Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/JvOQdUjkCtx4pMZ63YDUDSKRif8.roa
File:                     JvOQdUjkCtx4pMZ63YDUDSKRif8.roa (raw, json)
Hash identifier:          lpSKgZ5ZudI2jyQ9YWWPgdYiIoklrO/1U/orK0nz9yw=
Subject key identifier:   26:F3:90:75:48:E4:0A:DC:78:A4:C6:7A:DD:80:D4:0D:22:91:89:FF
Certificate issuer:       /CN=91f5fcedbdb84dd52fc6770d7ccfd3fc6684fa41
Certificate serial:       0194252217B3A62B82F644E9CEB60EFA5B57
Authority key identifier: 91:F5:FC:ED:BD:B8:4D:D5:2F:C6:77:0D:7C:CF:D3:FC:66:84:FA:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kfX87b24TdUvxncNfM_T_GaE-kE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/JvOQdUjkCtx4pMZ63YDUDSKRif8.roa
Signing time:             Thu 02 Jan 2025 03:49:38 +0000
ROA not before:           Thu 02 Jan 2025 03:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        45.82.60.0/24 maxlen: 24
                          45.82.61.0/24 maxlen: 24
                          45.82.62.0/24 maxlen: 24
                          45.82.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/kfX87b24TdUvxncNfM_T_GaE-kE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/kfX87b24TdUvxncNfM_T_GaE-kE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kfX87b24TdUvxncNfM_T_GaE-kE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 06:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:17:b3:a6:2b:82:f6:44:e9:ce:b6:0e:fa:5b:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91f5fcedbdb84dd52fc6770d7ccfd3fc6684fa41
        Validity
            Not Before: Jan  2 03:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26f3907548e40adc78a4c67add80d40d229189ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:4f:9e:61:a5:90:e2:f7:5c:26:49:6a:e7:cb:
                    44:80:4f:25:60:22:4b:6e:11:d9:21:3c:08:57:47:
                    a5:d6:ed:0c:4f:96:04:8b:69:c1:6c:61:e8:61:3d:
                    5d:8b:24:fd:86:ee:11:6b:a9:e4:00:34:6e:1d:75:
                    29:2a:c9:d8:7e:e9:6c:d2:ca:ba:41:5e:44:f2:22:
                    ef:34:df:dc:fc:ce:a7:38:1e:9a:fd:79:e8:3c:d3:
                    4c:4e:bb:ae:e3:1b:c4:da:ea:57:de:be:ef:bd:fc:
                    25:76:54:48:56:d0:bb:98:8c:32:b0:ed:8e:87:df:
                    41:6e:45:27:61:8b:6a:5f:fb:8d:e3:ac:76:a5:40:
                    0b:30:72:7a:d4:ac:49:d5:8a:77:cc:30:8d:fd:47:
                    5e:50:2c:97:8f:95:1c:c3:82:6e:fe:f5:11:5d:59:
                    71:3c:b1:90:3b:40:70:2d:11:e3:db:a8:c3:93:09:
                    eb:f5:12:3c:87:7e:94:6e:48:3a:24:a6:ec:fc:b8:
                    ef:3a:65:a3:a1:18:90:6c:51:ed:67:09:ee:1f:86:
                    22:c0:d4:29:e4:86:07:48:99:8c:21:7e:34:61:63:
                    cb:a3:d2:61:1d:86:bc:51:00:1b:e4:73:9c:c2:11:
                    98:0b:bf:f6:aa:3b:04:82:16:76:90:07:a0:a9:33:
                    4d:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:F3:90:75:48:E4:0A:DC:78:A4:C6:7A:DD:80:D4:0D:22:91:89:FF
