Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/RjclhfmYJs-nn3YIpui-vTkLCP4.roa
File:                     RjclhfmYJs-nn3YIpui-vTkLCP4.roa (raw, json)
Hash identifier:          kHAmt3kfei8Efn3czRaKzPGSzcq/laoel6ixmjuKvgM=
Subject key identifier:   46:37:25:85:F9:98:26:CF:A7:9F:76:08:A6:E8:BE:BD:39:0B:08:FE
Certificate issuer:       /CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
Certificate serial:       019428269FA7FCDE681580DB8C3D95A2B7B5
Authority key identifier: 71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/RjclhfmYJs-nn3YIpui-vTkLCP4.roa
Signing time:             Thu 02 Jan 2025 17:53:27 +0000
ROA not before:           Thu 02 Jan 2025 17:53:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200131
IP address blocks:        45.159.92.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:9f:a7:fc:de:68:15:80:db:8c:3d:95:a2:b7:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
        Validity
            Not Before: Jan  2 17:53:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46372585f99826cfa79f7608a6e8bebd390b08fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:1d:16:47:2f:f6:eb:49:6c:f2:b3:45:47:23:
                    da:79:53:55:fa:4e:3d:bc:d6:95:3a:06:3f:21:0d:
                    15:34:a0:79:79:c0:c4:dd:54:72:99:0a:0f:fc:3d:
                    7e:48:9d:ea:a9:6e:6d:96:ee:b2:16:47:cd:70:8c:
                    37:fa:4f:69:83:10:47:88:c5:94:15:ef:5e:9e:10:
                    f9:4b:c9:a9:b4:51:cc:33:1a:3f:6b:be:3e:76:ac:
                    f1:b6:31:a1:05:37:0f:c0:19:09:7e:29:71:2e:b9:
                    7e:40:a9:b1:39:49:7a:e5:ae:a6:53:a6:85:8d:53:
                    74:06:90:3e:0e:13:c3:cb:21:b7:a7:24:26:79:b6:
                    38:51:96:05:72:d6:af:8c:8e:08:13:b0:3e:82:61:
                    87:19:d5:38:79:5d:f0:a0:19:cc:5c:14:32:49:ae:
                    78:5a:38:36:62:f2:26:d0:f9:4d:12:3a:07:7a:6c:
                    e9:ef:fc:c5:a3:c5:c8:a2:6a:e7:4e:9f:dd:5b:83:
                    84:ac:74:1f:b1:72:71:2d:87:2b:d5:6f:27:1b:82:
                    a5:2e:6e:ff:75:b8:90:5d:0d:c2:ec:30:c0:d6:e7:
                    d2:a3:52:16:f3:80:7a:1a:0c:89:69:95:8f:31:41:
                    23:ad:0c:4e:af:b5:26:d6:44:a4:2d:c0:5e:17:1e:
                    da:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:37:25:85:F9:98:26:CF:A7:9F:76:08:A6:E8:BE:BD:39:0B:08:FE
            X509v3 Authority Key Identifier:
                keyid:71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/RjclhfmYJs-nn3YIpui-vTkLCP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:f1:f7:4d:cb:4f:3a:b3:10:8d:02:3b:e3:e4:0d:50:b5:b9:
         44:80:00:c5:d5:5b:39:f2:aa:4f:73:6c:3b:40:21:c6:25:2e:
         33:4f:aa:30:7d:de:2c:a8:fe:c6:f2:fc:be:c2:90:6a:8d:5b:
         ec:d5:80:51:d9:19:f9:f8:88:bd:26:1d:37:93:73:e9:b5:ee:
         dd:77:b9:da:26:5a:80:72:02:a9:d5:63:af:6c:a5:97:d5:c8:
         c0:fd:1c:f3:7f:c2:a9:59:71:80:6b:80:3a:8e:8a:fb:80:40:
         62:d1:01:e9:ca:55:c8:9f:84:4e:92:ff:f6:e7:ca:16:3f:b5:
         29:03:3a:c4:4b:c7:24:2b:5e:44:8c:ea:b0:54:2c:df:77:b8:
         6f:7d:b1:42:38:92:bb:df:88:88:2b:3a:ab:65:13:2f:54:5a:
         1f:bb:80:a7:b1:36:1c:37:38:35:3e:55:b7:62:02:4f:51:3e:
         81:8f:f2:c2:f2:10:01:d0:99:bf:3b:ba:7b:54:b9:e7:f1:9e:
         08:ed:ce:b0:21:d0:47:49:f8:36:8d:de:13:39:b6:e3:32:5e:
         db:74:22:2a:5e:ef:ca:fd:50:ec:37:fd:aa:c4:09:af:ad:99:
         32:d7:9c:ec:bb:1c:a8:6f:b8:9f:01:eb:81:82:44:7d:1a:ff:
         2d:bb:89:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJp+n/N5oFYDbjD2Vore1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYmRkZWFmMGYzMGZiZGFmOWU3NWI5MmFjN2Q1YmQxM2Yy
ODVkZTcwHhcNMjUwMTAyMTc1MzI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjM3MjU4NWY5OTgyNmNmYTc5Zjc2MDhhNmU4YmViZDM5MGIwOGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArx0WRy/260ls8rNFRyPaeVNV+k49
vNaVOgY/IQ0VNKB5ecDE3VRymQoP/D1+SJ3qqW5tlu6yFkfNcIw3+k9pgxBHiMWU
Fe9enhD5S8mptFHMMxo/a74+dqzxtjGhBTcPwBkJfilxLrl+QKmxOUl65a6mU6aF
jVN0BpA+DhPDyyG3pyQmebY4UZYFctavjI4IE7A+gmGHGdU4eV3woBnMXBQySa54
Wjg2YvIm0PlNEjoHemzp7/zFo8XIomrnTp/dW4OErHQfsXJxLYcr1W8nG4KlLm7/
dbiQXQ3C7DDA1ufSo1IW84B6GgyJaZWPMUEjrQxOr7Um1kSkLcBeFx7a8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEY3JYX5mCbPp592CKbovr05Cwj+MB8GA1UdIwQY
MBaAFHG93q8PMPva+edbkqx9W9E/KF3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUt
NDc3MjMxMTkxYTM1LzEvUmpjbGhmbVlKcy1ubjNZSXB1aS12VGtMQ1A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUtNDc3MjMxMTkxYTM1
LzEvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ9cMA0G
CSqGSIb3DQEBCwUAA4IBAQCm8fdNy086sxCNAjvj5A1QtblEgADF1Vs58qpPc2w7
QCHGJS4zT6owfd4sqP7G8vy+wpBqjVvs1YBR2Rn5+Ii9Jh03k3Ppte7dd7naJlqA
cgKp1WOvbKWX1cjA/Rzzf8KpWXGAa4A6jor7gEBi0QHpylXIn4ROkv/258oWP7Up
AzrES8ckK15EjOqwVCzfd7hvfbFCOJK734iIKzqrZRMvVFofu4CnsTYcNzg1PlW3
YgJPUT6Bj/LC8hAB0Jm/O7p7VLnn8Z4I7c6wIdBHSfg2jd4TObbjMl7bdCIqXu/K
/VDsN/2qxAmvrZky15zsuxyob7ifAeuBgkR9Gv8tu4k9
-----END CERTIFICATE-----