Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/eA_GH8ZzEPqGhL3VzqFmdGIFm0U.roa
File:                     eA_GH8ZzEPqGhL3VzqFmdGIFm0U.roa (raw, json)
Hash identifier:          HG7bo1vPf0hYjMPef0tyqu/1bKFTkqgh5gU9rP2dHag=
Subject key identifier:   78:0F:C6:1F:C6:73:10:FA:86:84:BD:D5:CE:A1:66:74:62:05:9B:45
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64ADD3E72140C7424507B989F3D12B8
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/eA_GH8ZzEPqGhL3VzqFmdGIFm0U.roa
Signing time:             Mon 01 Jan 2024 18:30:44 +0000
ROA not before:           Mon 01 Jan 2024 18:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42708
IP address blocks:        45.155.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 12:09:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:dd:3e:72:14:0c:74:24:50:7b:98:9f:3d:12:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=780fc61fc67310fa8684bdd5cea1667462059b45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e0:3d:7f:3c:8a:13:f3:12:75:91:4d:30:ee:
                    8e:95:5e:72:c6:da:ce:1d:ee:06:a9:ed:a5:7f:fb:
                    81:d9:84:f1:40:d9:4f:77:8d:12:a2:89:b5:8c:51:
                    f9:af:2d:a3:d6:41:bb:1e:e0:27:de:0c:90:ce:82:
                    78:19:51:ef:c4:79:76:a6:ba:e4:5d:f0:00:cc:6e:
                    d0:36:0e:5f:cb:9a:4d:0e:ab:58:1e:86:02:47:56:
                    57:d2:30:91:e9:e1:57:38:09:db:19:07:6e:3f:46:
                    fd:3c:c6:22:d6:1f:0d:05:37:35:d3:0d:96:d9:55:
                    f3:a3:4b:f2:9e:53:4b:23:fd:9c:9e:45:76:2a:cf:
                    93:ee:09:c3:de:6a:52:9c:63:30:cb:9b:c3:f5:65:
                    81:94:2c:31:83:b6:56:f6:45:cf:a5:51:cf:65:be:
                    70:cf:ef:2c:ad:c7:67:32:9f:4e:9e:b4:63:f9:8d:
                    ab:56:e3:b9:7a:a7:04:6b:7a:a4:6b:27:0b:76:e6:
                    0e:4f:0f:19:6f:c6:7f:31:4b:a5:a1:4b:69:04:46:
                    de:45:89:8b:ab:59:4f:21:5e:6f:48:52:f7:95:13:
                    ca:f2:89:1c:ce:af:48:2a:fa:fb:bb:dc:be:af:56:
                    3f:48:55:d1:dc:9b:6b:8a:bd:f8:b6:ad:ec:b1:bd:
                    06:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:0F:C6:1F:C6:73:10:FA:86:84:BD:D5:CE:A1:66:74:62:05:9B:45
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/eA_GH8ZzEPqGhL3VzqFmdGIFm0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:b7:f2:fa:23:f4:fd:f5:83:7d:5c:2c:46:49:82:e8:37:08:
         36:b4:88:20:7b:eb:1e:e2:5a:bb:b7:17:6a:4e:f5:2e:73:3f:
         ab:87:32:34:25:73:c1:3a:12:ca:1e:8d:64:a1:1f:cb:e7:28:
         f1:ed:57:92:ed:3c:50:65:5c:69:43:d4:89:82:31:8d:46:cc:
         d4:b0:9e:cf:0d:ec:d0:29:c9:b5:36:87:39:72:5e:44:c8:7b:
         9f:56:09:fa:ba:9f:b3:13:fb:1b:f4:23:d1:0f:f4:3c:e8:2a:
         6b:78:06:75:8b:21:56:22:43:9c:c3:23:e2:4f:ec:28:7e:a6:
         c5:15:b4:a3:96:1f:8c:5a:00:10:9d:88:50:a8:da:6d:b4:f5:
         d1:52:38:42:ed:7d:27:93:66:9c:35:99:5f:49:15:5b:9d:3c:
         e3:b0:81:f3:2a:94:9c:9e:95:ef:d5:86:de:a7:23:74:63:37:
         38:7c:74:b6:46:93:c3:8e:ae:25:c6:6c:e5:ff:98:fc:31:f2:
         20:b8:d9:e7:47:80:d9:e4:04:ff:1f:27:ef:81:8d:4e:ba:6d:
         a5:a5:11:f2:21:21:3c:89:7b:8c:18:86:48:1c:46:15:ab:06:
         d9:cf:30:51:c1:f2:ce:10:b4:a0:c1:95:ce:97:19:63:f7:d1:
         6d:dd:fe:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSt0+chQMdCRQe5ifPRK4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODBmYzYxZmM2NzMxMGZhODY4NGJkZDVjZWExNjY3NDYyMDU5YjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeA9fzyKE/MSdZFNMO6OlV5yxtrO
He4Gqe2lf/uB2YTxQNlPd40Soom1jFH5ry2j1kG7HuAn3gyQzoJ4GVHvxHl2prrk
XfAAzG7QNg5fy5pNDqtYHoYCR1ZX0jCR6eFXOAnbGQduP0b9PMYi1h8NBTc10w2W
2VXzo0vynlNLI/2cnkV2Ks+T7gnD3mpSnGMwy5vD9WWBlCwxg7ZW9kXPpVHPZb5w
z+8srcdnMp9OnrRj+Y2rVuO5eqcEa3qkaycLduYOTw8Zb8Z/MUuloUtpBEbeRYmL
q1lPIV5vSFL3lRPK8okczq9IKvr7u9y+r1Y/SFXR3Jtrir34tq3ssb0GDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHgPxh/GcxD6hoS91c6hZnRiBZtFMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvZUFfR0g4WnpFUHFHaEwzVnpxRm1kR0lGbTBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZv6MA0G
CSqGSIb3DQEBCwUAA4IBAQBqt/L6I/T99YN9XCxGSYLoNwg2tIgge+se4lq7txdq
TvUucz+rhzI0JXPBOhLKHo1koR/L5yjx7VeS7TxQZVxpQ9SJgjGNRszUsJ7PDezQ
Kcm1Noc5cl5EyHufVgn6up+zE/sb9CPRD/Q86CpreAZ1iyFWIkOcwyPiT+wofqbF
FbSjlh+MWgAQnYhQqNpttPXRUjhC7X0nk2acNZlfSRVbnTzjsIHzKpScnpXv1Ybe
pyN0Yzc4fHS2RpPDjq4lxmzl/5j8MfIguNnnR4DZ5AT/HyfvgY1Oum2lpRHyISE8
iXuMGIZIHEYVqwbZzzBRwfLOELSgwZXOlxlj99Ft3f60
-----END CERTIFICATE-----