Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/ec6905-b0f7-424f-8a84-28bec7b99929/1/DyAD9klcag15NhnplKEMXi8dKqg.roa
File:                     DyAD9klcag15NhnplKEMXi8dKqg.roa (raw, json)
Hash identifier:          Zvr5j/JLyl2kQb4eL63NQCTsndBLbuYPjEiWULmfej8=
Subject key identifier:   0F:20:03:F6:49:5C:6A:0D:79:36:19:E9:94:A1:0C:5E:2F:1D:2A:A8
Certificate issuer:       /CN=a375369b2d4bb2e2dede668645313e344e6f1cc0
Certificate serial:       0194228DC2E56A819B3369A90B08A512E852
Authority key identifier: A3:75:36:9B:2D:4B:B2:E2:DE:DE:66:86:45:31:3E:34:4E:6F:1C:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o3U2my1LsuLe3maGRTE-NE5vHMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/ec6905-b0f7-424f-8a84-28bec7b99929/1/DyAD9klcag15NhnplKEMXi8dKqg.roa
Signing time:             Wed 01 Jan 2025 15:48:23 +0000
ROA not before:           Wed 01 Jan 2025 15:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60456
IP address blocks:        45.81.204.0/22 maxlen: 22
                          185.231.168.0/22 maxlen: 22
                          2a0e:5f80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/ec6905-b0f7-424f-8a84-28bec7b99929/1/o3U2my1LsuLe3maGRTE-NE5vHMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/ec6905-b0f7-424f-8a84-28bec7b99929/1/o3U2my1LsuLe3maGRTE-NE5vHMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o3U2my1LsuLe3maGRTE-NE5vHMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:c2:e5:6a:81:9b:33:69:a9:0b:08:a5:12:e8:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a375369b2d4bb2e2dede668645313e344e6f1cc0
        Validity
            Not Before: Jan  1 15:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f2003f6495c6a0d793619e994a10c5e2f1d2aa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c9:7c:14:ba:be:8b:2b:fa:e6:ea:38:47:b4:
                    5f:c9:4a:bf:45:e6:77:a6:28:a6:9f:25:b7:e9:72:
                    15:3d:d7:af:6e:61:19:26:7d:8b:64:5a:f1:fc:82:
                    3d:c1:ec:10:7c:97:b9:12:29:c9:db:6a:f3:cf:56:
                    2a:b6:3e:94:64:92:b3:bf:bf:da:88:3d:88:a1:86:
                    ca:52:a3:75:e4:1b:5f:f1:65:7f:e4:5a:e5:01:f8:
                    8e:5e:25:dc:1f:f4:48:54:6c:19:54:50:b9:ee:31:
                    d7:ac:7d:47:7c:6f:ff:93:4d:bd:72:38:1a:41:6a:
                    51:b7:eb:50:26:e8:90:11:c4:57:9a:98:8e:02:7c:
                    68:3d:52:0d:70:5e:b6:9a:5d:4e:04:07:79:27:e2:
                    3b:dc:b5:d5:0b:9c:97:d2:e0:7b:d1:39:89:58:43:
                    e1:dc:0c:ff:bf:80:b9:04:e6:ef:35:67:2f:55:49:
                    aa:ae:d1:a5:35:cf:7e:70:ec:4e:5c:07:03:71:81:
                    d5:d1:97:04:bd:f1:92:c6:4a:a9:cb:ce:95:d6:24:
                    1d:dc:40:b3:6a:a0:f6:3b:f4:b6:af:c8:d0:ed:13:
                    fd:06:6c:c2:e7:38:54:fb:67:9f:fa:bb:e0:3a:dc:
                    d9:a2:32:42:10:c6:a4:cb:78:a1:96:a5:33:da:54:
                    b9:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:20:03:F6:49:5C:6A:0D:79:36:19:E9:94:A1:0C:5E:2F:1D:2A:A8
            X509v3 Authority Key Identifier:
