Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/070630-5234-49c4-84fe-15bda6b867cb/1/EAcaatg2s9z3L_Uioc1Ugx5oSi8.roa
File:                     EAcaatg2s9z3L_Uioc1Ugx5oSi8.roa (raw, json)
Hash identifier:          72ljhRhluE8EZulGxHAjOYNOLbp40s4xIiARGQ/3dC0=
Subject key identifier:   10:07:1A:6A:D8:36:B3:DC:F7:2F:F5:22:A1:CD:54:83:1E:68:4A:2F
Certificate issuer:       /CN=53b1a8ebc3ecf7f5db7f6cacd00e920af85ae8b4
Certificate serial:       018CC64B8C1B1740323A334EAA5C09AD61E3
Authority key identifier: 53:B1:A8:EB:C3:EC:F7:F5:DB:7F:6C:AC:D0:0E:92:0A:F8:5A:E8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U7Go68Ps9_Xbf2ys0A6SCvha6LQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/070630-5234-49c4-84fe-15bda6b867cb/1/EAcaatg2s9z3L_Uioc1Ugx5oSi8.roa
Signing time:             Mon 01 Jan 2024 18:31:28 +0000
ROA not before:           Mon 01 Jan 2024 18:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50575
IP address blocks:        45.147.220.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/070630-5234-49c4-84fe-15bda6b867cb/1/U7Go68Ps9_Xbf2ys0A6SCvha6LQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/070630-5234-49c4-84fe-15bda6b867cb/1/U7Go68Ps9_Xbf2ys0A6SCvha6LQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U7Go68Ps9_Xbf2ys0A6SCvha6LQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:8c:1b:17:40:32:3a:33:4e:aa:5c:09:ad:61:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53b1a8ebc3ecf7f5db7f6cacd00e920af85ae8b4
        Validity
            Not Before: Jan  1 18:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10071a6ad836b3dcf72ff522a1cd54831e684a2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b3:83:5e:5f:40:b0:b6:d8:41:2c:bf:0e:33:
                    2b:40:52:11:63:5d:4a:ea:61:10:a0:ee:c9:ef:15:
                    81:82:3c:7b:18:23:2b:70:70:54:e3:b1:88:11:60:
                    f3:4f:e5:0c:3e:b1:e2:c1:b0:d3:53:a2:ef:c5:95:
                    00:30:3e:75:ec:ee:fa:f1:a3:59:ff:17:1a:14:81:
                    e8:cb:78:eb:d5:2a:bc:0d:e2:d0:ed:a6:eb:00:e7:
                    ee:16:14:67:1d:7e:41:f7:52:12:7e:32:3b:76:17:
                    5f:a1:44:48:7e:f2:2b:2d:54:c4:7a:5f:7b:53:31:
                    77:68:78:63:a3:18:fc:a6:42:68:82:7d:c8:b8:63:
                    08:66:70:3a:78:54:28:6e:41:f7:c4:91:d5:ed:83:
                    42:95:c8:9d:63:d4:1a:9a:fc:f3:3a:bb:67:6f:e8:
                    bd:54:1f:e0:1f:e0:d3:63:2c:e2:15:99:7a:a8:df:
                    03:fe:01:9d:61:bc:75:bb:4c:e0:15:00:b5:7f:2a:
                    d1:3e:9a:c6:9b:ab:16:09:2e:ec:1d:89:51:89:b5:
                    31:ac:c0:14:28:89:71:24:1c:a9:59:8d:66:57:a5:
                    f3:a2:01:92:40:89:34:88:08:05:98:1c:4f:50:65:
                    ed:b7:6d:f9:ec:f4:1f:b8:d3:14:d3:f9:ca:9c:d1:
                    89:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:07:1A:6A:D8:36:B3:DC:F7:2F:F5:22:A1:CD:54:83:1E:68:4A:2F
            X509v3 Authority Key Identifier:
