Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/FV89yKEnJJf8cFjvR9Vki0QO9t8.roa
File:                     FV89yKEnJJf8cFjvR9Vki0QO9t8.roa (raw, json)
Hash identifier:          k3tkxxzDkpYNhsYpf0KFRZKMIMyT/JEHuIuOCtSMZvE=
Subject key identifier:   15:5F:3D:C8:A1:27:24:97:FC:70:58:EF:47:D5:64:8B:44:0E:F6:DF
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       019422FAF81BE95032FA6EFB34B221F8E727
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/FV89yKEnJJf8cFjvR9Vki0QO9t8.roa
Signing time:             Wed 01 Jan 2025 17:47:40 +0000
ROA not before:           Wed 01 Jan 2025 17:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51044
IP address blocks:        45.148.172.0/22 maxlen: 32
                          2a0f:600::/29 maxlen: 32
                          2a0f:600::/32 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 02:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:f8:1b:e9:50:32:fa:6e:fb:34:b2:21:f8:e7:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 17:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=155f3dc8a1272497fc7058ef47d5648b440ef6df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c3:66:e6:58:c5:55:96:f9:f5:98:38:0f:c4:
                    e9:cd:60:28:ff:d3:2e:96:f4:01:22:79:9f:fc:eb:
                    1a:e8:12:5f:a4:d4:12:f6:7e:95:8c:3e:ee:dd:ce:
                    76:95:54:39:4b:b1:d2:f0:19:a0:2f:d2:90:f7:5e:
                    e2:ba:96:c0:ec:c3:fd:f3:5c:07:11:f8:3a:b3:60:
                    dd:e7:cd:dd:6f:6b:64:41:c0:82:c8:5d:7b:ae:8e:
                    66:8d:05:fd:60:87:01:10:a4:63:dd:93:57:07:b4:
                    98:fc:bb:9a:a9:6c:c6:74:5c:b6:cf:46:b1:6d:f5:
                    76:b4:be:ad:d9:2b:04:f6:a4:45:c7:2b:f8:e6:01:
                    73:ef:eb:97:33:7c:7e:88:81:a9:f5:57:48:20:38:
                    1a:db:32:04:35:b3:88:59:a8:3c:bf:b7:a4:30:a5:
                    4b:eb:fe:76:dc:72:c7:14:63:06:5e:e5:e3:66:1f:
                    00:77:9e:f3:d5:0c:32:cb:d9:f8:01:16:a8:fe:2a:
                    07:44:42:29:39:92:1c:76:5d:27:3b:d6:aa:d0:ce:
                    ab:d5:fc:3c:b9:c0:53:b9:59:c9:78:1d:32:72:49:
                    0d:da:79:79:30:c0:da:ec:69:9c:bc:31:a1:23:3d:
                    6a:f4:bf:33:80:15:1b:86:7c:f4:0a:99:1d:a1:9d:
                    ac:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:5F:3D:C8:A1:27:24:97:FC:70:58:EF:47:D5:64:8B:44:0E:F6:DF
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/FV89yKEnJJf8cFjvR9Vki0QO9t8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.172.0/22
                IPv6:
                  2a0f:600::/29

    Signature Algorithm: sha256WithRSAEncryption
         34:c0:04:4e:a5:b1:10:d5:0f:b7:df:71:55:e4:09:23:6e:77:
         35:b1:6c:42:b4:b0:5e:e1:52:5c:d2:f0:55:b1:24:27:5e:ab:
         60:a7:78:3b:36:a0:98:22:39:ca:bd:fb:9a:29:5f:7d:59:2e:
         79:5b:27:83:ee:a9:93:5f:5e:ed:2a:2b:23:35:2c:08:66:1b:
         bf:5e:8b:de:ae:a5:33:7d:49:cd:11:90:67:ba:1d:d6:9d:db:
         13:95:ce:30:db:a7:22:02:c9:16:3f:a2:d7:57:f5:8e:b9:af:
         06:5b:d9:7a:7b:0e:fc:9d:54:32:00:19:40:fe:b8:88:c0:8f:
         a8:03:8f:fd:4d:46:d4:ce:b8:b5:bd:91:6c:b1:8a:1e:5d:2b:
         50:b6:91:e8:7f:5d:3a:a4:f6:d3:d7:a0:79:d8:bc:44:38:18:
         c3:28:cc:63:a4:f8:d6:36:4d:20:45:01:14:4f:8b:da:aa:c8:
         fe:45:7e:d4:44:7c:c6:94:30:12:50:78:62:92:39:3d:f0:95:
         5c:f8:58:db:0f:54:15:d2:3a:8a:40:b5:26:2a:50:32:41:95:
         91:6c:c5:2a:02:ba:d5:4a:53:24:93:f3:96:e6:2a:af:c7:c6:
         e1:f2:60:da:f3:d7:8e:f0:bd:84:9b:9d:ff:6f:4c:22:93:2e:
         26:6f:d6:fc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQi+vgb6VAy+m77NLIh+OcnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjUwMTAxMTc0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTVmM2RjOGExMjcyNDk3ZmM3MDU4ZWY0N2Q1NjQ4YjQ0MGVmNmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cNm5ljFVZb59Zg4D8TpzWAo/9Mu
lvQBInmf/Osa6BJfpNQS9n6VjD7u3c52lVQ5S7HS8BmgL9KQ917iupbA7MP981wH
Efg6s2Dd583db2tkQcCCyF17ro5mjQX9YIcBEKRj3ZNXB7SY/LuaqWzGdFy2z0ax
bfV2tL6t2SsE9qRFxyv45gFz7+uXM3x+iIGp9VdIIDga2zIENbOIWag8v7ekMKVL
6/523HLHFGMGXuXjZh8Ad57z1Qwyy9n4ARao/ioHREIpOZIcdl0nO9aq0M6r1fw8
ucBTuVnJeB0yckkN2nl5MMDa7GmcvDGhIz1q9L8zgBUbhnz0CpkdoZ2sRQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBVfPcihJySX/HBY70fVZItEDvbfMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvRlY4OXlLRW5KSmY4Y0ZqdlI5VmtpMFFPOXQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZSsMA0E
AgACMAcDBQMqDwYAMA0GCSqGSIb3DQEBCwUAA4IBAQA0wAROpbEQ1Q+333FV5Akj
bnc1sWxCtLBe4VJc0vBVsSQnXqtgp3g7NqCYIjnKvfuaKV99WS55WyeD7qmTX17t
KisjNSwIZhu/XoverqUzfUnNEZBnuh3WndsTlc4w26ciAskWP6LXV/WOua8GW9l6
ew78nVQyABlA/riIwI+oA4/9TUbUzri1vZFssYoeXStQtpHof106pPbT16B52LxE
OBjDKMxjpPjWNk0gRQEUT4vaqsj+RX7URHzGlDASUHhikjk98JVc+FjbD1QV0jqK
QLUmKlAyQZWRbMUqArrVSlMkk/OW5iqvx8bh8mDa89eO8L2Em53/b0wiky4mb9b8
-----END CERTIFICATE-----