Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/4niQy2euydDFq7GTJuaxJySkYgE.roa
File:                     4niQy2euydDFq7GTJuaxJySkYgE.roa (raw, json)
Hash identifier:          lEIj5wjui/e5DTBCiecGhk5U5JYfLtQIN+3o7VCLqqU=
Subject key identifier:   E2:78:90:CB:67:AE:C9:D0:C5:AB:B1:93:26:E6:B1:27:24:A4:62:01
Certificate issuer:       /CN=aff6f85aad101c456c1ac9a01a7192fc5788e92c
Certificate serial:       01942445376E5D2D5E9BC364B6E99DD41DB4
Authority key identifier: AF:F6:F8:5A:AD:10:1C:45:6C:1A:C9:A0:1A:71:92:FC:57:88:E9:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/4niQy2euydDFq7GTJuaxJySkYgE.roa
Signing time:             Wed 01 Jan 2025 23:48:23 +0000
ROA not before:           Wed 01 Jan 2025 23:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     134450
IP address blocks:        45.83.186.0/23 maxlen: 23
                          45.86.28.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:37:6e:5d:2d:5e:9b:c3:64:b6:e9:9d:d4:1d:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff6f85aad101c456c1ac9a01a7192fc5788e92c
        Validity
            Not Before: Jan  1 23:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e27890cb67aec9d0c5abb19326e6b12724a46201
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:30:82:10:bb:84:ac:41:f3:65:f7:a3:cf:52:
                    07:bb:ff:32:b1:bf:ee:db:f3:7c:c3:85:38:43:82:
                    13:9e:c8:bb:ac:51:0c:5d:56:13:b4:64:13:de:b6:
                    5b:44:a6:0e:ef:4a:7d:e0:e5:bb:f7:ae:96:a8:04:
                    ae:bf:07:2d:23:69:c9:30:c4:a9:54:a8:0f:f2:49:
                    fd:ab:33:dc:69:29:6d:11:d2:fa:66:55:f3:72:01:
                    12:37:de:82:95:9a:40:ff:c4:74:48:43:2e:4c:50:
                    07:54:27:21:fd:a4:a0:60:6c:98:ad:ff:b3:42:6e:
                    0f:12:be:e2:06:e3:fb:e0:74:c2:4c:ea:dd:3d:bf:
                    e8:ea:f8:de:c8:6f:3c:c0:58:fa:61:e1:73:82:f9:
                    1f:54:94:f2:80:f5:2e:39:f3:0d:b4:f5:ee:fd:f1:
                    81:1a:90:97:e0:0f:b2:dc:18:9c:d4:c8:c2:ed:da:
                    5b:08:be:01:f5:d2:6c:6d:d5:c8:34:e6:f0:d5:43:
                    6c:01:a8:db:de:6b:28:8e:04:be:64:78:dc:d0:6f:
                    eb:58:24:42:9e:9f:64:e3:82:e9:5e:e6:22:2c:36:
                    16:0a:14:fe:3c:b6:af:c8:75:f7:2d:04:7d:75:01:
                    d2:46:bd:c7:9b:3c:5c:bd:69:9b:55:81:16:f4:53:
                    79:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:78:90:CB:67:AE:C9:D0:C5:AB:B1:93:26:E6:B1:27:24:A4:62:01
            X509v3 Authority Key Identifier:
                keyid:AF:F6:F8:5A:AD:10:1C:45:6C:1A:C9:A0:1A:71:92:FC:57:88:E9:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/4niQy2euydDFq7GTJuaxJySkYgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.186.0/23