                keyid:53:B1:A8:EB:C3:EC:F7:F5:DB:7F:6C:AC:D0:0E:92:0A:F8:5A:E8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7Go68Ps9_Xbf2ys0A6SCvha6LQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/070630-5234-49c4-84fe-15bda6b867cb/1/EAcaatg2s9z3L_Uioc1Ugx5oSi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/070630-5234-49c4-84fe-15bda6b867cb/1/U7Go68Ps9_Xbf2ys0A6SCvha6LQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:1d:b1:25:bc:f3:fa:36:71:92:ac:c7:c3:2a:1d:1d:a8:b6:
         e4:45:ca:5a:5b:94:58:bb:27:8d:8e:a1:f4:07:e8:fa:1d:08:
         19:e7:2c:0d:e5:cc:7f:66:7f:7e:4a:a0:f5:44:78:47:12:ab:
         d5:51:09:20:a3:0f:78:d1:9f:6d:ca:50:3d:74:db:be:04:6c:
         1e:7b:07:2d:3a:6c:cd:68:44:1f:ea:c4:f1:18:76:c3:46:f3:
         f2:4d:42:b2:fc:70:55:bc:35:97:a6:1c:3e:54:5b:52:7a:d5:
         7e:13:35:21:e3:f4:7d:79:a8:98:2f:08:81:bc:ae:19:ab:6c:
         a3:db:02:26:f2:f3:55:06:fe:13:90:32:a2:92:ce:05:a6:4b:
         b1:2d:89:c7:33:71:48:ca:c2:17:38:f1:38:3e:7d:76:0a:cf:
         d4:b5:a2:33:80:56:33:a6:07:42:e2:ed:da:8d:7a:e2:99:cd:
         fd:4e:1d:b9:4b:a7:bd:e8:9e:54:50:3d:62:93:cc:8d:3a:d8:
         a2:5c:76:23:07:be:f5:24:e9:21:10:e1:15:be:ad:f4:b2:10:
         c0:23:bd:84:4e:b2:d1:a2:af:fb:80:48:77:17:ef:c8:8d:a6:
         d3:ce:2c:b0:0c:73:c7:60:a0:03:4c:de:b2:e4:ef:aa:c5:99:
         2e:be:6b:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4wbF0AyOjNOqlwJrWHjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjFhOGViYzNlY2Y3ZjVkYjdmNmNhY2QwMGU5MjBhZjg1
YWU4YjQwHhcNMjQwMTAxMTgzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDA3MWE2YWQ4MzZiM2RjZjcyZmY1MjJhMWNkNTQ4MzFlNjg0YTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7ODXl9AsLbYQSy/DjMrQFIRY11K
6mEQoO7J7xWBgjx7GCMrcHBU47GIEWDzT+UMPrHiwbDTU6LvxZUAMD517O768aNZ
/xcaFIHoy3jr1Sq8DeLQ7abrAOfuFhRnHX5B91ISfjI7dhdfoURIfvIrLVTEel97
UzF3aHhjoxj8pkJogn3IuGMIZnA6eFQobkH3xJHV7YNClcidY9QamvzzOrtnb+i9
VB/gH+DTYyziFZl6qN8D/gGdYbx1u0zgFQC1fyrRPprGm6sWCS7sHYlRibUxrMAU
KIlxJBypWY1mV6XzogGSQIk0iAgFmBxPUGXtt2357PQfuNMU0/nKnNGJQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBAHGmrYNrPc9y/1IqHNVIMeaEovMB8GA1UdIwQY
MBaAFFOxqOvD7Pf1239srNAOkgr4Wui0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdHbzY4UHM5X1hiZjJ5czBBNlNDdmhhNkxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wNzA2MzAtNTIzNC00OWM0LTg0ZmUt
MTViZGE2Yjg2N2NiLzEvRUFjYWF0ZzJzOXozTF9VaW9jMVVneDVvU2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wNzA2MzAtNTIzNC00OWM0LTg0ZmUtMTViZGE2Yjg2N2Ni
LzEvVTdHbzY4UHM5X1hiZjJ5czBBNlNDdmhhNkxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZPcMA0G
CSqGSIb3DQEBCwUAA4IBAQBSHbElvPP6NnGSrMfDKh0dqLbkRcpaW5RYuyeNjqH0
B+j6HQgZ5ywN5cx/Zn9+SqD1RHhHEqvVUQkgow940Z9tylA9dNu+BGweewctOmzN
aEQf6sTxGHbDRvPyTUKy/HBVvDWXphw+VFtSetV+EzUh4/R9eaiYLwiBvK4Zq2yj
2wIm8vNVBv4TkDKiks4FpkuxLYnHM3FIysIXOPE4Pn12Cs/UtaIzgFYzpgdC4u3a
jXrimc39Th25S6e96J5UUD1ik8yNOtiiXHYjB771JOkhEOEVvq30shDAI72ETrLR
oq/7gEh3F+/IjabTziywDHPHYKADTN6y5O+qxZkuvmtE
-----END CERTIFICATE-----