Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/htodApNLGhLpFMruOMlntyiGeOc.roa
File:                     htodApNLGhLpFMruOMlntyiGeOc.roa (raw, json)
Hash identifier:          cFfgGJzFfvTMD4F+KAnyyiaMBsfRll7IR2YZJcMoxkc=
Subject key identifier:   86:DA:1D:02:93:4B:1A:12:E9:14:CA:EE:38:C9:67:B7:28:86:78:E7
Certificate issuer:       /CN=411a2a9405bda1671c10776f4426273c904e4ad0
Certificate serial:       0194258E6AD2431A040E2139FEA90B9C729B
Authority key identifier: 41:1A:2A:94:05:BD:A1:67:1C:10:77:6F:44:26:27:3C:90:4E:4A:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/htodApNLGhLpFMruOMlntyiGeOc.roa
Signing time:             Thu 02 Jan 2025 05:47:57 +0000
ROA not before:           Thu 02 Jan 2025 05:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        45.11.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:6a:d2:43:1a:04:0e:21:39:fe:a9:0b:9c:72:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411a2a9405bda1671c10776f4426273c904e4ad0
        Validity
            Not Before: Jan  2 05:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86da1d02934b1a12e914caee38c967b7288678e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f2:a0:a6:83:97:25:f8:4f:fa:ed:aa:f0:66:
                    ca:75:1a:c4:4d:f5:30:a2:27:36:d9:e9:59:92:f5:
                    8c:75:f9:ca:eb:79:5e:8d:12:2c:78:c4:d2:85:c8:
                    c1:ef:01:a1:62:0b:22:18:ac:e5:f4:98:eb:d7:ca:
                    cb:90:33:e4:80:2d:45:06:c7:64:b9:cc:83:31:ba:
                    ee:59:fd:9b:af:0e:90:45:ca:ef:0c:f9:52:2a:85:
                    a2:f0:36:54:dd:ee:b4:fb:2c:74:5c:24:9e:93:e0:
                    03:5d:a6:9a:a5:ad:d3:41:c8:e7:8e:6a:cd:85:f5:
                    7b:64:ac:9f:7f:f0:d1:1a:45:a8:6e:bd:9b:17:4c:
                    09:c2:8b:03:54:20:71:3b:4d:76:51:90:2b:7c:0f:
                    94:7d:f8:73:5a:ed:f5:ac:05:8e:93:34:19:28:58:
                    39:8c:7a:a0:82:65:a9:7f:7e:e7:a8:71:4f:95:4d:
                    3c:a4:fa:55:76:41:c4:28:d1:ad:a8:ad:9e:75:6a:
                    88:79:95:7d:e4:4d:bf:65:6c:01:16:76:c1:3c:bb:
                    13:02:a5:bf:aa:9a:09:39:17:97:75:df:2b:c7:95:
                    52:76:96:b7:25:53:d3:7c:28:05:aa:b2:3a:6a:d0:
                    47:f2:e2:a1:b6:68:a2:70:b4:8d:ca:09:c8:51:6d:
                    d7:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:DA:1D:02:93:4B:1A:12:E9:14:CA:EE:38:C9:67:B7:28:86:78:E7
            X509v3 Authority Key Identifier:
                keyid:41:1A:2A:94:05:BD:A1:67:1C:10:77:6F:44:26:27:3C:90:4E:4A:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/htodApNLGhLpFMruOMlntyiGeOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:46:af:23:6e:d5:ec:ef:88:93:85:6f:78:19:24:13:85:ef:
         f5:a9:16:69:5a:83:6f:56:87:f5:79:1d:05:dc:ab:4e:04:45:
         9f:31:cc:14:4a:e7:e8:11:20:50:1d:cc:ca:58:5c:43:e7:69:
         8d:5f:5d:d2:f2:35:e7:db:25:85:c7:5d:3e:48:dd:67:70:8c:
         2f:63:e8:aa:1b:a9:c0:23:97:1d:90:76:3c:ec:34:b5:d1:4d:
         a3:2a:d5:58:d7:93:d5:34:a8:79:64:df:63:43:3f:db:be:60:
         55:bd:44:f5:9b:da:57:35:ce:a9:57:60:57:e7:47:94:13:73:
         a2:98:a2:55:73:2a:ce:5a:07:5e:f8:4a:a1:76:77:cf:af:bf:
         3c:3f:90:5c:09:28:2c:2c:b6:0d:83:dd:9d:26:81:6a:0a:97:
         3e:51:27:26:4e:6f:dc:ea:1b:47:79:57:3b:af:9c:d4:28:1c:
         51:03:21:db:19:23:be:3a:97:ad:89:9c:92:30:e3:3d:64:2a:
         71:5c:66:4a:64:f6:7c:9c:55:99:28:39:9c:ad:f5:c9:15:8f:
         52:18:54:98:0f:10:e2:f1:2b:2c:ef:b3:e9:73:0e:3b:f6:96:
         0a:dc:03:65:66:62:06:e6:b4:ff:78:7a:42:3e:0f:09:17:82:
         a8:ec:ae:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljmrSQxoEDiE5/qkLnHKbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMWEyYTk0MDViZGExNjcxYzEwNzc2ZjQ0MjYyNzNjOTA0
ZTRhZDAwHhcNMjUwMTAyMDU0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmRhMWQwMjkzNGIxYTEyZTkxNGNhZWUzOGM5NjdiNzI4ODY3OGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvKgpoOXJfhP+u2q8GbKdRrETfUw
oic22elZkvWMdfnK63lejRIseMTShcjB7wGhYgsiGKzl9Jjr18rLkDPkgC1FBsdk
ucyDMbruWf2brw6QRcrvDPlSKoWi8DZU3e60+yx0XCSek+ADXaaapa3TQcjnjmrN
hfV7ZKyff/DRGkWobr2bF0wJwosDVCBxO012UZArfA+UffhzWu31rAWOkzQZKFg5
jHqggmWpf37nqHFPlU08pPpVdkHEKNGtqK2edWqIeZV95E2/ZWwBFnbBPLsTAqW/
qpoJOReXdd8rx5VSdpa3JVPTfCgFqrI6atBH8uKhtmiicLSNygnIUW3XZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbaHQKTSxoS6RTK7jjJZ7cohnjnMB8GA1UdIwQY
MBaAFEEaKpQFvaFnHBB3b0QmJzyQTkrQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVJvcWxBVzlvV2NjRUhkdlJDWW5QSkJPU3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9mZTY4NzAtMDk5MC00YzIxLTllNGQt
OGM1MmU2NjZhOGEyLzEvaHRvZEFwTkxHaExwRk1ydU9NbG50eWlHZU9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9mZTY4NzAtMDk5MC00YzIxLTllNGQtOGM1MmU2NjZhOGEy
LzEvUVJvcWxBVzlvV2NjRUhkdlJDWW5QSkJPU3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQv8MA0G
CSqGSIb3DQEBCwUAA4IBAQAtRq8jbtXs74iThW94GSQThe/1qRZpWoNvVof1eR0F
3KtOBEWfMcwUSufoESBQHczKWFxD52mNX13S8jXn2yWFx10+SN1ncIwvY+iqG6nA
I5cdkHY87DS10U2jKtVY15PVNKh5ZN9jQz/bvmBVvUT1m9pXNc6pV2BX50eUE3Oi
mKJVcyrOWgde+EqhdnfPr788P5BcCSgsLLYNg92dJoFqCpc+UScmTm/c6htHeVc7
r5zUKBxRAyHbGSO+OpetiZySMOM9ZCpxXGZKZPZ8nFWZKDmcrfXJFY9SGFSYDxDi
8Sss77Ppcw479pYK3ANlZmIG5rT/eHpCPg8JF4Ko7K5t
-----END CERTIFICATE-----