            X509v3 Authority Key Identifier:
                keyid:91:F5:FC:ED:BD:B8:4D:D5:2F:C6:77:0D:7C:CF:D3:FC:66:84:FA:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kfX87b24TdUvxncNfM_T_GaE-kE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/JvOQdUjkCtx4pMZ63YDUDSKRif8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/kfX87b24TdUvxncNfM_T_GaE-kE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:6b:ee:2c:5b:ec:21:ac:12:54:42:3f:dc:3f:f8:1b:e7:9e:
         07:d3:7b:95:c7:c9:7e:23:88:52:f5:c1:27:da:f5:3e:cb:84:
         03:5d:bf:c8:55:c4:2e:4d:98:89:bf:24:9c:ac:fe:f9:89:d6:
         80:1f:5f:ee:d7:da:60:87:01:47:53:ab:7b:ab:b9:c7:46:fe:
         6b:2d:fe:67:49:28:4c:01:5d:ed:f1:aa:1c:a0:33:34:75:22:
         36:f0:ff:f2:60:c2:c3:dd:fe:40:73:6b:08:52:24:1b:60:03:
         bf:a4:28:13:8e:e0:44:72:d1:84:f3:b9:b4:93:c6:d1:fc:e7:
         d3:f8:8e:fb:37:9b:f2:5b:5d:8b:9b:a4:7c:41:e9:3b:25:c5:
         d1:98:af:6f:0e:78:bd:b5:80:d7:6e:f2:79:fd:3f:f0:4c:e8:
         73:24:f1:fc:25:f7:3b:a4:b6:30:3a:ce:82:fd:9e:ae:10:96:
         14:8f:a2:71:f8:7a:ff:d0:5a:5a:a7:f0:b5:30:04:9b:ee:78:
         50:c6:fe:f5:0f:91:20:25:37:1a:4d:03:9c:bf:74:08:97:99:
         aa:c4:d2:02:b8:69:a1:20:12:51:46:b5:c6:d2:77:9d:a6:43:
         c0:8c:2d:c1:08:0e:f3:16:85:2e:00:61:08:8e:f4:db:b9:de:
         3d:f4:ec:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIhezpiuC9kTpzrYO+ltXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZjVmY2VkYmRiODRkZDUyZmM2NzcwZDdjY2ZkM2ZjNjY4
NGZhNDEwHhcNMjUwMTAyMDM0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmYzOTA3NTQ4ZTQwYWRjNzhhNGM2N2FkZDgwZDQwZDIyOTE4OWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApE+eYaWQ4vdcJklq58tEgE8lYCJL
bhHZITwIV0el1u0MT5YEi2nBbGHoYT1diyT9hu4Ra6nkADRuHXUpKsnYfuls0sq6
QV5E8iLvNN/c/M6nOB6a/XnoPNNMTruu4xvE2upX3r7vvfwldlRIVtC7mIwysO2O
h99BbkUnYYtqX/uN46x2pUALMHJ61KxJ1Yp3zDCN/UdeUCyXj5Ucw4Ju/vURXVlx
PLGQO0BwLRHj26jDkwnr9RI8h36Ubkg6JKbs/LjvOmWjoRiQbFHtZwnuH4YiwNQp
5IYHSJmMIX40YWPLo9JhHYa8UQAb5HOcwhGYC7/2qjsEghZ2kAegqTNNHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbzkHVI5ArceKTGet2A1A0ikYn/MB8GA1UdIwQY
MBaAFJH1/O29uE3VL8Z3DXzP0/xmhPpBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2ZYODdiMjRUZFV2eG5jTmZNX1RfR2FFLWtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC85YTA5ODEtMGFkOC00OGE1LWJmZWMt
OGNjOTgzMzYxMWU2LzEvSnZPUWRVamtDdHg0cE1aNjNZRFVEU0tSaWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC85YTA5ODEtMGFkOC00OGE1LWJmZWMtOGNjOTgzMzYxMWU2
LzEva2ZYODdiMjRUZFV2eG5jTmZNX1RfR2FFLWtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVI8MA0G
CSqGSIb3DQEBCwUAA4IBAQBRa+4sW+whrBJUQj/cP/gb554H03uVx8l+I4hS9cEn
2vU+y4QDXb/IVcQuTZiJvyScrP75idaAH1/u19pghwFHU6t7q7nHRv5rLf5nSShM
AV3t8aocoDM0dSI28P/yYMLD3f5Ac2sIUiQbYAO/pCgTjuBEctGE87m0k8bR/OfT
+I77N5vyW12Lm6R8Qek7JcXRmK9vDni9tYDXbvJ5/T/wTOhzJPH8Jfc7pLYwOs6C
/Z6uEJYUj6Jx+Hr/0Fpap/C1MASb7nhQxv71D5EgJTcaTQOcv3QIl5mqxNICuGmh
IBJRRrXG0nedpkPAjC3BCA7zFoUuAGEIjvTbud499OwD
-----END CERTIFICATE-----