Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/fd9054-778d-413d-9e95-5511daa72778/1/cIvicQwvTTI6J8NGKDerxCkfUpQ.roa
File:                     cIvicQwvTTI6J8NGKDerxCkfUpQ.roa (raw, json)
Hash identifier:          KRBjaA428X4oNlaq/pV1Uncb9bEVRkbIjJIh/xlTHjg=
Subject key identifier:   70:8B:E2:71:0C:2F:4D:32:3A:27:C3:46:28:37:AB:C4:29:1F:52:94
Certificate issuer:       /CN=3c859ed693ce3de059caa0a0c1e4245c5e9e37e4
Certificate serial:       019465D3907C708E97E84DC10F006C81FAF6
Authority key identifier: 3C:85:9E:D6:93:CE:3D:E0:59:CA:A0:A0:C1:E4:24:5C:5E:9E:37:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PIWe1pPOPeBZyqCgweQkXF6eN-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/fd9054-778d-413d-9e95-5511daa72778/1/cIvicQwvTTI6J8NGKDerxCkfUpQ.roa
Signing time:             Tue 14 Jan 2025 17:19:11 +0000
ROA not before:           Tue 14 Jan 2025 17:19:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198150
IP address blocks:        45.141.217.0/24 maxlen: 24
                          2a13:9cc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/fd9054-778d-413d-9e95-5511daa72778/1/PIWe1pPOPeBZyqCgweQkXF6eN-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/fd9054-778d-413d-9e95-5511daa72778/1/PIWe1pPOPeBZyqCgweQkXF6eN-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PIWe1pPOPeBZyqCgweQkXF6eN-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:65:d3:90:7c:70:8e:97:e8:4d:c1:0f:00:6c:81:fa:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c859ed693ce3de059caa0a0c1e4245c5e9e37e4
        Validity
            Not Before: Jan 14 17:19:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=708be2710c2f4d323a27c3462837abc4291f5294
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ca:d2:66:72:96:4c:ae:32:59:c7:a9:3e:61:
                    f2:1d:9b:59:1f:23:68:4e:5b:a5:91:d2:59:98:53:
                    a0:cb:c0:8c:cd:23:51:4c:e4:00:14:62:f0:37:83:
                    13:43:28:ee:1d:c0:49:a6:fd:36:85:fa:56:bc:71:
                    c2:9a:d3:27:35:e7:48:75:a0:6b:60:fd:7a:0e:37:
                    9a:3b:3c:2e:d3:87:f2:f7:70:da:c3:e4:96:3d:30:
                    6c:c8:e5:9e:c5:63:57:98:0f:26:ac:54:3d:eb:e5:
                    ce:e0:2c:02:4e:38:30:b4:57:be:c0:7b:11:f1:47:
                    ec:8b:3c:2d:3e:d6:8f:9a:1b:bb:b1:ce:19:34:f5:
                    a5:07:3d:99:2b:db:97:83:ff:8d:26:15:e4:09:fa:
                    87:46:c8:e3:ae:45:9a:05:d0:75:50:c2:49:66:93:
                    35:0b:c4:54:94:a2:55:08:ee:82:06:19:23:30:31:
                    b7:64:47:f0:55:4a:a7:31:21:a8:7e:14:8a:cf:1a:
                    dc:90:82:3b:d5:87:91:69:b1:3a:6c:a0:9b:1a:e7:
                    49:74:8d:7f:98:28:f9:ee:97:78:a3:db:3c:47:59:
                    6f:41:e7:37:7a:fe:62:d7:59:44:22:f8:1d:a5:d3:
                    04:69:25:3d:f0:c1:68:6b:a0:71:d6:5e:fa:2d:4b:
                    1a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:8B:E2:71:0C:2F:4D:32:3A:27:C3:46:28:37:AB:C4:29:1F:52:94
            X509v3 Authority Key Identifier:
