Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/YmWNecN7XYdIQOw5isqM5uZJr6o.roa
File:                     YmWNecN7XYdIQOw5isqM5uZJr6o.roa (raw, json)
Hash identifier:          qgjgkbZfX+RrYxvoH+GzWI4Ldi/tsJF4AVz6jSadRjw=
Subject key identifier:   62:65:8D:79:C3:7B:5D:87:48:40:EC:39:8A:CA:8C:E6:E6:49:AF:AA
Certificate issuer:       /CN=48abf29fdef8570502f4b51be5ffc05c4d9b3465
Certificate serial:       0194258F5EBD2CB3ED8580256E43B3A7C2C6
Authority key identifier: 48:AB:F2:9F:DE:F8:57:05:02:F4:B5:1B:E5:FF:C0:5C:4D:9B:34:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SKvyn974VwUC9LUb5f_AXE2bNGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/YmWNecN7XYdIQOw5isqM5uZJr6o.roa
Signing time:             Thu 02 Jan 2025 05:49:00 +0000
ROA not before:           Thu 02 Jan 2025 05:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203392
IP address blocks:        45.148.249.0/24 maxlen: 24
                          185.140.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/SKvyn974VwUC9LUb5f_AXE2bNGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/SKvyn974VwUC9LUb5f_AXE2bNGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SKvyn974VwUC9LUb5f_AXE2bNGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:5e:bd:2c:b3:ed:85:80:25:6e:43:b3:a7:c2:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48abf29fdef8570502f4b51be5ffc05c4d9b3465
        Validity
            Not Before: Jan  2 05:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62658d79c37b5d874840ec398aca8ce6e649afaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:77:48:c8:01:ed:f6:d1:d6:ee:57:37:80:b6:
                    b8:9c:5c:67:48:d9:46:8a:73:a3:bb:ca:d7:2a:1c:
                    a8:0d:b0:2b:cd:0d:09:c6:3a:1a:8b:2a:39:ea:8d:
                    20:dd:a8:69:62:71:d1:75:a5:ee:ae:61:25:e6:75:
                    ab:f8:01:7c:1b:62:47:13:62:d6:55:b8:ec:5b:be:
                    ea:88:62:77:c6:6f:e0:45:cd:93:46:1c:50:63:61:
                    c7:18:04:92:67:9b:22:1b:60:66:76:54:02:4b:ef:
                    d1:7e:78:7d:8e:1f:38:95:31:67:1b:a2:8c:4d:ea:
                    65:cd:8f:e5:c7:f5:ba:5b:4e:d8:47:2c:b8:b0:9e:
                    05:1f:68:f0:3d:90:0d:99:8a:84:86:12:9b:0c:12:
                    45:cd:c5:c0:0e:e7:ad:5d:57:19:47:c4:57:a4:07:
                    82:20:2c:a7:a6:2e:41:79:b8:59:93:39:75:97:a2:
                    88:bc:cb:0b:e9:3a:2b:5d:30:59:3f:ca:29:89:46:
                    9d:b8:81:a3:90:07:ea:53:9d:a6:ed:aa:e1:f7:2e:
                    73:47:ff:43:48:e9:b1:3a:52:65:3b:b5:70:0d:c2:
                    53:97:23:bc:6b:1b:13:95:19:12:c8:6d:88:05:4c:
                    c5:ec:87:df:78:c5:5f:a8:f9:d6:aa:2a:b3:db:78:
                    a7:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:65:8D:79:C3:7B:5D:87:48:40:EC:39:8A:CA:8C:E6:E6:49:AF:AA
            X509v3 Authority Key Identifier:
