Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/15326f-c174-493a-999c-cf0099e072c3/1/d9EPdccRI9fe31r8YXiF11dbuAE.roa
File:                     d9EPdccRI9fe31r8YXiF11dbuAE.roa (raw, json)
Hash identifier:          Mn6la1cNZ2lvlxnLvxs6dnBmU/hxdiSINwGaH327vug=
Subject key identifier:   77:D1:0F:75:C7:11:23:D7:DE:DF:5A:FC:61:78:85:D7:57:5B:B8:01
Certificate issuer:       /CN=587f5478d1e94f240705722c3789076daf553757
Certificate serial:       0196863F31C0D8844A088C7E6C61599D466B
Authority key identifier: 58:7F:54:78:D1:E9:4F:24:07:05:72:2C:37:89:07:6D:AF:55:37:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WH9UeNHpTyQHBXIsN4kHba9VN1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/15326f-c174-493a-999c-cf0099e072c3/1/d9EPdccRI9fe31r8YXiF11dbuAE.roa
Signing time:             Wed 30 Apr 2025 10:30:10 +0000
ROA not before:           Wed 30 Apr 2025 10:30:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        45.144.220.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/15326f-c174-493a-999c-cf0099e072c3/1/WH9UeNHpTyQHBXIsN4kHba9VN1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/15326f-c174-493a-999c-cf0099e072c3/1/WH9UeNHpTyQHBXIsN4kHba9VN1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WH9UeNHpTyQHBXIsN4kHba9VN1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 01 Jun 2025 22:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:86:3f:31:c0:d8:84:4a:08:8c:7e:6c:61:59:9d:46:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=587f5478d1e94f240705722c3789076daf553757
        Validity
            Not Before: Apr 30 10:30:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77d10f75c71123d7dedf5afc617885d7575bb801
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:1c:be:b2:b5:a8:9d:73:25:53:e3:d2:6d:6f:
                    46:b1:83:19:63:08:c6:29:ed:78:b1:f4:d4:03:ae:
                    7e:1b:21:13:f0:f7:68:be:fb:d9:09:ee:1b:ed:1e:
                    41:37:d8:0c:d2:4f:4f:c1:68:6c:8f:67:82:83:26:
                    83:6f:3c:5c:96:10:61:4f:2e:9a:57:84:1d:18:85:
                    ab:d4:39:9c:4d:00:5b:aa:1d:7b:e6:ec:14:5e:30:
                    97:75:62:7c:04:8b:3d:29:c2:89:90:8a:1d:ca:63:
                    0f:be:33:ab:38:4b:ee:b1:97:d2:c0:f3:cd:de:5e:
                    b0:ac:c6:a9:6a:13:7a:e9:ef:53:e4:86:e8:08:c1:
                    2f:aa:3b:a0:9e:bb:36:9c:68:df:6a:1e:b1:b6:f6:
                    b7:40:05:dc:d5:42:5d:22:a5:1c:60:da:cd:ec:b1:
                    90:70:08:9a:c5:ac:c7:3d:40:d7:f6:3e:c1:72:88:
                    e4:ba:bf:6a:da:58:a9:e6:a9:3a:7a:1b:9a:eb:24:
                    9f:e3:e8:fa:83:89:c8:ec:fb:96:79:dd:f8:cc:b6:
                    a6:ac:a7:4e:37:93:2e:67:74:f6:bf:83:b5:7c:cf:
                    a2:e0:e7:cb:23:70:ef:67:75:f9:9a:53:14:93:e8:
                    29:50:bf:ac:10:75:cf:38:01:e0:3a:a7:4c:b3:8e:
                    b0:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:D1:0F:75:C7:11:23:D7:DE:DF:5A:FC:61:78:85:D7:57:5B:B8:01
            X509v3 Authority Key Identifier:
