Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/pFxtApTW54EbBHD0oDAnh4jDG3E.roa
File:                     pFxtApTW54EbBHD0oDAnh4jDG3E.roa (raw, json)
Hash identifier:          gJNAVWKEII1RjZzGIybSB1Nkau8KmzUZnx0gYczpW88=
Subject key identifier:   A4:5C:6D:02:94:D6:E7:81:1B:04:70:F4:A0:30:27:87:88:C3:1B:71
Certificate issuer:       /CN=874b591b5d8f076eaf472e3ea45d3b5c8e1350a1
Certificate serial:       01941F8C9E71677D1B721A68DBFE3C788A67
Authority key identifier: 87:4B:59:1B:5D:8F:07:6E:AF:47:2E:3E:A4:5D:3B:5C:8E:13:50:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0tZG12PB26vRy4-pF07XI4TUKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/pFxtApTW54EbBHD0oDAnh4jDG3E.roa
Signing time:             Wed 01 Jan 2025 01:48:16 +0000
ROA not before:           Wed 01 Jan 2025 01:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6830
IP address blocks:        45.158.224.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/h0tZG12PB26vRy4-pF07XI4TUKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/h0tZG12PB26vRy4-pF07XI4TUKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0tZG12PB26vRy4-pF07XI4TUKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:9e:71:67:7d:1b:72:1a:68:db:fe:3c:78:8a:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=874b591b5d8f076eaf472e3ea45d3b5c8e1350a1
        Validity
            Not Before: Jan  1 01:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a45c6d0294d6e7811b0470f4a030278788c31b71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ca:f9:f2:c5:13:3d:82:61:c8:63:e1:ea:9f:
                    f1:86:59:f9:f4:ec:64:e5:ef:0c:35:eb:0b:b5:28:
                    e2:80:a6:46:7f:d3:99:4c:db:6b:34:35:82:68:30:
                    34:dc:92:ba:aa:7d:c4:e9:91:55:4b:7f:47:a9:4a:
                    63:1b:96:1d:cf:99:88:14:29:c6:2e:89:a9:82:2f:
                    18:30:31:5d:a2:c7:01:f3:29:ce:8f:5d:1f:50:88:
                    a7:32:e3:5d:16:68:bf:ca:15:0c:e2:65:15:c8:dc:
                    6e:57:35:6d:34:66:c7:fa:00:32:d5:52:99:71:c6:
                    d2:9c:2b:11:ad:fc:68:2e:09:26:00:f3:14:11:1c:
                    67:06:33:45:f9:2f:4a:ed:90:9b:89:42:75:05:89:
                    a2:d1:05:f1:20:42:49:7a:b5:77:e6:e9:da:bd:b3:
                    90:2d:af:0e:63:49:6f:07:9b:3d:8c:88:f1:a3:22:
                    bc:db:d0:58:82:2d:44:f7:80:96:e4:bb:03:60:b8:
                    b7:d7:3c:33:54:3f:22:50:ef:41:e7:bc:ad:7b:10:
                    45:fa:c9:93:d3:15:4d:2c:a5:78:29:b0:2b:4d:a8:
                    01:83:93:df:9c:7c:f5:46:a2:02:aa:d2:78:11:49:
                    f1:bd:4e:ea:15:9e:4a:52:ba:97:63:99:1e:9d:fc:
                    16:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:5C:6D:02:94:D6:E7:81:1B:04:70:F4:A0:30:27:87:88:C3:1B:71
            X509v3 Authority Key Identifier:
                keyid:87:4B:59:1B:5D:8F:07:6E:AF:47:2E:3E:A4:5D:3B:5C:8E:13:50:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0tZG12PB26vRy4-pF07XI4TUKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/pFxtApTW54EbBHD0oDAnh4jDG3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/h0tZG12PB26vRy4-pF07XI4TUKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:f7:8b:5b:f5:18:76:31:de:04:41:99:a4:46:24:79:43:39:
         81:8d:80:9b:c5:ce:ae:0c:6e:d2:fe:27:89:4c:58:3f:67:ee:
         49:04:c6:c9:6b:d9:79:3f:b1:54:02:7f:6f:9b:72:6b:9c:25:
         53:f6:f4:9e:38:88:39:0d:51:1e:ab:fa:0a:39:b7:c2:b0:e5:
         d3:c0:ed:c0:b1:5f:d9:d8:3a:e7:1a:2e:d8:23:ce:1c:8d:f1:
         c8:34:3f:e7:f4:85:92:e2:df:89:14:b3:68:a4:bf:ad:13:f2:
         bc:58:31:50:cd:d6:c0:08:bb:9f:81:e2:f0:25:2f:1e:6c:8f:
         b3:b1:4c:51:31:34:79:e4:35:9a:6f:29:35:4f:0b:74:37:da:
         3a:fc:62:68:64:1d:66:5c:51:da:25:44:e4:44:28:4a:28:26:
         18:3e:20:75:b3:68:53:c2:04:82:c7:8a:6d:c5:f8:74:30:95:
         ae:74:08:78:78:57:72:2f:15:cf:29:e7:9d:c6:4f:38:cc:a0:
         1c:e8:bd:f8:bf:5f:21:ed:92:99:e6:fc:87:5d:e0:72:4f:e2:
         28:54:7c:af:7d:58:5c:0e:b4:77:fb:2b:12:6e:27:0a:88:29:
         ec:6c:1e:4f:47:23:cd:81:f4:a7:c2:1b:fc:45:9d:46:d3:e7:
         95:5b:85:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJ5xZ30bchpo2/48eIpnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NGI1OTFiNWQ4ZjA3NmVhZjQ3MmUzZWE0NWQzYjVjOGUx
MzUwYTEwHhcNMjUwMTAxMDE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDVjNmQwMjk0ZDZlNzgxMWIwNDcwZjRhMDMwMjc4Nzg4YzMxYjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Mr58sUTPYJhyGPh6p/xhln59Oxk
5e8MNesLtSjigKZGf9OZTNtrNDWCaDA03JK6qn3E6ZFVS39HqUpjG5Ydz5mIFCnG
Lompgi8YMDFdoscB8ynOj10fUIinMuNdFmi/yhUM4mUVyNxuVzVtNGbH+gAy1VKZ
ccbSnCsRrfxoLgkmAPMUERxnBjNF+S9K7ZCbiUJ1BYmi0QXxIEJJerV35unavbOQ
La8OY0lvB5s9jIjxoyK829BYgi1E94CW5LsDYLi31zwzVD8iUO9B57ytexBF+smT
0xVNLKV4KbArTagBg5PfnHz1RqICqtJ4EUnxvU7qFZ5KUrqXY5kenfwWfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRcbQKU1ueBGwRw9KAwJ4eIwxtxMB8GA1UdIwQY
MBaAFIdLWRtdjwdur0cuPqRdO1yOE1ChMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDB0WkcxMlBCMjZ2Unk0LXBGMDdYSTRUVUtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9jYWQ1MjEtZGFiZS00OWE4LWJjZTQt
MGM2YTY3ODIwYTU4LzEvcEZ4dEFwVFc1NEViQkhEMG9EQW5oNGpERzNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9jYWQ1MjEtZGFiZS00OWE4LWJjZTQtMGM2YTY3ODIwYTU4
LzEvaDB0WkcxMlBCMjZ2Unk0LXBGMDdYSTRUVUtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ7gMA0G
CSqGSIb3DQEBCwUAA4IBAQAK94tb9Rh2Md4EQZmkRiR5QzmBjYCbxc6uDG7S/ieJ
TFg/Z+5JBMbJa9l5P7FUAn9vm3JrnCVT9vSeOIg5DVEeq/oKObfCsOXTwO3AsV/Z
2DrnGi7YI84cjfHIND/n9IWS4t+JFLNopL+tE/K8WDFQzdbACLufgeLwJS8ebI+z
sUxRMTR55DWabyk1Twt0N9o6/GJoZB1mXFHaJUTkRChKKCYYPiB1s2hTwgSCx4pt
xfh0MJWudAh4eFdyLxXPKeedxk84zKAc6L34v18h7ZKZ5vyHXeByT+IoVHyvfVhc
DrR3+ysSbicKiCnsbB5PRyPNgfSnwhv8RZ1G0+eVW4Ur
-----END CERTIFICATE-----