Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/YyBDnlwVRLs70MJK1KT4FesLKyU.roa
File:                     YyBDnlwVRLs70MJK1KT4FesLKyU.roa (raw, json)
Hash identifier:          4tm/JGl1e/uknO1Ju/nt2CfaO1Nf+gSmh9MxSuAs2aA=
Subject key identifier:   63:20:43:9E:5C:15:44:BB:3B:D0:C2:4A:D4:A4:F8:15:EB:0B:2B:25
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       019422FB60EBDA8C20CC7F071BA4C72024CF
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/YyBDnlwVRLs70MJK1KT4FesLKyU.roa
Signing time:             Wed 01 Jan 2025 17:48:07 +0000
ROA not before:           Wed 01 Jan 2025 17:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49418
IP address blocks:        45.89.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:60:eb:da:8c:20:cc:7f:07:1b:a4:c7:20:24:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Jan  1 17:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6320439e5c1544bb3bd0c24ad4a4f815eb0b2b25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:67:88:2e:e6:84:c7:8d:5b:21:63:66:24:73:
                    35:c8:d1:fc:12:c9:f6:69:b7:d4:b4:6b:81:9c:79:
                    96:b7:c4:79:99:0e:f7:f7:9d:9b:de:6f:8d:53:63:
                    de:da:8a:73:43:4c:8d:a9:77:d4:aa:ee:c1:21:08:
                    00:7d:a2:cf:a7:cc:56:6d:1c:49:60:ae:d7:43:d6:
                    73:8e:60:f1:2f:54:b1:06:22:8d:95:97:da:82:0a:
                    10:2e:29:06:79:37:fc:fb:d3:b6:9b:54:c7:e1:10:
                    db:19:a8:68:87:db:ab:9f:6e:96:a8:c2:cf:30:12:
                    87:38:02:ff:ee:1d:49:93:be:00:3b:ef:55:b7:b2:
                    74:3f:07:7a:7a:ce:13:5f:55:e7:88:ba:df:91:b9:
                    a3:c1:1f:b5:e8:54:8a:61:a5:40:8e:64:e3:88:95:
                    e3:1d:4e:be:a8:27:45:c6:f5:dd:00:91:19:71:9a:
                    72:4b:73:09:55:43:0e:83:69:ae:61:3c:d4:b3:05:
                    f2:ca:eb:3e:fa:8c:65:ec:97:8f:19:a6:e7:4b:fe:
                    c6:bc:2c:5b:14:ad:d4:f5:2b:29:b8:40:4a:a4:17:
                    ec:e5:c2:d6:88:42:50:ed:6b:26:82:06:7c:00:ab:
                    32:74:e0:e9:6a:36:a0:bd:a3:a2:f4:4b:f8:32:7d:
                    62:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:20:43:9E:5C:15:44:BB:3B:D0:C2:4A:D4:A4:F8:15:EB:0B:2B:25
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/YyBDnlwVRLs70MJK1KT4FesLKyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:18:55:13:3f:da:da:d1:fa:2f:ce:a3:8c:15:d7:71:26:8a:
         ab:59:f9:27:48:3e:22:e9:0c:5f:62:9d:26:dd:84:58:44:0a:
         c3:2e:50:10:d2:65:94:97:f8:29:4e:14:0a:b0:2a:fb:a3:61:
         c4:6d:2c:74:6f:a5:fe:d0:60:39:8a:1f:59:28:5b:ea:8c:01:
         ad:28:16:4f:cb:92:ba:18:fe:e4:ca:0a:2d:cb:2b:eb:87:81:
         fe:2b:a9:6c:03:63:21:b8:07:5a:93:ad:48:be:9a:81:29:61:
         ea:7b:3a:e7:18:99:44:99:2c:05:21:46:c3:18:0e:1d:90:35:
         27:ac:c4:6f:79:cc:13:58:4c:86:ee:d7:09:c6:6e:d5:5b:c4:
         0b:65:81:55:a1:11:fe:b6:a8:08:6b:48:bc:2c:72:d3:55:9d:
         93:a8:a8:45:f5:54:d1:44:66:44:59:bc:11:04:ff:3b:26:47:
         61:88:a9:61:67:15:f0:c8:d2:79:fd:2f:79:5c:62:a6:37:a7:
         9a:07:7a:63:e5:40:1b:49:75:bd:ac:ef:75:9a:6e:66:46:31:
         2f:fd:82:a2:da:fa:b5:cc:21:40:ee:1b:92:3d:e1:23:d3:8b:
         37:70:36:79:20:25:2f:22:37:c6:69:79:14:40:68:56:40:7a:
         e9:52:58:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+2Dr2owgzH8HG6THICTPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjUwMTAxMTc0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzIwNDM5ZTVjMTU0NGJiM2JkMGMyNGFkNGE0ZjgxNWViMGIyYjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA72eILuaEx41bIWNmJHM1yNH8Esn2
abfUtGuBnHmWt8R5mQ73952b3m+NU2Pe2opzQ0yNqXfUqu7BIQgAfaLPp8xWbRxJ
YK7XQ9ZzjmDxL1SxBiKNlZfaggoQLikGeTf8+9O2m1TH4RDbGahoh9urn26WqMLP
MBKHOAL/7h1Jk74AO+9Vt7J0Pwd6es4TX1XniLrfkbmjwR+16FSKYaVAjmTjiJXj
HU6+qCdFxvXdAJEZcZpyS3MJVUMOg2muYTzUswXyyus++oxl7JePGabnS/7GvCxb
FK3U9SspuEBKpBfs5cLWiEJQ7WsmggZ8AKsydODpajagvaOi9Ev4Mn1ibQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGMgQ55cFUS7O9DCStSk+BXrCyslMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvWXlCRG5sd1ZSTHM3ME1KSzFLVDRGZXNMS3lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVk+MA0G
CSqGSIb3DQEBCwUAA4IBAQBPGFUTP9ra0fovzqOMFddxJoqrWfknSD4i6QxfYp0m
3YRYRArDLlAQ0mWUl/gpThQKsCr7o2HEbSx0b6X+0GA5ih9ZKFvqjAGtKBZPy5K6
GP7kygotyyvrh4H+K6lsA2MhuAdak61IvpqBKWHqezrnGJlEmSwFIUbDGA4dkDUn
rMRvecwTWEyG7tcJxm7VW8QLZYFVoRH+tqgIa0i8LHLTVZ2TqKhF9VTRRGZEWbwR
BP87JkdhiKlhZxXwyNJ5/S95XGKmN6eaB3pj5UAbSXW9rO91mm5mRjEv/YKi2vq1
zCFA7huSPeEj04s3cDZ5ICUvIjfGaXkUQGhWQHrpUljL
-----END CERTIFICATE-----