                keyid:48:AB:F2:9F:DE:F8:57:05:02:F4:B5:1B:E5:FF:C0:5C:4D:9B:34:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SKvyn974VwUC9LUb5f_AXE2bNGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/YmWNecN7XYdIQOw5isqM5uZJr6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/SKvyn974VwUC9LUb5f_AXE2bNGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.249.0/24
                  185.140.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:65:02:cf:a1:23:54:93:1b:60:0e:4d:fa:70:0f:34:95:3b:
         62:36:7c:32:ee:64:9d:c4:af:a8:37:5c:e1:41:64:de:44:21:
         0c:59:bb:ee:51:ea:ce:3a:dc:6a:cf:12:83:35:ec:ad:14:c7:
         18:15:b3:16:bd:79:eb:51:55:bf:98:8e:20:d0:d9:fe:77:08:
         c6:f1:0f:9d:88:68:7d:42:8e:2f:fa:4f:40:08:ab:3c:1b:83:
         7c:81:9b:a3:ea:bb:ba:0c:0c:78:85:10:40:8c:d4:6b:54:01:
         61:b3:47:50:ed:d6:47:af:6e:70:b3:44:4f:e2:ea:ae:21:ab:
         ab:c6:25:2e:2e:2e:e1:1e:c8:78:ea:c8:7a:5e:4d:04:12:88:
         00:89:3c:5a:6d:d4:2e:2d:31:aa:c8:dd:8e:ba:75:55:b5:4d:
         97:eb:e4:5c:6b:5d:00:a1:21:67:26:23:8c:21:cb:86:fa:98:
         b4:34:8e:d8:ec:d0:de:f4:d4:93:84:c1:7e:37:34:ce:05:ca:
         29:7c:08:1d:ec:8e:72:c5:0f:f5:49:70:dd:94:0c:f5:35:9e:
         e3:37:0c:f5:27:b2:47:3c:29:42:be:3a:24:ed:66:3e:55:3a:
         fa:d9:6f:fc:0d:d1:3e:4e:46:b1:7d:a5:fe:bd:ca:a6:0e:6b:
         5b:b7:69:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlj169LLPthYAlbkOzp8LGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4YWJmMjlmZGVmODU3MDUwMmY0YjUxYmU1ZmZjMDVjNGQ5
YjM0NjUwHhcNMjUwMTAyMDU0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjY1OGQ3OWMzN2I1ZDg3NDg0MGVjMzk4YWNhOGNlNmU2NDlhZmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3dIyAHt9tHW7lc3gLa4nFxnSNlG
inOju8rXKhyoDbArzQ0Jxjoaiyo56o0g3ahpYnHRdaXurmEl5nWr+AF8G2JHE2LW
VbjsW77qiGJ3xm/gRc2TRhxQY2HHGASSZ5siG2BmdlQCS+/Rfnh9jh84lTFnG6KM
TeplzY/lx/W6W07YRyy4sJ4FH2jwPZANmYqEhhKbDBJFzcXADuetXVcZR8RXpAeC
ICynpi5BebhZkzl1l6KIvMsL6TorXTBZP8opiUaduIGjkAfqU52m7arh9y5zR/9D
SOmxOlJlO7VwDcJTlyO8axsTlRkSyG2IBUzF7IffeMVfqPnWqiqz23inuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGJljXnDe12HSEDsOYrKjObmSa+qMB8GA1UdIwQY
MBaAFEir8p/e+FcFAvS1G+X/wFxNmzRlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0t2eW45NzRWd1VDOUxVYjVmX0FYRTJiTkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9hZjQxY2ItZmY5MS00NTljLTlhNjQt
YWJhMTEzZjNlM2FlLzEvWW1XTmVjTjdYWWRJUU93NWlzcU01dVpKcjZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9hZjQxY2ItZmY5MS00NTljLTlhNjQtYWJhMTEzZjNlM2Fl
LzEvU0t2eW45NzRWd1VDOUxVYjVmX0FYRTJiTkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZT5AwQA
uYzpMA0GCSqGSIb3DQEBCwUAA4IBAQBAZQLPoSNUkxtgDk36cA80lTtiNnwy7mSd
xK+oN1zhQWTeRCEMWbvuUerOOtxqzxKDNeytFMcYFbMWvXnrUVW/mI4g0Nn+dwjG
8Q+diGh9Qo4v+k9ACKs8G4N8gZuj6ru6DAx4hRBAjNRrVAFhs0dQ7dZHr25ws0RP
4uquIaurxiUuLi7hHsh46sh6Xk0EEogAiTxabdQuLTGqyN2OunVVtU2X6+Rca10A
oSFnJiOMIcuG+pi0NI7Y7NDe9NSThMF+NzTOBcopfAgd7I5yxQ/1SXDdlAz1NZ7j
Nwz1J7JHPClCvjok7WY+VTr62W/8DdE+TkaxfaX+vcqmDmtbt2me
-----END CERTIFICATE-----