Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/2GAj9gKqylCM1bmMOziotqhWhBg.roa
File:                     2GAj9gKqylCM1bmMOziotqhWhBg.roa (raw, json)
Hash identifier:          h/91HsBhyQI08af4s/EB2QASiidAwZ1X0g5MBm3tAPw=
Subject key identifier:   D8:60:23:F6:02:AA:CA:50:8C:D5:B9:8C:3B:38:A8:B6:A8:56:84:18
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019424451813D2EB7567995D5E6B03AF59A4
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/2GAj9gKqylCM1bmMOziotqhWhBg.roa
Signing time:             Wed 01 Jan 2025 23:48:15 +0000
ROA not before:           Wed 01 Jan 2025 23:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44094
IP address blocks:        45.138.157.0/24 maxlen: 24
                          193.201.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:18:13:d2:eb:75:67:99:5d:5e:6b:03:af:59:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 23:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d86023f602aaca508cd5b98c3b38a8b6a8568418
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:80:61:37:84:d1:a4:6c:f7:0e:5b:ef:89:46:
                    f4:d1:3e:fb:e7:da:20:d9:da:9a:8d:7c:17:96:c7:
                    ca:65:1e:ed:e7:fe:cd:c3:d1:0d:fe:1b:81:e1:f8:
                    72:61:b2:40:2b:7e:85:d7:77:a0:dc:60:68:3a:20:
                    ce:88:1b:3b:1a:6b:a9:a3:93:7f:ed:e6:01:5d:c4:
                    ed:6c:4a:6b:12:75:2a:a6:60:24:09:52:5c:db:07:
                    b2:40:ae:33:d6:1c:0c:e7:f5:d9:9d:b1:fb:8e:7c:
                    2c:0b:b9:55:b7:39:90:70:54:53:b5:b0:1f:f7:39:
                    04:23:74:b4:3b:12:c6:0d:fe:84:ef:4c:00:c4:6d:
                    fe:a2:72:67:e5:59:ae:9f:e1:a1:dc:5a:4a:d7:a2:
                    63:a1:dd:1f:04:96:7b:61:8b:8b:d7:61:38:7a:29:
                    fa:bc:71:af:20:87:30:ec:67:d3:98:61:bb:48:b7:
                    f9:01:de:24:23:0d:09:8e:dc:05:eb:cf:0b:af:26:
                    d4:d5:cf:df:f7:93:dd:1d:c8:ae:eb:d3:f5:c4:19:
                    af:98:f6:5b:8a:aa:d5:c8:a5:e2:cf:6d:c2:e5:4a:
                    b1:da:e7:aa:4a:b9:46:bb:1c:91:b7:d3:ae:1b:ec:
                    be:3e:c3:af:0f:c7:0c:f0:98:e1:9b:58:9e:fe:fe:
                    2b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:60:23:F6:02:AA:CA:50:8C:D5:B9:8C:3B:38:A8:B6:A8:56:84:18
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/2GAj9gKqylCM1bmMOziotqhWhBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.157.0/24
                  193.201.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:48:31:ed:a0:60:19:d2:0a:72:c9:43:58:6f:38:90:d6:ac:
         5d:19:14:5a:73:bb:b3:39:3c:e5:ae:50:0e:74:92:9f:80:65:
         c4:30:a7:c7:f4:fc:d6:9d:5d:3d:02:80:16:63:3c:90:74:2c:
         a1:aa:c5:b4:de:65:b9:99:d0:f8:5e:50:2d:fc:4a:09:35:d9:
         06:a7:bd:41:9c:7c:45:e2:c8:1e:8f:8c:32:2a:09:08:1e:b1:
         64:8c:ae:3c:11:c8:cd:41:b7:05:5a:82:72:06:25:1d:92:f0:
         a2:3c:e1:43:8a:17:6f:80:81:b1:fc:5f:57:41:a0:95:82:ca:
         18:67:18:98:68:fa:46:38:25:42:af:89:68:f1:b7:ec:45:22:
         d6:98:99:aa:0c:ef:b9:20:39:c6:0a:89:94:ce:5b:ca:4f:0a:
         21:a9:1a:7d:52:98:3b:b8:a9:75:51:c1:35:23:0f:54:de:0d:
         73:a3:46:a4:d6:bc:ca:86:90:0f:7c:1c:7e:6d:6f:e6:a2:cb:
         b0:ce:a5:90:8e:d9:2b:e4:38:96:fd:5b:a5:0c:94:27:24:2a:
         bb:9e:a6:34:d7:a4:20:c3:c4:66:af:52:c7:d0:0f:6f:df:ab:
         59:41:0f:2e:fe:2a:5c:57:c7:b9:74:59:4f:87:34:fe:16:a3:
         24:e0:29:2a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRRgT0ut1Z5ldXmsDr1mkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwMTAxMjM0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODYwMjNmNjAyYWFjYTUwOGNkNWI5OGMzYjM4YThiNmE4NTY4NDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzoBhN4TRpGz3DlvviUb00T7759og
2dqajXwXlsfKZR7t5/7Nw9EN/huB4fhyYbJAK36F13eg3GBoOiDOiBs7Gmupo5N/
7eYBXcTtbEprEnUqpmAkCVJc2weyQK4z1hwM5/XZnbH7jnwsC7lVtzmQcFRTtbAf
9zkEI3S0OxLGDf6E70wAxG3+onJn5Vmun+Gh3FpK16Jjod0fBJZ7YYuL12E4ein6
vHGvIIcw7GfTmGG7SLf5Ad4kIw0JjtwF688LrybU1c/f95PdHciu69P1xBmvmPZb
iqrVyKXiz23C5Uqx2ueqSrlGuxyRt9OuG+y+PsOvD8cM8Jjhm1ie/v4roQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNhgI/YCqspQjNW5jDs4qLaoVoQYMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvMkdBajlnS3F5bENNMWJtTU96aW90cWhXaEJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYqdAwQA
wcl+MA0GCSqGSIb3DQEBCwUAA4IBAQBJSDHtoGAZ0gpyyUNYbziQ1qxdGRRac7uz
OTzlrlAOdJKfgGXEMKfH9PzWnV09AoAWYzyQdCyhqsW03mW5mdD4XlAt/EoJNdkG
p71BnHxF4sgej4wyKgkIHrFkjK48EcjNQbcFWoJyBiUdkvCiPOFDihdvgIGx/F9X
QaCVgsoYZxiYaPpGOCVCr4lo8bfsRSLWmJmqDO+5IDnGComUzlvKTwohqRp9Upg7
uKl1UcE1Iw9U3g1zo0ak1rzKhpAPfBx+bW/mosuwzqWQjtkr5DiW/VulDJQnJCq7
nqY016Qgw8Rmr1LH0A9v36tZQQ8u/ipcV8e5dFlPhzT+FqMk4Ckq
-----END CERTIFICATE-----