                keyid:58:7F:54:78:D1:E9:4F:24:07:05:72:2C:37:89:07:6D:AF:55:37:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WH9UeNHpTyQHBXIsN4kHba9VN1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/15326f-c174-493a-999c-cf0099e072c3/1/d9EPdccRI9fe31r8YXiF11dbuAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/15326f-c174-493a-999c-cf0099e072c3/1/WH9UeNHpTyQHBXIsN4kHba9VN1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:c7:f7:e6:18:a9:c9:1d:64:2a:e5:aa:e7:82:0d:23:03:89:
         af:b7:85:19:c1:fb:46:ed:6a:87:9d:4f:3d:52:18:4c:1a:56:
         0f:6e:13:17:ac:d4:bc:10:13:0f:c9:db:58:c5:48:a9:04:01:
         8c:06:4a:fc:d3:e2:af:6c:94:92:13:59:4e:f0:4c:8b:cb:3f:
         c5:c4:81:52:ba:3a:5f:a2:b7:59:e9:a7:e6:90:23:34:43:2d:
         aa:82:44:ee:77:79:fc:56:b0:f1:0d:e5:d9:c7:c7:eb:c1:59:
         39:b7:44:57:44:4f:54:d8:ba:ff:ea:80:bf:bc:df:57:5d:e2:
         17:f9:8a:0e:c2:0a:d9:45:0b:98:8f:bd:49:f3:02:e5:65:67:
         f1:5b:f0:f8:4a:9f:6d:7d:90:8e:a9:eb:92:fd:3a:dd:8a:22:
         ca:44:60:b5:b4:84:4b:fa:09:58:23:7d:91:f5:51:a5:0a:15:
         8f:a4:f8:fb:57:0a:0b:aa:1e:14:c8:a6:0a:73:45:bd:2f:5b:
         2d:a7:0c:cc:00:83:dc:f9:3d:99:01:e2:2b:a5:79:86:e9:a6:
         09:54:73:9a:40:1f:10:23:63:d0:69:a5:e2:e3:17:88:12:1e:
         08:41:77:d5:0d:15:2a:92:db:2b:e7:95:0a:ad:91:e9:5a:03:
         9b:4d:d6:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaGPzHA2IRKCIx+bGFZnUZrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4N2Y1NDc4ZDFlOTRmMjQwNzA1NzIyYzM3ODkwNzZkYWY1
NTM3NTcwHhcNMjUwNDMwMTAzMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2QxMGY3NWM3MTEyM2Q3ZGVkZjVhZmM2MTc4ODVkNzU3NWJiODAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhy+srWonXMlU+PSbW9GsYMZYwjG
Ke14sfTUA65+GyET8PdovvvZCe4b7R5BN9gM0k9PwWhsj2eCgyaDbzxclhBhTy6a
V4QdGIWr1DmcTQBbqh175uwUXjCXdWJ8BIs9KcKJkIodymMPvjOrOEvusZfSwPPN
3l6wrMapahN66e9T5IboCMEvqjugnrs2nGjfah6xtva3QAXc1UJdIqUcYNrN7LGQ
cAiaxazHPUDX9j7Bcojkur9q2lip5qk6ehua6ySf4+j6g4nI7PuWed34zLamrKdO
N5MuZ3T2v4O1fM+i4OfLI3DvZ3X5mlMUk+gpUL+sEHXPOAHgOqdMs46wzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHfRD3XHESPX3t9a/GF4hddXW7gBMB8GA1UdIwQY
MBaAFFh/VHjR6U8kBwVyLDeJB22vVTdXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0g5VWVOSHBUeVFIQlhJc040a0hiYTlWTjFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8xNTMyNmYtYzE3NC00OTNhLTk5OWMt
Y2YwMDk5ZTA3MmMzLzEvZDlFUGRjY1JJOWZlMzFyOFlYaUYxMWRidUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8xNTMyNmYtYzE3NC00OTNhLTk5OWMtY2YwMDk5ZTA3MmMz
LzEvV0g5VWVOSHBUeVFIQlhJc040a0hiYTlWTjFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZDcMA0G
CSqGSIb3DQEBCwUAA4IBAQB+x/fmGKnJHWQq5arngg0jA4mvt4UZwftG7WqHnU89
UhhMGlYPbhMXrNS8EBMPydtYxUipBAGMBkr80+KvbJSSE1lO8EyLyz/FxIFSujpf
ordZ6afmkCM0Qy2qgkTud3n8VrDxDeXZx8frwVk5t0RXRE9U2Lr/6oC/vN9XXeIX
+YoOwgrZRQuYj71J8wLlZWfxW/D4Sp9tfZCOqeuS/TrdiiLKRGC1tIRL+glYI32R
9VGlChWPpPj7VwoLqh4UyKYKc0W9L1stpwzMAIPc+T2ZAeIrpXmG6aYJVHOaQB8Q
I2PQaaXi4xeIEh4IQXfVDRUqktsr55UKrZHpWgObTdab
-----END CERTIFICATE-----