Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/saU4g4MCrfwSof0kHf4WCgLZKmI.roa
File:                     saU4g4MCrfwSof0kHf4WCgLZKmI.roa (raw, json)
Hash identifier:          jGOXwi/t0u47bHN8xI/HtzKORgrHC2xW5BY0lDPilgQ=
Subject key identifier:   B1:A5:38:83:83:02:AD:FC:12:A1:FD:24:1D:FE:16:0A:02:D9:2A:62
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       0194266BA7788232AD018492A3CB631DDCAD
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/saU4g4MCrfwSof0kHf4WCgLZKmI.roa
Signing time:             Thu 02 Jan 2025 09:49:36 +0000
ROA not before:           Thu 02 Jan 2025 09:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49505
IP address blocks:        45.140.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:a7:78:82:32:ad:01:84:92:a3:cb:63:1d:dc:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 09:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1a538838302adfc12a1fd241dfe160a02d92a62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:37:82:1b:76:18:f4:07:b5:6b:71:98:12:8d:
                    77:cb:70:12:2e:b9:e8:db:52:ba:5d:e0:b3:7a:08:
                    b1:34:cf:4a:fb:ed:a5:b2:5a:ed:92:23:54:50:fa:
                    bd:27:5d:5a:db:06:a2:bb:0d:0f:e6:a9:1c:ca:18:
                    1c:37:cf:11:10:9e:24:6a:7c:3e:87:75:42:6b:21:
                    64:e8:e9:31:2b:3e:88:23:2d:f7:2c:de:c9:54:98:
                    14:16:75:34:76:47:e4:26:e2:4e:b3:03:93:77:16:
                    eb:f7:91:f6:9b:18:bb:80:ab:00:35:fb:bc:43:dd:
                    3d:b3:74:1b:76:1e:e8:8c:b7:d5:fa:e6:40:cb:24:
                    c4:3f:68:4c:b9:fa:0a:7a:c4:ae:36:04:6e:58:35:
                    05:1b:31:aa:e8:de:c2:b6:9b:28:d2:46:5b:8f:73:
                    5d:d3:59:b4:20:12:ff:e7:3d:6b:a5:40:ad:80:b2:
                    fb:58:4a:25:e3:07:c7:03:e4:6a:a2:89:3b:cb:27:
                    7c:6c:b2:95:d9:d4:32:0a:90:5f:e0:11:85:ad:fc:
                    e2:ef:2a:39:0b:15:cb:a9:e7:84:57:9e:6f:04:10:
                    6d:d3:b6:91:de:09:78:53:78:08:2d:80:7f:df:a2:
                    0f:a5:73:13:3f:8d:ed:85:58:9b:15:b9:0e:e5:05:
                    13:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:A5:38:83:83:02:AD:FC:12:A1:FD:24:1D:FE:16:0A:02:D9:2A:62
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/saU4g4MCrfwSof0kHf4WCgLZKmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:ab:5a:45:e6:35:01:59:9d:72:80:dc:17:19:90:2c:a4:98:
         58:6b:41:02:ad:86:c9:e4:30:e7:8e:eb:30:2c:fa:8d:b8:af:
         9d:a8:c9:08:29:2e:a2:b3:19:ca:3b:7b:41:96:21:77:ab:48:
         78:91:ce:10:9b:b2:9b:ec:73:37:62:61:3d:29:45:3b:20:db:
         37:38:4d:0f:61:85:af:f7:ff:7e:4a:88:91:47:42:24:c9:70:
         22:f8:89:ff:5d:e9:f6:51:c8:3b:d5:ef:f9:c5:30:d5:68:1a:
         a6:2d:4f:81:00:87:bb:c3:3b:da:74:80:29:1d:36:77:6d:a6:
         9b:47:b9:cf:34:19:39:d9:d6:8c:0f:05:a8:88:27:88:b9:07:
         6b:fd:87:22:b2:be:87:0d:d0:d3:69:b2:25:ec:c7:d4:35:6d:
         21:bb:31:b2:02:ba:8f:85:ac:1b:40:cd:ff:99:24:2b:a9:aa:
         9c:1e:7e:0e:c7:42:ca:01:8c:69:b3:8d:12:7c:c6:b2:ba:b2:
         04:dd:8a:8d:5f:4f:1a:6b:8a:b0:bd:c3:b5:e4:dc:97:04:f7:
         10:97:0f:81:bd:18:aa:68:be:4e:2e:66:e3:cb:50:57:25:8b:
         ff:32:3a:eb:78:1d:ba:35:73:e2:59:63:93:a1:bf:94:ea:94:
         3e:88:78:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma6d4gjKtAYSSo8tjHdytMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjUwMTAyMDk0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWE1Mzg4MzgzMDJhZGZjMTJhMWZkMjQxZGZlMTYwYTAyZDkyYTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzeCG3YY9Ae1a3GYEo13y3ASLrno
21K6XeCzegixNM9K++2lslrtkiNUUPq9J11a2waiuw0P5qkcyhgcN88REJ4kanw+
h3VCayFk6OkxKz6IIy33LN7JVJgUFnU0dkfkJuJOswOTdxbr95H2mxi7gKsANfu8
Q909s3Qbdh7ojLfV+uZAyyTEP2hMufoKesSuNgRuWDUFGzGq6N7Ctpso0kZbj3Nd
01m0IBL/5z1rpUCtgLL7WEol4wfHA+Rqook7yyd8bLKV2dQyCpBf4BGFrfzi7yo5
CxXLqeeEV55vBBBt07aR3gl4U3gILYB/36IPpXMTP43thVibFbkO5QUTVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGlOIODAq38EqH9JB3+FgoC2SpiMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvc2FVNGc0TUNyZndTb2Ywa0hmNFdDZ0xaS21JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYwGMA0G
CSqGSIb3DQEBCwUAA4IBAQCEq1pF5jUBWZ1ygNwXGZAspJhYa0ECrYbJ5DDnjusw
LPqNuK+dqMkIKS6isxnKO3tBliF3q0h4kc4Qm7Kb7HM3YmE9KUU7INs3OE0PYYWv
9/9+SoiRR0IkyXAi+In/Xen2Ucg71e/5xTDVaBqmLU+BAIe7wzvadIApHTZ3baab
R7nPNBk52daMDwWoiCeIuQdr/Ycisr6HDdDTabIl7MfUNW0huzGyArqPhawbQM3/
mSQrqaqcHn4Ox0LKAYxps40SfMayurIE3YqNX08aa4qwvcO15NyXBPcQlw+BvRiq
aL5OLmbjy1BXJYv/MjrreB26NXPiWWOTob+U6pQ+iHhL
-----END CERTIFICATE-----