Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/saRTVdpqQA0OCzsMYir3B6BlFes.roa
File:                     saRTVdpqQA0OCzsMYir3B6BlFes.roa (raw, json)
Hash identifier:          nWaisSWXPPt/Ku1COahUOFAKdzpunAhgMbmaca4maXE=
Subject key identifier:   B1:A4:53:55:DA:6A:40:0D:0E:0B:3B:0C:62:2A:F7:07:A0:65:15:EB
Certificate issuer:       /CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
Certificate serial:       019426D95C905751349EBC697225EA2D74D8
Authority key identifier: 76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/saRTVdpqQA0OCzsMYir3B6BlFes.roa
Signing time:             Thu 02 Jan 2025 11:49:26 +0000
ROA not before:           Thu 02 Jan 2025 11:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        45.91.148.0/24 maxlen: 24
                          194.62.16.0/24 maxlen: 24
                          213.109.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:5c:90:57:51:34:9e:bc:69:72:25:ea:2d:74:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
        Validity
            Not Before: Jan  2 11:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1a45355da6a400d0e0b3b0c622af707a06515eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d9:22:5b:88:1c:a3:1f:0a:41:31:48:c8:d1:
                    6a:18:d6:9c:35:bb:7b:ea:ac:ee:9b:ac:ec:20:d5:
                    27:45:86:71:c9:0d:84:72:89:6f:00:ac:f3:0e:d0:
                    07:d2:f5:98:59:c9:7b:80:3b:a4:6f:a1:f9:4a:3c:
                    1d:a0:fd:7b:e9:82:17:4e:97:2c:15:d5:0b:b9:68:
                    69:94:77:88:8e:48:bd:bf:8d:3f:d1:0d:00:31:95:
                    e7:8b:09:f2:df:99:7d:51:c2:06:a4:72:c6:fe:e0:
                    60:20:57:da:93:e4:5f:bc:55:c7:55:ff:64:64:1b:
                    cf:b4:56:d4:c0:a7:0c:26:94:0e:d5:60:93:fc:2a:
                    49:b0:bd:1d:16:cf:51:4e:e1:73:0a:2b:ae:4b:e8:
                    66:19:cf:12:54:b9:46:e0:67:d3:d6:5e:ef:fb:3f:
                    11:77:45:b3:b8:23:82:08:56:8f:3f:5e:8d:23:5f:
                    18:f2:c4:1c:44:c9:de:52:0c:e4:d9:c3:e7:20:98:
                    2f:f0:c8:dc:13:da:e7:ba:a5:da:01:6d:42:a2:36:
                    b1:de:54:d1:8a:ce:4a:7c:a9:75:fc:98:49:66:67:
                    c9:9a:8c:c9:3a:60:28:ca:c9:f7:cb:fc:e0:1c:42:
                    65:93:f7:67:41:1c:4f:94:e1:b8:1c:fc:6b:51:2b:
                    fd:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:A4:53:55:DA:6A:40:0D:0E:0B:3B:0C:62:2A:F7:07:A0:65:15:EB
            X509v3 Authority Key Identifier:
                keyid:76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/saRTVdpqQA0OCzsMYir3B6BlFes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.148.0/24
                  194.62.16.0/24
                  213.109.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:b5:0c:f0:e3:c6:b3:53:41:8e:6e:8d:9f:4b:69:e7:1b:fd:
         f4:53:4f:ce:80:ff:1e:23:3d:b8:0a:e0:2d:8f:d4:b8:d1:03:
         5d:a3:c0:18:af:04:c8:ae:87:c3:60:70:06:30:10:a0:b5:2b:
         6c:a8:3d:40:ab:60:1f:df:42:29:b7:14:6f:a9:86:79:c8:e2:
         93:af:e6:ea:9a:87:e2:54:3d:4c:b3:7b:6f:56:df:25:ae:f6:
         e1:35:55:49:8b:62:74:af:a4:aa:8a:aa:33:b2:3f:d3:bf:53:
         be:8c:26:4a:be:90:d1:6c:5e:20:c0:4e:b9:9f:86:99:55:86:
         d2:09:dc:10:f1:da:25:fd:ab:c5:50:89:42:eb:1f:44:8d:f4:
         bd:8c:16:62:e3:d0:0f:b3:9d:86:f3:d7:d7:4f:b7:6a:3d:26:
         96:c7:f7:40:e4:b3:f7:2e:79:a1:35:08:75:65:df:e1:32:d7:
         68:2d:23:ea:a3:72:31:16:ce:0a:1a:84:22:e1:43:13:75:5d:
         c4:96:c9:91:49:cc:31:fc:f5:7d:48:4f:40:7e:b2:1c:b5:e7:
         9c:6d:b6:f2:9e:47:52:95:13:17:07:2b:a6:f6:78:27:57:55:
         2c:44:4b:ee:9c:0d:ca:db:51:f4:3f:50:ab:97:ce:48:07:31:
         a4:3c:54:f3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQm2VyQV1E0nrxpciXqLXTYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2YzYmQ0YmZiZDMwNzFjMzhjZDRkNzA5MmJkMzQ5MDky
MGMzZDkwHhcNMjUwMTAyMTE0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWE0NTM1NWRhNmE0MDBkMGUwYjNiMGM2MjJhZjcwN2EwNjUxNWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNkiW4gcox8KQTFIyNFqGNacNbt7
6qzum6zsINUnRYZxyQ2EcolvAKzzDtAH0vWYWcl7gDukb6H5SjwdoP176YIXTpcs
FdULuWhplHeIjki9v40/0Q0AMZXniwny35l9UcIGpHLG/uBgIFfak+RfvFXHVf9k
ZBvPtFbUwKcMJpQO1WCT/CpJsL0dFs9RTuFzCiuuS+hmGc8SVLlG4GfT1l7v+z8R
d0WzuCOCCFaPP16NI18Y8sQcRMneUgzk2cPnIJgv8MjcE9rnuqXaAW1Cojax3lTR
is5KfKl1/JhJZmfJmozJOmAoysn3y/zgHEJlk/dnQRxPlOG4HPxrUSv9FQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLGkU1XaakANDgs7DGIq9wegZRXrMB8GA1UdIwQY
MBaAFHZ/O9S/vTBxw4zU1wkr00kJIMPZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgt
NGZiNTU5YjNiOWIzLzEvc2FSVFZkcHFRQTBPQ3pzTVlpcjNCNkJsRmVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgtNGZiNTU5YjNiOWIz
LzEvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVuUAwQA
wj4QAwQA1W2YMA0GCSqGSIb3DQEBCwUAA4IBAQBEtQzw48azU0GObo2fS2nnG/30
U0/OgP8eIz24CuAtj9S40QNdo8AYrwTIrofDYHAGMBCgtStsqD1Aq2Af30IptxRv
qYZ5yOKTr+bqmofiVD1Ms3tvVt8lrvbhNVVJi2J0r6Sqiqozsj/Tv1O+jCZKvpDR
bF4gwE65n4aZVYbSCdwQ8dol/avFUIlC6x9EjfS9jBZi49APs52G89fXT7dqPSaW
x/dA5LP3LnmhNQh1Zd/hMtdoLSPqo3IxFs4KGoQi4UMTdV3ElsmRScwx/PV9SE9A
frIcteecbbbynkdSlRMXByum9ngnV1UsREvunA3K21H0P1Crl85IBzGkPFTz
-----END CERTIFICATE-----