                  45.86.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:63:6c:22:a9:00:a9:b8:38:f1:57:b4:fb:92:ef:6f:2a:ff:
         c8:f8:f1:89:86:50:86:42:9c:61:2d:ef:21:43:b6:3d:a9:f4:
         c9:e2:0c:f6:21:d7:6e:33:ec:ec:0b:1a:1c:3c:ad:7b:b0:9a:
         d1:c9:a2:6b:a4:e6:da:b8:0d:3b:8f:33:90:73:1f:13:76:f1:
         88:18:07:37:8d:7c:ac:da:ef:fa:9b:f2:ec:c4:e7:2d:c7:68:
         d6:bb:c4:12:a5:44:80:0c:e0:2b:5d:39:fa:29:4a:25:4e:b5:
         dd:82:2d:43:2c:15:7c:0b:55:ba:c1:7a:4e:5d:19:94:3d:9a:
         04:6e:15:b6:05:22:78:39:b2:eb:1b:3a:1b:21:9a:45:ac:49:
         e2:d0:a1:a6:2e:9d:a7:24:01:13:55:89:fa:0d:cf:22:57:0b:
         90:b7:f9:f3:eb:46:16:1e:c6:97:7d:84:b8:4f:84:bf:1b:14:
         41:55:78:cd:e0:ed:cd:b4:43:1e:a8:66:98:ed:2f:7c:a1:f2:
         15:bc:05:05:86:5e:3c:02:c4:b4:79:80:ea:52:97:d9:dd:bd:
         cc:4d:15:7e:52:1d:46:20:65:c2:e1:a0:30:84:8b:80:10:8b:
         93:0c:e1:a9:1e:35:2c:99:8d:10:99:7f:d4:53:85:de:6b:ff:
         8e:d5:5f:18
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRTduXS1em8Nktumd1B20MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZjZmODVhYWQxMDFjNDU2YzFhYzlhMDFhNzE5MmZjNTc4
OGU5MmMwHhcNMjUwMTAxMjM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjc4OTBjYjY3YWVjOWQwYzVhYmIxOTMyNmU2YjEyNzI0YTQ2MjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjCCELuErEHzZfejz1IHu/8ysb/u
2/N8w4U4Q4ITnsi7rFEMXVYTtGQT3rZbRKYO70p94OW7966WqASuvwctI2nJMMSp
VKgP8kn9qzPcaSltEdL6ZlXzcgESN96ClZpA/8R0SEMuTFAHVCch/aSgYGyYrf+z
Qm4PEr7iBuP74HTCTOrdPb/o6vjeyG88wFj6YeFzgvkfVJTygPUuOfMNtPXu/fGB
GpCX4A+y3Bic1MjC7dpbCL4B9dJsbdXINObw1UNsAajb3msojgS+ZHjc0G/rWCRC
np9k44LpXuYiLDYWChT+PLavyHX3LQR9dQHSRr3HmzxcvWmbVYEW9FN5awIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOJ4kMtnrsnQxauxkybmsSckpGIBMB8GA1UdIwQY
MBaAFK/2+FqtEBxFbBrJoBpxkvxXiOksMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9iNFdxMFFIRVZzR3NtZ0duR1NfRmVJNlN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9kZjcxOWEtNDkyZi00N2NiLTkyMTIt
NjQ0YmQwZmM3ZjgwLzEvNG5pUXkyZXV5ZERGcTdHVEp1YXhKeVNrWWdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9kZjcxOWEtNDkyZi00N2NiLTkyMTItNjQ0YmQwZmM3Zjgw
LzEvcl9iNFdxMFFIRVZzR3NtZ0duR1NfRmVJNlN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLVO6AwQC
LVYcMA0GCSqGSIb3DQEBCwUAA4IBAQBNY2wiqQCpuDjxV7T7ku9vKv/I+PGJhlCG
QpxhLe8hQ7Y9qfTJ4gz2IdduM+zsCxocPK17sJrRyaJrpObauA07jzOQcx8TdvGI
GAc3jXys2u/6m/LsxOctx2jWu8QSpUSADOArXTn6KUolTrXdgi1DLBV8C1W6wXpO
XRmUPZoEbhW2BSJ4ObLrGzobIZpFrEni0KGmLp2nJAETVYn6Dc8iVwuQt/nz60YW
HsaXfYS4T4S/GxRBVXjN4O3NtEMeqGaY7S98ofIVvAUFhl48AsS0eYDqUpfZ3b3M
TRV+Uh1GIGXC4aAwhIuAEIuTDOGpHjUsmY0QmX/UU4Xea/+O1V8Y
-----END CERTIFICATE-----