Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/aHqqL1NN5YtLBNmQYn6ZUukv3fE.roa
File:                     aHqqL1NN5YtLBNmQYn6ZUukv3fE.roa (raw, json)
Hash identifier:          LV3wM5zWPJWC7ZTCI+xUuEUT6iOR32mYf+UKwFD/zS0=
Subject key identifier:   68:7A:AA:2F:53:4D:E5:8B:4B:04:D9:90:62:7E:99:52:E9:2F:DD:F1
Certificate issuer:       /CN=c6cfa94f6134e3960ea5f318846a30cf3e922dd7
Certificate serial:       0194221F9B9E6275CCFCA5DE3096422A2EDD
Authority key identifier: C6:CF:A9:4F:61:34:E3:96:0E:A5:F3:18:84:6A:30:CF:3E:92:2D:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xs-pT2E045YOpfMYhGowzz6SLdc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/aHqqL1NN5YtLBNmQYn6ZUukv3fE.roa
Signing time:             Wed 01 Jan 2025 13:48:04 +0000
ROA not before:           Wed 01 Jan 2025 13:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35617
IP address blocks:        45.131.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/xs-pT2E045YOpfMYhGowzz6SLdc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/xs-pT2E045YOpfMYhGowzz6SLdc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xs-pT2E045YOpfMYhGowzz6SLdc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:9b:9e:62:75:cc:fc:a5:de:30:96:42:2a:2e:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6cfa94f6134e3960ea5f318846a30cf3e922dd7
        Validity
            Not Before: Jan  1 13:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=687aaa2f534de58b4b04d990627e9952e92fddf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d3:d8:9f:52:0e:98:e0:f2:df:78:95:06:0f:
                    bb:7b:df:38:29:50:e4:83:2f:34:ae:f2:55:8a:c8:
                    79:f4:48:8d:25:7b:d1:5d:a3:ce:96:82:d0:09:b1:
                    29:2d:40:d4:c8:8a:88:61:22:9b:5d:a1:6d:f5:74:
                    a6:9f:94:ec:fe:b0:23:9d:6a:04:36:16:b6:34:01:
                    bd:92:f0:3e:76:45:3d:29:3b:ee:b1:d1:cd:d8:cf:
                    7a:e0:e7:f1:de:f7:58:0f:6d:25:fc:fb:77:10:89:
                    7b:06:53:a0:c9:4c:b0:df:f1:bb:d8:64:27:82:06:
                    59:5d:a9:a6:96:19:33:35:bf:0d:2c:1a:91:5e:4c:
                    ec:62:b6:a1:d7:ff:f1:54:3d:c2:69:25:9c:a2:51:
                    61:c5:6d:a5:77:e3:b2:36:b3:87:13:fb:65:cf:20:
                    95:a9:4a:f4:0f:6b:b8:69:1b:76:f2:96:be:37:17:
                    32:74:8c:51:69:8e:24:ae:af:6a:b0:24:ef:f0:87:
                    ed:04:06:f7:d2:42:73:67:3c:7d:88:0e:38:c0:3f:
                    33:8b:bb:e6:90:42:83:66:8c:d1:61:88:eb:42:63:
                    ee:70:9f:c9:22:01:ae:ca:d2:23:2b:32:a6:e6:0d:
                    a5:af:1b:3c:4b:d0:76:6a:2f:1c:b8:ac:dc:25:26:
                    fb:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:7A:AA:2F:53:4D:E5:8B:4B:04:D9:90:62:7E:99:52:E9:2F:DD:F1
            X509v3 Authority Key Identifier:
                keyid:C6:CF:A9:4F:61:34:E3:96:0E:A5:F3:18:84:6A:30:CF:3E:92:2D:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xs-pT2E045YOpfMYhGowzz6SLdc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/aHqqL1NN5YtLBNmQYn6ZUukv3fE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/xs-pT2E045YOpfMYhGowzz6SLdc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:10:13:a8:80:09:3f:4e:f4:d0:79:71:2c:47:6a:e5:1e:aa:
         10:4a:25:23:4f:b1:4e:b7:fc:a6:7e:66:d1:b5:de:2b:47:9f:
         af:dd:03:fe:ca:e0:5b:e7:aa:ec:c2:97:10:6e:f9:e5:f0:32:
         5c:35:67:98:7e:2c:91:03:25:f7:cc:40:4c:85:90:f5:9e:a4:
         e4:8e:a5:78:12:ee:de:7d:89:35:5d:3d:fc:20:97:aa:4b:b9:
         1b:63:62:68:47:b2:e8:c3:65:3c:2a:aa:5e:d0:10:be:37:78:
         57:76:92:38:5c:2d:54:07:15:11:6b:af:dd:e8:bf:0c:a0:5f:
         75:f3:88:91:64:cf:b7:10:0f:58:ce:b9:2b:b5:e3:20:04:f9:
         7c:61:80:9e:c5:76:ab:c4:07:0d:c0:02:1c:e0:bc:ee:62:37:
         6b:fa:30:7c:6c:1f:87:1a:64:3b:eb:57:e3:cf:30:de:89:f3:
         7e:59:31:88:7d:4e:a4:1f:1c:76:72:f6:d6:0a:11:a4:20:df:
         c1:b6:30:25:3e:e2:c6:5b:6a:33:24:2b:46:f4:52:5e:d4:60:
         01:56:e1:9e:e8:d7:dd:4c:ee:a0:67:bb:63:9a:87:93:1a:67:
         92:f8:62:df:6e:b7:fa:a1:8d:5f:88:10:47:93:dc:cf:8a:de:
         53:d0:42:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH5ueYnXM/KXeMJZCKi7dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2Y2ZhOTRmNjEzNGUzOTYwZWE1ZjMxODg0NmEzMGNmM2U5
MjJkZDcwHhcNMjUwMTAxMTM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODdhYWEyZjUzNGRlNThiNGIwNGQ5OTA2MjdlOTk1MmU5MmZkZGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdPYn1IOmODy33iVBg+7e984KVDk
gy80rvJVish59EiNJXvRXaPOloLQCbEpLUDUyIqIYSKbXaFt9XSmn5Ts/rAjnWoE
Nha2NAG9kvA+dkU9KTvusdHN2M964Ofx3vdYD20l/Pt3EIl7BlOgyUyw3/G72GQn
ggZZXammlhkzNb8NLBqRXkzsYrah1//xVD3CaSWcolFhxW2ld+OyNrOHE/tlzyCV
qUr0D2u4aRt28pa+NxcydIxRaY4krq9qsCTv8IftBAb30kJzZzx9iA44wD8zi7vm
kEKDZozRYYjrQmPucJ/JIgGuytIjKzKm5g2lrxs8S9B2ai8cuKzcJSb7VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGh6qi9TTeWLSwTZkGJ+mVLpL93xMB8GA1UdIwQY
MBaAFMbPqU9hNOOWDqXzGIRqMM8+ki3XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHMtcFQyRTA0NVlPcGZNWWhHb3d6ejZTTGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi85NTllMDMtNzhmYy00NTg5LWFjZGUt
ZjlhNDM3MDlkMDBiLzEvYUhxcUwxTk41WXRMQk5tUVluNlpVdWt2M2ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi85NTllMDMtNzhmYy00NTg5LWFjZGUtZjlhNDM3MDlkMDBi
LzEveHMtcFQyRTA0NVlPcGZNWWhHb3d6ejZTTGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYPcMA0G
CSqGSIb3DQEBCwUAA4IBAQBeEBOogAk/TvTQeXEsR2rlHqoQSiUjT7FOt/ymfmbR
td4rR5+v3QP+yuBb56rswpcQbvnl8DJcNWeYfiyRAyX3zEBMhZD1nqTkjqV4Eu7e
fYk1XT38IJeqS7kbY2JoR7Low2U8Kqpe0BC+N3hXdpI4XC1UBxURa6/d6L8MoF91
84iRZM+3EA9YzrkrteMgBPl8YYCexXarxAcNwAIc4LzuYjdr+jB8bB+HGmQ761fj
zzDeifN+WTGIfU6kHxx2cvbWChGkIN/BtjAlPuLGW2ozJCtG9FJe1GABVuGe6Nfd
TO6gZ7tjmoeTGmeS+GLfbrf6oY1fiBBHk9zPit5T0EKM
-----END CERTIFICATE-----