Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/sLdQOZGVUyb44hu-OktavwbL-fA.roa
File:                     sLdQOZGVUyb44hu-OktavwbL-fA.roa (raw, json)
Hash identifier:          61zdCvV2SZ1HoaLvCC14jhWwxqjS5pgyZuPOqRzMG/I=
Subject key identifier:   B0:B7:50:39:91:95:53:26:F8:E2:1B:BE:3A:4B:5A:BF:06:CB:F9:F0
Certificate issuer:       /CN=9cf608ffadf600081ee922298e4b2ae96aff48e8
Certificate serial:       019421442E9AF1E3C503EE167ED283FD3555
Authority key identifier: 9C:F6:08:FF:AD:F6:00:08:1E:E9:22:29:8E:4B:2A:E9:6A:FF:48:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nPYI_632AAge6SIpjksq6Wr_SOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/sLdQOZGVUyb44hu-OktavwbL-fA.roa
Signing time:             Wed 01 Jan 2025 09:48:23 +0000
ROA not before:           Wed 01 Jan 2025 09:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49800
IP address blocks:        45.131.125.0/24 maxlen: 24
                          45.131.126.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/nPYI_632AAge6SIpjksq6Wr_SOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/nPYI_632AAge6SIpjksq6Wr_SOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nPYI_632AAge6SIpjksq6Wr_SOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 18:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:2e:9a:f1:e3:c5:03:ee:16:7e:d2:83:fd:35:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cf608ffadf600081ee922298e4b2ae96aff48e8
        Validity
            Not Before: Jan  1 09:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0b7503991955326f8e21bbe3a4b5abf06cbf9f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:14:9d:75:20:93:33:ab:7e:f0:a1:5a:59:10:
                    1b:ff:1d:56:c5:e0:36:43:87:b0:f5:97:17:a3:67:
                    21:c0:a4:bb:0d:9a:33:8d:3e:13:77:74:ef:ad:4b:
                    91:45:e1:f9:e4:57:df:a1:40:0d:dc:30:b2:ad:7b:
                    d8:14:37:c3:c0:da:03:a5:24:2a:f1:78:90:3f:88:
                    0a:67:55:8d:ea:cb:f5:de:2b:3e:6c:16:01:b2:ef:
                    e8:ae:bc:ad:a1:e3:93:71:e7:11:88:98:0b:cc:61:
                    d9:a7:5f:86:60:f1:30:5e:ad:32:5e:9a:5d:a6:80:
                    20:d4:3b:68:ae:9d:5f:f8:2d:ef:ba:7a:bc:c5:3e:
                    4d:67:e9:df:7e:1f:7a:32:61:db:89:3c:9d:79:fe:
                    fe:47:4f:06:e9:82:0d:95:be:48:77:ea:07:93:47:
                    4d:90:c0:d0:6c:67:f4:9b:18:0e:49:55:90:75:be:
                    c5:ab:18:3e:9b:cb:52:8e:f3:2a:5b:36:2a:b2:9f:
                    c8:ea:3a:95:ff:1a:e7:73:9d:ff:df:39:95:6b:66:
                    eb:aa:8e:32:5a:01:31:cb:d6:b6:eb:6d:88:8d:46:
                    e3:5e:71:19:b2:d7:82:04:92:5c:48:58:33:99:54:
                    46:5c:73:80:4f:eb:fb:38:d9:51:5d:a8:b0:5e:c9:
                    2b:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:B7:50:39:91:95:53:26:F8:E2:1B:BE:3A:4B:5A:BF:06:CB:F9:F0
            X509v3 Authority Key Identifier:
                keyid:9C:F6:08:FF:AD:F6:00:08:1E:E9:22:29:8E:4B:2A:E9:6A:FF:48:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nPYI_632AAge6SIpjksq6Wr_SOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/sLdQOZGVUyb44hu-OktavwbL-fA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/nPYI_632AAge6SIpjksq6Wr_SOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.125.0-45.131.127.255

    Signature Algorithm: sha256WithRSAEncryption
         77:55:91:b8:ef:4b:ae:c6:d0:56:44:f7:05:40:fb:84:20:04:
         83:a9:8a:bb:3d:d1:9a:c1:29:33:87:99:ab:e9:8f:d0:ab:a2:
         02:14:5f:42:e0:55:a6:57:7c:ee:36:63:ba:46:45:1e:32:96:
         d8:29:e6:bf:6a:51:92:84:c7:a7:46:ed:ce:5e:56:fb:7e:d0:
         a6:f3:93:23:72:42:39:f8:dd:db:19:eb:35:4d:6d:9d:19:86:
         f7:8e:2b:2d:ab:32:c1:2e:0f:ee:b2:8e:fd:3f:08:e2:e1:ec:
         8b:47:d2:7d:b6:e1:ae:6e:16:ef:d1:36:f5:3e:62:c6:ef:32:
         3d:e9:59:9c:a9:cd:13:06:88:01:87:39:41:0d:0d:d3:34:86:
         6c:9a:e4:83:dc:6e:94:fe:5d:3c:26:bd:0e:c1:b8:c7:55:52:
         3b:eb:52:05:96:cd:98:77:47:9a:22:a4:8d:75:a4:a3:44:a0:
         ba:ff:1e:c0:56:45:ec:1d:1d:3b:d5:5c:63:9f:5b:cb:18:12:
         c6:e5:72:bb:38:6e:4e:cc:0e:21:b1:a4:9b:f0:ce:d1:e9:57:
         4b:5b:7b:c9:c5:da:f7:1b:66:96:cf:22:d6:9a:6c:84:4e:5e:
         f8:57:e8:34:b6:7e:e8:32:ca:a4:f5:c9:e0:10:67:4f:cf:0e:
         89:e0:79:82
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhRC6a8ePFA+4WftKD/TVVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZjYwOGZmYWRmNjAwMDgxZWU5MjIyOThlNGIyYWU5NmFm
ZjQ4ZTgwHhcNMjUwMTAxMDk0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGI3NTAzOTkxOTU1MzI2ZjhlMjFiYmUzYTRiNWFiZjA2Y2JmOWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBSddSCTM6t+8KFaWRAb/x1WxeA2
Q4ew9ZcXo2chwKS7DZozjT4Td3TvrUuRReH55FffoUAN3DCyrXvYFDfDwNoDpSQq
8XiQP4gKZ1WN6sv13is+bBYBsu/orrytoeOTcecRiJgLzGHZp1+GYPEwXq0yXppd
poAg1Dtorp1f+C3vunq8xT5NZ+nffh96MmHbiTydef7+R08G6YINlb5Id+oHk0dN
kMDQbGf0mxgOSVWQdb7Fqxg+m8tSjvMqWzYqsp/I6jqV/xrnc53/3zmVa2brqo4y
WgExy9a2622IjUbjXnEZsteCBJJcSFgzmVRGXHOAT+v7ONlRXaiwXskrGQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLC3UDmRlVMm+OIbvjpLWr8Gy/nwMB8GA1UdIwQY
MBaAFJz2CP+t9gAIHukiKY5LKulq/0joMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblBZSV82MzJBQWdlNlNJcGprc3E2V3JfU09nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kNDVmMTEtNjdjMi00N2E1LTk5NmMt
ODkxZWI1NDhiODkxLzEvc0xkUU9aR1ZVeWI0NGh1LU9rdGF2d2JMLWZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kNDVmMTEtNjdjMi00N2E1LTk5NmMtODkxZWI1NDhiODkx
LzEvblBZSV82MzJBQWdlNlNJcGprc3E2V3JfU09nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtg30D
BActgwAwDQYJKoZIhvcNAQELBQADggEBAHdVkbjvS67G0FZE9wVA+4QgBIOpirs9
0ZrBKTOHmavpj9CrogIUX0LgVaZXfO42Y7pGRR4yltgp5r9qUZKEx6dG7c5eVvt+
0KbzkyNyQjn43dsZ6zVNbZ0ZhveOKy2rMsEuD+6yjv0/COLh7ItH0n224a5uFu/R
NvU+YsbvMj3pWZypzRMGiAGHOUENDdM0hmya5IPcbpT+XTwmvQ7BuMdVUjvrUgWW
zZh3R5oipI11pKNEoLr/HsBWRewdHTvVXGOfW8sYEsblcrs4bk7MDiGxpJvwztHp
V0tbe8nF2vcbZpbPItaabIROXvhX6DS2fugyyqT1yeAQZ0/PDongeYI=
-----END CERTIFICATE-----