Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/mI7DIe-ZWUKxjXm68wpxaummpVQ.roa
File:                     mI7DIe-ZWUKxjXm68wpxaummpVQ.roa (raw, json)
Hash identifier:          8ILL3a5+iKTvSgugQcyufNykJWsVj3L0HY6IKspIJxE=
Subject key identifier:   98:8E:C3:21:EF:99:59:42:B1:8D:79:BA:F3:0A:71:6A:E9:A6:A5:54
Certificate issuer:       /CN=9f0743496c7ff3effb870601139cad9d2f271e10
Certificate serial:       01941FFA336C458F84B8B0597639253E311E
Authority key identifier: 9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/mI7DIe-ZWUKxjXm68wpxaummpVQ.roa
Signing time:             Wed 01 Jan 2025 03:47:58 +0000
ROA not before:           Wed 01 Jan 2025 03:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56309
IP address blocks:        45.136.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:33:6c:45:8f:84:b8:b0:59:76:39:25:3e:31:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0743496c7ff3effb870601139cad9d2f271e10
        Validity
            Not Before: Jan  1 03:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=988ec321ef995942b18d79baf30a716ae9a6a554
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:bd:d2:51:ec:73:82:4f:d4:03:2a:a6:3a:2c:
                    8a:f8:a3:b1:48:a9:26:ae:85:57:e9:c0:8b:d9:ce:
                    fb:9e:65:62:74:72:bd:72:94:d5:e2:dd:60:18:32:
                    87:99:40:5b:37:0e:44:ea:25:ec:1c:d9:f0:2f:cf:
                    89:fe:01:12:2b:86:0c:70:1c:d3:44:0f:75:e8:2b:
                    4d:2b:9a:ad:43:92:22:7b:dc:ad:36:f4:08:a2:5b:
                    6a:03:00:7d:68:e2:3a:f8:5c:b9:38:06:78:5d:98:
                    1d:cb:fb:29:b5:83:2f:a2:76:3e:33:ae:0f:f5:22:
                    64:b1:39:8f:6e:0d:1d:e0:68:15:af:32:94:d0:5d:
                    8e:34:bd:6b:c5:81:1a:85:43:bf:e0:9a:21:f4:c9:
                    c1:27:35:c5:e3:21:17:97:2b:d5:38:c5:8e:d7:2a:
                    b6:d4:aa:73:af:8d:1a:69:1b:48:f6:50:ef:68:68:
                    8f:05:4a:bd:68:02:fd:a6:2b:c5:c4:80:f9:84:66:
                    d1:33:85:19:a2:d2:88:33:d2:e9:3a:7d:4e:c5:f3:
                    55:db:dc:0c:b8:06:80:cf:f2:3c:2c:4e:b3:f1:0f:
                    b7:06:cf:d1:57:9d:5a:3f:31:f4:ac:0e:36:75:12:
                    44:7d:aa:f1:3f:18:41:64:a1:a8:86:39:98:02:9a:
                    ec:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:8E:C3:21:EF:99:59:42:B1:8D:79:BA:F3:0A:71:6A:E9:A6:A5:54
            X509v3 Authority Key Identifier:
                keyid:9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/mI7DIe-ZWUKxjXm68wpxaummpVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:7b:fe:e1:5a:a5:85:8b:d3:bd:bb:23:5a:7a:cd:af:ec:58:
         7f:1d:b5:e2:fb:d6:d8:92:5d:43:3b:02:3a:a5:20:0e:41:19:
         3e:25:bd:48:73:1e:4c:8c:c3:9f:81:8e:9c:3a:d9:84:14:5e:
         01:08:17:07:08:39:e6:1e:45:66:d6:03:2f:61:09:95:9d:a5:
         73:c0:79:de:03:96:c0:9d:0a:be:4c:c0:f2:9d:e3:09:10:05:
         72:3e:9b:e3:05:1d:a7:68:67:f2:f2:8b:ce:6e:c6:b2:7c:86:
         ff:78:79:ab:93:4d:9b:bf:16:04:8e:54:89:13:e4:97:64:a7:
         be:7a:99:ab:e2:77:f1:db:e3:6d:69:cc:3f:07:9a:7e:d6:b5:
         68:93:42:c1:fb:12:70:bf:63:a1:e5:db:1e:64:4e:9f:68:f9:
         6d:81:63:1c:55:f9:1e:07:e6:16:e7:1c:c7:f6:76:a4:be:53:
         4a:35:74:8f:6b:6a:b6:d3:c6:c6:f1:4f:39:d0:4b:37:c1:22:
         02:fa:b4:aa:ff:e1:6c:29:1b:53:54:df:d4:71:00:5d:44:4b:
         4b:47:1b:43:4b:1f:60:58:a7:d4:59:24:9e:95:56:94:b6:33:
         ac:31:b7:48:3d:03:3e:a2:39:2f:bf:7a:af:ab:d9:e4:a4:06:
         31:57:53:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+jNsRY+EuLBZdjklPjEeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDc0MzQ5NmM3ZmYzZWZmYjg3MDYwMTEzOWNhZDlkMmYy
NzFlMTAwHhcNMjUwMTAxMDM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODhlYzMyMWVmOTk1OTQyYjE4ZDc5YmFmMzBhNzE2YWU5YTZhNTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtb3SUexzgk/UAyqmOiyK+KOxSKkm
roVX6cCL2c77nmVidHK9cpTV4t1gGDKHmUBbNw5E6iXsHNnwL8+J/gESK4YMcBzT
RA916CtNK5qtQ5Iie9ytNvQIoltqAwB9aOI6+Fy5OAZ4XZgdy/sptYMvonY+M64P
9SJksTmPbg0d4GgVrzKU0F2ONL1rxYEahUO/4Joh9MnBJzXF4yEXlyvVOMWO1yq2
1Kpzr40aaRtI9lDvaGiPBUq9aAL9pivFxID5hGbRM4UZotKIM9LpOn1OxfNV29wM
uAaAz/I8LE6z8Q+3Bs/RV51aPzH0rA42dRJEfarxPxhBZKGohjmYAprs4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJiOwyHvmVlCsY15uvMKcWrppqVUMB8GA1UdIwQY
MBaAFJ8HQ0lsf/Pv+4cGAROcrZ0vJx4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2Mt
NjM0MTEzNjdkOTBhLzEvbUk3REllLVpXVUt4alhtNjh3cHhhdW1tcFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2MtNjM0MTEzNjdkOTBh
LzEvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYjsMA0G
CSqGSIb3DQEBCwUAA4IBAQAGe/7hWqWFi9O9uyNaes2v7Fh/HbXi+9bYkl1DOwI6
pSAOQRk+Jb1Icx5MjMOfgY6cOtmEFF4BCBcHCDnmHkVm1gMvYQmVnaVzwHneA5bA
nQq+TMDyneMJEAVyPpvjBR2naGfy8ovObsayfIb/eHmrk02bvxYEjlSJE+SXZKe+
epmr4nfx2+Ntacw/B5p+1rVok0LB+xJwv2Oh5dseZE6faPltgWMcVfkeB+YW5xzH
9nakvlNKNXSPa2q208bG8U850Es3wSIC+rSq/+FsKRtTVN/UcQBdREtLRxtDSx9g
WKfUWSSelVaUtjOsMbdIPQM+ojkvv3qvq9nkpAYxV1OY
-----END CERTIFICATE-----