Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1-yvyD_dCKJtEZ0gzCJFN2vOEeks.roa
File:                     1-yvyD_dCKJtEZ0gzCJFN2vOEeks.roa (raw, json)
Hash identifier:          QWGjlJs+GRcBRzo28+xcfZhWd14ScpzhfDj9AjYfaOg=
Subject key identifier:   FB:2B:F2:0F:F7:42:28:9B:44:67:48:33:08:91:4D:DA:F3:84:7A:4B
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       0194258F8C092017C590C0A5EDA98E77F456
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1-yvyD_dCKJtEZ0gzCJFN2vOEeks.roa
Signing time:             Thu 02 Jan 2025 05:49:12 +0000
ROA not before:           Thu 02 Jan 2025 05:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44893
IP address blocks:        45.135.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:8c:09:20:17:c5:90:c0:a5:ed:a9:8e:77:f4:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 05:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb2bf20ff742289b4467483308914ddaf3847a4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:9d:5f:91:5e:ee:13:80:f5:fe:94:9e:cf:a7:
                    bb:ce:12:ca:c9:ea:10:52:28:78:b9:70:38:ec:af:
                    30:f4:2f:c8:88:c2:f1:53:28:63:0e:62:0e:34:a8:
                    dd:c1:dc:ae:9c:85:72:88:6f:3c:54:67:d1:8a:e6:
                    b7:94:59:c6:49:a7:16:cd:a6:08:73:9c:a6:5c:48:
                    56:b8:ea:45:4b:29:8b:b3:78:8b:95:ab:18:22:05:
                    39:66:9e:cf:5f:94:8e:16:e6:8c:36:53:99:32:fd:
                    8b:60:14:e9:35:00:27:c3:5c:49:ed:4e:7d:14:d1:
                    7f:66:77:db:4f:f6:f5:ae:71:fe:d3:2c:7b:46:ac:
                    de:35:a5:b8:c1:71:5a:9e:de:25:d0:30:26:7e:d8:
                    b5:af:bf:a1:78:67:88:fc:00:5f:5f:a6:19:82:b0:
                    a1:4e:b4:0f:4b:1b:9b:de:52:4b:ec:ac:3b:a3:38:
                    6f:8c:20:1e:51:5d:7c:31:1e:21:ab:4b:62:e2:c9:
                    85:48:f1:d2:27:35:6b:b1:d2:60:0b:11:d5:9c:d4:
                    41:53:0d:33:d7:3e:67:85:68:70:13:33:b8:dd:34:
                    38:65:55:d7:2f:18:01:39:9e:f1:02:dc:c9:0e:cd:
                    66:d0:70:45:e1:30:1c:13:39:22:48:b3:81:e5:59:
                    5d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:2B:F2:0F:F7:42:28:9B:44:67:48:33:08:91:4D:DA:F3:84:7A:4B
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1-yvyD_dCKJtEZ0gzCJFN2vOEeks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:b9:56:c2:be:77:e2:2b:ff:4b:7b:f3:30:e3:1d:1e:35:18:
         dc:12:14:c1:e1:92:52:ff:02:fb:63:63:d1:75:ed:fb:56:83:
         71:0d:fc:35:a9:21:5c:00:3f:2e:b5:a0:d8:2c:17:0c:5b:5d:
         f4:8a:bf:d3:76:7d:f4:71:1a:de:e1:4e:36:8b:9c:b2:03:af:
         b1:8c:b2:1b:c1:07:c9:46:a2:40:ce:fb:d6:6f:5a:55:21:22:
         9b:d4:33:48:c1:d2:83:a5:12:53:e5:c5:d1:82:e6:cb:34:0c:
         3a:10:96:35:ed:c7:42:04:4e:00:fe:17:2c:75:6b:cb:2c:bc:
         d0:2a:b5:3d:74:e5:28:6e:7f:4b:3b:b0:fc:14:97:d4:d6:91:
         f3:d1:9d:5b:9e:60:c0:ce:be:c0:df:e9:0d:f9:c4:73:82:60:
         98:ae:67:b8:e2:0a:01:20:0d:b9:6d:f5:f9:c6:72:48:5a:68:
         78:b0:bc:3c:df:24:f7:5a:34:b9:fd:a7:48:68:90:68:09:a0:
         7f:3a:04:3c:69:44:95:5b:60:e3:de:8f:f2:ce:a5:fc:d9:7d:
         56:56:c4:64:5f:ef:4c:7a:a0:4f:a8:be:cc:68:88:68:01:55:
         5c:83:3b:7a:0d:b5:d7:94:19:b5:ef:6c:e5:01:79:65:1a:d8:
         84:82:bd:bf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQlj4wJIBfFkMCl7amOd/RWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMTAyMDU0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjJiZjIwZmY3NDIyODliNDQ2NzQ4MzMwODkxNGRkYWYzODQ3YTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo51fkV7uE4D1/pSez6e7zhLKyeoQ
Uih4uXA47K8w9C/IiMLxUyhjDmIONKjdwdyunIVyiG88VGfRiua3lFnGSacWzaYI
c5ymXEhWuOpFSymLs3iLlasYIgU5Zp7PX5SOFuaMNlOZMv2LYBTpNQAnw1xJ7U59
FNF/ZnfbT/b1rnH+0yx7RqzeNaW4wXFant4l0DAmfti1r7+heGeI/ABfX6YZgrCh
TrQPSxub3lJL7Kw7ozhvjCAeUV18MR4hq0ti4smFSPHSJzVrsdJgCxHVnNRBUw0z
1z5nhWhwEzO43TQ4ZVXXLxgBOZ7xAtzJDs1m0HBF4TAcEzkiSLOB5VldfQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPsr8g/3QiibRGdIMwiRTdrzhHpLMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvMS15dnlEX2RDS0p0RVowZ3pDSkZOMnZPRWVrcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTAvNTNjN2I4LTVlNGItNDlmZC04YzkxLWJhOThmMTEyMjEy
MS8xL1lZUjQ4WmotVnBBUXc5OWlHUlF2VXd4UFhsWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2HgTAN
BgkqhkiG9w0BAQsFAAOCAQEAablWwr534iv/S3vzMOMdHjUY3BIUweGSUv8C+2Nj
0XXt+1aDcQ38NakhXAA/LrWg2CwXDFtd9Iq/03Z99HEa3uFONoucsgOvsYyyG8EH
yUaiQM771m9aVSEim9QzSMHSg6USU+XF0YLmyzQMOhCWNe3HQgROAP4XLHVryyy8
0Cq1PXTlKG5/Szuw/BSX1NaR89GdW55gwM6+wN/pDfnEc4JgmK5nuOIKASANuW31
+cZySFpoeLC8PN8k91o0uf2nSGiQaAmgfzoEPGlElVtg496P8s6l/Nl9VlbEZF/v
THqgT6i+zGiIaAFVXIM7eg2115QZte9s5QF5ZRrYhIK9vw==
-----END CERTIFICATE-----