Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/rVyRZ5kcpjw9JuvkrbnDOr7nM8c.roa
File:                     rVyRZ5kcpjw9JuvkrbnDOr7nM8c.roa (raw, json)
Hash identifier:          TVkuCpuVDfQOVy1pUN0wlRmfbl36nn3VFjWNxHpQ5gM=
Subject key identifier:   AD:5C:91:67:99:1C:A6:3C:3D:26:EB:E4:AD:B9:C3:3A:BE:E7:33:C7
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0194F5E5744351DC2BD98C871FCA1BD65AD7
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/rVyRZ5kcpjw9JuvkrbnDOr7nM8c.roa
Signing time:             Tue 11 Feb 2025 16:44:02 +0000
ROA not before:           Tue 11 Feb 2025 16:44:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        45.151.142.0/24 maxlen: 24
                          77.111.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f5:e5:74:43:51:dc:2b:d9:8c:87:1f:ca:1b:d6:5a:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Feb 11 16:44:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad5c9167991ca63c3d26ebe4adb9c33abee733c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:3e:66:e8:71:af:9a:69:e4:e5:08:96:b9:b9:
                    bc:96:35:c4:31:89:6d:ac:de:99:cb:1b:82:0e:75:
                    df:7a:76:a9:ab:57:04:1e:b1:69:36:4e:04:8c:db:
                    bd:c7:dd:bd:e2:ee:dd:be:af:95:fc:c7:8b:2a:e0:
                    e7:d2:b1:c3:13:1c:69:6c:29:8f:47:f9:be:8f:5d:
                    ec:89:04:a5:15:79:fe:c0:fa:be:61:46:84:85:f2:
                    3e:de:f8:2c:f4:02:8f:78:8a:82:a2:0a:ed:e3:22:
                    bb:f7:14:04:22:d2:5d:21:97:31:04:a4:42:7a:1a:
                    cb:77:8c:e0:c9:37:1a:74:18:e5:78:d1:7a:ed:2f:
                    bc:b4:72:84:a8:bc:f2:83:b7:a5:47:68:64:7a:77:
                    77:72:43:9c:71:f2:e5:18:63:9b:55:6f:66:90:19:
                    37:54:0e:c9:32:54:5e:bc:47:10:ae:c0:34:10:3d:
                    15:9b:92:6a:47:e3:8d:b6:96:ed:a1:17:2a:47:d4:
                    db:d8:54:81:bd:90:06:aa:37:e1:64:0d:33:d5:e0:
                    48:b2:97:3a:40:32:4f:01:59:a6:56:66:74:52:5e:
                    50:92:c2:3f:75:ec:00:ce:88:c1:9c:a6:7f:c3:1c:
                    db:37:b8:63:ab:09:8a:68:f3:83:3f:f9:1a:59:bb:
                    e2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:5C:91:67:99:1C:A6:3C:3D:26:EB:E4:AD:B9:C3:3A:BE:E7:33:C7
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/rVyRZ5kcpjw9JuvkrbnDOr7nM8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.142.0/24
                  77.111.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:ef:18:30:f6:e9:04:6b:8a:33:68:98:c3:70:59:d0:93:19:
         1e:ee:6b:75:33:eb:ad:03:c1:ff:5f:64:9e:9e:86:aa:e9:ad:
         51:83:27:0b:54:20:0d:63:bc:b4:d7:f4:0b:0a:6f:49:f3:a5:
         f0:15:37:11:c6:d9:4d:1d:d1:58:9c:95:b0:c0:27:16:78:57:
         6b:99:ce:6d:e0:85:05:e0:85:c9:1c:27:a9:36:0e:38:73:a3:
         69:eb:25:bb:de:56:5f:d5:c9:14:d6:2b:40:35:96:6f:14:b9:
         ca:6f:0d:6b:9e:d9:03:52:56:b0:d5:55:b1:b1:31:ba:53:38:
         c4:21:bd:0c:82:c1:70:2a:72:f9:a1:69:dc:79:1e:e3:f4:2c:
         15:12:2d:6f:cb:42:97:63:0a:c8:7c:0f:c2:e5:a8:c0:0c:45:
         42:17:80:d9:ef:84:28:c2:69:a5:f8:b5:c3:ab:0f:fe:f3:95:
         14:d0:49:26:85:22:78:08:02:e7:b5:a6:64:9f:b9:a7:11:9f:
         56:bc:37:63:f6:23:f0:4a:48:bd:51:c0:66:36:b9:79:ec:de:
         86:ac:0b:82:f5:53:68:76:ad:24:f0:0a:2f:94:74:37:44:e0:
         69:02:32:86:89:9c:05:f3:1f:33:13:23:36:69:47:32:b8:b5:
         89:0b:2d:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZT15XRDUdwr2YyHH8ob1lrXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwMjExMTY0NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDVjOTE2Nzk5MWNhNjNjM2QyNmViZTRhZGI5YzMzYWJlZTczM2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3T5m6HGvmmnk5QiWubm8ljXEMYlt
rN6ZyxuCDnXfenapq1cEHrFpNk4EjNu9x9294u7dvq+V/MeLKuDn0rHDExxpbCmP
R/m+j13siQSlFXn+wPq+YUaEhfI+3vgs9AKPeIqCogrt4yK79xQEItJdIZcxBKRC
ehrLd4zgyTcadBjleNF67S+8tHKEqLzyg7elR2hkend3ckOccfLlGGObVW9mkBk3
VA7JMlRevEcQrsA0ED0Vm5JqR+ONtpbtoRcqR9Tb2FSBvZAGqjfhZA0z1eBIspc6
QDJPAVmmVmZ0Ul5QksI/dewAzojBnKZ/wxzbN7hjqwmKaPODP/kaWbvi6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK1ckWeZHKY8PSbr5K25wzq+5zPHMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvclZ5Ulo1a2Nwanc5SnV2a3JibkRPcjduTThjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZeOAwQA
TW9gMA0GCSqGSIb3DQEBCwUAA4IBAQAa7xgw9ukEa4ozaJjDcFnQkxke7mt1M+ut
A8H/X2Senoaq6a1RgycLVCANY7y01/QLCm9J86XwFTcRxtlNHdFYnJWwwCcWeFdr
mc5t4IUF4IXJHCepNg44c6Np6yW73lZf1ckU1itANZZvFLnKbw1rntkDUlaw1VWx
sTG6UzjEIb0MgsFwKnL5oWnceR7j9CwVEi1vy0KXYwrIfA/C5ajADEVCF4DZ74Qo
wmml+LXDqw/+85UU0EkmhSJ4CALntaZkn7mnEZ9WvDdj9iPwSki9UcBmNrl57N6G
rAuC9VNodq0k8AovlHQ3ROBpAjKGiZwF8x8zEyM2aUcyuLWJCy0p
-----END CERTIFICATE-----