Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/R2PawQq0aEUNn_27xWpTtnBVRIM.roa
File:                     R2PawQq0aEUNn_27xWpTtnBVRIM.roa (raw, json)
Hash identifier:          wgajC5DOyIsq57Qvm++dcs3T7mB2PJ+qFxFBFbbVsAw=
Subject key identifier:   47:63:DA:C1:0A:B4:68:45:0D:9F:FD:BB:C5:6A:53:B6:70:55:44:83
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       0194228E0A25AF3865ECBE7A21F93408F5FF
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/R2PawQq0aEUNn_27xWpTtnBVRIM.roa
Signing time:             Wed 01 Jan 2025 15:48:41 +0000
ROA not before:           Wed 01 Jan 2025 15:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51206
IP address blocks:        92.45.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 03:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:0a:25:af:38:65:ec:be:7a:21:f9:34:08:f5:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 15:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4763dac10ab468450d9ffdbbc56a53b670554483
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:4f:6b:ed:7d:10:f7:99:19:fb:f9:69:d8:2a:
                    6e:b3:36:89:30:86:40:c9:68:00:28:48:db:fb:bf:
                    c3:06:3e:50:ad:72:84:3d:b1:b0:9e:f5:eb:6a:4e:
                    da:c2:8b:9d:f4:1b:f8:e9:50:a1:d1:74:12:3e:29:
                    a4:f2:05:2e:45:f4:88:58:82:3b:0a:61:70:ea:b9:
                    1b:69:9e:b9:b2:12:c4:df:fe:a5:55:ce:1e:55:3b:
                    4a:86:c5:d8:65:24:63:b9:d2:5c:2a:8c:c1:02:d4:
                    ca:b1:d4:6a:b6:d8:26:c2:67:a9:b4:eb:08:93:60:
                    32:4e:40:c6:9e:85:c3:9b:6e:76:44:16:1e:e4:16:
                    da:e9:f1:ec:8b:67:18:43:f9:60:44:86:5a:05:ec:
                    30:69:3f:7d:89:a6:ec:f3:7b:51:a6:f5:02:94:a4:
                    21:1b:ce:cb:e6:3f:aa:d1:b6:54:49:bf:4c:18:64:
                    61:78:88:4c:a3:8a:f2:5b:b8:9f:ec:3d:cc:30:9c:
                    36:b4:32:22:d7:5c:c8:25:01:08:54:46:e5:a1:7e:
                    e3:51:4a:77:59:65:b2:7e:64:f4:1d:bb:7d:da:c0:
                    f7:22:99:ea:7f:4d:ed:b8:83:72:ff:c0:b9:b7:69:
                    29:04:6e:1c:86:b0:a0:36:58:14:60:23:5f:83:f6:
                    ba:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:63:DA:C1:0A:B4:68:45:0D:9F:FD:BB:C5:6A:53:B6:70:55:44:83
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/R2PawQq0aEUNn_27xWpTtnBVRIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.45.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:ae:fa:e8:66:07:de:17:7f:f8:8e:12:c2:9f:b0:41:46:bb:
         44:b1:e3:4a:29:4d:cd:cf:b2:31:b0:01:69:e3:16:4a:95:7b:
         32:f6:7d:d1:3f:70:b1:fa:fb:2d:2b:52:00:ae:73:3b:21:a1:
         d6:e4:6b:53:61:e8:19:3d:72:63:6e:e7:df:0f:0a:fb:12:12:
         94:09:18:42:d8:52:1c:61:f9:ce:c6:44:3f:58:a6:aa:91:5a:
         ba:b8:b7:e1:9c:25:c2:4f:bc:61:12:d3:ca:c6:12:ae:de:87:
         0c:7d:de:8c:54:30:df:5c:6c:ed:3a:2b:5d:ca:49:07:6b:09:
         00:67:52:46:93:d4:41:36:3e:3c:16:ff:86:b9:10:8a:f9:9f:
         03:7d:48:fb:ea:c4:03:be:80:e7:f5:b1:2c:6d:89:46:0b:ff:
         20:97:b0:2d:dd:e3:da:34:2b:d3:d2:df:0e:e2:59:47:5d:db:
         72:08:fd:bc:de:21:65:8f:45:c3:b0:03:9f:82:f5:66:81:ae:
         59:b7:cb:a6:3b:49:7b:2c:07:03:d3:50:39:9b:0e:17:e4:5e:
         50:7f:92:d1:45:34:bd:68:0a:86:6b:1a:2b:6f:44:ce:1e:25:
         a3:79:b5:a0:58:a9:7d:ad:5d:38:4b:8f:ab:fa:c3:69:04:a8:
         47:22:cf:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijgolrzhl7L56Ifk0CPX/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjUwMTAxMTU0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzYzZGFjMTBhYjQ2ODQ1MGQ5ZmZkYmJjNTZhNTNiNjcwNTU0NDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApk9r7X0Q95kZ+/lp2CpuszaJMIZA
yWgAKEjb+7/DBj5QrXKEPbGwnvXrak7awoud9Bv46VCh0XQSPimk8gUuRfSIWII7
CmFw6rkbaZ65shLE3/6lVc4eVTtKhsXYZSRjudJcKozBAtTKsdRqttgmwmeptOsI
k2AyTkDGnoXDm252RBYe5Bba6fHsi2cYQ/lgRIZaBewwaT99iabs83tRpvUClKQh
G87L5j+q0bZUSb9MGGRheIhMo4ryW7if7D3MMJw2tDIi11zIJQEIVEbloX7jUUp3
WWWyfmT0Hbt92sD3Ipnqf03tuINy/8C5t2kpBG4chrCgNlgUYCNfg/a6KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdj2sEKtGhFDZ/9u8VqU7ZwVUSDMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvUjJQYXdRcTBhRVVObl8yN3hXcFR0bkJWUklNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXC0DMA0G
CSqGSIb3DQEBCwUAA4IBAQCSrvroZgfeF3/4jhLCn7BBRrtEseNKKU3Nz7IxsAFp
4xZKlXsy9n3RP3Cx+vstK1IArnM7IaHW5GtTYegZPXJjbuffDwr7EhKUCRhC2FIc
YfnOxkQ/WKaqkVq6uLfhnCXCT7xhEtPKxhKu3ocMfd6MVDDfXGztOitdykkHawkA
Z1JGk9RBNj48Fv+GuRCK+Z8DfUj76sQDvoDn9bEsbYlGC/8gl7At3ePaNCvT0t8O
4llHXdtyCP283iFlj0XDsAOfgvVmga5Zt8umO0l7LAcD01A5mw4X5F5Qf5LRRTS9
aAqGaxorb0TOHiWjebWgWKl9rV04S4+r+sNpBKhHIs+K
-----END CERTIFICATE-----