Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/O_iSn-Hf6-lnBBBbeU5NCT30t74.roa
File:                     O_iSn-Hf6-lnBBBbeU5NCT30t74.roa (raw, json)
Hash identifier:          fcavUHH7An7gJsOUK6AQo06SMjoUinMgDZMiN3IKqHA=
Subject key identifier:   3B:F8:92:9F:E1:DF:EB:E9:67:04:10:5B:79:4E:4D:09:3D:F4:B7:BE
Certificate issuer:       /CN=5c61dcd3eb50c83d68060bcba4af152204193503
Certificate serial:       019425FC900E0B938CB4961AF9A5B988A8AB
Authority key identifier: 5C:61:DC:D3:EB:50:C8:3D:68:06:0B:CB:A4:AF:15:22:04:19:35:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGHc0-tQyD1oBgvLpK8VIgQZNQM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/O_iSn-Hf6-lnBBBbeU5NCT30t74.roa
Signing time:             Thu 02 Jan 2025 07:48:16 +0000
ROA not before:           Thu 02 Jan 2025 07:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208570
IP address blocks:        45.128.120.0/22 maxlen: 24
                          45.128.120.0/24 maxlen: 24
                          45.128.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/XGHc0-tQyD1oBgvLpK8VIgQZNQM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/XGHc0-tQyD1oBgvLpK8VIgQZNQM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGHc0-tQyD1oBgvLpK8VIgQZNQM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:90:0e:0b:93:8c:b4:96:1a:f9:a5:b9:88:a8:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c61dcd3eb50c83d68060bcba4af152204193503
        Validity
            Not Before: Jan  2 07:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3bf8929fe1dfebe96704105b794e4d093df4b7be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:25:cc:0b:10:5f:81:5d:c4:28:60:19:59:31:
                    9c:2f:00:30:25:26:97:5d:d5:c0:24:96:f4:ef:2d:
                    b5:93:6f:80:45:d1:4f:44:b1:d4:a6:4b:f0:53:73:
                    27:5d:72:02:4d:4c:61:20:f3:09:41:20:ea:5f:a0:
                    81:f2:1f:35:36:e1:c3:60:3e:05:ca:d9:02:d4:31:
                    49:6c:ce:f8:52:2c:03:c2:bd:9d:4d:a9:39:01:6f:
                    a6:34:77:df:51:0c:b4:8d:80:4d:e3:12:44:af:e6:
                    8e:fd:03:44:fa:ab:f5:b1:62:ff:b3:6d:66:b1:8b:
                    d8:64:41:ed:f4:2e:dc:68:bc:9c:76:eb:7b:a5:90:
                    83:16:da:9f:37:8e:55:22:a0:37:5a:c0:1f:e5:8d:
                    47:89:21:9e:8f:8c:16:3b:89:e0:49:22:3b:3c:7a:
                    02:e5:6d:22:8e:11:f1:33:a5:e3:47:46:51:12:b3:
                    8f:40:8c:e6:b9:85:13:a6:9d:21:78:ce:d2:e1:6d:
                    c9:f0:71:75:f7:06:3a:8d:6d:76:2a:39:05:8e:2b:
                    19:79:ec:99:7f:81:f1:5c:be:c5:81:ff:af:e4:f6:
                    36:98:b1:74:d6:e7:4e:fb:e4:58:1c:4d:6b:7a:f8:
                    05:1e:69:7c:ac:0d:2b:5f:63:a5:21:bf:82:05:93:
                    9c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:F8:92:9F:E1:DF:EB:E9:67:04:10:5B:79:4E:4D:09:3D:F4:B7:BE
            X509v3 Authority Key Identifier:
