Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/EaE5VD4OxnOLx45VJf2Q-Zuz-0A.roa
File:                     EaE5VD4OxnOLx45VJf2Q-Zuz-0A.roa (raw, json)
Hash identifier:          TOdSY1e+ZAROPQ/PNUCjsaleUL7z5n5qEIhuP/bZgR4=
Subject key identifier:   11:A1:39:54:3E:0E:C6:73:8B:C7:8E:55:25:FD:90:F9:9B:B3:FB:40
Certificate issuer:       /CN=d1f51964ede12b4c03673d23cd44c8375315f45a
Certificate serial:       018ECCAD1F2059816ED480E106B05EE80018
Authority key identifier: D1:F5:19:64:ED:E1:2B:4C:03:67:3D:23:CD:44:C8:37:53:15:F4:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/EaE5VD4OxnOLx45VJf2Q-Zuz-0A.roa
Signing time:             Thu 11 Apr 2024 10:21:21 +0000
ROA not before:           Thu 11 Apr 2024 10:21:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208126
IP address blocks:        45.128.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cc:ad:1f:20:59:81:6e:d4:80:e1:06:b0:5e:e8:00:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1f51964ede12b4c03673d23cd44c8375315f45a
        Validity
            Not Before: Apr 11 10:21:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11a139543e0ec6738bc78e5525fd90f99bb3fb40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:00:72:46:4f:eb:36:de:a3:05:68:e0:88:b9:
                    ad:72:32:f1:70:6d:1c:b3:c7:9e:66:bc:88:79:93:
                    8a:c4:ba:66:72:fe:33:ff:6c:57:ef:b1:d7:e0:e2:
                    1a:78:a6:cb:cd:6c:3c:c0:a2:86:04:ef:aa:c3:74:
                    c1:ff:4d:80:77:29:6b:63:48:25:b6:6d:59:6f:88:
                    a3:a4:20:84:79:44:4f:1e:b5:80:0e:24:f8:2b:38:
                    34:ca:c2:37:27:01:77:d7:ff:64:13:20:be:1a:e3:
                    80:4f:20:c9:2c:cf:c1:36:ec:f0:63:87:6f:14:34:
                    72:7d:72:80:8d:52:e7:95:8f:6e:a9:0f:8d:8a:e0:
                    ad:fb:6a:eb:3f:16:52:9e:f7:02:b2:4f:cf:46:bb:
                    10:1a:9d:9c:f8:81:c2:ec:ee:12:90:21:50:78:b2:
                    31:93:c4:5f:fd:69:be:b9:5b:a8:fe:1a:8e:60:c5:
                    93:8e:08:a8:d9:33:c4:b8:78:77:dc:2c:1b:7f:01:
                    3a:9f:ce:6f:6f:83:89:7e:af:8e:93:fe:7a:5a:14:
                    7d:4e:b0:c5:2e:04:13:86:c1:a3:ea:84:4f:fa:b0:
                    5b:cb:09:c6:be:7c:fc:9a:76:f8:d4:a7:fa:61:fe:
                    68:4f:2d:77:a9:e1:03:e8:fc:a1:0b:73:c1:eb:82:
                    5a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:A1:39:54:3E:0E:C6:73:8B:C7:8E:55:25:FD:90:F9:9B:B3:FB:40
            X509v3 Authority Key Identifier:
                keyid:D1:F5:19:64:ED:E1:2B:4C:03:67:3D:23:CD:44:C8:37:53:15:F4:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/EaE5VD4OxnOLx45VJf2Q-Zuz-0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:ff:d0:fe:c6:f0:c7:01:80:21:1a:be:97:c7:5e:da:21:1a:
