Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Wfpk7hMM0-Hun-l8kLGvMni0Ij0.roa
File:                     Wfpk7hMM0-Hun-l8kLGvMni0Ij0.roa (raw, json)
Hash identifier:          dUL1AmADlrutRTC1Ljx1NkgFvi2NQpTYPMSgWkkiJrY=
Subject key identifier:   59:FA:64:EE:13:0C:D3:E1:EE:9F:E9:7C:90:B1:AF:32:78:B4:22:3D
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       01928C679910F0EC5AE7530E6F0D16914591
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Wfpk7hMM0-Hun-l8kLGvMni0Ij0.roa
Signing time:             Mon 14 Oct 2024 19:00:52 +0000
ROA not before:           Mon 14 Oct 2024 19:00:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        45.151.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8c:67:99:10:f0:ec:5a:e7:53:0e:6f:0d:16:91:45:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Oct 14 19:00:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59fa64ee130cd3e1ee9fe97c90b1af3278b4223d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d9:25:ce:c9:0d:db:0c:5f:fb:21:c1:82:77:
                    8a:2c:a4:eb:7e:f4:9c:1c:0c:fc:c8:ca:a4:0d:7e:
                    e0:a2:5f:db:a8:af:1b:fb:07:bd:15:d6:a3:3b:1f:
                    64:4d:33:67:88:52:79:83:43:51:08:e8:87:e0:d2:
                    e2:02:9c:4f:fc:0d:b6:4b:2c:4b:59:a6:4a:72:14:
                    2b:ce:94:70:a0:bd:11:7b:36:52:25:b9:76:dc:05:
                    9b:64:f0:4a:6e:51:c5:78:4e:6c:5c:88:79:8e:75:
                    09:cd:c9:84:f7:39:93:bd:8c:04:e7:bc:5d:d0:2f:
                    7b:ec:fe:75:41:a5:f7:c7:08:f3:bb:bd:2b:9b:cd:
                    c7:0b:d5:a2:05:2d:0d:3e:d0:86:65:dd:25:25:08:
                    4a:8a:38:a7:ef:e1:c7:91:fa:d3:7a:c1:6c:b4:80:
                    8b:5f:61:a3:95:87:50:d7:12:f8:5e:6c:18:e7:7e:
                    70:aa:5a:a0:52:11:4b:a2:16:39:b6:d0:79:08:cd:
                    b0:0d:0a:eb:c3:b0:dd:d1:41:19:4c:3d:91:d5:61:
                    06:4c:9e:d1:13:10:55:6e:c2:93:06:df:43:9a:e1:
                    98:76:0e:14:e0:5b:1f:15:ff:ab:93:8b:6a:b5:4b:
                    2e:54:cb:55:03:d1:50:ff:e1:3b:b4:41:cc:d3:6f:
                    2b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:FA:64:EE:13:0C:D3:E1:EE:9F:E9:7C:90:B1:AF:32:78:B4:22:3D
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Wfpk7hMM0-Hun-l8kLGvMni0Ij0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:81:31:5a:fe:dd:5c:f0:4a:bd:d0:70:b8:10:dc:76:da:e6:
         35:30:9b:d0:f3:dd:e9:61:0a:07:07:76:dc:52:94:f0:ef:44:
         7f:c5:f7:48:2e:a1:92:ab:48:bd:d9:2c:c1:86:4d:8a:5c:77:
         7c:47:d9:bf:54:c1:6d:b2:0c:07:18:37:39:45:71:0a:26:1e:
         68:ea:91:97:97:2f:64:82:cf:c9:16:fe:ba:73:ac:b4:c3:5c:
         41:00:56:3b:c2:41:49:32:12:01:be:c9:8d:a1:cc:53:23:b8:
         18:39:ae:fc:f6:ea:c0:9c:6e:ab:68:a6:c0:15:64:32:89:10:
         0e:d7:de:61:a3:48:7c:4d:6b:b8:35:a8:12:31:40:5f:8a:1d:
         77:97:d4:02:3a:85:e2:dd:d0:f4:1d:c6:82:d2:de:4a:af:e5:
         e0:14:eb:e4:c3:a2:a5:80:17:08:aa:93:ae:c6:6f:38:b8:18:
         c6:f1:0e:a2:38:45:e0:cb:86:16:42:5d:6f:5a:51:6c:b1:50:
         8a:d5:c6:a5:ea:18:5d:4b:90:1e:d8:5a:ea:80:1a:b2:09:8f:
         9c:40:4e:4c:8e:69:c0:96:0b:f3:75:eb:22:4d:60:80:3f:cf:
         1b:54:98:83:73:44:af:6a:ed:c9:45:e8:74:38:55:51:af:75:
         80:93:2c:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKMZ5kQ8Oxa51MObw0WkUWRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQxMDE0MTkwMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWZhNjRlZTEzMGNkM2UxZWU5ZmU5N2M5MGIxYWYzMjc4YjQyMjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNklzskN2wxf+yHBgneKLKTrfvSc
HAz8yMqkDX7gol/bqK8b+we9FdajOx9kTTNniFJ5g0NRCOiH4NLiApxP/A22SyxL
WaZKchQrzpRwoL0RezZSJbl23AWbZPBKblHFeE5sXIh5jnUJzcmE9zmTvYwE57xd
0C977P51QaX3xwjzu70rm83HC9WiBS0NPtCGZd0lJQhKijin7+HHkfrTesFstICL
X2GjlYdQ1xL4XmwY535wqlqgUhFLohY5ttB5CM2wDQrrw7Dd0UEZTD2R1WEGTJ7R
ExBVbsKTBt9DmuGYdg4U4FsfFf+rk4tqtUsuVMtVA9FQ/+E7tEHM028rTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFn6ZO4TDNPh7p/pfJCxrzJ4tCI9MB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvV2ZwazdoTU0wLUh1bi1sOGtMR3ZNbmkwSWowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZeOMA0G
CSqGSIb3DQEBCwUAA4IBAQBjgTFa/t1c8Eq90HC4ENx22uY1MJvQ893pYQoHB3bc
UpTw70R/xfdILqGSq0i92SzBhk2KXHd8R9m/VMFtsgwHGDc5RXEKJh5o6pGXly9k
gs/JFv66c6y0w1xBAFY7wkFJMhIBvsmNocxTI7gYOa789urAnG6raKbAFWQyiRAO
195ho0h8TWu4NagSMUBfih13l9QCOoXi3dD0HcaC0t5Kr+XgFOvkw6KlgBcIqpOu
xm84uBjG8Q6iOEXgy4YWQl1vWlFssVCK1cal6hhdS5Ae2FrqgBqyCY+cQE5MjmnA
lgvzdesiTWCAP88bVJiDc0Svau3JReh0OFVRr3WAkywG
-----END CERTIFICATE-----