Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_cYuiI13ObM8TCHtIIGIEvh-X-E.roa
File:                     _cYuiI13ObM8TCHtIIGIEvh-X-E.roa (raw, json)
Hash identifier:          7gLttibQutAvkFC2A9GKP1qZP2r2YxIJsb2nHroNqQQ=
Subject key identifier:   FD:C6:2E:88:8D:77:39:B3:3C:4C:21:ED:20:81:88:12:F8:7E:5F:E1
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA9A0FE4A332F4E790BB3F3E53F1A9
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_cYuiI13ObM8TCHtIIGIEvh-X-E.roa
Signing time:             Wed 01 Jan 2025 03:48:24 +0000
ROA not before:           Wed 01 Jan 2025 03:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210558
IP address blocks:        45.154.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:9a:0f:e4:a3:32:f4:e7:90:bb:3f:3e:53:f1:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdc62e888d7739b33c4c21ed20818812f87e5fe1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:68:8d:ce:42:8e:88:1f:48:25:fc:b1:d9:88:
                    d4:09:6d:2c:61:12:55:39:88:9c:ab:b5:26:3f:47:
                    0c:1d:8a:44:d3:c0:78:fa:8a:23:c3:9e:ca:67:9d:
                    e2:e1:7c:65:4e:88:3a:ab:19:b4:bb:78:1e:f9:d0:
                    7a:56:0d:3c:48:fe:25:ec:36:5d:70:78:8d:d8:6a:
                    3f:f9:9c:3b:74:2c:7f:a2:c0:12:15:07:81:aa:65:
                    2b:89:5a:2a:06:ea:94:dc:b0:f7:67:75:ba:af:0c:
                    1c:a0:28:5d:31:bc:c5:e2:eb:8f:4c:53:71:31:07:
                    a6:93:e4:81:20:79:50:23:84:3b:64:c0:0c:1e:e0:
                    21:27:5a:50:28:13:35:85:87:0d:8b:1f:0d:2c:a3:
                    9c:86:98:5e:5e:1a:76:4a:00:c4:39:be:a6:9b:61:
                    e2:7d:e4:ca:a1:92:f6:d1:f1:11:62:6b:e9:a1:54:
                    53:a4:28:0c:fb:d0:bf:f3:c1:8f:8e:2a:03:a8:a0:
                    ea:bf:06:97:ef:fd:60:0b:8f:85:92:0b:9f:e0:78:
                    41:ec:0a:3a:8a:7f:65:f2:54:d1:95:ba:b7:7b:68:
                    e5:e4:48:5e:2d:21:33:93:f4:05:cc:1e:cb:fa:ba:
                    0f:30:63:6f:82:fa:99:b6:85:78:ff:b2:50:e6:75:
                    af:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:C6:2E:88:8D:77:39:B3:3C:4C:21:ED:20:81:88:12:F8:7E:5F:E1
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_cYuiI13ObM8TCHtIIGIEvh-X-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:20:b3:d8:8e:61:e7:ca:13:4d:aa:70:00:a9:d8:ed:3a:84:
         1f:c4:1d:ab:2a:08:99:b6:37:0e:b0:07:e1:f7:6a:19:a3:0e:
         66:05:32:b5:ff:a6:b0:46:46:36:63:e4:a1:de:39:82:82:08:
         2c:b8:b6:0b:6f:bd:10:3c:95:c1:bb:9a:cb:24:f3:2a:71:55:
         b6:c9:2f:cf:79:e1:a4:4b:aa:6c:85:be:06:f9:77:39:9c:c6:
         75:17:b6:5b:e7:b0:ae:07:08:6c:6a:2f:d2:a4:e1:da:c6:d0:
         5c:8d:1f:2e:3c:14:74:5d:8b:b3:e4:49:e4:42:ec:09:64:71:
         f2:d7:3d:d8:46:71:b5:84:d5:03:9f:e6:46:d5:d7:c5:7a:f0:
         46:94:11:a4:1b:21:9c:07:ed:1e:cb:0a:51:1f:83:64:cf:a7:
         4d:14:f4:cb:5a:42:02:56:d5:09:e2:1c:ad:73:03:07:a2:af:
         61:bc:53:d1:f8:8c:27:2c:b9:10:fc:48:ed:89:27:a8:c7:4f:
         09:37:4c:eb:6b:a1:18:d9:4e:f0:3a:38:66:de:38:b9:3f:2c:
         81:28:b0:a1:18:27:76:f9:79:c7:63:fb:d3:70:e7:15:23:8c:
         19:6c:ee:92:d9:82:e4:a1:d9:02:b2:72:fe:9c:d2:f8:52:6b:
         3a:5f:d2:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+poP5KMy9OeQuz8+U/GpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGM2MmU4ODhkNzczOWIzM2M0YzIxZWQyMDgxODgxMmY4N2U1ZmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2iNzkKOiB9IJfyx2YjUCW0sYRJV
OYicq7UmP0cMHYpE08B4+oojw57KZ53i4XxlTog6qxm0u3ge+dB6Vg08SP4l7DZd
cHiN2Go/+Zw7dCx/osASFQeBqmUriVoqBuqU3LD3Z3W6rwwcoChdMbzF4uuPTFNx
MQemk+SBIHlQI4Q7ZMAMHuAhJ1pQKBM1hYcNix8NLKOchpheXhp2SgDEOb6mm2Hi
feTKoZL20fERYmvpoVRTpCgM+9C/88GPjioDqKDqvwaX7/1gC4+Fkguf4HhB7Ao6
in9l8lTRlbq3e2jl5EheLSEzk/QFzB7L+roPMGNvgvqZtoV4/7JQ5nWvnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3GLoiNdzmzPEwh7SCBiBL4fl/hMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvX2NZdWlJMTNPYk04VENIdElJR0lFdmgtWC1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZpiMA0G
CSqGSIb3DQEBCwUAA4IBAQAJILPYjmHnyhNNqnAAqdjtOoQfxB2rKgiZtjcOsAfh
92oZow5mBTK1/6awRkY2Y+Sh3jmCgggsuLYLb70QPJXBu5rLJPMqcVW2yS/PeeGk
S6pshb4G+Xc5nMZ1F7Zb57CuBwhsai/SpOHaxtBcjR8uPBR0XYuz5EnkQuwJZHHy
1z3YRnG1hNUDn+ZG1dfFevBGlBGkGyGcB+0eywpRH4Nkz6dNFPTLWkICVtUJ4hyt
cwMHoq9hvFPR+IwnLLkQ/EjtiSeox08JN0zra6EY2U7wOjhm3ji5PyyBKLChGCd2
+XnHY/vTcOcVI4wZbO6S2YLkodkCsnL+nNL4Ums6X9Is
-----END CERTIFICATE-----