         e3:0e:8d:5f:fe:62:c3:a0:86:08:2c:03:34:79:61:43:32:8e:
         b7:d2:5d:93:6d:b4:24:42:e1:7d:cd:a5:28:a8:80:3e:5c:ab:
         ad:75:92:23:69:b5:27:a3:db:bb:bb:a0:68:79:76:3d:8f:1d:
         ee:f5:30:f4:30:08:4f:8c:fb:78:9b:b1:03:7e:bb:b2:51:b4:
         1a:91:3b:2c:8b:b3:cc:b6:94:50:9c:c6:b4:e0:9f:12:c4:ac:
         22:31:7c:ce:e0:27:9b:80:79:d1:64:a3:c9:dd:d9:41:f2:02:
         e1:9a:6d:8d:2c:17:4b:b0:85:0a:c6:dc:a2:7b:a4:41:a4:18:
         83:01:3e:9b:3a:55:89:0a:15:5f:c2:05:5f:81:37:cf:ad:f5:
         05:1b:bb:0e:a8:c9:43:9b:3a:e8:0a:37:22:51:af:7a:6a:f7:
         fb:ed:b1:61:00:08:5e:57:32:8f:54:5e:4c:cf:87:ae:ec:a7:
         68:4c:00:5e:9d:42:64:0c:78:57:70:47:55:ba:55:52:1d:ac:
         e4:8d:26:e5:d8:46:a0:76:20:d5:d6:53:7f:ba:86:93:80:28:
         e5:18:cc:e6:6d:d1:dc:d5:5d:69:d4:25:7f:ff:d4:68:4a:93:
         1f:15:1d:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7MrR8gWYFu1IDhBrBe6AAYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZjUxOTY0ZWRlMTJiNGMwMzY3M2QyM2NkNDRjODM3NTMx
NWY0NWEwHhcNMjQwNDExMTAyMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWExMzk1NDNlMGVjNjczOGJjNzhlNTUyNWZkOTBmOTliYjNmYjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAByRk/rNt6jBWjgiLmtcjLxcG0c
s8eeZryIeZOKxLpmcv4z/2xX77HX4OIaeKbLzWw8wKKGBO+qw3TB/02AdylrY0gl
tm1Zb4ijpCCEeURPHrWADiT4Kzg0ysI3JwF31/9kEyC+GuOATyDJLM/BNuzwY4dv
FDRyfXKAjVLnlY9uqQ+NiuCt+2rrPxZSnvcCsk/PRrsQGp2c+IHC7O4SkCFQeLIx
k8Rf/Wm+uVuo/hqOYMWTjgio2TPEuHh33CwbfwE6n85vb4OJfq+Ok/56WhR9TrDF
LgQThsGj6oRP+rBbywnGvnz8mnb41Kf6Yf5oTy13qeED6PyhC3PB64JaIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGhOVQ+DsZzi8eOVSX9kPmbs/tAMB8GA1UdIwQY
MBaAFNH1GWTt4StMA2c9I81EyDdTFfRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGZVWlpPM2hLMHdEWnowanpVVElOMU1WOUZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9lYmJkZGEtOTU3MS00ZmY1LWI1NmUt
NzUyMjBkNTNhNTVjLzEvRWFFNVZENE94bk9MeDQ1VkpmMlEtWnV6LTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9lYmJkZGEtOTU3MS00ZmY1LWI1NmUtNzUyMjBkNTNhNTVj
LzEvMGZVWlpPM2hLMHdEWnowanpVVElOMU1WOUZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYBEMA0G
CSqGSIb3DQEBCwUAA4IBAQBb/9D+xvDHAYAhGr6Xx17aIRrjDo1f/mLDoIYILAM0
eWFDMo630l2TbbQkQuF9zaUoqIA+XKutdZIjabUno9u7u6BoeXY9jx3u9TD0MAhP
jPt4m7EDfruyUbQakTssi7PMtpRQnMa04J8SxKwiMXzO4CebgHnRZKPJ3dlB8gLh
mm2NLBdLsIUKxtyie6RBpBiDAT6bOlWJChVfwgVfgTfPrfUFG7sOqMlDmzroCjci
Ua96avf77bFhAAheVzKPVF5Mz4eu7KdoTABenUJkDHhXcEdVulVSHazkjSbl2Eag
diDV1lN/uoaTgCjlGMzmbdHc1V1p1CV//9RoSpMfFR0m
-----END CERTIFICATE-----