Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/FlI6inWj2TmnnIGOS7ZVGBf_bD0.roa
File:                     FlI6inWj2TmnnIGOS7ZVGBf_bD0.roa (raw, json)
Hash identifier:          5X+YWS6gSiJ/Tn7alo0GG3dyffx54L0u6yH14DDRlbA=
Subject key identifier:   16:52:3A:8A:75:A3:D9:39:A7:9C:81:8E:4B:B6:55:18:17:FF:6C:3D
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       019422FB6043B7ED09A7BDC577EAC66503C0
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/FlI6inWj2TmnnIGOS7ZVGBf_bD0.roa
Signing time:             Wed 01 Jan 2025 17:48:07 +0000
ROA not before:           Wed 01 Jan 2025 17:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1239
IP address blocks:        45.85.130.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:60:43:b7:ed:09:a7:bd:c5:77:ea:c6:65:03:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Jan  1 17:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16523a8a75a3d939a79c818e4bb6551817ff6c3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:4f:dc:fb:19:f5:35:e4:1a:a9:07:1c:fa:14:
                    d7:9f:fe:e3:f2:c1:7a:81:b8:9a:56:3a:8a:d5:1f:
                    e7:3d:35:f7:9f:fb:6f:6a:4c:88:05:c1:2a:25:7b:
                    d7:1f:3b:e4:1b:4a:da:3b:41:fd:88:4c:61:3a:75:
                    00:93:a3:05:ee:24:a6:50:55:58:99:15:fa:9f:40:
                    bf:ff:47:40:00:96:59:b0:74:6a:ef:64:b5:32:a9:
                    7c:5c:fd:27:39:2c:d0:34:de:50:90:13:1c:f0:f5:
                    5a:3d:c8:3a:37:d2:24:98:0f:41:9c:98:35:b4:87:
                    50:36:d0:64:17:12:91:a9:41:d0:12:49:9c:61:02:
                    c2:85:96:e7:02:ce:88:59:a7:57:05:61:51:26:e5:
                    2f:9b:8e:dc:4a:a6:64:01:42:d4:58:33:c2:71:6f:
                    05:e6:f5:5e:ab:1a:15:e6:6a:d9:c9:3a:dc:59:78:
                    72:55:31:3b:53:8f:1e:96:45:67:5e:0a:72:d7:cb:
                    59:f2:d1:77:69:c0:ce:a1:0e:fa:99:c9:d5:07:61:
                    09:54:d6:f7:ca:bb:e7:67:55:82:e6:76:f2:a5:d5:
                    8a:a4:af:4b:06:ce:b0:63:da:53:0f:9a:38:94:d7:
                    fe:16:28:8c:5c:8a:f5:5b:af:25:31:ab:3a:c4:5f:
                    49:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:52:3A:8A:75:A3:D9:39:A7:9C:81:8E:4B:B6:55:18:17:FF:6C:3D
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/FlI6inWj2TmnnIGOS7ZVGBf_bD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:c8:24:24:8f:db:2c:33:76:0f:e3:0c:48:1e:d5:04:ff:d0:
         45:bf:04:c8:8c:13:89:23:ca:d6:46:e4:ca:b7:26:02:4d:64:
         27:df:75:13:77:64:e3:2e:4c:6c:23:d2:c2:37:53:e7:45:43:
         fb:a0:2e:13:1f:5c:cb:0d:db:23:45:7f:34:7a:e8:74:a4:7d:
         2f:23:96:f6:d9:b3:b9:9c:f4:23:30:55:e4:d8:85:32:05:71:
         f4:e4:f4:64:04:75:cb:8f:e4:22:18:31:d1:35:f2:55:aa:ec:
         a0:d8:2a:cb:56:63:44:30:4d:53:b7:ae:d8:14:9c:61:e6:0f:
         43:05:f6:fb:c7:21:45:4d:96:18:5e:b6:14:4b:c1:34:fe:d6:
         8b:75:5b:cc:e1:e8:e6:11:a8:7d:dd:40:60:0c:ac:30:67:7d:
         a5:f8:a5:e1:59:1d:06:72:53:11:9b:e3:9a:dc:0f:4a:74:8f:
         78:0f:01:13:25:49:ca:6e:04:60:dc:52:fa:7b:96:ba:7b:32:
         cc:18:6c:ca:8b:b4:4f:f9:f8:61:da:6a:01:0a:45:d0:48:1c:
         01:a5:c8:32:a9:c1:31:63:6d:bf:74:29:cf:2d:91:51:7d:81:
         00:42:ce:56:a8:cd:cb:0d:7f:3a:6b:1f:b1:4b:a2:66:59:7b:
         f1:1a:bd:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+2BDt+0Jp73Fd+rGZQPAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MzNlZjQ2MTE2ZmQ5ZDIxYmZiNTMzZTQ0YmRlNTE3ODkw
YzI0ZGMwHhcNMjUwMTAxMTc0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjUyM2E4YTc1YTNkOTM5YTc5YzgxOGU0YmI2NTUxODE3ZmY2YzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0/c+xn1NeQaqQcc+hTXn/7j8sF6
gbiaVjqK1R/nPTX3n/tvakyIBcEqJXvXHzvkG0raO0H9iExhOnUAk6MF7iSmUFVY
mRX6n0C//0dAAJZZsHRq72S1Mql8XP0nOSzQNN5QkBMc8PVaPcg6N9IkmA9BnJg1
tIdQNtBkFxKRqUHQEkmcYQLChZbnAs6IWadXBWFRJuUvm47cSqZkAULUWDPCcW8F
5vVeqxoV5mrZyTrcWXhyVTE7U48elkVnXgpy18tZ8tF3acDOoQ76mcnVB2EJVNb3
yrvnZ1WC5nbypdWKpK9LBs6wY9pTD5o4lNf+FiiMXIr1W68lMas6xF9J2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZSOop1o9k5p5yBjku2VRgX/2w9MB8GA1UdIwQY
MBaAFIUz70YRb9nSG/tTPkS95ReJDCTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAt
NzM5MjNkYWVmMTE0LzEvRmxJNmluV2oyVG1ubklHT1M3WlZHQmZfYkQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAtNzM5MjNkYWVmMTE0
LzEvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVWCMA0G
CSqGSIb3DQEBCwUAA4IBAQCUyCQkj9ssM3YP4wxIHtUE/9BFvwTIjBOJI8rWRuTK
tyYCTWQn33UTd2TjLkxsI9LCN1PnRUP7oC4TH1zLDdsjRX80euh0pH0vI5b22bO5
nPQjMFXk2IUyBXH05PRkBHXLj+QiGDHRNfJVquyg2CrLVmNEME1Tt67YFJxh5g9D
Bfb7xyFFTZYYXrYUS8E0/taLdVvM4ejmEah93UBgDKwwZ32l+KXhWR0GclMRm+Oa
3A9KdI94DwETJUnKbgRg3FL6e5a6ezLMGGzKi7RP+fhh2moBCkXQSBwBpcgyqcEx
Y22/dCnPLZFRfYEAQs5WqM3LDX86ax+xS6JmWXvxGr2v
-----END CERTIFICATE-----