Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/lVD1-s3z_VEryG-EOJaasXYliY0.roa
File:                     lVD1-s3z_VEryG-EOJaasXYliY0.roa (raw, json)
Hash identifier:          h8oMIjXYTJbKfdwIFG8fjlG+UgURPlIi2HuuI8oOKSE=
Subject key identifier:   95:50:F5:FA:CD:F3:FD:51:2B:C8:6F:84:38:96:9A:B1:76:25:89:8D
Certificate issuer:       /CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
Certificate serial:       019427B57985DEECE1471A9D1BC41D4AA985
Authority key identifier: 82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/lVD1-s3z_VEryG-EOJaasXYliY0.roa
Signing time:             Thu 02 Jan 2025 15:49:51 +0000
ROA not before:           Thu 02 Jan 2025 15:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1239
IP address blocks:        45.157.72.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:79:85:de:ec:e1:47:1a:9d:1b:c4:1d:4a:a9:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
        Validity
            Not Before: Jan  2 15:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9550f5facdf3fd512bc86f8438969ab17625898d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:45:2b:80:04:72:0c:81:8d:93:f6:8c:ba:27:
                    c1:35:a7:da:fe:06:43:b9:99:8b:ff:df:e2:96:74:
                    ac:98:2d:79:16:69:66:a7:a6:a4:74:57:58:1e:6d:
                    01:95:a6:67:8a:fe:95:b0:78:ae:f8:2c:73:da:7b:
                    fd:b1:6b:ff:94:ce:58:6f:99:1d:7d:0f:38:5a:7c:
                    3b:17:a3:c5:1c:60:82:69:54:bf:9c:71:07:0c:09:
                    64:fc:c9:14:24:83:16:21:a2:72:c7:5b:22:eb:e5:
                    d1:de:b1:16:d6:14:73:d1:2b:ef:ac:3b:d8:c9:8f:
                    69:06:c4:ad:b2:2d:d6:c2:98:ca:04:02:3e:3d:ba:
                    17:40:b1:4d:c5:00:90:77:95:0e:b9:b8:ce:49:d4:
                    ac:4f:22:98:2d:6b:e3:0a:e5:d0:c6:23:74:98:a0:
                    9d:94:97:e1:69:ee:8d:43:68:03:54:a9:d9:28:59:
                    f4:f1:14:f8:62:b2:41:52:41:fc:90:00:3c:9c:4e:
                    14:ea:b4:b7:63:c4:59:cf:6c:f5:59:8a:cf:36:fb:
                    b7:43:c3:f9:16:71:68:f5:16:c0:75:19:32:a9:77:
                    7d:e5:df:94:28:ab:5d:c5:12:3c:d1:e2:33:31:e3:
                    ce:d6:7e:a6:d8:f7:bf:9f:5b:48:ac:fc:e3:48:e9:
                    37:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:50:F5:FA:CD:F3:FD:51:2B:C8:6F:84:38:96:9A:B1:76:25:89:8D
            X509v3 Authority Key Identifier:
                keyid:82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/lVD1-s3z_VEryG-EOJaasXYliY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:72:1c:ab:bd:61:77:ba:49:d8:96:aa:28:38:02:ee:bf:cc:
         3e:56:00:1e:2e:a3:88:83:31:87:1a:27:08:b2:0c:78:44:41:
         d1:1c:7e:6a:b9:39:f6:69:b0:5b:96:05:50:1f:ff:ac:d5:c3:
         4e:35:00:4f:45:8c:a1:73:ac:5e:ee:aa:25:ef:d5:8a:75:32:
         6f:43:9d:c8:2c:28:59:ee:16:73:e3:bb:4f:0d:4e:7a:8d:c3:
         f2:60:b3:61:2d:87:16:43:f9:9d:21:49:e9:3a:49:aa:d2:8c:
         39:9a:16:51:56:2b:b7:ff:2f:a1:f9:98:9f:d0:94:36:86:29:
         de:17:75:0b:d1:82:6d:c8:30:6d:ca:89:62:53:16:e4:ab:28:
         ad:01:bf:9a:22:f0:b4:19:19:49:82:31:ab:be:66:86:9e:1e:
         29:7a:96:6d:47:4e:ea:3c:b8:04:3e:90:cf:cb:06:07:0e:46:
         64:89:a6:bf:c6:f0:ba:4b:0b:ca:8f:0e:9a:59:f7:7b:70:0e:
         13:50:1f:d5:11:43:00:d0:37:1f:d2:a2:55:9d:38:f0:6b:5f:
         83:42:9c:0e:ce:2c:1d:2c:a2:5c:2f:53:37:dc:3c:ff:d2:78:
         b3:b8:b9:29:3c:21:f3:b3:66:b5:8b:1a:a6:99:e3:a8:79:8e:
         ad:e7:f9:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntXmF3uzhRxqdG8QdSqmFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMWEzZjIxZmIwYzI5NGQ2ZDRhNTI5YjJmMWRiZDRiZDEx
MTliZDcwHhcNMjUwMTAyMTU0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTUwZjVmYWNkZjNmZDUxMmJjODZmODQzODk2OWFiMTc2MjU4OThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkUrgARyDIGNk/aMuifBNafa/gZD
uZmL/9/ilnSsmC15Fmlmp6akdFdYHm0BlaZniv6VsHiu+Cxz2nv9sWv/lM5Yb5kd
fQ84Wnw7F6PFHGCCaVS/nHEHDAlk/MkUJIMWIaJyx1si6+XR3rEW1hRz0SvvrDvY
yY9pBsStsi3WwpjKBAI+PboXQLFNxQCQd5UOubjOSdSsTyKYLWvjCuXQxiN0mKCd
lJfhae6NQ2gDVKnZKFn08RT4YrJBUkH8kAA8nE4U6rS3Y8RZz2z1WYrPNvu3Q8P5
FnFo9RbAdRkyqXd95d+UKKtdxRI80eIzMePO1n6m2Pe/n1tIrPzjSOk3+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJVQ9frN8/1RK8hvhDiWmrF2JYmNMB8GA1UdIwQY
MBaAFIIaPyH7DClNbUpSmy8dvUvREZvXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMt
YjZmMmFjODZlZjI3LzEvbFZEMS1zM3pfVkVyeUctRU9KYWFzWFlsaVkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMtYjZmMmFjODZlZjI3
LzEvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZ1IMA0G
CSqGSIb3DQEBCwUAA4IBAQBTchyrvWF3uknYlqooOALuv8w+VgAeLqOIgzGHGicI
sgx4REHRHH5quTn2abBblgVQH/+s1cNONQBPRYyhc6xe7qol79WKdTJvQ53ILChZ
7hZz47tPDU56jcPyYLNhLYcWQ/mdIUnpOkmq0ow5mhZRViu3/y+h+Zif0JQ2hine
F3UL0YJtyDBtyoliUxbkqyitAb+aIvC0GRlJgjGrvmaGnh4pepZtR07qPLgEPpDP
ywYHDkZkiaa/xvC6SwvKjw6aWfd7cA4TUB/VEUMA0Dcf0qJVnTjwa1+DQpwOziwd
LKJcL1M33Dz/0nizuLkpPCHzs2a1ixqmmeOoeY6t5/nr
-----END CERTIFICATE-----