                keyid:A3:75:36:9B:2D:4B:B2:E2:DE:DE:66:86:45:31:3E:34:4E:6F:1C:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o3U2my1LsuLe3maGRTE-NE5vHMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/ec6905-b0f7-424f-8a84-28bec7b99929/1/DyAD9klcag15NhnplKEMXi8dKqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/ec6905-b0f7-424f-8a84-28bec7b99929/1/o3U2my1LsuLe3maGRTE-NE5vHMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.204.0/22
                  185.231.168.0/22
                IPv6:
                  2a0e:5f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:7c:3d:b1:ef:77:71:12:58:70:16:86:eb:ab:5b:09:07:b1:
         25:16:18:20:97:51:74:06:15:38:0a:73:e6:6a:a5:f5:c2:00:
         12:41:1e:a2:0e:d2:ca:05:91:f3:f8:83:e6:80:5e:f5:b8:d1:
         1e:43:9e:33:6b:c4:59:fd:6f:fc:30:df:83:23:67:27:ea:13:
         5e:58:d9:1f:d6:cf:02:06:ab:25:59:f5:c9:0e:d7:ca:9b:81:
         50:5c:15:13:09:a6:4a:65:5e:ab:67:11:31:a6:9d:08:ea:51:
         8c:fe:d0:c1:6e:59:aa:ab:9f:93:01:dd:2a:52:ee:dc:c7:56:
         61:4f:f4:50:9f:49:22:b6:9e:6b:1e:1c:24:bf:47:0a:7f:47:
         dc:fd:2a:2e:33:fc:d4:48:19:31:5a:a6:3c:75:5b:18:bd:c2:
         63:fe:2a:62:0d:3e:6a:44:87:51:e2:2c:08:c3:7b:6f:17:e4:
         40:4b:27:ce:83:11:70:7b:0a:5e:7c:26:bc:57:8d:27:c3:02:
         25:32:86:f9:c9:62:40:c3:ea:68:bf:a5:37:9a:44:6d:7c:c1:
         46:d9:94:80:c8:4f:be:e8:d9:d6:24:ad:22:56:66:98:0a:b0:
         7b:27:c6:22:95:ed:a2:77:40:8c:2d:24:c8:e3:a0:bf:15:37:
         54:25:8a:a2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQijcLlaoGbM2mpCwilEuhSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNzUzNjliMmQ0YmIyZTJkZWRlNjY4NjQ1MzEzZTM0NGU2
ZjFjYzAwHhcNMjUwMTAxMTU0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjIwMDNmNjQ5NWM2YTBkNzkzNjE5ZTk5NGExMGM1ZTJmMWQyYWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMl8FLq+iyv65uo4R7RfyUq/ReZ3
piimnyW36XIVPdevbmEZJn2LZFrx/II9wewQfJe5EinJ22rzz1Yqtj6UZJKzv7/a
iD2IoYbKUqN15Btf8WV/5FrlAfiOXiXcH/RIVGwZVFC57jHXrH1HfG//k029cjga
QWpRt+tQJuiQEcRXmpiOAnxoPVINcF62ml1OBAd5J+I73LXVC5yX0uB70TmJWEPh
3Az/v4C5BObvNWcvVUmqrtGlNc9+cOxOXAcDcYHV0ZcEvfGSxkqpy86V1iQd3ECz
aqD2O/S2r8jQ7RP9BmzC5zhU+2ef+rvgOtzZojJCEMaky3ihlqUz2lS5twIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFA8gA/ZJXGoNeTYZ6ZShDF4vHSqoMB8GA1UdIwQY
MBaAFKN1NpstS7Li3t5mhkUxPjRObxzAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzNVMm15MUxzdUxlM21hR1JURS1ORTV2SE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9lYzY5MDUtYjBmNy00MjRmLThhODQt
MjhiZWM3Yjk5OTI5LzEvRHlBRDlrbGNhZzE1TmhucGxLRU1YaThkS3FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9lYzY5MDUtYjBmNy00MjRmLThhODQtMjhiZWM3Yjk5OTI5
LzEvbzNVMm15MUxzdUxlM21hR1JURS1ORTV2SE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLVHMAwQC
ueeoMA0EAgACMAcDBQMqDl+AMA0GCSqGSIb3DQEBCwUAA4IBAQAVfD2x73dxElhw
Fobrq1sJB7ElFhggl1F0BhU4CnPmaqX1wgASQR6iDtLKBZHz+IPmgF71uNEeQ54z
a8RZ/W/8MN+DI2cn6hNeWNkf1s8CBqslWfXJDtfKm4FQXBUTCaZKZV6rZxExpp0I
6lGM/tDBblmqq5+TAd0qUu7cx1ZhT/RQn0kitp5rHhwkv0cKf0fc/SouM/zUSBkx
WqY8dVsYvcJj/ipiDT5qRIdR4iwIw3tvF+RASyfOgxFwewpefCa8V40nwwIlMob5
yWJAw+pov6U3mkRtfMFG2ZSAyE++6NnWJK0iVmaYCrB7J8Yile2id0CMLSTI46C/
FTdUJYqi
-----END CERTIFICATE-----