Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/PbHlg7ScZeHhyNVnOAfVfDkj0UQ.roa
File:                     PbHlg7ScZeHhyNVnOAfVfDkj0UQ.roa (raw, json)
Hash identifier:          cTb4Y7y4+1yzCxetjTY01rGPBaGcJj2ddHFrkZyJApU=
Subject key identifier:   3D:B1:E5:83:B4:9C:65:E1:E1:C8:D5:67:38:07:D5:7C:39:23:D1:44
Certificate issuer:       /CN=509df728d1b46634054972d2945fda58073b5762
Certificate serial:       019423D71AAAD5629D15F90F97B5EB45E3F9
Authority key identifier: 50:9D:F7:28:D1:B4:66:34:05:49:72:D2:94:5F:DA:58:07:3B:57:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/PbHlg7ScZeHhyNVnOAfVfDkj0UQ.roa
Signing time:             Wed 01 Jan 2025 21:48:06 +0000
ROA not before:           Wed 01 Jan 2025 21:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208972
IP address blocks:        45.12.54.0/24 maxlen: 24
                          45.12.55.0/24 maxlen: 24
                          2a0a:4940::/29 maxlen: 48
                          2a0a:4944::/30 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:1a:aa:d5:62:9d:15:f9:0f:97:b5:eb:45:e3:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=509df728d1b46634054972d2945fda58073b5762
        Validity
            Not Before: Jan  1 21:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3db1e583b49c65e1e1c8d5673807d57c3923d144
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:14:b0:6c:4b:3b:01:c0:ee:f9:f1:3b:a7:7e:
                    04:5a:e0:cd:0e:45:fb:fb:e3:c1:0d:91:ce:eb:cc:
                    b2:82:2b:cc:0c:fc:a5:d7:08:a9:0e:1e:94:f4:e8:
                    cd:bf:50:6d:0e:8a:2b:88:d5:9b:4b:35:4f:ab:d2:
                    c2:29:a2:a4:48:9b:5d:ab:12:b1:11:1b:f5:45:85:
                    04:43:a0:8c:24:68:b3:71:76:e1:af:a3:5d:12:27:
                    d4:d8:a5:da:9d:5d:0f:f3:61:57:5d:0b:31:df:6c:
                    d1:d0:7a:6d:ea:56:da:ad:9f:7a:de:1c:aa:3d:2c:
                    86:dc:6a:ed:8d:af:f4:d1:3b:13:3f:73:b7:de:48:
                    bf:b7:22:32:1b:75:b5:47:d3:36:1c:89:5d:bd:ef:
                    7f:b1:a2:3f:45:50:af:02:1e:6f:5e:7e:e3:25:67:
                    c3:f7:ae:bb:01:5d:99:40:57:be:80:aa:83:0d:d1:
                    87:cf:0c:1a:a0:0a:ec:55:83:f4:03:9e:32:a8:11:
                    c1:12:ae:e9:be:7a:ab:12:60:bc:f5:44:44:30:02:
                    50:84:7d:c9:a6:73:d9:e0:f1:4d:fc:c6:81:13:33:
                    48:72:ee:ad:d9:e1:4a:a4:cd:21:f8:94:3c:40:57:
                    07:3f:91:6e:cf:19:5c:9a:09:7e:f1:b4:08:7a:d8:
                    71:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:B1:E5:83:B4:9C:65:E1:E1:C8:D5:67:38:07:D5:7C:39:23:D1:44
            X509v3 Authority Key Identifier:
                keyid:50:9D:F7:28:D1:B4:66:34:05:49:72:D2:94:5F:DA:58:07:3B:57:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/PbHlg7ScZeHhyNVnOAfVfDkj0UQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.54.0/23
