Qxio.roa
File:                     oC4FBoVmUTDGCKYSWcpxVu5Qxio.roa (raw, json)
Hash identifier:          EXV7cycOGwJHcIT4P/6jKcytoy2pMfwWAfFcVOIQ8jc=
Subject key identifier:   A0:2E:05:06:85:66:51:30:C6:08:A6:12:59:CA:71:56:EE:50:C6:2A
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018CC2DB670477762DFE05BCA0D0C4380B41
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/oC4FBoVmUTDGCKYSWcpxVu5Qxio.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59692
IP address blocks:        45.148.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:67:04:77:76:2d:fe:05:bc:a0:d0:c4:38:0b:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a02e050685665130c608a61259ca7156ee50c62a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b2:80:77:ba:d0:c8:e3:e1:22:8a:01:34:38:
                    88:ca:d2:cc:da:a0:86:e2:6d:73:f1:b0:f6:f8:f5:
                    f3:ed:15:98:c0:d3:37:ac:a8:72:b0:84:ff:9c:8a:
                    bc:20:6a:f6:3d:cd:23:23:ef:f6:2f:87:b5:cc:4e:
                    3e:f8:18:7e:78:62:20:35:f6:be:40:0c:d3:de:5c:
                    f9:ac:ee:47:11:66:ce:a6:c5:ef:39:99:13:da:ac:
                    7b:0f:bd:0c:84:c0:e8:1a:7e:89:3a:99:0f:e6:c8:
                    c6:93:2c:f2:e5:95:8d:38:9a:9a:9b:fc:b3:ac:81:
                    dd:17:c5:f6:81:f5:5c:78:28:13:08:d7:10:ac:62:
                    7f:c9:72:99:ba:d9:9c:94:86:21:b6:2e:03:75:fa:
                    20:99:fe:43:9e:80:f7:c5:bf:f5:5c:1a:27:32:9a:
                    be:be:bd:b9:52:a6:96:a4:b5:26:4a:de:38:a0:a7:
                    80:26:28:ce:a9:73:d5:a4:fe:88:7b:f8:df:a2:fe:
                    1c:0d:89:7b:55:c5:d4:01:6a:69:44:a4:b2:14:b0:
                    2d:78:6d:ec:7c:e6:09:e8:e5:b0:aa:47:30:c8:87:
                    b7:0a:6c:1d:b4:af:5e:58:ec:96:02:cd:d2:f1:b4:
                    89:b0:01:d5:5d:7b:f8:3c:ab:fa:4c:44:7d:c7:d5:
                    9e:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:2E:05:06:85:66:51:30:C6:08:A6:12:59:CA:71:56:EE:50:C6:2A
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/oC4FBoVmUTDGCKYSWcpxVu5Qxio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:1c:f1:64:7e:12:f9:7c:eb:95:63:81:22:a3:bc:17:c8:8e:
         6e:74:7f:f3:d8:1d:1e:1a:e7:37:4d:2a:49:ac:82:0b:70:c3:
         3d:4b:c3:c0:f3:48:03:69:8c:dd:2a:fa:97:2c:d0:f9:6f:66:
         6f:d2:4e:b6:44:78:ed:41:ad:34:ef:56:c9:c9:d6:4e:5c:91:
         26:cc:88:ae:68:2c:f9:39:03:9e:b1:64:44:36:2b:b0:03:c7:
         52:bf:c3:08:21:79:c1:9a:b3:74:ca:bc:96:c2:9d:ce:71:bd:
         a8:c2:d2:6f:2c:70:49:1b:28:92:db:8a:27:fb:b9:e2:5d:34:
         fb:59:9c:b7:91:b9:f1:11:91:08:42:7c:4a:4f:9c:e3:73:e0:
         ce:af:d0:dc:0a:9d:6c:61:8a:22:a7:db:4a:f6:f1:bf:61:de:
         40:c2:3a:42:bc:59:bd:cf:78:b6:27:a5:0a:e6:c8:7d:af:35:
         3a:54:2f:37:87:e1:53:24:b9:4d:40:03:a0:71:34:79:5d:64:
         e1:21:e9:ac:18:9d:4a:7c:94:b2:82:f3:7b:f0:ab:26:7a:31:
         8d:1a:43:10:c7:2b:e6:83:a0:bc:1d:5d:c6:df:26:32:30:c4:
         13:fe:5f:ac:8b:fc:08:a2:66:3c:ed:c2:1a:01:7d:26:8c:c5:
         86:ea:1c:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22cEd3Yt/gW8oNDEOAtBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDJlMDUwNjg1NjY1MTMwYzYwOGE2MTI1OWNhNzE1NmVlNTBjNjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrKAd7rQyOPhIooBNDiIytLM2qCG
4m1z8bD2+PXz7RWYwNM3rKhysIT/nIq8IGr2Pc0jI+/2L4e1zE4++Bh+eGIgNfa+
QAzT3lz5rO5HEWbOpsXvOZkT2qx7D70MhMDoGn6JOpkP5sjGkyzy5ZWNOJqam/yz
rIHdF8X2gfVceCgTCNcQrGJ/yXKZutmclIYhti4Ddfogmf5DnoD3xb/1XBonMpq+
vr25UqaWpLUmSt44oKeAJijOqXPVpP6Ie/jfov4cDYl7VcXUAWppRKSyFLAteG3s
fOYJ6OWwqkcwyIe3CmwdtK9eWOyWAs3S8bSJsAHVXXv4PKv6TER9x9WedQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAuBQaFZlEwxgimElnKcVbuUMYqMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvb0M0RkJvVm1VVERHQ0tZU1djcHhWdTVReGlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZSkMA0G
CSqGSIb3DQEBCwUAA4IBAQBAHPFkfhL5fOuVY4Eio7wXyI5udH/z2B0eGuc3TSpJ
rIILcMM9S8PA80gDaYzdKvqXLND5b2Zv0k62RHjtQa0071bJydZOXJEmzIiuaCz5
OQOesWRENiuwA8dSv8MIIXnBmrN0yryWwp3Ocb2owtJvLHBJGyiS24on+7niXTT7
WZy3kbnxEZEIQnxKT5zjc+DOr9DcCp1sYYoip9tK9vG/Yd5AwjpCvFm9z3i2J6UK
5sh9rzU6VC83h+FTJLlNQAOgcTR5XWThIemsGJ1KfJSygvN78KsmejGNGkMQxyvm
g6C8HV3G3yYyMMQT/l+si/wIomY87cIaAX0mjMWG6hw3
-----END CERTIFICATE-----