Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/1-rPBv4Dx5rPLFaWHl3SaiUjHKAQ.roa
File:                     1-rPBv4Dx5rPLFaWHl3SaiUjHKAQ.roa (raw, json)
Hash identifier:          2cf4LSzEcpN0B7mHarL3hiJeDsflcpNndD/j8NXwkoE=
Subject key identifier:   FA:B3:C1:BF:80:F1:E6:B3:CB:15:A5:87:97:74:9A:89:48:C7:28:04
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019421B242251EC26780C1992ACFD425D19B
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/1-rPBv4Dx5rPLFaWHl3SaiUjHKAQ.roa
Signing time:             Wed 01 Jan 2025 11:48:37 +0000
ROA not before:           Wed 01 Jan 2025 11:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152672
IP address blocks:        45.86.73.0/24 maxlen: 24
                          45.89.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:42:25:1e:c2:67:80:c1:99:2a:cf:d4:25:d1:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 11:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fab3c1bf80f1e6b3cb15a58797749a8948c72804
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:e8:33:89:d3:d8:0a:55:c8:b5:24:0e:e5:85:
                    29:ce:78:95:11:d7:c6:81:d3:c7:5f:c9:2a:08:a5:
                    d7:f4:b4:57:13:84:8e:d0:3f:f3:56:39:39:cc:24:
                    f4:30:ad:e6:db:73:3d:84:a2:f3:75:ac:39:a4:00:
                    ce:2c:7f:54:e4:47:a8:b5:05:a4:f4:b8:05:fd:03:
                    7a:35:c7:24:6c:6f:11:ec:9d:71:d3:fb:7d:d2:cb:
                    22:20:8c:ba:9d:92:ef:2d:84:aa:04:7d:22:70:14:
                    42:06:8f:e0:61:44:4d:98:8d:1b:51:6a:8a:2b:53:
                    f6:2c:38:bc:f7:ba:89:5f:cb:f6:db:4c:78:c6:87:
                    5f:fe:71:7d:bc:36:1c:e6:df:5f:e4:a2:90:5a:ac:
                    ee:ea:87:8e:e1:9c:8d:57:d4:a8:ec:55:8d:be:d0:
                    64:cb:8a:61:b1:af:f6:ab:20:f8:5b:77:59:71:28:
                    e3:01:74:77:56:10:15:ba:f7:50:d3:29:27:87:1d:
                    db:d7:b2:d9:bd:2a:22:7b:fd:e7:94:70:81:9b:03:
                    a3:8d:db:49:c1:a4:3e:4c:64:67:07:d5:e5:55:d5:
                    fb:c1:b2:0e:17:c1:f6:91:b7:a5:70:63:5f:4a:ba:
                    2a:09:01:55:72:80:4e:06:57:cb:69:59:9f:93:16:
                    7a:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:B3:C1:BF:80:F1:E6:B3:CB:15:A5:87:97:74:9A:89:48:C7:28:04
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/1-rPBv4Dx5rPLFaWHl3SaiUjHKAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.73.0/24
                  45.89.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:95:3f:f1:b7:9d:9f:f9:c7:c8:c2:f1:fc:51:15:e8:6a:03:
         10:ad:39:53:bd:5d:6e:5d:6e:46:d3:b2:9d:de:39:18:a0:d8:
         72:e2:05:44:02:fb:02:74:24:b2:0e:30:b9:45:cb:ef:c8:f4:
         2c:51:09:b2:71:18:09:06:e9:7b:f8:7e:67:3f:8c:20:d9:a4:
         d1:e5:24:8e:30:42:de:9f:2d:2a:ef:52:4a:73:f4:b6:f5:43:
         3b:44:28:ec:1c:e0:46:49:c4:62:05:12:03:b5:c9:ee:78:e2:
         14:60:2b:c7:c3:65:ec:97:04:cd:34:0e:8b:f5:81:1d:4a:0b:
         f1:66:a2:fb:11:4a:c5:a7:09:52:cb:ba:fe:1e:f2:39:60:2a:
         7c:49:01:0b:df:51:4b:9c:84:fa:52:73:5e:13:d9:55:87:a2:
         81:64:b0:f2:8f:f8:4a:c5:cf:80:94:1b:43:e7:8b:69:0e:28:
         93:4b:de:61:2c:6d:3e:f1:6b:55:95:d2:7b:9f:50:20:09:2b:
         ad:a4:bf:7b:09:5e:8c:a5:83:56:8d:35:48:de:d5:69:0f:ff:
         cc:7e:a0:ab:c4:e6:95:3b:8b:d4:e4:fb:b4:e3:5d:3f:8b:20:
         f9:db:8c:e1:d8:4c:12:b8:c1:3d:6e:da:1d:73:30:7f:e1:8d:
         e7:04:b1:1f
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQhskIlHsJngMGZKs/UJdGbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwMTAxMTE0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWIzYzFiZjgwZjFlNmIzY2IxNWE1ODc5Nzc0OWE4OTQ4YzcyODA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlOgzidPYClXItSQO5YUpzniVEdfG
gdPHX8kqCKXX9LRXE4SO0D/zVjk5zCT0MK3m23M9hKLzdaw5pADOLH9U5EeotQWk
9LgF/QN6NcckbG8R7J1x0/t90ssiIIy6nZLvLYSqBH0icBRCBo/gYURNmI0bUWqK
K1P2LDi897qJX8v220x4xodf/nF9vDYc5t9f5KKQWqzu6oeO4ZyNV9So7FWNvtBk
y4phsa/2qyD4W3dZcSjjAXR3VhAVuvdQ0yknhx3b17LZvSoie/3nlHCBmwOjjdtJ
waQ+TGRnB9XlVdX7wbIOF8H2kbelcGNfSroqCQFVcoBOBlfLaVmfkxZ6mwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPqzwb+A8eazyxWlh5d0molIxygEMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvMS1yUEJ2NER4NXJQTEZhV0hsM1NhaVVqSEtBUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjIvNzA0MDcxLThkYzAtNGVkNi05NDU3LWU4NjEyMWM1OTRk
Zi8xL1l2MjJkbFRmWVlUbjFneEJVT3FWTThMUGx3US5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAC1WSQME
AC1ZaDANBgkqhkiG9w0BAQsFAAOCAQEApZU/8bedn/nHyMLx/FEV6GoDEK05U71d
bl1uRtOynd45GKDYcuIFRAL7AnQksg4wuUXL78j0LFEJsnEYCQbpe/h+Zz+MINmk
0eUkjjBC3p8tKu9SSnP0tvVDO0Qo7BzgRknEYgUSA7XJ7njiFGArx8Nl7JcEzTQO
i/WBHUoL8Wai+xFKxacJUsu6/h7yOWAqfEkBC99RS5yE+lJzXhPZVYeigWSw8o/4
SsXPgJQbQ+eLaQ4ok0veYSxtPvFrVZXSe59QIAkrraS/ewlejKWDVo01SN7VaQ//
zH6gq8TmlTuL1OT7tONdP4sg+duM4dhMErjBPW7aHXMwf+GN5wSxHw==
-----END CERTIFICATE-----