Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/bnBiazYSImw_ApoJseLeYwZStp4.roa
File:                     bnBiazYSImw_ApoJseLeYwZStp4.roa (raw, json)
Hash identifier:          I2WcGK9ihJdOIVnj78YrG67UcyAn3LlxUVqcoFs7moE=
Subject key identifier:   6E:70:62:6B:36:12:22:6C:3F:02:9A:09:B1:E2:DE:63:06:52:B6:9E
Certificate issuer:       /CN=85add8eaaeb3a478d7e5df3e7ee1c323f166bf28
Certificate serial:       0194258F135B4C85BCB9C765C4F088657074
Authority key identifier: 85:AD:D8:EA:AE:B3:A4:78:D7:E5:DF:3E:7E:E1:C3:23:F1:66:BF:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/bnBiazYSImw_ApoJseLeYwZStp4.roa
Signing time:             Thu 02 Jan 2025 05:48:41 +0000
ROA not before:           Thu 02 Jan 2025 05:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        45.84.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:13:5b:4c:85:bc:b9:c7:65:c4:f0:88:65:70:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85add8eaaeb3a478d7e5df3e7ee1c323f166bf28
        Validity
            Not Before: Jan  2 05:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e70626b3612226c3f029a09b1e2de630652b69e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:25:93:f7:60:f9:b8:0a:e7:2a:b8:3f:c8:56:
                    f0:ab:9b:01:63:80:42:18:f6:2e:a4:4c:84:08:c2:
                    f4:98:95:e0:fa:3b:94:33:21:7c:23:8e:68:a9:01:
                    87:53:24:d5:4a:a8:6f:85:32:8d:ea:83:8c:30:ef:
                    fb:c8:47:52:75:bd:7f:a3:56:89:2c:1e:4a:bf:28:
                    4d:10:9e:e2:2a:84:9e:4c:6a:c0:39:95:cf:cc:5f:
                    17:c5:70:1b:9c:c2:3c:78:39:b3:4b:8e:0c:08:04:
                    84:1c:55:e1:50:89:93:3b:d8:81:3d:a8:97:fe:e5:
                    b8:bb:fc:3e:ee:84:c0:2a:f1:0b:be:01:06:e7:4f:
                    55:3d:4c:e5:d0:b8:5f:1d:b6:41:a1:9f:76:28:a5:
                    04:bc:5c:bc:5c:a8:22:33:a5:36:0d:fe:55:ef:be:
                    78:0c:28:b0:12:e8:39:79:75:5b:27:c3:e3:96:7f:
                    0f:a3:ae:25:cb:28:f5:fd:19:37:57:8d:5d:79:53:
                    c0:54:85:f4:8f:98:15:de:d2:ca:d2:ab:b3:12:b0:
                    6e:eb:93:0e:6b:f2:2a:fa:10:73:2a:a2:f9:bd:86:
                    89:69:de:35:4a:34:81:70:43:24:7c:54:02:bc:86:
                    21:4a:c3:3c:4e:bd:96:31:e5:6d:4d:75:25:04:9c:
                    c5:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:70:62:6B:36:12:22:6C:3F:02:9A:09:B1:E2:DE:63:06:52:B6:9E
            X509v3 Authority Key Identifier:
                keyid:85:AD:D8:EA:AE:B3:A4:78:D7:E5:DF:3E:7E:E1:C3:23:F1:66:BF:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/bnBiazYSImw_ApoJseLeYwZStp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/d44dd0-05b7-4427-a082-1b7ec38e9f44/1/ha3Y6q6zpHjX5d8-fuHDI_Fmvyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:1a:49:b3:4c:5a:1f:23:9b:28:41:0f:aa:3e:10:1d:dc:f9:
         1c:fd:f9:8a:cd:57:87:bb:48:f3:79:1a:16:b0:a8:fe:d1:65:
         70:1c:54:a2:92:eb:a3:06:e4:00:74:66:16:a7:38:b1:9c:cf:
         57:03:56:54:06:86:83:64:d9:7e:08:86:6e:ef:14:19:67:87:
         87:1f:8f:60:0f:e6:5d:dd:f9:6d:0c:87:8f:e8:6a:30:49:90:
         30:26:59:aa:34:2d:e0:27:bc:7a:43:12:22:cb:8b:77:86:bf:
         b8:05:30:73:ca:a2:53:49:8b:33:15:f1:ca:0a:75:48:3c:ec:
         5d:94:2e:fe:47:6c:93:14:3b:f9:31:d2:18:cd:4b:6f:8d:13:
         56:aa:a6:9b:d7:82:e0:0e:c4:70:3b:51:8f:45:25:6e:6a:70:
         41:08:66:79:ca:33:90:40:13:5e:28:09:43:1f:42:89:cf:6c:
         0a:72:4c:e8:ae:e0:21:99:97:05:ed:31:ff:07:c2:8a:d7:1b:
         7f:b4:67:be:e8:8b:72:89:0b:4b:8b:2b:01:f6:ea:f2:d0:aa:
         b8:5b:2f:f6:05:2d:e1:60:42:48:f4:1d:e0:ab:7a:10:e2:5d:
         77:71:63:57:db:99:53:66:d4:02:46:c5:8e:3e:0e:e5:5d:4e:
         de:99:09:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljxNbTIW8ucdlxPCIZXB0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YWRkOGVhYWViM2E0NzhkN2U1ZGYzZTdlZTFjMzIzZjE2
NmJmMjgwHhcNMjUwMTAyMDU0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTcwNjI2YjM2MTIyMjZjM2YwMjlhMDliMWUyZGU2MzA2NTJiNjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCWT92D5uArnKrg/yFbwq5sBY4BC
GPYupEyECML0mJXg+juUMyF8I45oqQGHUyTVSqhvhTKN6oOMMO/7yEdSdb1/o1aJ
LB5KvyhNEJ7iKoSeTGrAOZXPzF8XxXAbnMI8eDmzS44MCASEHFXhUImTO9iBPaiX
/uW4u/w+7oTAKvELvgEG509VPUzl0LhfHbZBoZ92KKUEvFy8XKgiM6U2Df5V7754
DCiwEug5eXVbJ8Pjln8Po64lyyj1/Rk3V41deVPAVIX0j5gV3tLK0quzErBu65MO
a/Iq+hBzKqL5vYaJad41SjSBcEMkfFQCvIYhSsM8Tr2WMeVtTXUlBJzFXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5wYms2EiJsPwKaCbHi3mMGUraeMB8GA1UdIwQY
MBaAFIWt2Oqus6R41+XfPn7hwyPxZr8oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGEzWTZxNnpwSGpYNWQ4LWZ1SERJX0ZtdnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9kNDRkZDAtMDViNy00NDI3LWEwODIt
MWI3ZWMzOGU5ZjQ0LzEvYm5CaWF6WVNJbXdfQXBvSnNlTGVZd1pTdHA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9kNDRkZDAtMDViNy00NDI3LWEwODItMWI3ZWMzOGU5ZjQ0
LzEvaGEzWTZxNnpwSGpYNWQ4LWZ1SERJX0ZtdnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVTuMA0G
CSqGSIb3DQEBCwUAA4IBAQAtGkmzTFofI5soQQ+qPhAd3Pkc/fmKzVeHu0jzeRoW
sKj+0WVwHFSikuujBuQAdGYWpzixnM9XA1ZUBoaDZNl+CIZu7xQZZ4eHH49gD+Zd
3fltDIeP6GowSZAwJlmqNC3gJ7x6QxIiy4t3hr+4BTBzyqJTSYszFfHKCnVIPOxd
lC7+R2yTFDv5MdIYzUtvjRNWqqab14LgDsRwO1GPRSVuanBBCGZ5yjOQQBNeKAlD
H0KJz2wKckzoruAhmZcF7TH/B8KK1xt/tGe+6ItyiQtLiysB9ury0Kq4Wy/2BS3h
YEJI9B3gq3oQ4l13cWNX25lTZtQCRsWOPg7lXU7emQkz
-----END CERTIFICATE-----