Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/SYg89xuEXUG6bMD7Pl2CsVBcmVo.roa
File:                     SYg89xuEXUG6bMD7Pl2CsVBcmVo.roa (raw, json)
Hash identifier:          FafX8OoXWchxsyj8C7cAZtH+8tr3bEqU6ajEo9eZfcQ=
Subject key identifier:   49:88:3C:F7:1B:84:5D:41:BA:6C:C0:FB:3E:5D:82:B1:50:5C:99:5A
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       019422FB61E6D9B9D2158BF4A8C29FBDDBC3
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/SYg89xuEXUG6bMD7Pl2CsVBcmVo.roa
Signing time:             Wed 01 Jan 2025 17:48:07 +0000
ROA not before:           Wed 01 Jan 2025 17:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11325
IP address blocks:        45.80.96.0/22 maxlen: 22
                          45.85.128.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:61:e6:d9:b9:d2:15:8b:f4:a8:c2:9f:bd:db:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Jan  1 17:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49883cf71b845d41ba6cc0fb3e5d82b1505c995a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3b:bc:f0:2a:57:68:e0:9b:b7:b1:b2:71:fb:
                    a0:03:7a:6b:d6:6e:a3:b8:4c:aa:94:06:59:76:7d:
                    ad:7f:ec:a7:fc:b8:d4:bd:20:b2:ab:b5:12:84:05:
                    d1:f4:4e:8e:6c:9b:90:a4:8a:0e:5d:76:8c:3e:eb:
                    42:05:5d:e1:02:04:26:3f:29:2b:1c:fb:a4:04:81:
                    4e:b4:e7:fe:c5:df:1a:b3:87:9f:bd:03:1f:ca:85:
                    73:e9:5d:1b:56:be:72:7e:a9:18:be:f6:95:e7:5a:
                    3c:35:fa:51:1a:3d:11:c9:33:9d:1d:74:c8:08:19:
                    6e:1e:be:b4:87:c8:54:99:8c:aa:bb:77:6a:d9:ca:
                    5f:87:4a:3d:3b:39:1c:8d:26:ef:fb:a5:1f:0f:ed:
                    5d:53:94:17:20:cb:c7:f1:b9:05:34:78:9f:33:c1:
                    03:2d:bf:37:de:1d:30:f6:96:99:f4:6d:fd:75:08:
                    e8:ce:51:2f:6b:dc:6a:e4:fa:7a:c1:08:7f:10:20:
                    d0:68:e1:46:80:56:bf:13:3b:98:a7:36:27:9c:f3:
                    7d:1c:6c:8e:48:53:9f:91:8b:10:ed:6f:bb:98:ba:
                    ff:d0:7e:5d:d7:09:e9:c7:72:ce:b3:99:ac:32:d9:
                    17:12:09:e8:0c:63:20:57:36:59:86:8b:9a:7c:7f:
                    74:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:88:3C:F7:1B:84:5D:41:BA:6C:C0:FB:3E:5D:82:B1:50:5C:99:5A
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/SYg89xuEXUG6bMD7Pl2CsVBcmVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.96.0/22
                  45.85.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:96:d6:6b:b9:90:73:a6:d8:7a:81:d8:3d:60:e5:0e:fe:f1:
         39:bf:1f:40:6c:ad:46:5f:c4:cb:e0:d3:01:be:00:6f:2e:41:
         49:4b:ba:e5:25:ff:71:cc:ba:63:9c:1b:3f:ba:81:23:dd:1d:
         40:e9:57:03:7a:ed:f7:ee:51:df:19:31:dc:85:9a:22:5d:eb:
         ca:45:38:f8:b1:d5:93:71:ab:81:22:b5:77:c2:77:2e:e8:43:
         d3:8b:29:96:ab:88:bc:52:24:fc:f5:6c:31:d0:07:26:25:b4:
         34:bc:76:95:6a:b8:a7:39:d2:cc:cf:d6:3a:ff:5c:f7:bc:84:
         75:18:27:bf:f8:b5:13:79:21:a6:aa:88:67:d5:31:1d:48:b0:
         3c:fc:a8:bd:16:d0:2e:e2:95:05:2e:4f:21:23:d0:8e:44:a3:
         be:d0:7f:83:24:3a:80:9e:06:00:12:90:0c:78:cb:b2:c0:85:
         f5:3e:d5:3e:66:6d:55:84:68:77:f4:b8:c2:98:2a:8b:16:a7:
         8c:6d:c5:ea:0c:87:ff:9d:62:38:83:c2:94:68:8e:f1:89:75:
         47:ee:25:96:c4:67:d0:39:11:76:27:ff:93:4c:1d:2e:10:e4:
         de:00:af:aa:0f:df:57:bc:c8:b4:db:0c:4e:66:60:a6:83:78:
         e0:ce:4f:aa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+2Hm2bnSFYv0qMKfvdvDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MzNlZjQ2MTE2ZmQ5ZDIxYmZiNTMzZTQ0YmRlNTE3ODkw
YzI0ZGMwHhcNMjUwMTAxMTc0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTg4M2NmNzFiODQ1ZDQxYmE2Y2MwZmIzZTVkODJiMTUwNWM5OTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuju88CpXaOCbt7GycfugA3pr1m6j
uEyqlAZZdn2tf+yn/LjUvSCyq7UShAXR9E6ObJuQpIoOXXaMPutCBV3hAgQmPykr
HPukBIFOtOf+xd8as4efvQMfyoVz6V0bVr5yfqkYvvaV51o8NfpRGj0RyTOdHXTI
CBluHr60h8hUmYyqu3dq2cpfh0o9OzkcjSbv+6UfD+1dU5QXIMvH8bkFNHifM8ED
Lb833h0w9paZ9G39dQjozlEva9xq5Pp6wQh/ECDQaOFGgFa/EzuYpzYnnPN9HGyO
SFOfkYsQ7W+7mLr/0H5d1wnpx3LOs5msMtkXEgnoDGMgVzZZhouafH90hQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEmIPPcbhF1BumzA+z5dgrFQXJlaMB8GA1UdIwQY
MBaAFIUz70YRb9nSG/tTPkS95ReJDCTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAt
NzM5MjNkYWVmMTE0LzEvU1lnODl4dUVYVUc2Yk1EN1BsMkNzVkJjbVZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAtNzM5MjNkYWVmMTE0
LzEvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVBgAwQB
LVWAMA0GCSqGSIb3DQEBCwUAA4IBAQBkltZruZBzpth6gdg9YOUO/vE5vx9AbK1G
X8TL4NMBvgBvLkFJS7rlJf9xzLpjnBs/uoEj3R1A6VcDeu337lHfGTHchZoiXevK
RTj4sdWTcauBIrV3wncu6EPTiymWq4i8UiT89Wwx0AcmJbQ0vHaVarinOdLMz9Y6
/1z3vIR1GCe/+LUTeSGmqohn1TEdSLA8/Ki9FtAu4pUFLk8hI9CORKO+0H+DJDqA
ngYAEpAMeMuywIX1PtU+Zm1VhGh39LjCmCqLFqeMbcXqDIf/nWI4g8KUaI7xiXVH
7iWWxGfQORF2J/+TTB0uEOTeAK+qD99XvMi02wxOZmCmg3jgzk+q
-----END CERTIFICATE-----