                keyid:3C:85:9E:D6:93:CE:3D:E0:59:CA:A0:A0:C1:E4:24:5C:5E:9E:37:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PIWe1pPOPeBZyqCgweQkXF6eN-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/fd9054-778d-413d-9e95-5511daa72778/1/cIvicQwvTTI6J8NGKDerxCkfUpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/fd9054-778d-413d-9e95-5511daa72778/1/PIWe1pPOPeBZyqCgweQkXF6eN-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.217.0/24
                IPv6:
                  2a13:9cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ad:0b:d2:49:27:69:df:57:b4:84:73:dd:c6:06:2d:c0:be:a3:
         68:64:38:ee:31:e5:fd:7c:db:1a:b3:06:41:48:e9:98:ac:9d:
         80:1d:f9:09:93:5a:d1:50:d4:0c:da:c8:3a:ea:dc:c9:6f:c7:
         37:37:e3:cf:10:a8:7f:90:4f:bc:f3:9e:e5:a1:0f:4c:c3:d4:
         8e:c9:3a:e3:0a:8e:8c:4e:1e:37:64:9f:83:d4:11:d0:b5:16:
         eb:a0:1c:70:2f:6b:bf:f1:d3:6d:69:1e:2d:89:ff:1d:d0:fb:
         3a:ec:45:51:2e:d3:15:15:8b:39:ec:89:e9:25:13:be:b3:af:
         c9:6d:10:47:fd:f9:ab:a4:36:ab:2e:74:21:0d:12:4a:f5:a3:
         4e:ff:36:b2:56:63:3a:40:e0:e9:89:f3:2f:49:6a:8c:ba:16:
         1a:91:47:16:c1:f8:14:7e:c6:4e:ef:a8:6c:51:be:66:ad:2c:
         12:6e:86:18:c8:d0:8c:74:fe:61:a0:34:a2:d3:84:02:b1:9e:
         c5:8d:9a:56:e1:10:5a:7b:c3:99:88:a8:2d:98:f1:14:2b:1e:
         33:f9:9b:fa:2f:7c:52:c3:43:d2:1b:88:00:5a:8c:5a:a9:36:
         8d:93:66:99:71:fa:9b:03:69:d6:45:f1:82:20:6d:0a:a8:84:
         a3:4e:33:85
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZRl05B8cI6X6E3BDwBsgfr2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjODU5ZWQ2OTNjZTNkZTA1OWNhYTBhMGMxZTQyNDVjNWU5
ZTM3ZTQwHhcNMjUwMTE0MTcxOTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDhiZTI3MTBjMmY0ZDMyM2EyN2MzNDYyODM3YWJjNDI5MWY1Mjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8rSZnKWTK4yWcepPmHyHZtZHyNo
TlulkdJZmFOgy8CMzSNRTOQAFGLwN4MTQyjuHcBJpv02hfpWvHHCmtMnNedIdaBr
YP16DjeaOzwu04fy93Daw+SWPTBsyOWexWNXmA8mrFQ96+XO4CwCTjgwtFe+wHsR
8UfsizwtPtaPmhu7sc4ZNPWlBz2ZK9uXg/+NJhXkCfqHRsjjrkWaBdB1UMJJZpM1
C8RUlKJVCO6CBhkjMDG3ZEfwVUqnMSGofhSKzxrckII71YeRabE6bKCbGudJdI1/
mCj57pd4o9s8R1lvQec3ev5i11lEIvgdpdMEaSU98MFoa6Bx1l76LUsaoQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHCL4nEML00yOifDRig3q8QpH1KUMB8GA1UdIwQY
MBaAFDyFntaTzj3gWcqgoMHkJFxenjfkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUElXZTFwUE9QZUJaeXFDZ3dlUWtYRjZlTi1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9mZDkwNTQtNzc4ZC00MTNkLTllOTUt
NTUxMWRhYTcyNzc4LzEvY0l2aWNRd3ZUVEk2SjhOR0tEZXJ4Q2tmVXBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9mZDkwNTQtNzc4ZC00MTNkLTllOTUtNTUxMWRhYTcyNzc4
LzEvUElXZTFwUE9QZUJaeXFDZ3dlUWtYRjZlTi1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALY3ZMA0E
AgACMAcDBQMqE5zAMA0GCSqGSIb3DQEBCwUAA4IBAQCtC9JJJ2nfV7SEc93GBi3A
vqNoZDjuMeX9fNsaswZBSOmYrJ2AHfkJk1rRUNQM2sg66tzJb8c3N+PPEKh/kE+8
857loQ9Mw9SOyTrjCo6MTh43ZJ+D1BHQtRbroBxwL2u/8dNtaR4tif8d0Ps67EVR
LtMVFYs57InpJRO+s6/JbRBH/fmrpDarLnQhDRJK9aNO/zayVmM6QODpifMvSWqM
uhYakUcWwfgUfsZO76hsUb5mrSwSboYYyNCMdP5hoDSi04QCsZ7FjZpW4RBae8OZ
iKgtmPEUKx4z+Zv6L3xSw0PSG4gAWoxaqTaNk2aZcfqbA2nWRfGCIG0KqISjTjOF
-----END CERTIFICATE-----