Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/oVf5pbd8qfOWaMtymVg3zBpo1aI.roa
File:                     oVf5pbd8qfOWaMtymVg3zBpo1aI.roa (raw, json)
Hash identifier:          /JkkHPoUwL9WPqaL9lMZRl9hvH2fpXEuWKNlqu6l9cI=
Subject key identifier:   A1:57:F9:A5:B7:7C:A9:F3:96:68:CB:72:99:58:37:CC:1A:68:D5:A2
Certificate issuer:       /CN=99f0b2c8d7b3ca13c59c53372f25e202c85aadc5
Certificate serial:       0194214426221BA53D3DE82AD41CEA2D44FB
Authority key identifier: 99:F0:B2:C8:D7:B3:CA:13:C5:9C:53:37:2F:25:E2:02:C8:5A:AD:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mfCyyNezyhPFnFM3LyXiAsharcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/oVf5pbd8qfOWaMtymVg3zBpo1aI.roa
Signing time:             Wed 01 Jan 2025 09:48:21 +0000
ROA not before:           Wed 01 Jan 2025 09:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209325
IP address blocks:        45.66.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/mfCyyNezyhPFnFM3LyXiAsharcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/mfCyyNezyhPFnFM3LyXiAsharcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mfCyyNezyhPFnFM3LyXiAsharcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:26:22:1b:a5:3d:3d:e8:2a:d4:1c:ea:2d:44:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99f0b2c8d7b3ca13c59c53372f25e202c85aadc5
        Validity
            Not Before: Jan  1 09:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a157f9a5b77ca9f39668cb72995837cc1a68d5a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e6:02:f3:b1:95:13:17:be:37:67:55:3c:c7:
                    83:af:c4:f2:20:c5:a2:dc:8d:48:b5:b6:18:d0:10:
                    1d:41:31:9b:52:36:8a:87:99:ab:d7:8a:86:b9:44:
                    56:2b:d3:2e:30:94:f3:d9:26:77:a6:a7:85:57:0b:
                    4b:03:8d:0f:d7:43:06:3a:26:6f:bb:e3:04:bb:8d:
                    08:7b:a1:f6:a6:a0:32:50:82:c2:7d:a9:7b:d9:e4:
                    73:b3:ae:a0:fc:80:7d:a6:68:ed:5a:95:b6:1f:8b:
                    df:16:73:97:96:15:fb:3f:01:fb:fc:61:2e:a0:e3:
                    2b:02:5f:07:b7:4e:df:3a:9b:64:7f:a5:bd:ff:f2:
                    db:65:1d:6a:1e:b3:58:9c:31:f0:0a:ff:fa:1c:79:
                    9b:34:bc:2d:c9:70:90:ab:72:85:93:fb:26:80:5a:
                    71:16:2a:b6:bb:af:d8:10:37:d9:0e:45:a0:85:12:
                    cf:a7:ac:0d:43:5f:c4:38:f3:46:06:a3:06:16:79:
                    60:b8:e7:67:c1:42:ed:0d:f6:81:d2:1f:81:c1:00:
                    4b:c9:6b:3a:19:1e:51:00:b8:59:13:7f:47:76:ff:
                    81:19:7e:95:7b:c8:74:23:3c:09:2d:10:19:89:91:
                    db:e0:a5:9a:71:80:4f:e6:69:3b:c6:ae:a7:4b:a9:
                    de:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:57:F9:A5:B7:7C:A9:F3:96:68:CB:72:99:58:37:CC:1A:68:D5:A2
            X509v3 Authority Key Identifier:
                keyid:99:F0:B2:C8:D7:B3:CA:13:C5:9C:53:37:2F:25:E2:02:C8:5A:AD:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mfCyyNezyhPFnFM3LyXiAsharcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/oVf5pbd8qfOWaMtymVg3zBpo1aI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/mfCyyNezyhPFnFM3LyXiAsharcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:19:c0:d3:94:b2:e1:f4:d4:c3:e5:c0:a7:4c:1c:aa:01:28:
         a2:52:f0:e3:f4:a4:99:b0:04:50:a6:9b:b9:2a:88:fb:16:1b:
         0b:0f:78:ec:39:76:ce:a1:36:b3:d0:a0:6d:a8:ac:3b:9c:62:
         79:f4:60:85:72:1d:4f:59:3a:eb:f9:c2:e2:fe:d0:b3:e1:a2:
         5f:e3:df:e1:a7:81:af:cf:a8:89:33:63:e9:17:e5:f6:e0:60:
         94:09:ff:ef:f4:1b:e2:35:ee:35:1a:d8:9d:15:bd:9f:2b:77:
         b0:57:44:c5:d4:fa:70:fd:36:c6:69:cb:c8:7d:83:a3:77:89:
         09:b8:9e:7a:dc:68:b5:b5:12:1e:cf:40:7b:05:11:56:3e:49:
         5b:33:b8:9e:a9:a8:ce:6d:30:d7:a2:8c:8b:c7:0e:19:89:4e:
         cb:93:0b:0e:16:17:e0:a9:cf:fa:0d:0d:fb:66:bf:55:da:7b:
         69:f6:93:d0:41:5a:1e:14:2f:bf:ef:f5:48:06:d7:0a:dd:a1:
         6e:76:8e:58:94:05:6d:28:bd:07:a4:07:a8:96:82:df:39:5a:
         5c:54:72:9c:17:b2:49:18:ce:58:6f:2d:6d:9d:8a:e5:18:e0:
         67:83:1f:9f:7f:0b:ed:26:04:ed:f1:cc:a9:94:bf:f0:0d:15:
         00:9d:2d:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCYiG6U9Pegq1BzqLUT7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZjBiMmM4ZDdiM2NhMTNjNTljNTMzNzJmMjVlMjAyYzg1
YWFkYzUwHhcNMjUwMTAxMDk0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTU3ZjlhNWI3N2NhOWYzOTY2OGNiNzI5OTU4MzdjYzFhNjhkNWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOYC87GVExe+N2dVPMeDr8TyIMWi
3I1ItbYY0BAdQTGbUjaKh5mr14qGuURWK9MuMJTz2SZ3pqeFVwtLA40P10MGOiZv
u+MEu40Ie6H2pqAyUILCfal72eRzs66g/IB9pmjtWpW2H4vfFnOXlhX7PwH7/GEu
oOMrAl8Ht07fOptkf6W9//LbZR1qHrNYnDHwCv/6HHmbNLwtyXCQq3KFk/smgFpx
Fiq2u6/YEDfZDkWghRLPp6wNQ1/EOPNGBqMGFnlguOdnwULtDfaB0h+BwQBLyWs6
GR5RALhZE39Hdv+BGX6Ve8h0IzwJLRAZiZHb4KWacYBP5mk7xq6nS6nemQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKFX+aW3fKnzlmjLcplYN8waaNWiMB8GA1UdIwQY
MBaAFJnwssjXs8oTxZxTNy8l4gLIWq3FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWZDeXlOZXp5aFBGbkZNM0x5WGlBc2hhcmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81NGZmOTItMjIxZS00YTE2LThhZWYt
MTk0ZTBjNjUxZDczLzEvb1ZmNXBiZDhxZk9XYU10eW1WZzN6QnBvMWFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81NGZmOTItMjIxZS00YTE2LThhZWYtMTk0ZTBjNjUxZDcz
LzEvbWZDeXlOZXp5aFBGbkZNM0x5WGlBc2hhcmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLULAMA0G
CSqGSIb3DQEBCwUAA4IBAQBbGcDTlLLh9NTD5cCnTByqASiiUvDj9KSZsARQppu5
Koj7FhsLD3jsOXbOoTaz0KBtqKw7nGJ59GCFch1PWTrr+cLi/tCz4aJf49/hp4Gv
z6iJM2PpF+X24GCUCf/v9BviNe41GtidFb2fK3ewV0TF1Ppw/TbGacvIfYOjd4kJ
uJ563Gi1tRIez0B7BRFWPklbM7ieqajObTDXooyLxw4ZiU7LkwsOFhfgqc/6DQ37
Zr9V2ntp9pPQQVoeFC+/7/VIBtcK3aFudo5YlAVtKL0HpAeoloLfOVpcVHKcF7JJ
GM5Yby1tnYrlGOBngx+ffwvtJgTt8cyplL/wDRUAnS2+
-----END CERTIFICATE-----