Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/dNqRqY6tmtgccI8cx_uJ4tWqiZA.roa
File:                     dNqRqY6tmtgccI8cx_uJ4tWqiZA.roa (raw, json)
Hash identifier:          g+K2hBhsL/swaozLRy4ek/JzzpG8kCplNhlD1lsyOeY=
Subject key identifier:   74:DA:91:A9:8E:AD:9A:D8:1C:70:8F:1C:C7:FB:89:E2:D5:AA:89:90
Certificate issuer:       /CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
Certificate serial:       01942369BECF6A59BB6D5EDACB709BE44BD2
Authority key identifier: D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/dNqRqY6tmtgccI8cx_uJ4tWqiZA.roa
Signing time:             Wed 01 Jan 2025 19:48:40 +0000
ROA not before:           Wed 01 Jan 2025 19:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211373
IP address blocks:        45.140.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 06:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:be:cf:6a:59:bb:6d:5e:da:cb:70:9b:e4:4b:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
        Validity
            Not Before: Jan  1 19:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74da91a98ead9ad81c708f1cc7fb89e2d5aa8990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:25:44:01:08:48:b5:cd:93:e5:41:e6:f5:44:
                    aa:93:37:be:13:84:5a:92:18:92:ef:1d:f6:a2:f5:
                    51:98:cc:72:87:ea:c5:f0:55:b9:3b:c3:70:8d:cb:
                    1a:88:68:6a:40:72:38:03:6f:17:f4:2a:ef:60:c0:
                    95:8d:09:b0:85:66:6b:78:18:00:c3:ae:3c:74:2c:
                    8f:55:ce:c4:88:a0:b8:88:9b:2b:df:b5:62:71:eb:
                    a0:bf:73:c4:5f:69:df:fb:04:d6:6e:90:ff:90:71:
                    df:ec:cc:c9:ba:7e:8c:ae:33:e3:8a:2d:11:77:54:
                    6e:80:75:d2:b2:c6:f4:6f:61:31:d9:fe:6b:87:bc:
                    3a:37:64:2a:a1:03:22:c1:2d:e6:a9:e5:f2:06:be:
                    26:9c:16:52:41:d5:67:5e:c3:2c:0f:82:79:f6:73:
                    87:24:7e:79:db:a4:22:c7:f7:af:c3:cf:d7:c5:b0:
                    21:2d:81:76:8f:3d:75:d9:8f:cd:86:03:ba:e6:d4:
                    2a:7f:a2:d7:5a:4d:6c:3d:ad:76:6b:33:56:18:06:
                    c8:f0:a2:95:45:7a:4d:3e:63:61:65:02:5f:53:9d:
                    b6:1a:f6:b5:f3:b8:ce:c3:25:08:ce:e3:27:87:f1:
                    35:d0:b0:d4:50:e4:62:22:65:33:f1:c2:f3:ac:b1:
                    89:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:DA:91:A9:8E:AD:9A:D8:1C:70:8F:1C:C7:FB:89:E2:D5:AA:89:90
            X509v3 Authority Key Identifier:
                keyid:D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/dNqRqY6tmtgccI8cx_uJ4tWqiZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:68:8f:83:dd:fb:2f:f5:21:0f:50:21:0e:59:ef:54:93:b6:
         c6:1f:f9:3d:34:57:18:5e:79:ad:51:e4:9d:99:c1:a1:69:05:
         5c:05:fe:2c:af:6c:60:ae:71:30:10:c1:27:95:e4:eb:09:92:
         9c:2c:1e:a8:c7:64:7f:ae:aa:b2:69:89:3c:bc:92:5f:6b:3c:
         91:ec:5e:f7:41:7b:59:bf:e3:3e:b5:0a:46:00:64:97:ff:5d:
         5f:90:c3:5e:b3:37:38:c1:89:cd:fb:1d:7a:80:e2:58:3e:fe:
         04:19:a0:c8:d4:a1:e1:a3:8e:52:3a:3f:8a:92:f8:7b:9a:3b:
         5c:68:27:dd:72:41:f9:ee:36:fa:0f:67:f2:0c:cc:ed:67:0f:
         3e:8d:69:a3:11:69:f1:34:61:8e:91:40:0c:5b:89:36:03:02:
         64:f7:53:f8:44:ef:bc:04:c0:66:c3:0d:65:2c:74:fe:ef:62:
         f2:b4:33:76:b0:04:9a:46:b9:52:b3:3c:2f:d7:2b:d1:21:28:
         05:89:c5:75:84:57:af:a9:d4:15:e6:b5:70:cd:50:00:76:6b:
         e6:c5:00:be:31:15:11:fe:5c:27:20:46:76:d5:d0:70:3f:a7:
         74:9e:bd:33:0f:d4:b6:ad:4f:ae:74:c7:e8:90:a2:36:ae:fd:
         6e:ea:7c:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjab7Palm7bV7ay3Cb5EvSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGUxMjRlMGY4YWRiNGU3ZDk1NzZjZWFlMzI1ZjY2OGRk
MjI0YjEwHhcNMjUwMTAxMTk0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGRhOTFhOThlYWQ5YWQ4MWM3MDhmMWNjN2ZiODllMmQ1YWE4OTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCVEAQhItc2T5UHm9USqkze+E4Ra
khiS7x32ovVRmMxyh+rF8FW5O8NwjcsaiGhqQHI4A28X9CrvYMCVjQmwhWZreBgA
w648dCyPVc7EiKC4iJsr37Viceugv3PEX2nf+wTWbpD/kHHf7MzJun6MrjPjii0R
d1RugHXSssb0b2Ex2f5rh7w6N2QqoQMiwS3mqeXyBr4mnBZSQdVnXsMsD4J59nOH
JH5526Qix/evw8/XxbAhLYF2jz112Y/NhgO65tQqf6LXWk1sPa12azNWGAbI8KKV
RXpNPmNhZQJfU522Gva187jOwyUIzuMnh/E10LDUUORiImUz8cLzrLGJ1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTakamOrZrYHHCPHMf7ieLVqomQMB8GA1UdIwQY
MBaAFNHeEk4PittOfZV2zq4yX2aN0iSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTct
NGY0YzliMzQzZTkwLzEvZE5xUnFZNnRtdGdjY0k4Y3hfdUo0dFdxaVpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTctNGY0YzliMzQzZTkw
LzEvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYz0MA0G
CSqGSIb3DQEBCwUAA4IBAQBhaI+D3fsv9SEPUCEOWe9Uk7bGH/k9NFcYXnmtUeSd
mcGhaQVcBf4sr2xgrnEwEMEnleTrCZKcLB6ox2R/rqqyaYk8vJJfazyR7F73QXtZ
v+M+tQpGAGSX/11fkMNeszc4wYnN+x16gOJYPv4EGaDI1KHho45SOj+Kkvh7mjtc
aCfdckH57jb6D2fyDMztZw8+jWmjEWnxNGGOkUAMW4k2AwJk91P4RO+8BMBmww1l
LHT+72LytDN2sASaRrlSszwv1yvRISgFicV1hFevqdQV5rVwzVAAdmvmxQC+MRUR
/lwnIEZ21dBwP6d0nr0zD9S2rU+udMfokKI2rv1u6nyE
-----END CERTIFICATE-----