Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/vE_qBM6RbyXIT4-04FS0QoRL02A.roa
File:                     vE_qBM6RbyXIT4-04FS0QoRL02A.roa (raw, json)
Hash identifier:          520aAGMMtdi6nZEuu5xxDJhTUguFRJz5o7AYpWhRknw=
Subject key identifier:   BC:4F:EA:04:CE:91:6F:25:C8:4F:8F:B4:E0:54:B4:42:84:4B:D3:60
Certificate issuer:       /CN=7ba2be98438b98ee68a0d1b8c4144520bd0a623d
Certificate serial:       01955B829718B4621345EBA2BC3CE49809F6
Authority key identifier: 7B:A2:BE:98:43:8B:98:EE:68:A0:D1:B8:C4:14:45:20:BD:0A:62:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6K-mEOLmO5ooNG4xBRFIL0KYj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/vE_qBM6RbyXIT4-04FS0QoRL02A.roa
Signing time:             Mon 03 Mar 2025 10:17:19 +0000
ROA not before:           Mon 03 Mar 2025 10:17:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208830
IP address blocks:        45.82.236.0/22 maxlen: 22
                          2a0e:7580::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/e6K-mEOLmO5ooNG4xBRFIL0KYj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/e6K-mEOLmO5ooNG4xBRFIL0KYj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6K-mEOLmO5ooNG4xBRFIL0KYj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5b:82:97:18:b4:62:13:45:eb:a2:bc:3c:e4:98:09:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ba2be98438b98ee68a0d1b8c4144520bd0a623d
        Validity
            Not Before: Mar  3 10:17:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc4fea04ce916f25c84f8fb4e054b442844bd360
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d5:35:69:4c:c3:a6:79:10:32:b7:c7:31:c6:
                    d3:1b:7a:d6:b6:86:e9:57:04:df:be:d6:9a:af:4b:
                    db:0f:aa:70:03:f2:62:d6:e6:df:0e:f7:f9:0c:a6:
                    07:42:91:43:b9:70:a6:bc:97:f6:06:4e:24:6e:b1:
                    f6:d2:b2:d3:5f:f4:80:cf:58:b4:91:f0:06:a2:77:
                    fe:82:22:a2:d4:5f:7e:32:9d:ac:f8:4c:c3:06:be:
                    97:0a:0b:6c:c9:6e:f8:6a:db:6c:b5:23:6e:98:62:
                    14:25:12:d1:61:c1:f1:dc:13:96:a2:55:9e:dc:12:
                    03:cd:0e:2e:42:19:03:da:76:54:c6:dc:0b:cd:1e:
                    2e:70:d3:c8:07:ea:4e:0c:5e:20:d4:85:a1:34:76:
                    ec:5a:bc:5f:20:a5:68:38:9a:c1:d4:08:68:bf:63:
                    71:23:16:93:50:ce:72:c2:02:47:28:4f:ce:42:13:
                    3e:2f:96:85:36:6f:09:7b:c4:d9:0b:3c:42:62:75:
                    a3:32:f8:50:0c:cd:6f:4d:50:c6:3b:bc:e6:1d:3f:
                    99:3d:b4:54:32:75:b9:f8:6b:f0:6d:0f:9a:d7:ee:
                    12:e1:6b:33:af:f4:a1:00:c5:52:4b:6c:a0:87:2d:
                    85:78:d0:5e:45:aa:f0:49:48:7f:3b:f3:13:16:e3:
                    64:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:4F:EA:04:CE:91:6F:25:C8:4F:8F:B4:E0:54:B4:42:84:4B:D3:60
            X509v3 Authority Key Identifier:
                keyid:7B:A2:BE:98:43:8B:98:EE:68:A0:D1:B8:C4:14:45:20:BD:0A:62:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6K-mEOLmO5ooNG4xBRFIL0KYj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/vE_qBM6RbyXIT4-04FS0QoRL02A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/e6K-mEOLmO5ooNG4xBRFIL0KYj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.236.0/22
                IPv6:
                  2a0e:7580::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:2d:49:a6:fd:38:7b:03:a5:53:2b:d7:b7:45:d3:f5:b0:d9:
         f1:a8:56:38:df:23:18:6d:ae:0b:2e:61:5e:05:93:ae:2c:f3:
         f0:e2:b6:49:4b:bb:fb:f7:3b:f2:f2:a8:00:b2:99:02:e1:0b:
         8b:75:fa:37:fe:ed:87:ab:8d:e9:74:12:fc:7e:15:83:05:4e:
         83:0f:bc:00:54:f0:5e:94:b2:f4:84:d9:e1:20:0d:10:ff:58:
         bf:ba:8a:21:0a:68:f2:b0:b1:5e:9b:70:38:4b:13:fb:b0:b6:
         a5:fd:65:b1:13:55:d0:62:95:f0:d0:ea:0b:c1:c6:a0:b2:60:
         c0:67:d7:18:6e:33:0a:b9:05:e2:c8:79:fe:05:71:5f:7b:6d:
         4b:c3:cf:a9:e1:c8:a7:b5:1d:76:67:d4:8f:a3:3f:5c:09:3e:
         98:6f:23:de:d1:4b:44:57:49:84:45:b3:2b:cb:99:68:71:ef:
         d0:77:14:be:69:2c:1f:26:a8:b8:59:bc:49:70:d1:b6:ab:5e:
         cd:e5:6e:db:7b:d5:92:b5:0b:4f:4f:a3:b1:a4:2b:f9:91:a1:
         b8:5b:5e:40:9d:0b:d5:12:54:6b:2e:54:7c:55:47:82:0c:df:
         a6:bb:ad:ee:20:09:79:48:13:25:0f:57:7f:e8:df:3e:de:62:
         61:91:73:d5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZVbgpcYtGITReuivDzkmAn2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYTJiZTk4NDM4Yjk4ZWU2OGEwZDFiOGM0MTQ0NTIwYmQw
YTYyM2QwHhcNMjUwMzAzMTAxNzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzRmZWEwNGNlOTE2ZjI1Yzg0ZjhmYjRlMDU0YjQ0Mjg0NGJkMzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdU1aUzDpnkQMrfHMcbTG3rWtobp
VwTfvtaar0vbD6pwA/Ji1ubfDvf5DKYHQpFDuXCmvJf2Bk4kbrH20rLTX/SAz1i0
kfAGonf+giKi1F9+Mp2s+EzDBr6XCgtsyW74attstSNumGIUJRLRYcHx3BOWolWe
3BIDzQ4uQhkD2nZUxtwLzR4ucNPIB+pODF4g1IWhNHbsWrxfIKVoOJrB1Ahov2Nx
IxaTUM5ywgJHKE/OQhM+L5aFNm8Je8TZCzxCYnWjMvhQDM1vTVDGO7zmHT+ZPbRU
MnW5+GvwbQ+a1+4S4Wszr/ShAMVSS2yghy2FeNBeRarwSUh/O/MTFuNkQQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLxP6gTOkW8lyE+PtOBUtEKES9NgMB8GA1UdIwQY
MBaAFHuivphDi5juaKDRuMQURSC9CmI9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZLLW1FT0xtTzVvb05HNHhCUkZJTDBLWWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC84NDVlNzYtOWMyZC00YWZmLTkyYWYt
NDkzNWIzZjVjMjA5LzEvdkVfcUJNNlJieVhJVDQtMDRGUzBRb1JMMDJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC84NDVlNzYtOWMyZC00YWZmLTkyYWYtNDkzNWIzZjVjMjA5
LzEvZTZLLW1FT0xtTzVvb05HNHhCUkZJTDBLWWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVLsMA0E
AgACMAcDBQMqDnWAMA0GCSqGSIb3DQEBCwUAA4IBAQAZLUmm/Th7A6VTK9e3RdP1
sNnxqFY43yMYba4LLmFeBZOuLPPw4rZJS7v79zvy8qgAspkC4QuLdfo3/u2Hq43p
dBL8fhWDBU6DD7wAVPBelLL0hNnhIA0Q/1i/uoohCmjysLFem3A4SxP7sLal/WWx
E1XQYpXw0OoLwcagsmDAZ9cYbjMKuQXiyHn+BXFfe21Lw8+p4cintR12Z9SPoz9c
CT6YbyPe0UtEV0mERbMry5loce/QdxS+aSwfJqi4WbxJcNG2q17N5W7be9WStQtP
T6OxpCv5kaG4W15AnQvVElRrLlR8VUeCDN+mu63uIAl5SBMlD1d/6N8+3mJhkXPV
-----END CERTIFICATE-----