Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/L5uizbtROk6GB-R7fgrPSdF9458.roa
File:                     L5uizbtROk6GB-R7fgrPSdF9458.roa (raw, json)
Hash identifier:          TQEmzD8dtp5XF7xVELdssPYaS3183qisGdaHaztP3Ns=
Subject key identifier:   2F:9B:A2:CD:BB:51:3A:4E:86:07:E4:7B:7E:0A:CF:49:D1:7D:E3:9F
Certificate issuer:       /CN=c12ac9b14fd261a8d2763aad417432bebc49a0d6
Certificate serial:       019426D9E16C59C5DF7D2A87352EE1FAFA22
Authority key identifier: C1:2A:C9:B1:4F:D2:61:A8:D2:76:3A:AD:41:74:32:BE:BC:49:A0:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/L5uizbtROk6GB-R7fgrPSdF9458.roa
Signing time:             Thu 02 Jan 2025 11:50:00 +0000
ROA not before:           Thu 02 Jan 2025 11:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212122
IP address blocks:        45.143.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e1:6c:59:c5:df:7d:2a:87:35:2e:e1:fa:fa:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c12ac9b14fd261a8d2763aad417432bebc49a0d6
        Validity
            Not Before: Jan  2 11:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f9ba2cdbb513a4e8607e47b7e0acf49d17de39f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ce:ff:8c:8a:a2:c2:ae:dd:c4:58:5f:d3:4e:
                    31:e6:72:aa:e6:73:2e:c9:5d:cb:16:2b:74:72:b3:
                    4c:de:b1:e4:aa:8f:f5:13:1f:2f:75:48:d4:8a:f5:
                    02:e0:bd:5a:fc:a5:a6:e7:74:99:dd:b8:af:77:61:
                    3e:e7:61:1f:73:a2:6a:8d:26:13:c6:65:f7:8a:b5:
                    bb:e1:8f:d1:b8:0b:bc:fc:5a:0d:2b:40:74:0b:e9:
                    b1:8e:41:fb:60:8a:53:c1:ad:0c:9d:09:d8:61:f2:
                    03:9c:5e:a1:31:b2:58:fa:0e:02:2c:38:99:90:fa:
                    3f:3a:5b:1b:5e:0b:1d:6b:15:6c:21:0f:1c:f4:bb:
                    01:b4:64:df:22:c0:da:82:c2:00:32:e7:8e:65:63:
                    64:0e:31:b7:5f:b2:84:51:60:0f:48:ff:61:4a:19:
                    36:c8:ed:a6:c8:a0:80:94:4b:b5:ed:03:06:9d:91:
                    ee:1c:7b:23:c2:f1:88:31:9e:89:a5:ac:ae:2b:30:
                    34:d2:ca:4f:33:f2:bd:93:de:ce:b0:31:8b:2f:6f:
                    ae:f8:c3:aa:70:db:e9:e4:f9:32:72:31:f3:a1:85:
                    b2:cc:d3:22:14:fc:28:1b:39:b0:d8:61:f2:2c:5d:
                    e5:c3:b4:b5:c1:fb:b2:5d:36:0d:b2:02:03:10:20:
                    a6:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:9B:A2:CD:BB:51:3A:4E:86:07:E4:7B:7E:0A:CF:49:D1:7D:E3:9F
            X509v3 Authority Key Identifier:
                keyid:C1:2A:C9:B1:4F:D2:61:A8:D2:76:3A:AD:41:74:32:BE:BC:49:A0:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/L5uizbtROk6GB-R7fgrPSdF9458.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:24:00:fd:19:b2:25:a0:de:3a:e7:75:4c:ea:46:b5:82:6c:
         3c:f5:92:7d:99:b0:67:74:d3:c9:57:d6:9f:c2:75:58:2e:d3:
         12:e6:a3:02:c2:b0:5c:76:3e:1b:e4:0b:86:cc:13:10:74:4d:
         72:98:ca:ac:ed:fd:1e:15:3f:c4:e9:95:72:6c:b0:13:d6:6f:
         50:07:43:59:e2:be:ca:93:db:09:e7:d1:8e:b9:04:32:bb:b9:
         a5:8b:d0:a7:3e:6e:a7:ea:04:15:42:be:90:7e:21:e7:b7:ee:
         a5:26:74:96:ab:f5:65:df:cd:51:b1:0d:d1:d0:0a:a9:54:f1:
         d3:c9:de:fa:ba:f3:a7:5d:a7:e6:33:5b:e8:80:c2:34:f2:34:
         07:87:f9:7d:85:50:ba:75:5e:ec:7b:6c:dd:54:77:8f:bd:11:
         cc:69:65:7b:f5:99:f3:ea:4a:a8:92:da:19:bd:3a:1b:f2:2c:
         02:f1:05:bd:71:9f:b3:bb:82:72:15:f1:96:a7:c3:d6:b3:0a:
         0e:dc:b9:5e:18:80:39:58:11:63:1b:b8:94:7b:5a:68:60:98:
         f3:d9:30:d7:0d:4b:7c:9f:25:95:fe:71:2c:26:64:de:65:78:
         20:b5:e8:64:50:1a:98:48:48:98:e6:35:96:ec:d1:72:ba:b1:
         f5:13:0a:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2eFsWcXffSqHNS7h+voiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMmFjOWIxNGZkMjYxYThkMjc2M2FhZDQxNzQzMmJlYmM0
OWEwZDYwHhcNMjUwMTAyMTE1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjliYTJjZGJiNTEzYTRlODYwN2U0N2I3ZTBhY2Y0OWQxN2RlMzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAos7/jIqiwq7dxFhf004x5nKq5nMu
yV3LFit0crNM3rHkqo/1Ex8vdUjUivUC4L1a/KWm53SZ3bivd2E+52Efc6JqjSYT
xmX3irW74Y/RuAu8/FoNK0B0C+mxjkH7YIpTwa0MnQnYYfIDnF6hMbJY+g4CLDiZ
kPo/OlsbXgsdaxVsIQ8c9LsBtGTfIsDagsIAMueOZWNkDjG3X7KEUWAPSP9hShk2
yO2myKCAlEu17QMGnZHuHHsjwvGIMZ6JpayuKzA00spPM/K9k97OsDGLL2+u+MOq
cNvp5PkycjHzoYWyzNMiFPwoGzmw2GHyLF3lw7S1wfuyXTYNsgIDECCmQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC+bos27UTpOhgfke34Kz0nRfeOfMB8GA1UdIwQY
MBaAFMEqybFP0mGo0nY6rUF0Mr68SaDWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1NySnNVX1NZYWpTZGpxdFFYUXl2cnhKb05ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83MDExZGQtYzJkOS00MzQxLTkyMzYt
MjE2N2NmMDFjZjRhLzEvTDV1aXpidFJPazZHQi1SN2ZnclBTZEY5NDU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83MDExZGQtYzJkOS00MzQxLTkyMzYtMjE2N2NmMDFjZjRh
LzEvd1NySnNVX1NZYWpTZGpxdFFYUXl2cnhKb05ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY8cMA0G
CSqGSIb3DQEBCwUAA4IBAQDUJAD9GbIloN4653VM6ka1gmw89ZJ9mbBndNPJV9af
wnVYLtMS5qMCwrBcdj4b5AuGzBMQdE1ymMqs7f0eFT/E6ZVybLAT1m9QB0NZ4r7K
k9sJ59GOuQQyu7mli9CnPm6n6gQVQr6QfiHnt+6lJnSWq/Vl381RsQ3R0AqpVPHT
yd76uvOnXafmM1vogMI08jQHh/l9hVC6dV7se2zdVHePvRHMaWV79Znz6kqoktoZ
vTob8iwC8QW9cZ+zu4JyFfGWp8PWswoO3LleGIA5WBFjG7iUe1poYJjz2TDXDUt8
nyWV/nEsJmTeZXggtehkUBqYSEiY5jWW7NFyurH1Ewpn
-----END CERTIFICATE-----