Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/ee4c8a-1eb2-4518-8b5b-8616a310e803/1/tUeDOLxh54YzVxv0XUKXGVzFhsg.roa
File:                     tUeDOLxh54YzVxv0XUKXGVzFhsg.roa (raw, json)
Hash identifier:          guDk4R7GTLiv83MGpogrsbl+v0V3XO0MlUq9mf/rxx0=
Subject key identifier:   B5:47:83:38:BC:61:E7:86:33:57:1B:F4:5D:42:97:19:5C:C5:86:C8
Certificate issuer:       /CN=2e30b4f5222a4685c54cd25c4cb8d6f93233ac7b
Certificate serial:       0194228DC59EFA464D325530A617B66AD293
Authority key identifier: 2E:30:B4:F5:22:2A:46:85:C5:4C:D2:5C:4C:B8:D6:F9:32:33:AC:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjC09SIqRoXFTNJcTLjW-TIzrHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/ee4c8a-1eb2-4518-8b5b-8616a310e803/1/tUeDOLxh54YzVxv0XUKXGVzFhsg.roa
Signing time:             Wed 01 Jan 2025 15:48:23 +0000
ROA not before:           Wed 01 Jan 2025 15:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206476
IP address blocks:        45.87.64.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/ee4c8a-1eb2-4518-8b5b-8616a310e803/1/LjC09SIqRoXFTNJcTLjW-TIzrHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/ee4c8a-1eb2-4518-8b5b-8616a310e803/1/LjC09SIqRoXFTNJcTLjW-TIzrHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LjC09SIqRoXFTNJcTLjW-TIzrHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:c5:9e:fa:46:4d:32:55:30:a6:17:b6:6a:d2:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e30b4f5222a4685c54cd25c4cb8d6f93233ac7b
        Validity
            Not Before: Jan  1 15:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5478338bc61e78633571bf45d4297195cc586c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:86:78:11:d4:d1:60:d9:5f:31:96:04:15:da:
                    47:68:60:b8:72:a4:c3:81:4a:6a:e7:9c:f9:5d:12:
                    d4:d5:50:6a:89:5d:dc:ff:ae:d4:bc:57:11:93:63:
                    bf:34:d4:14:f8:16:1e:1f:cf:03:70:00:f8:2e:75:
                    18:da:76:08:f6:a7:22:fa:24:3e:d8:ff:21:2f:55:
                    5e:3c:da:5c:b6:2e:cb:81:10:43:ba:15:3a:d2:bb:
                    62:f1:a2:0a:11:ee:9d:17:68:7d:14:f7:fa:74:87:
                    dd:34:65:3b:75:9d:17:43:14:14:fa:9e:fd:d4:c9:
                    1c:33:a5:c6:99:a7:31:4f:ab:1c:f9:4b:94:d6:80:
                    9f:2b:90:86:77:c5:f9:7f:32:d8:ab:6f:a5:d7:f5:
                    a6:e2:44:2f:dc:62:50:8b:2b:53:ea:b0:b0:2f:6c:
                    51:4e:68:22:20:af:e3:8e:d0:d4:28:53:2f:80:6c:
                    46:6d:16:d9:1c:59:7f:0a:94:a2:0a:07:13:10:f2:
                    92:27:6f:77:47:93:2e:ef:59:4f:73:6f:23:82:be:
                    0c:26:53:4d:9a:3b:88:31:13:30:d9:d6:dd:0e:cd:
                    92:67:7f:23:b8:2d:35:8f:e3:79:38:66:10:c6:15:
                    07:19:4f:c6:62:10:8a:07:fe:f7:ca:1b:d6:5d:32:
                    f9:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:47:83:38:BC:61:E7:86:33:57:1B:F4:5D:42:97:19:5C:C5:86:C8
            X509v3 Authority Key Identifier:
