Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/xaQwDJ_KO2CHWs_fxID_S-qPc_U.roa
File:                     xaQwDJ_KO2CHWs_fxID_S-qPc_U.roa (raw, json)
Hash identifier:          S4YYoPKyprxxciMGwKlj4DvLClP1a/NG1w22APEBMP4=
Subject key identifier:   C5:A4:30:0C:9F:CA:3B:60:87:5A:CF:DF:C4:80:FF:4B:EA:8F:73:F5
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019424451EA9ED902B3AD9310C7FA4DB9A83
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/xaQwDJ_KO2CHWs_fxID_S-qPc_U.roa
Signing time:             Wed 01 Jan 2025 23:48:17 +0000
ROA not before:           Wed 01 Jan 2025 23:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51167
IP address blocks:        45.13.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 22:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:1e:a9:ed:90:2b:3a:d9:31:0c:7f:a4:db:9a:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 23:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5a4300c9fca3b60875acfdfc480ff4bea8f73f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:bb:ba:94:08:f3:74:fa:9c:09:75:e2:fc:ff:
                    20:85:6d:e4:e3:26:5c:1f:2d:84:99:eb:a3:fd:5f:
                    93:f1:af:13:d7:9c:10:bb:d8:ba:a5:30:f6:81:30:
                    77:c9:53:6e:4d:5c:01:dd:a9:61:2a:a8:62:fb:aa:
                    d5:2f:db:7b:e1:0f:a1:f3:21:68:b0:f6:6c:06:c8:
                    33:6a:cb:81:6d:8f:d8:06:62:79:5c:00:b1:79:93:
                    bf:52:06:31:22:ea:c6:21:3d:96:18:7a:36:64:50:
                    71:4e:b1:29:04:29:b0:37:71:a8:0f:c9:12:08:44:
                    94:03:6b:17:1e:49:7d:95:1b:6f:4a:2c:77:e4:d2:
                    5b:4c:1f:83:50:da:cd:bc:e3:8f:06:50:51:51:02:
                    d4:2e:da:3a:45:bd:8d:5e:28:56:97:4a:50:f9:ed:
                    e6:2f:2c:f4:8d:09:52:79:d9:fc:ed:9f:7b:de:81:
                    64:35:31:cc:64:0c:74:f5:b2:ec:90:4d:cd:93:68:
                    8a:41:ad:c8:7b:74:49:51:a7:cc:e9:0b:88:71:0f:
                    c3:46:2b:30:10:6c:cd:6a:d0:5c:7a:6f:f8:0d:b4:
                    b7:67:69:69:82:02:84:e0:c4:68:2a:a9:e0:f0:cb:
                    8a:79:0f:4c:9c:70:d5:54:cf:c7:3d:8e:38:eb:14:
                    09:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:A4:30:0C:9F:CA:3B:60:87:5A:CF:DF:C4:80:FF:4B:EA:8F:73:F5
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/xaQwDJ_KO2CHWs_fxID_S-qPc_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:42:e1:b0:82:19:b4:04:5a:19:96:52:76:a8:21:6c:14:92:
         d7:6c:4c:44:a4:ef:75:d7:52:43:27:d7:e2:86:50:95:5d:0f:
         3b:c0:30:5d:f4:71:d9:13:26:1b:ed:0d:0d:f3:04:09:bc:b0:
         87:b0:cd:19:83:61:41:5e:9f:f1:84:85:d3:dd:dd:59:f8:8a:
         b5:cb:45:18:96:f3:c5:24:ba:a5:7f:29:2f:58:7b:e6:9c:15:
         24:59:e3:d0:99:4d:1b:20:99:1f:3c:79:19:6c:fe:6c:c5:ae:
         77:6b:df:d9:69:56:2e:15:9d:63:7b:96:03:97:44:bf:6d:d7:
         24:41:79:43:f5:1c:08:92:ab:08:f0:ff:6d:6f:74:e8:ea:5f:
         bc:43:a2:b4:cc:61:fd:39:06:10:aa:06:c3:9c:89:ec:58:cf:
         e0:e2:9f:d8:a5:0e:ce:b7:eb:2e:c3:87:e8:ad:41:9b:3d:87:
         cf:4e:45:20:0f:72:ee:41:68:37:19:04:b1:90:5a:79:82:9d:
         9b:32:8a:2f:84:ac:70:0a:8c:e4:6e:0f:70:38:be:0f:95:7c:
         59:9e:92:70:bd:99:7e:af:7c:3f:44:c9:1d:ea:85:cf:c0:47:
         45:f1:d5:82:fc:48:a8:ea:24:8a:84:77:a9:11:4f:d8:95:ae:
         61:20:88:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRR6p7ZArOtkxDH+k25qDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwMTAxMjM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWE0MzAwYzlmY2EzYjYwODc1YWNmZGZjNDgwZmY0YmVhOGY3M2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7u6lAjzdPqcCXXi/P8ghW3k4yZc
Hy2Emeuj/V+T8a8T15wQu9i6pTD2gTB3yVNuTVwB3alhKqhi+6rVL9t74Q+h8yFo
sPZsBsgzasuBbY/YBmJ5XACxeZO/UgYxIurGIT2WGHo2ZFBxTrEpBCmwN3GoD8kS
CESUA2sXHkl9lRtvSix35NJbTB+DUNrNvOOPBlBRUQLULto6Rb2NXihWl0pQ+e3m
Lyz0jQlSedn87Z973oFkNTHMZAx09bLskE3Nk2iKQa3Ie3RJUafM6QuIcQ/DRisw
EGzNatBcem/4DbS3Z2lpggKE4MRoKqng8MuKeQ9MnHDVVM/HPY446xQJIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWkMAyfyjtgh1rP38SA/0vqj3P1MB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEveGFRd0RKX0tPMkNIV3NfZnhJRF9TLXFQY19VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ3AMA0G
CSqGSIb3DQEBCwUAA4IBAQBaQuGwghm0BFoZllJ2qCFsFJLXbExEpO9111JDJ9fi
hlCVXQ87wDBd9HHZEyYb7Q0N8wQJvLCHsM0Zg2FBXp/xhIXT3d1Z+Iq1y0UYlvPF
JLqlfykvWHvmnBUkWePQmU0bIJkfPHkZbP5sxa53a9/ZaVYuFZ1je5YDl0S/bdck
QXlD9RwIkqsI8P9tb3To6l+8Q6K0zGH9OQYQqgbDnInsWM/g4p/YpQ7Ot+suw4fo
rUGbPYfPTkUgD3LuQWg3GQSxkFp5gp2bMoovhKxwCozkbg9wOL4PlXxZnpJwvZl+
r3w/RMkd6oXPwEdF8dWC/Eio6iSKhHepEU/Yla5hIIja
-----END CERTIFICATE-----