Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/63d394-42bd-40b1-a2a1-74d5901a8c56/1/elV1APoKiSk_9XkOBJQhYkqxHiw.roa
File:                     elV1APoKiSk_9XkOBJQhYkqxHiw.roa (raw, json)
Hash identifier:          8zT6bhkdxlFlI+FWNJggqU5g/ZNnR60ACpbk2nou4yY=
Subject key identifier:   7A:55:75:00:FA:0A:89:29:3F:F5:79:0E:04:94:21:62:4A:B1:1E:2C
Certificate issuer:       /CN=046587901f13079bed8982f629e9dd15468cfef1
Certificate serial:       019424B3D8F744FBA5FD71CCB077002BED74
Authority key identifier: 04:65:87:90:1F:13:07:9B:ED:89:82:F6:29:E9:DD:15:46:8C:FE:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BGWHkB8TB5vtiYL2KendFUaM_vE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/63d394-42bd-40b1-a2a1-74d5901a8c56/1/elV1APoKiSk_9XkOBJQhYkqxHiw.roa
Signing time:             Thu 02 Jan 2025 01:49:13 +0000
ROA not before:           Thu 02 Jan 2025 01:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208645
IP address blocks:        45.91.244.0/22 maxlen: 22
                          185.91.32.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/63d394-42bd-40b1-a2a1-74d5901a8c56/1/BGWHkB8TB5vtiYL2KendFUaM_vE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/63d394-42bd-40b1-a2a1-74d5901a8c56/1/BGWHkB8TB5vtiYL2KendFUaM_vE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BGWHkB8TB5vtiYL2KendFUaM_vE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:d8:f7:44:fb:a5:fd:71:cc:b0:77:00:2b:ed:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=046587901f13079bed8982f629e9dd15468cfef1
        Validity
            Not Before: Jan  2 01:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a557500fa0a89293ff5790e049421624ab11e2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:aa:fe:a7:d9:ee:99:32:c7:5a:23:28:e4:2e:
                    79:71:88:53:33:23:37:4d:7d:44:8b:11:44:28:f8:
                    c3:a1:0f:52:4f:b3:4b:9a:d9:e5:1b:3a:bc:ca:6e:
                    fe:51:86:06:0e:71:79:1d:a5:29:0f:f8:13:cd:be:
                    0d:b0:99:8e:7d:dd:4e:74:f8:e2:d2:2b:87:e2:30:
                    68:b5:4e:7c:c1:28:3a:38:66:d1:de:3f:c2:4f:ff:
                    f9:59:98:d9:99:8a:8b:16:5d:51:72:b1:60:95:e6:
                    ec:7e:22:eb:65:8c:79:ad:b7:f7:24:02:46:fe:73:
                    e9:4b:e7:a4:0d:4f:a7:a6:40:0e:31:31:08:86:e0:
                    2a:30:94:17:34:b9:b9:5c:29:12:c2:74:00:7b:83:
                    28:22:db:99:98:1a:4b:0d:a0:38:01:34:00:c1:74:
                    d4:3c:54:66:3a:06:c9:e1:2a:01:e8:5a:18:94:91:
                    14:f1:04:84:e9:20:61:89:85:a4:56:f9:27:d6:e3:
                    55:b5:55:17:8e:23:0c:d4:da:f7:c4:1f:2d:cf:4d:
                    ca:47:45:3c:97:a1:db:fb:4f:65:df:fd:4f:d1:5a:
                    a9:2b:ba:fd:32:e1:66:43:50:15:15:5c:b3:0a:10:
                    77:9b:ae:77:93:f0:75:05:be:c4:5a:13:5b:2b:57:
                    cf:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:55:75:00:FA:0A:89:29:3F:F5:79:0E:04:94:21:62:4A:B1:1E:2C
            X509v3 Authority Key Identifier:
                keyid:04:65:87:90:1F:13:07:9B:ED:89:82:F6:29:E9:DD:15:46:8C:FE:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BGWHkB8TB5vtiYL2KendFUaM_vE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/63d394-42bd-40b1-a2a1-74d5901a8c56/1/elV1APoKiSk_9XkOBJQhYkqxHiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/63d394-42bd-40b1-a2a1-74d5901a8c56/1/BGWHkB8TB5vtiYL2KendFUaM_vE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.244.0/22
                  185.91.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:33:91:c0:8a:2f:f3:0b:89:af:c0:67:fc:0c:86:40:70:97:
         36:ab:8f:24:15:95:28:98:8c:eb:98:8a:ec:8d:75:83:ec:73:
         23:3f:ba:12:3d:cc:3d:b9:05:c9:92:38:c6:e6:04:09:db:d5:
         8d:7c:3e:5c:d9:9c:33:b8:22:06:e5:b6:74:6e:fb:e9:ab:2f:
         ae:18:d3:df:ac:83:d5:56:ec:e8:c9:f7:cd:c8:cc:f6:aa:7e:
         ef:3a:1f:10:dc:47:7a:61:90:66:fd:23:c5:f1:46:ed:a5:c8:
         26:69:7e:4d:79:80:37:e2:68:5e:ec:28:bc:69:92:ea:ce:2f:
         b0:6e:a9:14:8e:44:26:78:a9:af:33:7c:30:8c:cd:57:c2:58:
         9b:88:b2:50:07:2a:3e:e6:40:76:57:b8:5f:58:e7:db:bb:dc:
         03:bd:61:d3:87:7a:ff:bf:e5:60:9e:8f:6c:97:c1:e0:c8:83:
         01:63:0e:50:31:fc:83:74:f8:f1:6c:94:fe:86:3f:b1:3e:5c:
         1b:f7:55:e6:40:a1:9d:83:94:00:75:ff:c2:ab:53:b1:68:8d:
         07:92:4f:e0:39:bf:45:aa:f3:6b:2c:6d:c6:5f:3d:8e:64:96:
         b6:37:d2:b4:96:7d:34:60:92:95:fc:c3:a5:59:6b:42:56:46:
         fe:27:fa:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQks9j3RPul/XHMsHcAK+10MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NjU4NzkwMWYxMzA3OWJlZDg5ODJmNjI5ZTlkZDE1NDY4
Y2ZlZjEwHhcNMjUwMTAyMDE0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTU1NzUwMGZhMGE4OTI5M2ZmNTc5MGUwNDk0MjE2MjRhYjExZTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA86r+p9numTLHWiMo5C55cYhTMyM3
TX1EixFEKPjDoQ9ST7NLmtnlGzq8ym7+UYYGDnF5HaUpD/gTzb4NsJmOfd1OdPji
0iuH4jBotU58wSg6OGbR3j/CT//5WZjZmYqLFl1RcrFglebsfiLrZYx5rbf3JAJG
/nPpS+ekDU+npkAOMTEIhuAqMJQXNLm5XCkSwnQAe4MoItuZmBpLDaA4ATQAwXTU
PFRmOgbJ4SoB6FoYlJEU8QSE6SBhiYWkVvkn1uNVtVUXjiMM1Nr3xB8tz03KR0U8
l6Hb+09l3/1P0VqpK7r9MuFmQ1AVFVyzChB3m653k/B1Bb7EWhNbK1fPtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHpVdQD6CokpP/V5DgSUIWJKsR4sMB8GA1UdIwQY
MBaAFARlh5AfEweb7YmC9inp3RVGjP7xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkdXSGtCOFRCNXZ0aVlMMktlbmRGVWFNX3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82M2QzOTQtNDJiZC00MGIxLWEyYTEt
NzRkNTkwMWE4YzU2LzEvZWxWMUFQb0tpU2tfOVhrT0JKUWhZa3F4SGl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82M2QzOTQtNDJiZC00MGIxLWEyYTEtNzRkNTkwMWE4YzU2
LzEvQkdXSGtCOFRCNXZ0aVlMMktlbmRGVWFNX3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVv0AwQC
uVsgMA0GCSqGSIb3DQEBCwUAA4IBAQBNM5HAii/zC4mvwGf8DIZAcJc2q48kFZUo
mIzrmIrsjXWD7HMjP7oSPcw9uQXJkjjG5gQJ29WNfD5c2ZwzuCIG5bZ0bvvpqy+u
GNPfrIPVVuzoyffNyMz2qn7vOh8Q3Ed6YZBm/SPF8UbtpcgmaX5NeYA34mhe7Ci8
aZLqzi+wbqkUjkQmeKmvM3wwjM1XwlibiLJQByo+5kB2V7hfWOfbu9wDvWHTh3r/
v+Vgno9sl8HgyIMBYw5QMfyDdPjxbJT+hj+xPlwb91XmQKGdg5QAdf/Cq1OxaI0H
kk/gOb9FqvNrLG3GXz2OZJa2N9K0ln00YJKV/MOlWWtCVkb+J/ov
-----END CERTIFICATE-----