Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/tAGqHWpkQw0giajHMwWi-gQSCPY.roa
File:                     tAGqHWpkQw0giajHMwWi-gQSCPY.roa (raw, json)
Hash identifier:          dkPgoKFrLMzVm5FMtr3H3ipENsq7fpzYhSx+TXox0zc=
Subject key identifier:   B4:01:AA:1D:6A:64:43:0D:20:89:A8:C7:33:05:A2:FA:04:12:08:F6
Certificate issuer:       /CN=8a1ce1d135bf2cf8e8c13f33ec11c8523703dc75
Certificate serial:       0196426EF6760858D33858B2BED2AD475475
Authority key identifier: 8A:1C:E1:D1:35:BF:2C:F8:E8:C1:3F:33:EC:11:C8:52:37:03:DC:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ihzh0TW_LPjowT8z7BHIUjcD3HU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/tAGqHWpkQw0giajHMwWi-gQSCPY.roa
Signing time:             Thu 17 Apr 2025 06:28:10 +0000
ROA not before:           Thu 17 Apr 2025 06:28:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214903
IP address blocks:        45.133.102.0/23 maxlen: 23
                          45.133.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/ihzh0TW_LPjowT8z7BHIUjcD3HU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/ihzh0TW_LPjowT8z7BHIUjcD3HU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ihzh0TW_LPjowT8z7BHIUjcD3HU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 00:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:42:6e:f6:76:08:58:d3:38:58:b2:be:d2:ad:47:54:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a1ce1d135bf2cf8e8c13f33ec11c8523703dc75
        Validity
            Not Before: Apr 17 06:28:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b401aa1d6a64430d2089a8c73305a2fa041208f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f2:e6:aa:75:07:bd:dd:e5:93:02:c4:0a:38:
                    92:74:4d:29:db:e2:13:0a:45:96:1f:76:23:38:62:
                    26:86:38:f1:8d:48:9b:f9:db:ea:fb:3b:81:c0:8c:
                    41:f4:06:66:cc:90:59:93:12:99:85:b4:e4:fa:bb:
                    49:4f:91:2d:b6:47:44:1c:5a:16:a1:a3:17:19:30:
                    f6:58:8b:fa:66:55:b2:3c:0f:30:f9:93:dc:c1:c8:
                    65:6a:d6:c4:c1:f8:e5:11:8c:02:94:09:dc:01:d5:
                    cf:71:e0:fe:2d:52:37:2e:b7:86:64:84:6b:0e:82:
                    fa:e6:c9:e1:50:06:8c:60:5f:b4:94:d0:82:75:cd:
                    f5:9b:16:85:07:a9:e9:4b:e9:bb:de:be:9d:1c:36:
                    d5:14:d1:bd:76:ea:79:17:58:19:64:fc:73:e1:24:
                    2c:56:2f:6f:44:a1:cd:b3:6f:12:72:0e:09:54:f3:
                    fc:eb:bb:10:88:70:b8:b0:e7:7b:8d:d4:57:da:42:
                    a7:f4:09:4d:e8:9e:3a:72:61:3b:c2:f9:85:30:a0:
                    04:13:09:c9:62:95:76:45:20:ef:09:2b:60:ee:df:
                    6c:a9:8c:1a:ce:8e:7f:37:1e:2d:6e:76:de:55:ab:
                    1d:05:2b:ce:b8:1a:05:31:09:6b:fe:40:f8:f7:b1:
                    bf:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:01:AA:1D:6A:64:43:0D:20:89:A8:C7:33:05:A2:FA:04:12:08:F6
            X509v3 Authority Key Identifier:
                keyid:8A:1C:E1:D1:35:BF:2C:F8:E8:C1:3F:33:EC:11:C8:52:37:03:DC:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ihzh0TW_LPjowT8z7BHIUjcD3HU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/tAGqHWpkQw0giajHMwWi-gQSCPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/ihzh0TW_LPjowT8z7BHIUjcD3HU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:12:f9:93:3a:12:4b:63:d6:94:8a:44:b0:e6:a1:cb:c4:b5:
         57:25:5b:a6:1d:c5:bc:93:32:7b:9e:b2:1e:f3:9b:56:32:77:
         3e:60:cb:85:e4:6f:d3:50:11:62:70:e5:7c:cb:32:fc:9d:20:
         e9:18:29:5e:b5:b1:16:be:f0:4a:c2:46:1b:34:80:f5:8a:7e:
         6b:e9:d6:43:9d:8b:76:d6:ee:24:29:59:89:4d:c8:70:cf:15:
         e4:3f:cc:27:da:cc:db:f7:32:86:ba:05:6b:84:6f:16:64:73:
         88:b1:ab:f9:a7:0b:fb:17:ed:42:39:07:eb:85:0c:d9:87:9b:
         42:bf:77:87:bc:7b:29:95:13:e1:eb:3d:d7:de:ed:c8:90:97:
         cb:3b:ac:28:95:32:4e:74:a5:36:33:ba:62:6e:1a:2a:8a:80:
         86:08:ec:95:01:d2:db:0a:a6:bc:d7:f1:a3:97:f2:4d:a8:ba:
         54:b8:8d:fb:07:36:ca:ba:1c:d7:cf:ac:7f:55:7f:e9:0f:8e:
         71:ac:0d:5b:bc:80:50:6b:79:98:e9:92:87:e5:25:f3:c3:d7:
         de:70:28:aa:c5:ea:2e:5b:00:c3:4b:47:f6:98:b9:cc:93:79:
         52:ef:cf:c1:88:4e:8c:58:31:fd:72:ad:9c:0f:60:41:ad:ce:
         25:9d:92:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZCbvZ2CFjTOFiyvtKtR1R1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMWNlMWQxMzViZjJjZjhlOGMxM2YzM2VjMTFjODUyMzcw
M2RjNzUwHhcNMjUwNDE3MDYyODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDAxYWExZDZhNjQ0MzBkMjA4OWE4YzczMzA1YTJmYTA0MTIwOGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfLmqnUHvd3lkwLECjiSdE0p2+IT
CkWWH3YjOGImhjjxjUib+dvq+zuBwIxB9AZmzJBZkxKZhbTk+rtJT5EttkdEHFoW
oaMXGTD2WIv6ZlWyPA8w+ZPcwchlatbEwfjlEYwClAncAdXPceD+LVI3LreGZIRr
DoL65snhUAaMYF+0lNCCdc31mxaFB6npS+m73r6dHDbVFNG9dup5F1gZZPxz4SQs
Vi9vRKHNs28Scg4JVPP867sQiHC4sOd7jdRX2kKn9AlN6J46cmE7wvmFMKAEEwnJ
YpV2RSDvCStg7t9sqYwazo5/Nx4tbnbeVasdBSvOuBoFMQlr/kD497G/MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQBqh1qZEMNIImoxzMFovoEEgj2MB8GA1UdIwQY
MBaAFIoc4dE1vyz46ME/M+wRyFI3A9x1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWh6aDBUV19MUGpvd1Q4ejdCSElVamNEM0hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kYWY5NjAtZDA2MC00OWZjLWFmNDIt
ZGVlMjkyZWE4N2EzLzEvdEFHcUhXcGtRdzBnaWFqSE13V2ktZ1FTQ1BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kYWY5NjAtZDA2MC00OWZjLWFmNDItZGVlMjkyZWE4N2Ez
LzEvaWh6aDBUV19MUGpvd1Q4ejdCSElVamNEM0hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYVmMA0G
CSqGSIb3DQEBCwUAA4IBAQCbEvmTOhJLY9aUikSw5qHLxLVXJVumHcW8kzJ7nrIe
85tWMnc+YMuF5G/TUBFicOV8yzL8nSDpGCletbEWvvBKwkYbNID1in5r6dZDnYt2
1u4kKVmJTchwzxXkP8wn2szb9zKGugVrhG8WZHOIsav5pwv7F+1COQfrhQzZh5tC
v3eHvHsplRPh6z3X3u3IkJfLO6wolTJOdKU2M7pibhoqioCGCOyVAdLbCqa81/Gj
l/JNqLpUuI37BzbKuhzXz6x/VX/pD45xrA1bvIBQa3mY6ZKH5SXzw9fecCiqxeou
WwDDS0f2mLnMk3lS78/BiE6MWDH9cq2cD2BBrc4lnZIm
-----END CERTIFICATE-----