Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/EpMLaYChUvPW43eW66M41o2KSpc.roa
File:                     EpMLaYChUvPW43eW66M41o2KSpc.roa (raw, json)
Hash identifier:          PU2MBAWGAP6VAtPvAGor5W80iPyTDbgTBn9WAJahQLs=
Subject key identifier:   12:93:0B:69:80:A1:52:F3:D6:E3:77:96:EB:A3:38:D6:8D:8A:4A:97
Certificate issuer:       /CN=ded7239db81d61f98d586383ccc125d66106cb30
Certificate serial:       01942826DD80F6CFE384C662C8D3A6503D8C
Authority key identifier: DE:D7:23:9D:B8:1D:61:F9:8D:58:63:83:CC:C1:25:D6:61:06:CB:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3tcjnbgdYfmNWGODzMEl1mEGyzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/EpMLaYChUvPW43eW66M41o2KSpc.roa
Signing time:             Thu 02 Jan 2025 17:53:43 +0000
ROA not before:           Thu 02 Jan 2025 17:53:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51827
IP address blocks:        45.151.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/3tcjnbgdYfmNWGODzMEl1mEGyzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/3tcjnbgdYfmNWGODzMEl1mEGyzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3tcjnbgdYfmNWGODzMEl1mEGyzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:dd:80:f6:cf:e3:84:c6:62:c8:d3:a6:50:3d:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ded7239db81d61f98d586383ccc125d66106cb30
        Validity
            Not Before: Jan  2 17:53:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=12930b6980a152f3d6e37796eba338d68d8a4a97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:c3:81:8f:05:16:8e:69:35:e1:0a:00:74:a7:
                    07:90:ed:00:13:05:d1:8e:e8:c5:9b:2d:03:22:3d:
                    7e:9d:af:21:57:fa:1c:f4:96:87:42:17:15:30:0c:
                    12:c4:bd:cf:48:23:70:16:11:a1:e1:c7:30:3e:88:
                    be:1f:65:64:85:6a:de:2e:a5:72:98:40:fe:9f:28:
                    b0:f5:49:7d:45:b5:1b:9d:34:65:3d:8d:c3:9b:49:
                    bb:30:55:4c:01:bf:20:a6:1c:bf:a4:18:47:13:76:
                    4d:3d:8a:42:2f:2d:4f:1d:7d:99:fb:2f:40:fb:ce:
                    9d:48:ba:ad:f3:1e:65:17:8c:5a:58:07:9f:6b:c2:
                    c5:16:45:d7:7d:46:63:64:d6:65:18:4c:21:fa:a4:
                    e5:be:cd:35:71:11:e4:31:62:d5:71:bb:33:8f:23:
                    6c:dd:7b:63:f5:71:e1:b2:4b:78:b6:f5:bd:f9:5a:
                    af:b5:b7:3e:dc:2a:4f:9d:46:fd:ce:50:f3:83:fa:
                    78:36:e8:3b:6a:94:70:d5:56:7d:3e:88:30:75:8a:
                    01:75:ce:da:5c:51:cb:4b:0f:c3:b9:3a:79:f9:6d:
                    78:e0:1c:2f:c0:9e:6a:fe:c1:26:9f:c8:63:e2:7c:
                    c1:1b:5a:60:c7:ec:ba:df:89:0c:ed:6d:0b:28:12:
                    a8:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:93:0B:69:80:A1:52:F3:D6:E3:77:96:EB:A3:38:D6:8D:8A:4A:97
            X509v3 Authority Key Identifier:
                keyid:DE:D7:23:9D:B8:1D:61:F9:8D:58:63:83:CC:C1:25:D6:61:06:CB:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3tcjnbgdYfmNWGODzMEl1mEGyzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/EpMLaYChUvPW43eW66M41o2KSpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/3tcjnbgdYfmNWGODzMEl1mEGyzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:bc:f9:a9:08:29:9d:23:f0:2c:74:fe:ca:98:f9:5f:a5:fe:
         39:8f:b4:90:92:b1:3a:e7:44:cb:b8:d0:56:94:fa:46:8a:e0:
         c0:f2:ee:3f:6b:00:ca:d8:b8:0b:5c:dc:01:b6:80:29:da:65:
         6d:24:66:af:b1:f5:98:a2:56:b8:ea:e5:5b:59:57:b9:8a:65:
         99:c9:35:a9:43:27:b2:ce:bd:83:c7:4a:9f:38:2d:e0:be:11:
         93:62:5e:52:a1:37:c8:74:cf:86:92:88:78:cf:8e:a6:4c:df:
         d3:6f:40:b6:86:9c:ea:97:dd:45:59:07:67:41:9f:1c:ba:b7:
         0a:20:e9:28:27:ba:63:57:9b:9e:98:f1:ac:63:bd:05:8a:f2:
         ba:12:90:ed:0e:42:bf:db:98:e3:60:61:54:c9:ad:4f:c5:e9:
         09:b2:be:6d:84:3e:e9:be:c2:dd:ba:38:70:97:56:2c:d8:87:
         b0:a9:37:b3:c1:3c:8b:27:8f:16:ca:64:34:a6:36:b0:11:ab:
         88:dc:16:fe:67:b5:71:37:8f:dc:01:f4:4a:36:a4:6b:9e:87:
         cb:cc:13:f4:a3:c2:e7:55:31:51:c8:f4:dd:5a:2b:e8:8b:a5:
         62:c0:bc:31:86:7e:f5:49:f3:a2:31:2e:76:83:6d:13:4f:e7:
         2f:fe:5c:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJt2A9s/jhMZiyNOmUD2MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZDcyMzlkYjgxZDYxZjk4ZDU4NjM4M2NjYzEyNWQ2NjEw
NmNiMzAwHhcNMjUwMTAyMTc1MzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjkzMGI2OTgwYTE1MmYzZDZlMzc3OTZlYmEzMzhkNjhkOGE0YTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMOBjwUWjmk14QoAdKcHkO0AEwXR
jujFmy0DIj1+na8hV/oc9JaHQhcVMAwSxL3PSCNwFhGh4ccwPoi+H2VkhWreLqVy
mED+nyiw9Ul9RbUbnTRlPY3Dm0m7MFVMAb8gphy/pBhHE3ZNPYpCLy1PHX2Z+y9A
+86dSLqt8x5lF4xaWAefa8LFFkXXfUZjZNZlGEwh+qTlvs01cRHkMWLVcbszjyNs
3Xtj9XHhskt4tvW9+Vqvtbc+3CpPnUb9zlDzg/p4Nug7apRw1VZ9PogwdYoBdc7a
XFHLSw/DuTp5+W144BwvwJ5q/sEmn8hj4nzBG1pgx+y634kM7W0LKBKoNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKTC2mAoVLz1uN3luujONaNikqXMB8GA1UdIwQY
MBaAFN7XI524HWH5jVhjg8zBJdZhBsswMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3Rjam5iZ2RZZm1OV0dPRHpNRWwxbUVHeXpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9iNmM0MjYtNzZkNS00YTgyLTliNWYt
ODU2YjY1Yzc1YzI2LzEvRXBNTGFZQ2hVdlBXNDNlVzY2TTQxbzJLU3BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9iNmM0MjYtNzZkNS00YTgyLTliNWYtODU2YjY1Yzc1YzI2
LzEvM3Rjam5iZ2RZZm1OV0dPRHpNRWwxbUVHeXpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZfzMA0G
CSqGSIb3DQEBCwUAA4IBAQApvPmpCCmdI/AsdP7KmPlfpf45j7SQkrE650TLuNBW
lPpGiuDA8u4/awDK2LgLXNwBtoAp2mVtJGavsfWYola46uVbWVe5imWZyTWpQyey
zr2Dx0qfOC3gvhGTYl5SoTfIdM+Gkoh4z46mTN/Tb0C2hpzql91FWQdnQZ8curcK
IOkoJ7pjV5uemPGsY70FivK6EpDtDkK/25jjYGFUya1PxekJsr5thD7pvsLdujhw
l1Ys2IewqTezwTyLJ48WymQ0pjawEauI3Bb+Z7VxN4/cAfRKNqRrnofLzBP0o8Ln
VTFRyPTdWivoi6ViwLwxhn71SfOiMS52g20TT+cv/lzd
-----END CERTIFICATE-----