Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/vTYkTnZMEaqfhCdiY5ia6c9viZw.roa
File:                     vTYkTnZMEaqfhCdiY5ia6c9viZw.roa (raw, json)
Hash identifier:          m5F7OL9Eo2LVurzs6A9iXzsVS70f86h9K1zL5V462Uc=
Subject key identifier:   BD:36:24:4E:76:4C:11:AA:9F:84:27:62:63:98:9A:E9:CF:6F:89:9C
Certificate issuer:       /CN=4beccc9d1a76e91469cb63b12bf725d7debafb1b
Certificate serial:       019424B3B7B7EF6265FE983FFDA424E56EAB
Authority key identifier: 4B:EC:CC:9D:1A:76:E9:14:69:CB:63:B1:2B:F7:25:D7:DE:BA:FB:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/vTYkTnZMEaqfhCdiY5ia6c9viZw.roa
Signing time:             Thu 02 Jan 2025 01:49:05 +0000
ROA not before:           Thu 02 Jan 2025 01:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50316
IP address blocks:        45.82.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 22:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:b7:b7:ef:62:65:fe:98:3f:fd:a4:24:e5:6e:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4beccc9d1a76e91469cb63b12bf725d7debafb1b
        Validity
            Not Before: Jan  2 01:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd36244e764c11aa9f84276263989ae9cf6f899c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f7:68:af:5b:1d:46:d3:90:21:42:b9:f8:92:
                    0f:0b:73:fd:a0:c4:34:b7:2a:28:ba:48:ef:b5:9a:
                    c3:3f:58:5a:82:06:e0:f1:0d:32:79:fe:68:ff:7c:
                    39:a3:b2:90:4a:bc:7a:6f:f8:ea:fc:25:32:77:c9:
                    d9:87:98:5c:b1:40:c1:93:04:ad:4d:f7:01:6b:ca:
                    0e:d1:80:04:40:2b:ef:13:eb:d3:b1:6b:dc:59:d8:
                    86:8a:cc:6a:b1:ff:18:f3:7a:2c:6e:a9:ab:b8:4a:
                    78:bf:b0:14:62:8d:93:9b:01:75:0f:7b:d2:63:35:
                    94:f4:96:b4:13:c9:99:9f:db:95:e7:fe:ca:98:7a:
                    0c:60:e2:9a:2a:0c:8a:6e:21:57:11:da:8b:66:ea:
                    76:f6:3f:33:91:d1:00:0c:cc:24:ad:9c:db:eb:d2:
                    98:78:d3:50:88:86:c9:99:3e:35:66:06:eb:b7:79:
                    e0:a1:36:d7:b9:f2:44:89:37:e1:6f:e1:c9:b9:e6:
                    6c:ae:a0:80:2a:02:1d:08:25:49:2c:74:ea:91:53:
                    1f:77:96:41:47:a1:2d:19:c3:12:9b:b0:16:68:10:
                    f6:e5:b3:4f:dd:7d:dd:24:04:b3:47:66:13:5f:fc:
                    19:ae:2e:3e:eb:0b:53:91:39:16:25:59:d9:0c:4f:
                    7b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:36:24:4E:76:4C:11:AA:9F:84:27:62:63:98:9A:E9:CF:6F:89:9C
            X509v3 Authority Key Identifier:
                keyid:4B:EC:CC:9D:1A:76:E9:14:69:CB:63:B1:2B:F7:25:D7:DE:BA:FB:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/vTYkTnZMEaqfhCdiY5ia6c9viZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:aa:c3:46:61:0b:b3:0c:76:4e:92:e0:bd:ee:43:07:a1:04:
         f4:2a:cc:65:a0:8c:61:d7:7a:0d:fc:aa:97:0d:56:1c:bf:26:
         78:ed:6b:bc:14:12:7d:be:b7:bd:43:21:ec:25:82:2a:53:10:
         a9:9e:91:f2:da:d3:bf:9e:cf:f4:d1:06:ac:2a:2e:eb:49:25:
         03:61:95:15:e2:f8:4d:07:e0:38:98:1b:cf:48:84:fe:24:9e:
         fe:fb:1b:ef:1b:99:12:44:b9:4f:12:e9:5b:ac:01:38:86:c2:
         95:2f:4a:44:d4:64:70:77:02:7d:ee:ef:25:97:15:44:0a:8b:
         2a:a3:0d:eb:43:b2:3c:f4:18:87:ef:d8:a5:46:d6:ec:b9:d8:
         d1:ed:cc:89:5e:b6:8c:88:2c:d5:a6:36:76:88:9f:fa:3f:c8:
         21:d9:61:21:dc:3c:53:e1:be:04:eb:e3:5f:81:26:65:ce:68:
         38:a6:2a:1f:ac:ed:b3:59:58:fd:ef:97:42:47:80:99:68:0a:
         35:22:2d:54:ac:e2:ac:10:ca:4b:af:35:04:6f:00:fb:a4:57:
         94:4a:22:21:94:4c:ad:0a:26:1f:0e:ca:e6:86:3c:27:4e:03:
         a7:16:9e:0d:88:48:bd:33:19:c6:1d:46:0d:29:e3:b1:fe:cf:
         f3:9e:39:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks7e372Jl/pg//aQk5W6rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZWNjYzlkMWE3NmU5MTQ2OWNiNjNiMTJiZjcyNWQ3ZGVi
YWZiMWIwHhcNMjUwMTAyMDE0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDM2MjQ0ZTc2NGMxMWFhOWY4NDI3NjI2Mzk4OWFlOWNmNmY4OTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/dor1sdRtOQIUK5+JIPC3P9oMQ0
tyooukjvtZrDP1haggbg8Q0yef5o/3w5o7KQSrx6b/jq/CUyd8nZh5hcsUDBkwSt
TfcBa8oO0YAEQCvvE+vTsWvcWdiGisxqsf8Y83osbqmruEp4v7AUYo2TmwF1D3vS
YzWU9Ja0E8mZn9uV5/7KmHoMYOKaKgyKbiFXEdqLZup29j8zkdEADMwkrZzb69KY
eNNQiIbJmT41Zgbrt3ngoTbXufJEiTfhb+HJueZsrqCAKgIdCCVJLHTqkVMfd5ZB
R6EtGcMSm7AWaBD25bNP3X3dJASzR2YTX/wZri4+6wtTkTkWJVnZDE97mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL02JE52TBGqn4QnYmOYmunPb4mcMB8GA1UdIwQY
MBaAFEvszJ0adukUactjsSv3JdfeuvsbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy16TW5ScDI2UlJweTJPeEtfY2wxOTY2LXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NjhmMTQtYTcyMS00NmYwLTkxOTkt
NGY0Yjk5NGUwZWIyLzEvdlRZa1RuWk1FYXFmaENkaVk1aWE2Yzl2aVp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NjhmMTQtYTcyMS00NmYwLTkxOTktNGY0Yjk5NGUwZWIy
LzEvUy16TW5ScDI2UlJweTJPeEtfY2wxOTY2LXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVLKMA0G
CSqGSIb3DQEBCwUAA4IBAQBpqsNGYQuzDHZOkuC97kMHoQT0KsxloIxh13oN/KqX
DVYcvyZ47Wu8FBJ9vre9QyHsJYIqUxCpnpHy2tO/ns/00QasKi7rSSUDYZUV4vhN
B+A4mBvPSIT+JJ7++xvvG5kSRLlPEulbrAE4hsKVL0pE1GRwdwJ97u8llxVECosq
ow3rQ7I89BiH79ilRtbsudjR7cyJXraMiCzVpjZ2iJ/6P8gh2WEh3DxT4b4E6+Nf
gSZlzmg4piofrO2zWVj975dCR4CZaAo1Ii1UrOKsEMpLrzUEbwD7pFeUSiIhlEyt
CiYfDsrmhjwnTgOnFp4NiEi9MxnGHUYNKeOx/s/znjmx
-----END CERTIFICATE-----