Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/a9GEjEfJcCoLq1YBVopjKay-NL0.roa
File:                     a9GEjEfJcCoLq1YBVopjKay-NL0.roa (raw, json)
Hash identifier:          tlfslAcvs/XswVsXIO/2poIa86W6lvd984uh5S/fVOw=
Subject key identifier:   6B:D1:84:8C:47:C9:70:2A:0B:AB:56:01:56:8A:63:29:AC:BE:34:BD
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       01973B3328757A1B0BFFE3B2CCF125F14B43
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/a9GEjEfJcCoLq1YBVopjKay-NL0.roa
Signing time:             Wed 04 Jun 2025 13:48:17 +0000
ROA not before:           Wed 04 Jun 2025 13:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     912
IP address blocks:        45.152.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 21:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3b:33:28:75:7a:1b:0b:ff:e3:b2:cc:f1:25:f1:4b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jun  4 13:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6bd1848c47c9702a0bab5601568a6329acbe34bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d6:79:8c:59:a6:0b:cc:72:98:cc:7c:07:c1:
                    f1:ee:02:47:97:b1:06:bb:52:5f:c6:2b:8c:02:62:
                    c1:d5:7a:b8:c7:9b:0e:25:76:b6:56:bd:03:26:20:
                    72:48:88:79:bf:55:cb:a8:46:f7:1b:84:86:08:38:
                    a3:bc:20:cd:6e:f8:a3:cc:18:c8:46:04:d2:15:40:
                    b6:66:6b:bf:4c:93:f3:e1:b4:20:9a:4c:dc:82:c8:
                    07:9f:fc:8e:ca:4d:99:3f:d6:e6:99:65:c5:f5:34:
                    bd:0d:1e:af:3e:97:62:13:cc:03:fb:13:ba:17:23:
                    65:13:6a:8e:30:c1:2c:3b:b2:67:e8:e5:34:68:21:
                    74:e7:39:63:7e:5b:93:b4:81:61:16:c0:8d:53:5e:
                    a0:65:fb:0a:f5:77:d9:9a:95:30:f3:cd:32:a9:72:
                    5a:b1:84:6a:5c:a1:51:dc:9c:7d:02:c4:c9:7e:86:
                    47:42:fd:e7:5d:11:62:2f:65:7c:6c:9c:74:1d:ad:
                    d9:43:d3:4c:49:39:60:27:98:ee:15:24:11:5e:df:
                    9a:0d:d4:b3:c5:56:42:53:6d:f8:a2:f7:53:af:41:
                    b1:f2:58:a2:c9:08:bb:40:00:32:b1:ae:b8:d2:0e:
                    5b:89:10:51:e9:39:86:4f:e3:49:60:36:87:16:d4:
                    e0:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:D1:84:8C:47:C9:70:2A:0B:AB:56:01:56:8A:63:29:AC:BE:34:BD
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/a9GEjEfJcCoLq1YBVopjKay-NL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:14:f9:2d:65:03:06:f7:09:f6:1c:a8:c0:00:43:84:1c:01:
         13:e8:6e:f0:c0:22:40:04:33:c1:99:82:ea:ec:fd:0e:b7:86:
         8c:64:49:a0:19:ce:ef:a1:e0:98:28:ae:d7:3f:b6:38:c7:4c:
         5f:62:a1:76:b6:52:d5:3f:d2:43:9d:1a:73:70:7e:c7:8a:7d:
         69:cc:f2:cd:3f:8b:65:63:0d:c6:08:49:1e:41:92:50:72:56:
         5c:fe:4e:1b:fe:49:d9:af:4f:8d:cc:c3:f7:ae:e8:d0:ea:d6:
         49:d5:2b:69:21:5b:f0:0a:e9:e7:00:4f:45:28:b5:d8:89:69:
         b4:38:3f:d3:76:10:74:c1:5b:81:ac:3a:11:28:ff:4a:bd:76:
         de:69:7c:97:3a:b9:10:9c:62:e2:82:f6:d9:d2:c3:58:b9:f5:
         3c:bc:19:67:38:8d:13:80:f5:d7:66:79:8c:95:d4:0a:74:b2:
         1c:6f:e9:e7:46:d0:27:8e:35:11:5c:a7:7e:58:c2:90:93:17:
         1d:dd:de:41:0b:4e:dc:df:3f:a2:6c:2f:6a:d1:94:c0:28:01:
         e2:8d:9e:a8:c6:dc:06:fe:6c:b2:23:2d:dc:9b:86:85:28:34:
         1b:c4:4f:4d:dc:95:6d:00:bb:60:5d:ca:5e:35:da:9f:c1:1b:
         b4:a4:b0:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc7Myh1ehsL/+OyzPEl8UtDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUwNjA0MTM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmQxODQ4YzQ3Yzk3MDJhMGJhYjU2MDE1NjhhNjMyOWFjYmUzNGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNZ5jFmmC8xymMx8B8Hx7gJHl7EG
u1JfxiuMAmLB1Xq4x5sOJXa2Vr0DJiBySIh5v1XLqEb3G4SGCDijvCDNbvijzBjI
RgTSFUC2Zmu/TJPz4bQgmkzcgsgHn/yOyk2ZP9bmmWXF9TS9DR6vPpdiE8wD+xO6
FyNlE2qOMMEsO7Jn6OU0aCF05zljfluTtIFhFsCNU16gZfsK9XfZmpUw880yqXJa
sYRqXKFR3Jx9AsTJfoZHQv3nXRFiL2V8bJx0Ha3ZQ9NMSTlgJ5juFSQRXt+aDdSz
xVZCU234ovdTr0Gx8liiyQi7QAAysa640g5biRBR6TmGT+NJYDaHFtTg+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvRhIxHyXAqC6tWAVaKYymsvjS9MB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvYTlHRWpFZkpjQ29McTFZQlZvcGpLYXktTkwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZg4MA0G
CSqGSIb3DQEBCwUAA4IBAQBZFPktZQMG9wn2HKjAAEOEHAET6G7wwCJABDPBmYLq
7P0Ot4aMZEmgGc7voeCYKK7XP7Y4x0xfYqF2tlLVP9JDnRpzcH7Hin1pzPLNP4tl
Yw3GCEkeQZJQclZc/k4b/knZr0+NzMP3rujQ6tZJ1StpIVvwCunnAE9FKLXYiWm0
OD/TdhB0wVuBrDoRKP9KvXbeaXyXOrkQnGLigvbZ0sNYufU8vBlnOI0TgPXXZnmM
ldQKdLIcb+nnRtAnjjURXKd+WMKQkxcd3d5BC07c3z+ibC9q0ZTAKAHijZ6oxtwG
/myyIy3cm4aFKDQbxE9N3JVtALtgXcpeNdqfwRu0pLA/
-----END CERTIFICATE-----