Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RMNJz2wjI83M__0rS7TWspBcpHA.roa
File:                     RMNJz2wjI83M__0rS7TWspBcpHA.roa (raw, json)
Hash identifier:          hP2TCVuejF8lsg2Hzc7RVoYV7dH6p24qfVIQaFbHb5A=
Subject key identifier:   44:C3:49:CF:6C:23:23:CD:CC:FF:FD:2B:4B:B4:D6:B2:90:5C:A4:70
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA79062B3DC4536BA95FCB05637719
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RMNJz2wjI83M__0rS7TWspBcpHA.roa
Signing time:             Wed 01 Jan 2025 03:48:16 +0000
ROA not before:           Wed 01 Jan 2025 03:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47484
IP address blocks:        45.13.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:79:06:2b:3d:c4:53:6b:a9:5f:cb:05:63:77:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44c349cf6c2323cdccfffd2b4bb4d6b2905ca470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f7:7a:42:e6:4c:47:6d:aa:9b:b3:f8:72:50:
                    23:e0:18:4e:11:53:85:c3:cc:b1:9e:71:1b:2f:1d:
                    ae:4e:38:ee:78:8e:46:71:8a:30:af:37:b6:f0:8f:
                    07:d7:6c:3a:5a:42:83:8a:e2:70:a0:6d:5a:44:17:
                    bb:56:4f:1e:25:2f:e1:4d:b8:82:f2:8f:5a:f6:d3:
                    f1:66:76:4d:fb:c9:53:d1:f2:25:0e:53:27:16:ed:
                    4e:72:a2:03:69:a9:cb:04:8f:d7:17:6d:f1:d3:fa:
                    83:90:01:c0:1b:2b:c0:95:f7:19:02:40:3f:51:16:
                    4e:1b:ac:e0:33:4a:f1:68:0b:63:f2:50:a2:12:e7:
                    f5:d1:92:ac:7a:51:be:ba:f6:f7:53:c8:f8:36:a3:
                    b9:a4:cc:99:09:cd:90:53:ee:71:3b:7b:0f:6d:40:
                    79:c6:a1:ef:32:37:25:16:17:4c:68:33:77:ea:d4:
                    f3:2e:18:8b:06:4b:8f:53:a1:fc:36:a1:16:8b:d0:
                    3b:04:e0:01:45:58:89:25:10:16:83:55:bd:15:72:
                    2d:f8:c0:5c:1d:1f:61:1b:fc:f2:99:e4:79:84:05:
                    8d:4b:68:07:39:97:50:e3:6e:38:40:78:73:1c:8a:
                    63:4c:36:0e:8f:be:df:21:a8:09:c7:9c:5d:30:50:
                    0f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:C3:49:CF:6C:23:23:CD:CC:FF:FD:2B:4B:B4:D6:B2:90:5C:A4:70
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RMNJz2wjI83M__0rS7TWspBcpHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:59:d9:20:b3:d0:db:09:ec:48:8d:46:04:90:f6:2c:75:58:
         44:d5:51:51:bf:71:7a:d4:e4:74:b5:fd:2c:05:a0:41:0f:d7:
         ff:6b:88:ca:37:03:30:f0:68:6d:65:87:7e:8f:c0:65:d3:cb:
         91:ea:61:04:55:fb:ce:80:0a:78:ac:07:8f:e6:1c:7a:2a:18:
         94:16:82:71:82:2d:c6:c9:44:44:53:71:55:23:49:aa:97:d5:
         73:27:12:d9:0b:8d:e0:20:b8:10:b2:36:76:85:89:c6:0c:3b:
         f1:d0:f3:fe:6e:de:41:b2:a5:f4:ed:12:32:1f:e5:02:57:45:
         bd:19:b3:01:bd:9b:ce:f9:03:0b:c5:6a:52:2c:d2:fe:6a:4a:
         88:89:ec:fc:17:21:5c:e0:25:c3:be:b4:42:94:63:e2:7f:2d:
         ed:d3:f9:c1:a2:f2:5b:86:22:4b:a0:70:78:78:f4:20:79:1c:
         d4:38:a7:28:68:57:3e:79:f4:bf:08:30:ae:b8:d6:84:f2:de:
         a0:f3:3c:6d:ec:d0:5b:98:31:73:56:b5:03:95:d1:b8:7f:ae:
         57:d3:ac:c3:86:d7:a9:2b:bf:c6:51:34:06:a0:e5:21:f3:2e:
         ca:85:1e:da:2f:97:9a:a5:b3:90:3d:5d:76:3f:cd:05:80:60:
         cf:fa:09:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+nkGKz3EU2upX8sFY3cZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGMzNDljZjZjMjMyM2NkY2NmZmZkMmI0YmI0ZDZiMjkwNWNhNDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/d6QuZMR22qm7P4clAj4BhOEVOF
w8yxnnEbLx2uTjjueI5GcYowrze28I8H12w6WkKDiuJwoG1aRBe7Vk8eJS/hTbiC
8o9a9tPxZnZN+8lT0fIlDlMnFu1OcqIDaanLBI/XF23x0/qDkAHAGyvAlfcZAkA/
URZOG6zgM0rxaAtj8lCiEuf10ZKselG+uvb3U8j4NqO5pMyZCc2QU+5xO3sPbUB5
xqHvMjclFhdMaDN36tTzLhiLBkuPU6H8NqEWi9A7BOABRViJJRAWg1W9FXIt+MBc
HR9hG/zymeR5hAWNS2gHOZdQ4244QHhzHIpjTDYOj77fIagJx5xdMFAP0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETDSc9sIyPNzP/9K0u01rKQXKRwMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvUk1OSnoyd2pJODNNX18wclM3VFdzcEJjcEhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ10MA0G
CSqGSIb3DQEBCwUAA4IBAQA7Wdkgs9DbCexIjUYEkPYsdVhE1VFRv3F61OR0tf0s
BaBBD9f/a4jKNwMw8GhtZYd+j8Bl08uR6mEEVfvOgAp4rAeP5hx6KhiUFoJxgi3G
yUREU3FVI0mql9VzJxLZC43gILgQsjZ2hYnGDDvx0PP+bt5BsqX07RIyH+UCV0W9
GbMBvZvO+QMLxWpSLNL+akqIiez8FyFc4CXDvrRClGPify3t0/nBovJbhiJLoHB4
ePQgeRzUOKcoaFc+efS/CDCuuNaE8t6g8zxt7NBbmDFzVrUDldG4f65X06zDhtep
K7/GUTQGoOUh8y7KhR7aL5eapbOQPV12P80FgGDP+gnv
-----END CERTIFICATE-----