Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/9d6660-775a-4f3f-93c2-a5eebd28d496/1/v45LP4AF3yoZv3u_cLa6vnH8FvU.roa
File:                     v45LP4AF3yoZv3u_cLa6vnH8FvU.roa (raw, json)
Hash identifier:          wIRAiX/f/YijUEe8NVGZoMtagmreVjKidBvqPjwb7Tc=
Subject key identifier:   BF:8E:4B:3F:80:05:DF:2A:19:BF:7B:BF:70:B6:BA:BE:71:FC:16:F5
Certificate issuer:       /CN=4b5c7d9c7440e5cb4b0a6761563c0d850f08111a
Certificate serial:       01942745B76226035FC0390F089A65A39109
Authority key identifier: 4B:5C:7D:9C:74:40:E5:CB:4B:0A:67:61:56:3C:0D:85:0F:08:11:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S1x9nHRA5ctLCmdhVjwNhQ8IERo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/9d6660-775a-4f3f-93c2-a5eebd28d496/1/v45LP4AF3yoZv3u_cLa6vnH8FvU.roa
Signing time:             Thu 02 Jan 2025 13:47:47 +0000
ROA not before:           Thu 02 Jan 2025 13:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207403
IP address blocks:        91.202.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/9d6660-775a-4f3f-93c2-a5eebd28d496/1/S1x9nHRA5ctLCmdhVjwNhQ8IERo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/9d6660-775a-4f3f-93c2-a5eebd28d496/1/S1x9nHRA5ctLCmdhVjwNhQ8IERo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S1x9nHRA5ctLCmdhVjwNhQ8IERo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:45:b7:62:26:03:5f:c0:39:0f:08:9a:65:a3:91:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b5c7d9c7440e5cb4b0a6761563c0d850f08111a
        Validity
            Not Before: Jan  2 13:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf8e4b3f8005df2a19bf7bbf70b6babe71fc16f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a6:44:88:17:48:b6:fc:e3:12:47:94:7d:0a:
                    44:23:fe:9e:92:86:87:48:2f:0b:c4:4d:3b:c2:39:
                    a9:81:c1:12:92:ff:bc:e4:d4:dc:b4:8e:53:12:23:
                    98:99:f2:8f:de:da:4e:28:6e:cc:dc:d9:63:5a:79:
                    4b:4c:b6:c2:d4:cc:46:3e:e0:a3:4e:cd:b6:35:cd:
                    4d:87:1c:8b:64:d4:45:0d:4c:67:06:91:e9:08:13:
                    99:fa:f4:20:ab:83:a1:bb:67:bc:cb:84:64:73:cb:
                    b6:72:97:65:4d:6d:6c:f0:22:cc:39:e6:58:d7:cd:
                    d3:41:80:8f:bd:17:59:cf:a7:04:43:28:83:4c:52:
                    a2:be:b8:7c:ef:da:11:15:08:b9:1c:33:c7:fd:1f:
                    7d:b4:08:0c:4c:94:55:73:75:bd:33:93:0a:ab:52:
                    e2:7c:cc:41:3a:b8:e1:ce:c1:1c:7e:36:01:a0:3c:
                    28:00:43:35:fd:e2:35:d5:2b:12:5f:51:72:19:e2:
                    b5:7e:04:7d:15:1c:bf:83:9b:e9:4a:17:90:41:6d:
                    05:7f:f1:4e:d9:2a:0f:7f:a9:14:ae:74:7c:9b:29:
                    d2:df:23:f8:2f:fd:5d:78:64:57:a0:eb:d9:0a:7d:
                    85:3a:58:eb:b5:26:f6:1c:1c:2b:97:82:aa:bd:88:
                    83:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:8E:4B:3F:80:05:DF:2A:19:BF:7B:BF:70:B6:BA:BE:71:FC:16:F5
            X509v3 Authority Key Identifier:
                keyid:4B:5C:7D:9C:74:40:E5:CB:4B:0A:67:61:56:3C:0D:85:0F:08:11:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S1x9nHRA5ctLCmdhVjwNhQ8IERo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/9d6660-775a-4f3f-93c2-a5eebd28d496/1/v45LP4AF3yoZv3u_cLa6vnH8FvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/9d6660-775a-4f3f-93c2-a5eebd28d496/1/S1x9nHRA5ctLCmdhVjwNhQ8IERo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:7f:b1:9d:47:d3:5d:a7:71:b4:a1:9a:74:88:d8:63:3f:66:
         0c:20:30:db:ee:f8:fe:87:a6:9b:22:43:a5:84:1b:ed:6f:89:
         d5:40:d5:60:28:5b:55:3f:66:67:ed:04:bc:06:fe:2e:5f:1d:
         ee:76:9c:13:77:87:4e:22:1e:93:a7:c3:60:2c:59:df:a6:43:
         80:61:1f:45:0c:23:f1:02:81:26:93:17:ad:b6:2f:01:be:06:
         16:40:d0:2a:f7:69:94:38:e6:cd:8e:0b:bf:38:81:10:f4:b7:
         e3:81:12:8a:92:80:8a:cd:32:42:b2:6f:9d:e7:14:65:66:09:
         2f:a5:f7:1b:d7:3c:63:71:a6:8a:11:c2:0c:b7:80:08:bc:8b:
         11:61:da:59:47:5d:e6:d8:97:7e:99:20:6c:ea:92:f1:c1:27:
         a8:cc:02:a5:1e:67:c4:f4:a6:ba:f9:4c:c1:cf:5f:33:16:ce:
         8b:14:cd:d2:0c:dc:fd:fe:0d:af:c9:f6:42:1a:d9:e0:b0:c9:
         78:48:12:d9:1e:0e:cd:28:9d:25:fc:87:2e:ca:76:5e:a1:6f:
         fa:0d:ea:56:cc:f0:bc:25:82:06:80:84:b2:21:49:55:aa:77:
         7e:02:54:a4:6d:1c:21:f0:b1:31:57:04:a8:03:e0:22:7a:50:
         a5:88:fa:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRbdiJgNfwDkPCJplo5EJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNWM3ZDljNzQ0MGU1Y2I0YjBhNjc2MTU2M2MwZDg1MGYw
ODExMWEwHhcNMjUwMTAyMTM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjhlNGIzZjgwMDVkZjJhMTliZjdiYmY3MGI2YmFiZTcxZmMxNmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmaZEiBdItvzjEkeUfQpEI/6ekoaH
SC8LxE07wjmpgcESkv+85NTctI5TEiOYmfKP3tpOKG7M3NljWnlLTLbC1MxGPuCj
Ts22Nc1NhxyLZNRFDUxnBpHpCBOZ+vQgq4Ohu2e8y4Rkc8u2cpdlTW1s8CLMOeZY
183TQYCPvRdZz6cEQyiDTFKivrh879oRFQi5HDPH/R99tAgMTJRVc3W9M5MKq1Li
fMxBOrjhzsEcfjYBoDwoAEM1/eI11SsSX1FyGeK1fgR9FRy/g5vpSheQQW0Ff/FO
2SoPf6kUrnR8mynS3yP4L/1deGRXoOvZCn2FOljrtSb2HBwrl4KqvYiDMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+OSz+ABd8qGb97v3C2ur5x/Bb1MB8GA1UdIwQY
MBaAFEtcfZx0QOXLSwpnYVY8DYUPCBEaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzF4OW5IUkE1Y3RMQ21kaFZqd05oUThJRVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy85ZDY2NjAtNzc1YS00ZjNmLTkzYzIt
YTVlZWJkMjhkNDk2LzEvdjQ1TFA0QUYzeW9adjN1X2NMYTZ2bkg4RnZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy85ZDY2NjAtNzc1YS00ZjNmLTkzYzItYTVlZWJkMjhkNDk2
LzEvUzF4OW5IUkE1Y3RMQ21kaFZqd05oUThJRVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8oHMA0G
CSqGSIb3DQEBCwUAA4IBAQAkf7GdR9Ndp3G0oZp0iNhjP2YMIDDb7vj+h6abIkOl
hBvtb4nVQNVgKFtVP2Zn7QS8Bv4uXx3udpwTd4dOIh6Tp8NgLFnfpkOAYR9FDCPx
AoEmkxetti8BvgYWQNAq92mUOObNjgu/OIEQ9LfjgRKKkoCKzTJCsm+d5xRlZgkv
pfcb1zxjcaaKEcIMt4AIvIsRYdpZR13m2Jd+mSBs6pLxwSeozAKlHmfE9Ka6+UzB
z18zFs6LFM3SDNz9/g2vyfZCGtngsMl4SBLZHg7NKJ0l/IcuynZeoW/6DepWzPC8
JYIGgISyIUlVqnd+AlSkbRwh8LExVwSoA+AielCliPqS
-----END CERTIFICATE-----