Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/HduWxsoRCgLw5KLrmkwUmQC6vEo.roa
File:                     HduWxsoRCgLw5KLrmkwUmQC6vEo.roa (raw, json)
Hash identifier:          VU9JMP4qSt93cmTdtl9Hyu0N6MKWTcUMZrHkJgj51cM=
Subject key identifier:   1D:DB:96:C6:CA:11:0A:02:F0:E4:A2:EB:9A:4C:14:99:00:BA:BC:4A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA85DB4368DE4C86D364152B97C10A
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/HduWxsoRCgLw5KLrmkwUmQC6vEo.roa
Signing time:             Wed 01 Jan 2025 03:48:19 +0000
ROA not before:           Wed 01 Jan 2025 03:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204372
IP address blocks:        45.13.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:85:db:43:68:de:4c:86:d3:64:15:2b:97:c1:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ddb96c6ca110a02f0e4a2eb9a4c149900babc4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f0:03:df:21:02:e7:cb:c0:2f:9e:84:cc:ba:
                    b6:c9:a5:fa:e1:1c:b9:b8:b5:75:3e:5f:c8:8a:16:
                    e1:92:8e:aa:3f:bc:97:21:ff:76:d4:b9:35:a5:c3:
                    33:b7:9a:af:a7:78:3e:12:10:79:71:54:9c:8e:72:
                    76:f9:af:ee:48:5b:21:0a:ca:d3:4c:ba:0f:0d:f2:
                    56:0a:5f:f5:d7:c0:af:2c:84:70:55:e9:e8:57:a4:
                    a8:5a:93:7b:2c:5d:fe:9c:ce:6d:15:2c:95:3d:ee:
                    dc:be:dc:8e:17:57:c4:d6:59:1b:35:a0:bd:82:7d:
                    35:41:d3:68:48:d9:36:28:52:bc:e6:3d:95:50:1e:
                    3d:9e:ab:9c:ee:07:bb:04:3b:66:35:04:99:ad:a7:
                    51:60:8e:96:26:a5:6f:e6:89:85:cc:02:98:22:24:
                    ae:a2:54:50:07:9a:89:bd:47:74:a4:5e:8e:ba:1d:
                    78:7b:c3:3e:f2:b3:86:bf:f4:9b:b7:9f:b9:52:c9:
                    71:59:b7:1d:bb:c2:d0:35:3c:63:d3:77:0b:4d:8e:
                    1d:5f:c1:d5:5f:42:22:a9:38:55:88:63:fe:ad:c6:
                    3f:54:60:e6:3c:1c:40:a3:4c:67:04:52:72:0a:7f:
                    7b:95:be:4b:b2:c8:b1:a1:46:44:11:b1:35:6d:96:
                    43:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:DB:96:C6:CA:11:0A:02:F0:E4:A2:EB:9A:4C:14:99:00:BA:BC:4A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/HduWxsoRCgLw5KLrmkwUmQC6vEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:f0:1d:6c:e2:33:8a:ab:0e:ee:0f:88:06:fe:2c:5c:c8:1e:
         18:db:87:b4:ba:51:b4:87:55:14:d7:12:50:b7:c7:7a:1b:cf:
         a2:2c:55:7b:28:a0:af:32:19:1d:a0:95:25:11:1d:21:a5:a3:
         21:aa:37:ab:93:36:b5:8c:9b:d1:a2:c4:2a:7b:89:5f:aa:ee:
         2d:9c:65:c4:a2:a5:d9:d0:ff:22:fd:7c:0b:56:01:3e:d8:2d:
         f8:5b:6e:97:fa:41:b1:8b:01:92:26:b3:72:b1:f7:64:fe:97:
         05:6e:43:84:14:6e:23:1f:5f:70:9c:33:a8:86:b1:19:c3:39:
         f3:d1:d0:62:2e:52:f0:52:fd:ed:27:63:15:83:fa:9a:1a:1e:
         3f:e1:71:31:90:1f:26:04:bd:42:3e:45:50:73:47:c8:72:32:
         90:f6:b2:26:73:b2:17:af:35:d8:d6:17:53:94:7b:9b:b7:a8:
         3e:f9:8c:7c:25:e1:d7:33:ea:f1:ed:69:44:f5:ca:6b:ed:b5:
         a0:37:3a:41:9a:8a:83:30:b0:b4:69:93:48:ef:f5:5b:89:db:
         e3:3d:45:f9:e7:a1:af:ff:44:03:9e:94:4b:17:fd:cf:4d:1b:
         6c:70:9c:cb:fd:ef:9e:6e:50:24:8f:3f:e2:5a:a6:4b:a1:24:
         0a:70:3f:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+oXbQ2jeTIbTZBUrl8EKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGRiOTZjNmNhMTEwYTAyZjBlNGEyZWI5YTRjMTQ5OTAwYmFiYzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfAD3yEC58vAL56EzLq2yaX64Ry5
uLV1Pl/Iihbhko6qP7yXIf921Lk1pcMzt5qvp3g+EhB5cVScjnJ2+a/uSFshCsrT
TLoPDfJWCl/118CvLIRwVenoV6SoWpN7LF3+nM5tFSyVPe7cvtyOF1fE1lkbNaC9
gn01QdNoSNk2KFK85j2VUB49nquc7ge7BDtmNQSZradRYI6WJqVv5omFzAKYIiSu
olRQB5qJvUd0pF6Ouh14e8M+8rOGv/Sbt5+5UslxWbcdu8LQNTxj03cLTY4dX8HV
X0IiqThViGP+rcY/VGDmPBxAo0xnBFJyCn97lb5LssixoUZEEbE1bZZDvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3blsbKEQoC8OSi65pMFJkAurxKMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSGR1V3hzb1JDZ0x3NUtMcm1rd1VtUUM2dkVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ11MA0G
CSqGSIb3DQEBCwUAA4IBAQB68B1s4jOKqw7uD4gG/ixcyB4Y24e0ulG0h1UU1xJQ
t8d6G8+iLFV7KKCvMhkdoJUlER0hpaMhqjerkza1jJvRosQqe4lfqu4tnGXEoqXZ
0P8i/XwLVgE+2C34W26X+kGxiwGSJrNysfdk/pcFbkOEFG4jH19wnDOohrEZwznz
0dBiLlLwUv3tJ2MVg/qaGh4/4XExkB8mBL1CPkVQc0fIcjKQ9rImc7IXrzXY1hdT
lHubt6g++Yx8JeHXM+rx7WlE9cpr7bWgNzpBmoqDMLC0aZNI7/VbidvjPUX556Gv
/0QDnpRLF/3PTRtscJzL/e+eblAkjz/iWqZLoSQKcD8l
-----END CERTIFICATE-----