Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/V05XtxLuNAQpoO5H9P1IS4dSoX4.roa
File:                     V05XtxLuNAQpoO5H9P1IS4dSoX4.roa (raw, json)
Hash identifier:          LXCIEksdGEPZzBTCWjbFwGM6+GL06zblhdET9a+UUAU=
Subject key identifier:   57:4E:57:B7:12:EE:34:04:29:A0:EE:47:F4:FD:48:4B:87:52:A1:7E
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       019422FB63ACB7671EC6194E5D9F5E3F60FE
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/V05XtxLuNAQpoO5H9P1IS4dSoX4.roa
Signing time:             Wed 01 Jan 2025 17:48:07 +0000
ROA not before:           Wed 01 Jan 2025 17:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55410
IP address blocks:        45.14.82.0/24 maxlen: 24
                          45.85.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:63:ac:b7:67:1e:c6:19:4e:5d:9f:5e:3f:60:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Jan  1 17:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=574e57b712ee340429a0ee47f4fd484b8752a17e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:47:0f:6c:c1:b1:ae:3f:a0:4a:0b:63:14:43:
                    a7:42:36:d4:d4:64:cd:90:81:37:47:ed:d3:bc:44:
                    63:00:83:50:e6:6c:78:ab:99:0c:f8:a1:b9:cb:94:
                    4b:b1:6d:e2:2b:51:c3:71:e0:6a:96:ae:4f:ff:7f:
                    96:ef:23:31:cf:82:6f:73:d9:26:61:0a:93:67:d4:
                    18:4c:73:54:02:97:13:73:77:27:93:ce:db:52:9c:
                    4d:2f:db:3d:0c:56:75:e7:ee:8f:ed:42:1d:93:b5:
                    4c:a2:49:69:33:3d:21:cb:c5:a8:98:27:25:00:a5:
                    53:73:39:15:eb:47:8c:39:0b:2b:de:99:6b:91:ee:
                    3e:c0:14:d0:a7:23:1f:9b:b4:4a:ea:88:15:d7:63:
                    2b:8b:54:a3:d5:16:43:cf:3e:fe:db:a2:84:e9:d8:
                    f3:10:5f:04:22:4e:ad:48:ce:2f:a0:0f:a6:af:85:
                    eb:78:96:9f:8c:29:ee:a0:3e:b1:f2:3b:eb:82:83:
                    d8:65:ae:99:e5:a6:f8:30:10:39:ea:c0:aa:dd:69:
                    c9:b5:d3:d4:9b:33:3f:35:b5:2a:dd:7b:a3:eb:cc:
                    7a:d4:a3:24:b9:42:9e:18:06:a5:f8:63:68:75:b4:
                    3d:fc:f0:c2:31:fd:97:ec:71:db:1a:27:c6:21:0c:
                    41:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:4E:57:B7:12:EE:34:04:29:A0:EE:47:F4:FD:48:4B:87:52:A1:7E
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/V05XtxLuNAQpoO5H9P1IS4dSoX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.82.0/24
                  45.85.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:04:c7:ad:fa:83:0a:cc:a7:4a:88:51:9c:ab:9d:e8:90:7a:
         dd:ba:a6:df:11:1a:98:aa:1b:13:d8:e3:dc:ae:1d:ab:8a:4f:
         e4:5e:1b:c0:18:5f:6f:b9:ac:5b:f7:d4:ce:fe:63:64:90:77:
         cc:a1:39:36:cb:37:97:fc:2d:ba:0a:45:bf:f6:e1:87:ba:87:
         4a:3d:94:03:89:d7:ca:d7:68:e4:ee:58:1e:f3:55:cd:cf:c5:
         07:11:98:b0:e1:6b:7c:3c:c8:1f:b7:20:6a:53:93:d4:f1:7b:
         ff:63:d9:00:e4:27:f7:a5:69:28:78:7e:8b:c2:fd:2f:1a:37:
         6d:ac:95:33:ee:c7:ad:64:57:cb:7f:16:71:8a:2f:1f:74:14:
         0f:c1:d1:7e:32:76:e1:50:4d:3d:7a:fe:0e:89:9b:59:b6:06:
         38:0f:e9:76:e1:35:ec:e7:9f:b3:39:85:82:ba:3a:20:1c:5b:
         d8:5b:88:e1:0a:d0:c5:c0:6a:d2:f6:fd:56:28:2a:fb:43:85:
         ef:38:6b:d4:c2:fa:8a:05:39:1b:ba:c7:7b:7b:00:82:75:65:
         b1:52:45:d7:a7:de:38:27:80:4f:cd:dd:54:03:bd:f7:d2:6c:
         7d:ac:f1:eb:71:c9:fe:13:8f:a8:4b:f6:20:0e:04:13:9e:40:
         ff:d9:e3:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+2Ost2cexhlOXZ9eP2D+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MzNlZjQ2MTE2ZmQ5ZDIxYmZiNTMzZTQ0YmRlNTE3ODkw
YzI0ZGMwHhcNMjUwMTAxMTc0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzRlNTdiNzEyZWUzNDA0MjlhMGVlNDdmNGZkNDg0Yjg3NTJhMTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUcPbMGxrj+gSgtjFEOnQjbU1GTN
kIE3R+3TvERjAINQ5mx4q5kM+KG5y5RLsW3iK1HDceBqlq5P/3+W7yMxz4Jvc9km
YQqTZ9QYTHNUApcTc3cnk87bUpxNL9s9DFZ15+6P7UIdk7VMoklpMz0hy8WomCcl
AKVTczkV60eMOQsr3plrke4+wBTQpyMfm7RK6ogV12Mri1Sj1RZDzz7+26KE6djz
EF8EIk6tSM4voA+mr4XreJafjCnuoD6x8jvrgoPYZa6Z5ab4MBA56sCq3WnJtdPU
mzM/NbUq3Xuj68x61KMkuUKeGAal+GNodbQ9/PDCMf2X7HHbGifGIQxBywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFdOV7cS7jQEKaDuR/T9SEuHUqF+MB8GA1UdIwQY
MBaAFIUz70YRb9nSG/tTPkS95ReJDCTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAt
NzM5MjNkYWVmMTE0LzEvVjA1WHR4THVOQVFwb081SDlQMUlTNGRTb1g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAtNzM5MjNkYWVmMTE0
LzEvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQ5SAwQA
LVWAMA0GCSqGSIb3DQEBCwUAA4IBAQBjBMet+oMKzKdKiFGcq53okHrduqbfERqY
qhsT2OPcrh2rik/kXhvAGF9vuaxb99TO/mNkkHfMoTk2yzeX/C26CkW/9uGHuodK
PZQDidfK12jk7lge81XNz8UHEZiw4Wt8PMgftyBqU5PU8Xv/Y9kA5Cf3pWkoeH6L
wv0vGjdtrJUz7setZFfLfxZxii8fdBQPwdF+MnbhUE09ev4OiZtZtgY4D+l24TXs
55+zOYWCujogHFvYW4jhCtDFwGrS9v1WKCr7Q4XvOGvUwvqKBTkbusd7ewCCdWWx
UkXXp944J4BPzd1UA7330mx9rPHrccn+E4+oS/YgDgQTnkD/2eNd
-----END CERTIFICATE-----