Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/Y8BxdOG4E83LClpFnmkd0iyca1M.roa
File:                     Y8BxdOG4E83LClpFnmkd0iyca1M.roa (raw, json)
Hash identifier:          Ho2liFzRTVRlfVeCSm6qtB/bpgcQQigB8GNzfsMibJM=
Subject key identifier:   63:C0:71:74:E1:B8:13:CD:CB:0A:5A:45:9E:69:1D:D2:2C:9C:6B:53
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       01941FFA69281F1119DCFF183817697E43E1
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/Y8BxdOG4E83LClpFnmkd0iyca1M.roa
Signing time:             Wed 01 Jan 2025 03:48:12 +0000
ROA not before:           Wed 01 Jan 2025 03:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201838
IP address blocks:        45.136.232.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:69:28:1f:11:19:dc:ff:18:38:17:69:7e:43:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 03:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63c07174e1b813cdcb0a5a459e691dd22c9c6b53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:81:3c:e1:90:3e:9a:d0:ab:84:42:ab:25:29:
                    81:f9:7b:36:e7:4a:8a:5f:dc:d6:8c:19:13:32:63:
                    cb:a7:9e:71:7e:cd:5a:84:0b:cb:22:fd:8a:72:39:
                    7b:22:a4:64:c3:fe:e6:80:a0:6d:a9:2b:f3:58:6f:
                    5b:c6:54:65:3c:e7:21:13:54:7e:ea:d0:33:da:21:
                    72:70:1e:f8:9f:22:4e:ec:43:17:87:01:e8:39:7d:
                    9d:77:48:e6:bd:1c:b1:dd:fc:aa:ae:2e:fe:be:7e:
                    28:6c:87:46:97:b3:75:50:26:5e:95:e2:1e:7e:48:
                    bc:62:71:a1:92:b4:ce:41:69:cd:22:15:c6:ed:1e:
                    e4:25:f2:33:54:26:b5:90:6d:11:6e:21:fc:25:54:
                    f5:cc:99:ef:be:82:fa:a3:2d:3a:a7:d6:20:f3:89:
                    7e:83:d7:e7:8a:d0:30:2b:df:e9:69:6b:9c:49:33:
                    88:b7:54:13:c1:3a:1a:ac:7b:70:42:cc:f2:6c:37:
                    c2:a4:e1:9a:d6:6c:54:2d:ff:49:ab:d3:86:42:34:
                    66:de:af:fb:3b:49:58:7b:21:d5:80:ab:40:7f:9a:
                    0a:60:93:f0:53:ff:c8:70:1c:2d:3e:2e:8e:6b:f9:
                    30:17:35:28:ad:a5:72:ec:32:ee:d3:b0:c8:e1:52:
                    fa:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:C0:71:74:E1:B8:13:CD:CB:0A:5A:45:9E:69:1D:D2:2C:9C:6B:53
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/Y8BxdOG4E83LClpFnmkd0iyca1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:1f:42:98:91:16:d4:b6:4f:58:a4:41:55:d2:78:d4:2b:67:
         06:74:d2:00:9f:ac:44:8c:86:fa:9f:7d:e9:3f:2e:52:85:c9:
         75:cc:62:38:d9:87:3d:e5:f0:b0:ac:3e:c1:d7:13:33:3b:6a:
         2e:de:78:d0:e5:05:e3:32:09:b7:b0:32:16:c5:cb:6c:15:42:
         6e:4c:58:27:5d:70:f4:f9:2b:f0:75:73:3e:fd:c8:11:4c:e4:
         56:52:99:e2:e0:fc:44:04:df:d9:77:78:ac:0e:0b:87:97:f4:
         57:bb:a9:78:13:46:b8:4a:57:84:2c:90:15:0a:99:73:69:f4:
         f1:05:d0:61:6a:01:dc:a9:2d:b5:3c:6f:6d:09:58:d5:4e:db:
         8b:d5:1c:da:05:fb:ad:e2:61:3a:95:e4:53:ea:7a:58:fc:77:
         e8:3c:f8:61:1c:2c:71:15:f2:56:a6:5e:02:bb:9b:90:80:fd:
         bd:29:7f:15:e5:ea:2c:e3:e9:77:32:35:43:d4:52:6c:25:a9:
         19:00:e2:f2:d2:8e:f8:8d:d5:57:af:df:d1:df:3b:47:b8:18:
         08:a0:89:bd:96:b1:21:fd:8c:2c:31:a2:fe:e8:ec:3a:c1:bf:
         e7:ac:c7:09:9a:d4:23:83:89:fb:6e:4a:bc:a0:58:9a:ae:51:
         f6:8e:b6:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+mkoHxEZ3P8YOBdpfkPhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjUwMTAxMDM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2MwNzE3NGUxYjgxM2NkY2IwYTVhNDU5ZTY5MWRkMjJjOWM2YjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4E84ZA+mtCrhEKrJSmB+Xs250qK
X9zWjBkTMmPLp55xfs1ahAvLIv2Kcjl7IqRkw/7mgKBtqSvzWG9bxlRlPOchE1R+
6tAz2iFycB74nyJO7EMXhwHoOX2dd0jmvRyx3fyqri7+vn4obIdGl7N1UCZeleIe
fki8YnGhkrTOQWnNIhXG7R7kJfIzVCa1kG0RbiH8JVT1zJnvvoL6oy06p9Yg84l+
g9fnitAwK9/paWucSTOIt1QTwToarHtwQszybDfCpOGa1mxULf9Jq9OGQjRm3q/7
O0lYeyHVgKtAf5oKYJPwU//IcBwtPi6Oa/kwFzUoraVy7DLu07DI4VL6JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPAcXThuBPNywpaRZ5pHdIsnGtTMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvWThCeGRPRzRFODNMQ2xwRm5ta2QwaXljYTFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYjoMA0G
CSqGSIb3DQEBCwUAA4IBAQCUH0KYkRbUtk9YpEFV0njUK2cGdNIAn6xEjIb6n33p
Py5Shcl1zGI42Yc95fCwrD7B1xMzO2ou3njQ5QXjMgm3sDIWxctsFUJuTFgnXXD0
+SvwdXM+/cgRTORWUpni4PxEBN/Zd3isDguHl/RXu6l4E0a4SleELJAVCplzafTx
BdBhagHcqS21PG9tCVjVTtuL1RzaBfut4mE6leRT6npY/HfoPPhhHCxxFfJWpl4C
u5uQgP29KX8V5eos4+l3MjVD1FJsJakZAOLy0o74jdVXr9/R3ztHuBgIoIm9lrEh
/YwsMaL+6Ow6wb/nrMcJmtQjg4n7bkq8oFiarlH2jrYs
-----END CERTIFICATE-----