Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ABMKbuAj1er2MrO9ZiV0OkckNWA.roa
File:                     ABMKbuAj1er2MrO9ZiV0OkckNWA.roa (raw, json)
Hash identifier:          mMC03CHqrSryqxQrNgsHtZ81Kz8Kx5BFEtASnmhSa78=
Subject key identifier:   00:13:0A:6E:E0:23:D5:EA:F6:32:B3:BD:66:25:74:3A:47:24:35:60
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0194244529F2D2A084593B443857E9860966
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ABMKbuAj1er2MrO9ZiV0OkckNWA.roa
Signing time:             Wed 01 Jan 2025 23:48:19 +0000
ROA not before:           Wed 01 Jan 2025 23:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62563
IP address blocks:        45.135.12.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 18:38:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:29:f2:d2:a0:84:59:3b:44:38:57:e9:86:09:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 23:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00130a6ee023d5eaf632b3bd6625743a47243560
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:af:6a:6c:19:1a:33:fe:7a:af:b1:d2:c9:68:
                    70:b1:c3:3f:b3:a0:50:67:ee:eb:ca:b5:9e:5b:a5:
                    b1:04:f2:17:0b:34:35:0b:f4:55:22:d7:4b:c9:19:
                    a3:7b:a6:71:1a:06:19:0b:9f:96:a2:aa:4c:1e:00:
                    b0:b5:42:64:9d:df:0a:99:8a:03:57:02:d7:ce:f4:
                    43:54:89:a0:b7:05:d1:78:e2:63:5d:7f:5a:42:e7:
                    a4:39:d9:86:5f:73:64:79:22:0e:8d:3d:32:1a:17:
                    17:29:73:e0:af:cb:84:81:23:09:d4:8c:b8:51:91:
                    cf:9f:22:83:c2:89:17:da:b5:a3:03:2f:bf:91:69:
                    46:3d:a7:51:82:65:39:01:39:33:8e:9f:07:6a:8b:
                    a9:1d:23:3e:74:12:22:82:9e:c8:2e:f1:88:89:d3:
                    e5:13:12:aa:d9:a6:02:c6:3e:97:0b:fb:45:d0:72:
                    f1:d2:82:b1:49:9b:44:be:c7:c1:fb:9a:54:bf:0d:
                    61:06:89:23:87:d4:84:99:be:0e:1f:3f:93:5a:8f:
                    66:d0:53:a9:0b:a0:24:7b:f9:fd:27:6c:44:53:94:
                    a3:f7:ec:3f:9b:77:12:10:df:4c:b1:1a:2c:44:d9:
                    7e:ba:b9:dd:df:68:ad:b4:49:fc:42:b6:aa:80:af:
                    c1:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:13:0A:6E:E0:23:D5:EA:F6:32:B3:BD:66:25:74:3A:47:24:35:60
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ABMKbuAj1er2MrO9ZiV0OkckNWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:1c:cb:f3:c5:aa:22:02:9f:a1:9e:80:a0:b5:f7:9c:05:d6:
         98:ae:2a:f3:f7:be:61:21:0b:21:da:a0:e7:44:fd:71:d9:68:
         02:6e:d8:11:8c:69:ee:30:31:83:e6:d9:d5:65:39:48:2b:4c:
         ce:8f:3c:d8:09:44:f1:fd:04:9b:69:ba:17:2b:8b:1d:98:66:
         9c:4c:8f:06:b2:9c:ff:0f:52:fc:02:75:95:ae:40:fd:2f:e4:
         4d:28:7f:e7:4d:c4:57:93:87:cc:97:80:8f:64:e6:5a:18:63:
         db:c8:44:9d:b7:be:e7:c9:b6:27:ee:30:33:25:24:c1:53:35:
         52:0b:be:e4:74:dd:18:c5:73:58:f2:fe:09:4d:cb:86:86:75:
         ba:7b:07:47:0b:8b:47:83:13:c4:23:09:cb:d8:79:ec:33:a1:
         b9:31:fa:d0:cb:27:e1:59:c7:8c:72:93:4d:0a:c9:d8:24:5c:
         7a:e1:9d:f4:43:ee:86:e2:a5:56:01:43:30:0f:84:2f:58:0d:
         29:9c:f6:87:e9:cd:7a:10:61:5a:28:52:7e:32:92:78:14:27:
         18:b8:c5:87:ef:ac:64:39:d2:d3:19:f9:e5:b4:00:01:ad:c1:
         70:8b:31:a0:8b:eb:e6:0a:e8:76:51:b9:40:bc:7d:81:6d:a3:
         88:a1:2f:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRSny0qCEWTtEOFfphglmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwMTAxMjM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDEzMGE2ZWUwMjNkNWVhZjYzMmIzYmQ2NjI1NzQzYTQ3MjQzNTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs69qbBkaM/56r7HSyWhwscM/s6BQ
Z+7ryrWeW6WxBPIXCzQ1C/RVItdLyRmje6ZxGgYZC5+WoqpMHgCwtUJknd8KmYoD
VwLXzvRDVImgtwXReOJjXX9aQuekOdmGX3NkeSIOjT0yGhcXKXPgr8uEgSMJ1Iy4
UZHPnyKDwokX2rWjAy+/kWlGPadRgmU5ATkzjp8HaoupHSM+dBIigp7ILvGIidPl
ExKq2aYCxj6XC/tF0HLx0oKxSZtEvsfB+5pUvw1hBokjh9SEmb4OHz+TWo9m0FOp
C6Ake/n9J2xEU5Sj9+w/m3cSEN9MsRosRNl+urnd32ittEn8QraqgK/BVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAATCm7gI9Xq9jKzvWYldDpHJDVgMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvQUJNS2J1QWoxZXIyTXJPOVppVjBPa2NrTldBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYcMMA0G
CSqGSIb3DQEBCwUAA4IBAQCgHMvzxaoiAp+hnoCgtfecBdaYrirz975hIQsh2qDn
RP1x2WgCbtgRjGnuMDGD5tnVZTlIK0zOjzzYCUTx/QSbaboXK4sdmGacTI8Gspz/
D1L8AnWVrkD9L+RNKH/nTcRXk4fMl4CPZOZaGGPbyESdt77nybYn7jAzJSTBUzVS
C77kdN0YxXNY8v4JTcuGhnW6ewdHC4tHgxPEIwnL2HnsM6G5MfrQyyfhWceMcpNN
CsnYJFx64Z30Q+6G4qVWAUMwD4QvWA0pnPaH6c16EGFaKFJ+MpJ4FCcYuMWH76xk
OdLTGfnltAABrcFwizGgi+vmCuh2UblAvH2BbaOIoS8J
-----END CERTIFICATE-----