Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/i7imZ1Khv2j_Ik-yycAFcPE8d3U.roa
File:                     i7imZ1Khv2j_Ik-yycAFcPE8d3U.roa (raw, json)
Hash identifier:          gNIcjkZfIxHyvYTUs25+jAI8zhhXgxm9B3z3SPrgk5k=
Subject key identifier:   8B:B8:A6:67:52:A1:BF:68:FF:22:4F:B2:C9:C0:05:70:F1:3C:77:75
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01942824C3EDD6C7F28E3D1C0E73B6220215
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/i7imZ1Khv2j_Ik-yycAFcPE8d3U.roa
Signing time:             Thu 02 Jan 2025 17:51:25 +0000
ROA not before:           Thu 02 Jan 2025 17:51:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214280
IP address blocks:        45.149.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:c3:ed:d6:c7:f2:8e:3d:1c:0e:73:b6:22:02:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8bb8a66752a1bf68ff224fb2c9c00570f13c7775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:10:3a:71:e7:18:dc:30:18:a1:3a:3b:37:b1:
                    f6:9d:8f:f1:1c:6f:23:74:58:43:b0:96:e4:67:80:
                    b1:0e:50:31:d6:99:8c:ae:e0:b5:6f:2e:92:a1:ec:
                    b8:75:06:6d:89:8b:4d:41:93:e3:84:01:fc:89:15:
                    23:63:71:4d:38:e9:0c:47:9f:94:8c:c5:ec:a6:84:
                    39:b4:09:0e:48:69:63:cf:e9:64:29:d4:46:e2:00:
                    b3:d8:40:47:f6:a8:73:b0:74:4e:af:23:4d:45:46:
                    e3:87:33:f7:4e:75:c5:cc:0e:14:e4:05:8a:71:53:
                    8f:bf:7b:cd:dc:5d:11:7f:71:a2:51:f0:37:31:4a:
                    36:34:69:75:d3:62:2d:81:c4:db:e4:8c:53:12:7c:
                    7e:17:f4:ff:06:9d:40:ba:ce:08:36:fb:0d:33:9c:
                    a2:06:b1:b8:9c:17:1c:71:a8:bd:ff:59:0e:ce:90:
                    e8:71:6e:c6:6e:78:9e:44:33:ba:37:7e:f4:6b:02:
                    30:cc:d0:52:06:e4:5c:cf:57:72:2e:5f:68:c3:e4:
                    85:b1:3a:85:a6:d9:30:f4:04:a8:10:f5:be:19:7f:
                    9b:05:27:cb:65:bc:fd:69:0e:d9:4f:2a:84:58:71:
                    dd:07:32:b1:19:9f:32:9c:b1:75:18:31:eb:95:ac:
                    de:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:B8:A6:67:52:A1:BF:68:FF:22:4F:B2:C9:C0:05:70:F1:3C:77:75
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/i7imZ1Khv2j_Ik-yycAFcPE8d3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:c1:54:e6:95:8c:7f:ed:08:55:38:cd:d4:97:6f:7d:4b:3c:
         6a:b0:d8:45:1b:c2:cb:25:f7:0d:a1:af:ed:57:c3:45:77:83:
         25:a1:6e:9f:60:b7:75:28:61:cb:fd:99:97:2d:a8:7e:6e:f4:
         d5:1c:82:2d:97:d9:35:fc:58:1e:f6:b3:4c:92:38:7f:e7:cb:
         08:65:89:40:a5:76:38:5c:5c:04:79:f1:03:df:81:d1:f0:a1:
         d0:cb:d7:e1:26:43:a1:d1:2f:99:b7:46:23:8b:1a:76:01:ac:
         c3:04:90:3f:8d:82:d7:f2:1d:48:61:84:49:31:5e:b3:64:30:
         13:b2:b1:16:e2:d2:e4:ac:08:53:4c:b7:33:92:74:d2:e4:f8:
         9a:31:d5:e1:a4:d5:f2:8c:34:6f:4c:e9:15:c5:ba:21:ba:e3:
         ab:d2:87:4d:e8:46:d9:30:34:2d:d1:59:af:a3:4b:ef:65:0e:
         8e:58:b1:a5:4f:fa:be:3a:fa:36:28:2e:b9:0b:b3:ea:e2:2d:
         58:ef:cf:81:76:b6:86:52:14:35:dd:9b:62:95:f8:ea:57:6a:
         dc:af:de:97:fc:23:24:5b:f0:f0:dc:72:3c:81:b6:5e:d0:0f:
         2b:7b:03:4c:c5:a7:e7:86:db:2a:78:4f:54:57:4f:13:be:95:
         7f:65:ed:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJMPt1sfyjj0cDnO2IgIVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmI4YTY2NzUyYTFiZjY4ZmYyMjRmYjJjOWMwMDU3MGYxM2M3Nzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhA6cecY3DAYoTo7N7H2nY/xHG8j
dFhDsJbkZ4CxDlAx1pmMruC1by6Soey4dQZtiYtNQZPjhAH8iRUjY3FNOOkMR5+U
jMXspoQ5tAkOSGljz+lkKdRG4gCz2EBH9qhzsHROryNNRUbjhzP3TnXFzA4U5AWK
cVOPv3vN3F0Rf3GiUfA3MUo2NGl102ItgcTb5IxTEnx+F/T/Bp1Aus4INvsNM5yi
BrG4nBcccai9/1kOzpDocW7GbnieRDO6N370awIwzNBSBuRcz1dyLl9ow+SFsTqF
ptkw9ASoEPW+GX+bBSfLZbz9aQ7ZTyqEWHHdBzKxGZ8ynLF1GDHrlaze/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIu4pmdSob9o/yJPssnABXDxPHd1MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaTdpbVoxS2h2MmpfSWsteXljQUZjUEU4ZDNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZXrMA0G
CSqGSIb3DQEBCwUAA4IBAQBTwVTmlYx/7QhVOM3Ul299SzxqsNhFG8LLJfcNoa/t
V8NFd4MloW6fYLd1KGHL/ZmXLah+bvTVHIItl9k1/Fge9rNMkjh/58sIZYlApXY4
XFwEefED34HR8KHQy9fhJkOh0S+Zt0Yjixp2AazDBJA/jYLX8h1IYYRJMV6zZDAT
srEW4tLkrAhTTLczknTS5PiaMdXhpNXyjDRvTOkVxbohuuOr0odN6EbZMDQt0Vmv
o0vvZQ6OWLGlT/q+Ovo2KC65C7Pq4i1Y78+BdraGUhQ13ZtilfjqV2rcr96X/CMk
W/Dw3HI8gbZe0A8rewNMxafnhtsqeE9UV08TvpV/Ze1s
-----END CERTIFICATE-----