                IPv6:
                  2a0a:4940::/29

    Signature Algorithm: sha256WithRSAEncryption
         b9:ce:7a:39:b8:58:46:1d:fa:bf:48:5e:dd:c7:c8:de:2e:2b:
         73:0c:e3:7a:2c:3e:3c:f2:c4:39:1a:48:45:c7:6f:2c:ea:8d:
         ad:49:1e:d7:46:56:19:dd:39:cd:d9:b8:17:07:02:14:c5:97:
         37:75:ce:07:04:36:cc:d2:2f:94:73:03:b7:50:44:08:68:b6:
         81:00:7b:cd:cc:17:97:36:e6:4d:cc:f2:d2:6e:9f:7c:3c:eb:
         69:b0:a3:1a:3f:3d:15:59:b8:80:96:3b:d6:9e:14:8c:5c:9d:
         4b:52:93:f9:c1:a2:b0:93:f9:49:87:ed:4a:11:df:9f:fe:12:
         fb:04:de:01:8c:a8:34:4b:82:8f:b4:5a:ac:05:26:e3:d3:07:
         be:0f:6b:ca:8f:d8:13:5d:09:01:98:2f:21:35:92:10:7f:a6:
         5a:8e:ff:e3:d6:ca:3e:59:6f:a6:33:79:dd:10:8b:f2:04:bf:
         b0:20:01:51:6e:c5:1b:dc:85:e9:94:7a:76:bf:bb:97:a6:47:
         77:aa:c5:2d:48:69:47:c3:80:dd:08:ae:82:bf:d7:e6:4d:56:
         e7:34:46:34:4d:a8:8a:e7:ca:e1:38:0c:51:27:2d:35:9f:c7:
         03:72:ee:07:61:31:fd:2c:4b:81:5d:81:1b:fc:02:70:1d:9f:
         5b:14:7e:7a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQj1xqq1WKdFfkPl7XrReP5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOWRmNzI4ZDFiNDY2MzQwNTQ5NzJkMjk0NWZkYTU4MDcz
YjU3NjIwHhcNMjUwMTAxMjE0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGIxZTU4M2I0OWM2NWUxZTFjOGQ1NjczODA3ZDU3YzM5MjNkMTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBSwbEs7AcDu+fE7p34EWuDNDkX7
++PBDZHO68yygivMDPyl1wipDh6U9OjNv1BtDooriNWbSzVPq9LCKaKkSJtdqxKx
ERv1RYUEQ6CMJGizcXbhr6NdEifU2KXanV0P82FXXQsx32zR0Hpt6lbarZ963hyq
PSyG3Grtja/00TsTP3O33ki/tyIyG3W1R9M2HIldve9/saI/RVCvAh5vXn7jJWfD
9667AV2ZQFe+gKqDDdGHzwwaoArsVYP0A54yqBHBEq7pvnqrEmC89UREMAJQhH3J
pnPZ4PFN/MaBEzNIcu6t2eFKpM0h+JQ8QFcHP5Fuzxlcmgl+8bQIethx8QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD2x5YO0nGXh4cjVZzgH1Xw5I9FEMB8GA1UdIwQY
MBaAFFCd9yjRtGY0BUly0pRf2lgHO1diMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUozM0tORzBaalFGU1hMU2xGX2FXQWM3VjJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9hY2ZjYjYtZDc4YS00NDhhLWE3NjEt
ZGQzYjRmODM4MWM0LzEvUGJIbGc3U2NaZUhoeU5Wbk9BZlZmRGtqMFVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9hY2ZjYjYtZDc4YS00NDhhLWE3NjEtZGQzYjRmODM4MWM0
LzEvVUozM0tORzBaalFGU1hMU2xGX2FXQWM3VjJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBLQw2MA0E
AgACMAcDBQMqCklAMA0GCSqGSIb3DQEBCwUAA4IBAQC5zno5uFhGHfq/SF7dx8je
LitzDON6LD488sQ5GkhFx28s6o2tSR7XRlYZ3TnN2bgXBwIUxZc3dc4HBDbM0i+U
cwO3UEQIaLaBAHvNzBeXNuZNzPLSbp98POtpsKMaPz0VWbiAljvWnhSMXJ1LUpP5
waKwk/lJh+1KEd+f/hL7BN4BjKg0S4KPtFqsBSbj0we+D2vKj9gTXQkBmC8hNZIQ
f6Zajv/j1so+WW+mM3ndEIvyBL+wIAFRbsUb3IXplHp2v7uXpkd3qsUtSGlHw4Dd
CK6Cv9fmTVbnNEY0TaiK58rhOAxRJy01n8cDcu4HYTH9LEuBXYEb/AJwHZ9bFH56
-----END CERTIFICATE-----