Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GlU7AWzEKxSCTKJ25EMelarkDZM.roa
File:                     GlU7AWzEKxSCTKJ25EMelarkDZM.roa (raw, json)
Hash identifier:          5fwVLyYrF8QX7kOPrG+6Ds1LzV2COgSCGKYYkWC1u8o=
Subject key identifier:   1A:55:3B:01:6C:C4:2B:14:82:4C:A2:76:E4:43:1E:95:AA:E4:0D:93
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01942824A800AFC31DD160BA9CB027101759
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GlU7AWzEKxSCTKJ25EMelarkDZM.roa
Signing time:             Thu 02 Jan 2025 17:51:18 +0000
ROA not before:           Thu 02 Jan 2025 17:51:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200239
IP address blocks:        45.90.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:a8:00:af:c3:1d:d1:60:ba:9c:b0:27:10:17:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a553b016cc42b14824ca276e4431e95aae40d93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:aa:e5:10:9c:e9:87:06:1c:0d:d5:fd:d7:06:
                    03:53:81:6d:ae:ab:c4:7a:82:9c:10:86:67:a8:1f:
                    65:57:8e:5e:ba:b1:a1:85:d8:bd:ec:6b:ee:45:42:
                    4f:5f:19:4c:78:1d:92:e1:ea:db:57:bd:d6:e2:ac:
                    40:05:31:50:04:4f:e1:92:7d:90:8e:21:bc:87:ab:
                    81:73:04:cf:7e:e1:c9:e8:37:31:e2:cc:ee:7a:ea:
                    8b:90:b6:9e:7a:9e:3a:b7:97:86:7f:53:a8:6b:4b:
                    ba:45:79:bf:fe:c9:9d:73:99:4e:12:e5:ab:85:aa:
                    2b:4a:f9:1a:0b:0f:b2:66:12:f0:93:bf:02:41:86:
                    ec:db:23:ae:70:cb:f7:01:52:df:1f:31:e4:0d:4a:
                    26:50:e4:bd:27:81:93:72:30:34:90:64:17:7d:1d:
                    85:51:24:54:3e:53:0c:0a:c6:8f:c9:de:f3:e8:0f:
                    e6:a3:1e:74:4b:7e:86:af:aa:23:59:d3:99:e1:a3:
                    f2:f0:4a:7a:c8:d1:41:c7:e1:31:b3:81:2b:fe:8c:
                    12:18:62:a7:37:5e:9b:31:bb:12:b1:32:b9:34:72:
                    bd:ac:f3:74:94:60:1f:c4:8a:0e:32:d1:ae:85:d1:
                    d6:a1:a1:d1:67:c3:72:28:08:d1:1d:cb:3b:ba:b7:
                    48:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:55:3B:01:6C:C4:2B:14:82:4C:A2:76:E4:43:1E:95:AA:E4:0D:93
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GlU7AWzEKxSCTKJ25EMelarkDZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:e6:9c:c2:aa:fd:8b:54:34:55:aa:de:ca:8b:c6:60:eb:ac:
         38:35:eb:24:39:8c:f3:b1:bc:d1:a5:90:f2:32:31:ba:73:ae:
         04:20:d5:34:3f:f2:64:4a:02:26:77:be:c7:e3:48:47:98:18:
         71:69:92:97:77:62:38:c9:46:a4:72:40:49:38:d7:4e:1d:65:
         0c:ec:9e:ab:77:4c:3d:df:81:84:49:bd:44:2f:8f:32:ae:4e:
         d4:53:ce:5f:cf:ca:39:2d:73:a0:c3:8e:11:d3:5e:3d:43:a7:
         b1:45:23:6f:f8:52:9b:14:c7:e8:76:88:ca:4f:2b:bc:9a:39:
         0c:69:13:2b:54:28:1f:da:f9:67:ec:00:26:00:fb:df:3f:fa:
         40:10:00:b0:c6:7f:ff:64:6c:dc:c2:8e:69:2c:5b:c8:dd:be:
         ff:52:69:2f:86:3d:8a:ec:f2:11:c8:03:1d:8b:37:84:5e:93:
         68:c1:b6:68:74:c9:2a:77:c6:28:75:2a:38:be:98:43:54:5d:
         a5:06:92:74:24:24:31:fc:a9:ca:8f:f2:4f:a9:5c:0f:0b:4b:
         8d:ab:72:4c:57:6c:97:b4:06:d2:7a:d6:6b:af:53:53:f6:26:
         72:20:9a:ec:2e:c6:2f:01:05:d3:f9:e4:f4:f8:b6:4f:06:6c:
         fb:41:b6:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJKgAr8Md0WC6nLAnEBdZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTU1M2IwMTZjYzQyYjE0ODI0Y2EyNzZlNDQzMWU5NWFhZTQwZDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlarlEJzphwYcDdX91wYDU4FtrqvE
eoKcEIZnqB9lV45eurGhhdi97GvuRUJPXxlMeB2S4erbV73W4qxABTFQBE/hkn2Q
jiG8h6uBcwTPfuHJ6Dcx4szueuqLkLaeep46t5eGf1Ooa0u6RXm//smdc5lOEuWr
haorSvkaCw+yZhLwk78CQYbs2yOucMv3AVLfHzHkDUomUOS9J4GTcjA0kGQXfR2F
USRUPlMMCsaPyd7z6A/mox50S36Gr6ojWdOZ4aPy8Ep6yNFBx+Exs4Er/owSGGKn
N16bMbsSsTK5NHK9rPN0lGAfxIoOMtGuhdHWoaHRZ8NyKAjRHcs7urdIOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBpVOwFsxCsUgkyiduRDHpWq5A2TMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvR2xVN0FXekVLeFNDVEtKMjVFTWVsYXJrRFpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVpYMA0G
CSqGSIb3DQEBCwUAA4IBAQBr5pzCqv2LVDRVqt7Ki8Zg66w4NeskOYzzsbzRpZDy
MjG6c64EINU0P/JkSgImd77H40hHmBhxaZKXd2I4yUakckBJONdOHWUM7J6rd0w9
34GESb1EL48yrk7UU85fz8o5LXOgw44R0149Q6exRSNv+FKbFMfodojKTyu8mjkM
aRMrVCgf2vln7AAmAPvfP/pAEACwxn//ZGzcwo5pLFvI3b7/Umkvhj2K7PIRyAMd
izeEXpNowbZodMkqd8YodSo4vphDVF2lBpJ0JCQx/KnKj/JPqVwPC0uNq3JMV2yX
tAbSetZrr1NT9iZyIJrsLsYvAQXT+eT0+LZPBmz7Qba1
-----END CERTIFICATE-----