Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/9oLYcSPHMvCe-Pv2M_rza63XTow.roa
File:                     9oLYcSPHMvCe-Pv2M_rza63XTow.roa (raw, json)
Hash identifier:          wcB89ybRT1IhIFGZVbatLp94YXi4OhrbT8jvmNnsE+Y=
Subject key identifier:   F6:82:D8:71:23:C7:32:F0:9E:F8:FB:F6:33:FA:F3:6B:AD:D7:4E:8C
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       019422FB65341373FA31C7D25590F5A915E7
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/9oLYcSPHMvCe-Pv2M_rza63XTow.roa
Signing time:             Wed 01 Jan 2025 17:48:08 +0000
ROA not before:           Wed 01 Jan 2025 17:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203061
IP address blocks:        45.11.240.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:65:34:13:73:fa:31:c7:d2:55:90:f5:a9:15:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Jan  1 17:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f682d87123c732f09ef8fbf633faf36badd74e8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:bc:a1:73:8b:23:d4:ae:ca:5d:73:51:3f:e1:
                    61:21:d9:f5:6a:ba:ba:8c:bb:e5:91:a3:89:55:14:
                    a3:7b:96:4f:20:d0:97:f6:86:22:ac:20:81:61:dd:
                    7c:5d:94:81:2b:66:cb:30:a4:da:44:ca:a4:d1:b1:
                    c4:f9:f5:1b:c1:16:e8:e3:03:c4:73:a7:22:42:bc:
                    14:f4:75:96:1a:54:fd:94:a8:69:0c:5f:2b:9d:27:
                    c3:b2:29:b1:55:79:b9:b4:2d:79:ea:43:b9:2c:34:
                    d8:a6:57:3b:f7:cf:ed:06:e8:eb:eb:46:36:e4:10:
                    19:09:11:d9:1f:4d:d7:85:b2:c0:8f:39:24:1a:be:
                    ae:2d:8e:ce:55:2c:c2:f2:e8:b3:1b:a8:1f:3f:08:
                    ab:0a:d5:91:73:3b:35:c8:d6:dc:ff:7c:4d:8d:1a:
                    1e:ce:f3:78:b1:59:26:de:d0:4c:8e:11:73:fc:b0:
                    b9:b0:3e:b6:98:b7:47:27:f6:85:e4:5a:7e:e6:5b:
                    7f:41:8e:be:c7:36:7d:49:31:18:1b:92:b2:ed:ee:
                    b8:31:0b:88:c1:22:31:2d:7d:d9:7e:c1:68:28:b8:
                    49:e5:4e:2d:58:49:36:e4:dd:fb:8c:45:db:01:92:
                    be:2c:38:d1:c0:6f:17:a0:b5:a4:37:01:5a:6e:4a:
                    8a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:82:D8:71:23:C7:32:F0:9E:F8:FB:F6:33:FA:F3:6B:AD:D7:4E:8C
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/9oLYcSPHMvCe-Pv2M_rza63XTow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a5:41:b4:69:d1:dc:99:5a:b2:4b:18:b5:33:4c:5d:11:e9:f5:
         5d:99:9d:1b:ac:33:e2:2f:72:da:b8:fb:fd:d5:b9:40:95:f2:
         c9:a4:77:e7:84:31:4c:9c:25:2f:e5:26:a6:5f:cf:a6:ef:44:
         b4:38:0d:02:2d:c8:0e:c2:66:d2:ec:bc:c9:c0:d4:f5:ae:36:
         d3:c1:ce:be:20:2b:fc:03:c6:ef:18:b0:e5:3c:50:5e:17:e1:
         ef:67:03:ae:36:ba:21:2e:bc:c7:dd:ae:da:7b:1d:56:83:69:
         91:20:24:7f:20:75:00:77:1c:7d:ba:ab:34:d6:a3:b5:2b:f9:
         fb:15:b2:ba:d7:79:66:f8:7f:db:21:6a:0a:95:87:89:b7:2d:
         cc:98:2b:32:59:7c:a7:c8:77:29:62:a4:40:89:e9:39:3e:20:
         20:90:9e:b8:13:b8:03:92:cd:bb:9a:43:53:30:4e:da:84:dc:
         e6:89:a9:05:82:70:2e:8f:49:08:2f:9a:c0:fc:40:1b:b1:ee:
         d9:bd:1b:eb:86:34:7e:30:41:a3:7a:0b:d9:4e:31:24:7e:4e:
         41:ed:a4:52:28:a1:be:b2:8a:05:84:e2:d8:eb:ba:1d:46:75:
         f1:c6:dc:50:47:b8:3f:f8:2c:df:1d:dd:09:02:1b:23:63:a2:
         db:d2:4f:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+2U0E3P6McfSVZD1qRXnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MzNlZjQ2MTE2ZmQ5ZDIxYmZiNTMzZTQ0YmRlNTE3ODkw
YzI0ZGMwHhcNMjUwMTAxMTc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjgyZDg3MTIzYzczMmYwOWVmOGZiZjYzM2ZhZjM2YmFkZDc0ZThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtryhc4sj1K7KXXNRP+FhIdn1arq6
jLvlkaOJVRSje5ZPINCX9oYirCCBYd18XZSBK2bLMKTaRMqk0bHE+fUbwRbo4wPE
c6ciQrwU9HWWGlT9lKhpDF8rnSfDsimxVXm5tC156kO5LDTYplc798/tBujr60Y2
5BAZCRHZH03XhbLAjzkkGr6uLY7OVSzC8uizG6gfPwirCtWRczs1yNbc/3xNjRoe
zvN4sVkm3tBMjhFz/LC5sD62mLdHJ/aF5Fp+5lt/QY6+xzZ9STEYG5Ky7e64MQuI
wSIxLX3ZfsFoKLhJ5U4tWEk25N37jEXbAZK+LDjRwG8XoLWkNwFabkqKXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPaC2HEjxzLwnvj79jP682ut106MMB8GA1UdIwQY
MBaAFIUz70YRb9nSG/tTPkS95ReJDCTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAt
NzM5MjNkYWVmMTE0LzEvOW9MWWNTUEhNdkNlLVB2Mk1fcnphNjNYVG93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAtNzM5MjNkYWVmMTE0
LzEvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQvwMA0G
CSqGSIb3DQEBCwUAA4IBAQClQbRp0dyZWrJLGLUzTF0R6fVdmZ0brDPiL3LauPv9
1blAlfLJpHfnhDFMnCUv5SamX8+m70S0OA0CLcgOwmbS7LzJwNT1rjbTwc6+ICv8
A8bvGLDlPFBeF+HvZwOuNrohLrzH3a7aex1Wg2mRICR/IHUAdxx9uqs01qO1K/n7
FbK613lm+H/bIWoKlYeJty3MmCsyWXynyHcpYqRAiek5PiAgkJ64E7gDks27mkNT
ME7ahNzmiakFgnAuj0kIL5rA/EAbse7ZvRvrhjR+MEGjegvZTjEkfk5B7aRSKKG+
sooFhOLY67odRnXxxtxQR7g/+CzfHd0JAhsjY6Lb0k9d
-----END CERTIFICATE-----