                keyid:5C:61:DC:D3:EB:50:C8:3D:68:06:0B:CB:A4:AF:15:22:04:19:35:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGHc0-tQyD1oBgvLpK8VIgQZNQM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/O_iSn-Hf6-lnBBBbeU5NCT30t74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/XGHc0-tQyD1oBgvLpK8VIgQZNQM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:51:28:74:54:f9:fd:d7:92:60:6e:fc:49:5b:de:86:3e:ed:
         25:a7:d1:c8:0b:67:6d:1d:b7:8b:98:2e:dc:3b:14:c4:ce:92:
         f8:65:f5:3e:04:42:5b:37:ec:22:f8:47:63:f8:1a:f5:08:16:
         89:70:a2:b3:f5:ea:5f:3c:a9:96:f5:6f:3b:bc:88:f9:54:e4:
         64:cc:50:e4:18:83:35:25:82:b1:94:dc:76:f8:66:61:da:7b:
         0e:3f:f4:9d:42:0a:78:3d:0f:64:71:65:4e:60:4f:f1:26:98:
         53:0a:7c:1f:92:92:24:85:54:a3:6b:20:13:e0:c6:91:d3:33:
         81:9a:f6:00:be:15:69:5a:16:fc:cc:a7:1c:29:e5:0d:cf:76:
         1b:fc:49:85:71:d4:47:e0:80:5a:34:57:a7:48:17:0f:36:fd:
         89:ff:03:4b:ca:5f:6b:15:d7:41:d0:f5:40:fc:a5:0a:e6:55:
         12:72:46:5b:3c:73:ba:15:f5:3b:09:1e:36:78:b7:d9:97:fa:
         55:cf:c6:88:42:73:b6:9d:58:bf:36:ae:c6:a1:cb:ac:c3:16:
         98:be:3e:be:4a:5b:e6:3f:b9:0d:86:a7:8e:f7:60:bf:0c:4d:
         a4:92:b3:9f:95:b2:ce:a5:b4:d4:84:fc:a7:08:44:d3:0a:10:
         0f:1a:5c:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/JAOC5OMtJYa+aW5iKirMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNjFkY2QzZWI1MGM4M2Q2ODA2MGJjYmE0YWYxNTIyMDQx
OTM1MDMwHhcNMjUwMTAyMDc0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmY4OTI5ZmUxZGZlYmU5NjcwNDEwNWI3OTRlNGQwOTNkZjRiN2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1SXMCxBfgV3EKGAZWTGcLwAwJSaX
XdXAJJb07y21k2+ARdFPRLHUpkvwU3MnXXICTUxhIPMJQSDqX6CB8h81NuHDYD4F
ytkC1DFJbM74UiwDwr2dTak5AW+mNHffUQy0jYBN4xJEr+aO/QNE+qv1sWL/s21m
sYvYZEHt9C7caLycdut7pZCDFtqfN45VIqA3WsAf5Y1HiSGej4wWO4ngSSI7PHoC
5W0ijhHxM6XjR0ZRErOPQIzmuYUTpp0heM7S4W3J8HF19wY6jW12KjkFjisZeeyZ
f4HxXL7Fgf+v5PY2mLF01udO++RYHE1revgFHml8rA0rX2OlIb+CBZOc4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDv4kp/h3+vpZwQQW3lOTQk99Le+MB8GA1UdIwQY
MBaAFFxh3NPrUMg9aAYLy6SvFSIEGTUDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdIYzAtdFF5RDFvQmd2THBLOFZJZ1FaTlFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80NGExNTUtNGQwMi00MDAyLThmM2Qt
YzM2ZDFjNDYwZTJmLzEvT19pU24tSGY2LWxuQkJCYmVVNU5DVDMwdDc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80NGExNTUtNGQwMi00MDAyLThmM2QtYzM2ZDFjNDYwZTJm
LzEvWEdIYzAtdFF5RDFvQmd2THBLOFZJZ1FaTlFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYB4MA0G
CSqGSIb3DQEBCwUAA4IBAQBIUSh0VPn915JgbvxJW96GPu0lp9HIC2dtHbeLmC7c
OxTEzpL4ZfU+BEJbN+wi+Edj+Br1CBaJcKKz9epfPKmW9W87vIj5VORkzFDkGIM1
JYKxlNx2+GZh2nsOP/SdQgp4PQ9kcWVOYE/xJphTCnwfkpIkhVSjayAT4MaR0zOB
mvYAvhVpWhb8zKccKeUNz3Yb/EmFcdRH4IBaNFenSBcPNv2J/wNLyl9rFddB0PVA
/KUK5lUSckZbPHO6FfU7CR42eLfZl/pVz8aIQnO2nVi/Nq7GocuswxaYvj6+Slvm
P7kNhqeO92C/DE2kkrOflbLOpbTUhPynCETTChAPGlyv
-----END CERTIFICATE-----