                keyid:2E:30:B4:F5:22:2A:46:85:C5:4C:D2:5C:4C:B8:D6:F9:32:33:AC:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjC09SIqRoXFTNJcTLjW-TIzrHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ee4c8a-1eb2-4518-8b5b-8616a310e803/1/tUeDOLxh54YzVxv0XUKXGVzFhsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ee4c8a-1eb2-4518-8b5b-8616a310e803/1/LjC09SIqRoXFTNJcTLjW-TIzrHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:22:ae:cc:d0:39:74:a6:97:1b:04:b0:f2:bb:13:a9:90:97:
         5a:d0:9f:24:5c:f6:04:52:27:ae:51:b5:f2:d1:98:22:53:f7:
         15:db:f2:65:f1:10:cc:b1:c2:55:b4:40:8d:83:c8:f1:20:8f:
         06:67:b7:24:32:55:9d:bb:9b:dc:41:e6:37:d5:8e:51:38:e4:
         fb:2a:99:0e:57:87:fc:90:09:ab:d9:be:cd:b4:f0:d4:95:a5:
         6c:9c:f3:47:06:3a:89:1c:84:56:f5:5e:34:dc:6a:27:48:65:
         bf:c9:73:fb:a5:18:cc:10:3a:16:7f:06:6c:b3:40:ae:b6:78:
         79:a6:30:37:a0:8c:5d:0e:d2:91:5a:4d:36:61:05:36:c3:cf:
         1b:d8:bb:c3:88:cf:3e:af:1f:b3:99:b2:56:cc:95:aa:18:5c:
         9f:05:c4:f1:9f:4f:7e:ee:a9:b6:6f:8d:33:ce:31:8d:ce:63:
         21:42:ae:ca:91:aa:3f:ad:8f:e8:ae:15:16:7c:15:9c:3c:aa:
         fd:1a:54:c7:bc:f8:06:19:d8:5e:13:21:38:11:fc:fb:7f:6d:
         bf:4e:93:a0:e4:61:98:81:06:9e:18:b3:ff:47:88:65:bd:94:
         5c:62:de:ec:67:8d:c4:57:a8:78:04:07:b2:d6:3f:34:7a:b1:
         38:85:2f:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijcWe+kZNMlUwphe2atKTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzBiNGY1MjIyYTQ2ODVjNTRjZDI1YzRjYjhkNmY5MzIz
M2FjN2IwHhcNMjUwMTAxMTU0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTQ3ODMzOGJjNjFlNzg2MzM1NzFiZjQ1ZDQyOTcxOTVjYzU4NmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4Z4EdTRYNlfMZYEFdpHaGC4cqTD
gUpq55z5XRLU1VBqiV3c/67UvFcRk2O/NNQU+BYeH88DcAD4LnUY2nYI9qci+iQ+
2P8hL1VePNpcti7LgRBDuhU60rti8aIKEe6dF2h9FPf6dIfdNGU7dZ0XQxQU+p79
1MkcM6XGmacxT6sc+UuU1oCfK5CGd8X5fzLYq2+l1/Wm4kQv3GJQiytT6rCwL2xR
TmgiIK/jjtDUKFMvgGxGbRbZHFl/CpSiCgcTEPKSJ293R5Mu71lPc28jgr4MJlNN
mjuIMRMw2dbdDs2SZ38juC01j+N5OGYQxhUHGU/GYhCKB/73yhvWXTL50wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVHgzi8YeeGM1cb9F1ClxlcxYbIMB8GA1UdIwQY
MBaAFC4wtPUiKkaFxUzSXEy41vkyM6x7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGpDMDlTSXFSb1hGVE5KY1RMalctVEl6ckhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lZTRjOGEtMWViMi00NTE4LThiNWIt
ODYxNmEzMTBlODAzLzEvdFVlRE9MeGg1NFl6Vnh2MFhVS1hHVnpGaHNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lZTRjOGEtMWViMi00NTE4LThiNWItODYxNmEzMTBlODAz
LzEvTGpDMDlTSXFSb1hGVE5KY1RMalctVEl6ckhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVdAMA0G
CSqGSIb3DQEBCwUAA4IBAQBTIq7M0Dl0ppcbBLDyuxOpkJda0J8kXPYEUieuUbXy
0ZgiU/cV2/Jl8RDMscJVtECNg8jxII8GZ7ckMlWdu5vcQeY31Y5ROOT7KpkOV4f8
kAmr2b7NtPDUlaVsnPNHBjqJHIRW9V403GonSGW/yXP7pRjMEDoWfwZss0Cutnh5
pjA3oIxdDtKRWk02YQU2w88b2LvDiM8+rx+zmbJWzJWqGFyfBcTxn09+7qm2b40z
zjGNzmMhQq7Kkao/rY/orhUWfBWcPKr9GlTHvPgGGdheEyE4Efz7f22/TpOg5GGY
gQaeGLP/R4hlvZRcYt7sZ43EV6h4BAey1j80erE4hS+h
-----END CERTIFICATE-----