Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/b0045d-3ff7-43ab-a64d-c4cf16f2083f/1/f_wj04ETq9bQrF4XPngK42N1KfA.roa
File:                     f_wj04ETq9bQrF4XPngK42N1KfA.roa (raw, json)
Hash identifier:          g/L8C+Uofn47VNMVi+59N+SowKWU37rtsG4L1uBFxUs=
Subject key identifier:   7F:FC:23:D3:81:13:AB:D6:D0:AC:5E:17:3E:78:0A:E3:63:75:29:F0
Certificate issuer:       /CN=52ee489f36de04219cd2192e04a7bdb13914648f
Certificate serial:       019427480BD4D780C08DCB92A7B5D1848018
Authority key identifier: 52:EE:48:9F:36:DE:04:21:9C:D2:19:2E:04:A7:BD:B1:39:14:64:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uu5InzbeBCGc0hkuBKe9sTkUZI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/b0045d-3ff7-43ab-a64d-c4cf16f2083f/1/f_wj04ETq9bQrF4XPngK42N1KfA.roa
Signing time:             Thu 02 Jan 2025 13:50:20 +0000
ROA not before:           Thu 02 Jan 2025 13:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61074
IP address blocks:        45.135.144.0/22 maxlen: 24
                          2a0e:8bc0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/b0045d-3ff7-43ab-a64d-c4cf16f2083f/1/Uu5InzbeBCGc0hkuBKe9sTkUZI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/b0045d-3ff7-43ab-a64d-c4cf16f2083f/1/Uu5InzbeBCGc0hkuBKe9sTkUZI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uu5InzbeBCGc0hkuBKe9sTkUZI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:0b:d4:d7:80:c0:8d:cb:92:a7:b5:d1:84:80:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52ee489f36de04219cd2192e04a7bdb13914648f
        Validity
            Not Before: Jan  2 13:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ffc23d38113abd6d0ac5e173e780ae3637529f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:89:24:0d:24:62:d7:8b:0b:01:ee:8e:53:55:
                    45:6e:72:66:56:08:01:45:5c:a5:33:e7:ff:78:90:
                    f3:28:27:33:23:1f:57:31:2b:df:a8:75:ce:97:62:
                    63:73:75:b8:9b:19:99:26:78:71:05:3d:a3:75:d7:
                    a3:37:76:13:97:58:72:ec:a1:02:2d:b7:11:68:7f:
                    3e:17:73:04:59:e1:6b:9e:90:a3:4f:65:f7:0b:94:
                    5f:08:76:33:01:7d:cf:f8:6a:6a:e8:ee:07:6b:43:
                    ae:61:b1:31:77:72:b1:db:8a:80:b0:98:10:50:65:
                    77:46:e0:b1:17:43:10:f3:ba:64:65:b1:ec:69:e6:
                    0f:04:f0:6f:84:fa:01:be:3f:c0:1f:1d:a7:21:c3:
                    59:12:79:4c:32:2f:b9:4b:a1:a9:11:4b:d9:e0:93:
                    55:c9:32:91:a1:62:84:64:d3:64:a2:81:3b:2d:5b:
                    51:31:2b:82:24:eb:3c:13:e5:93:cc:c2:2e:b8:b1:
                    65:76:7e:3a:d6:b4:9c:41:99:c6:dc:82:da:72:84:
                    ea:e3:d9:17:39:2d:d6:7a:05:26:f7:64:eb:ce:e7:
                    7f:f4:11:52:04:37:55:6f:a4:ec:54:fe:85:5d:eb:
                    c2:de:7a:8c:e2:0d:75:7e:4e:9f:7d:35:01:b0:78:
                    f1:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:FC:23:D3:81:13:AB:D6:D0:AC:5E:17:3E:78:0A:E3:63:75:29:F0
            X509v3 Authority Key Identifier:
                keyid:52:EE:48:9F:36:DE:04:21:9C:D2:19:2E:04:A7:BD:B1:39:14:64:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uu5InzbeBCGc0hkuBKe9sTkUZI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/b0045d-3ff7-43ab-a64d-c4cf16f2083f/1/f_wj04ETq9bQrF4XPngK42N1KfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/b0045d-3ff7-43ab-a64d-c4cf16f2083f/1/Uu5InzbeBCGc0hkuBKe9sTkUZI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.144.0/22
                IPv6:
                  2a0e:8bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         56:ed:c1:af:c4:c5:16:fd:19:25:3a:65:6e:87:b6:1a:bd:c3:
         40:b7:90:6b:1e:1d:eb:59:2a:54:0a:16:ac:7a:af:4f:62:93:
         68:e3:e1:25:63:6b:fb:b5:31:ca:1c:4f:35:09:ea:94:11:2e:
         55:be:a8:da:92:eb:a6:5a:3a:a1:8a:f8:7f:50:d1:34:aa:1f:
         73:0b:36:f1:5a:d0:e4:da:f2:28:64:0c:dc:cf:ce:6d:28:f4:
         51:9d:ea:5e:c7:e2:4e:17:f9:42:aa:c8:9b:dc:02:ae:07:39:
         30:1a:a4:45:97:91:32:66:e3:56:a9:7c:0f:a4:5a:c4:e0:bc:
         fd:1e:d4:59:c6:c3:e2:65:b1:21:66:50:27:3b:99:cd:a2:25:
         07:fd:ce:1a:fa:7e:48:c3:a3:ff:3b:01:ea:42:ba:5e:2f:8f:
         40:7b:03:6b:88:49:69:da:ae:dd:f0:2c:e5:22:d4:90:f5:73:
         96:30:40:c2:b5:2b:4f:18:cf:ea:57:1f:e0:2f:cc:0b:bb:9d:
         dd:7b:b7:66:7d:79:c4:18:f8:96:83:c4:0d:c7:a5:ab:90:b6:
         a2:33:ab:48:1f:98:bf:8a:49:ac:4b:35:c8:09:0c:82:e2:f9:
         b5:8b:8b:e2:df:d4:2b:b6:7f:7c:ae:d0:3e:81:3e:03:10:00:
         f7:8c:2e:c9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnSAvU14DAjcuSp7XRhIAYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZWU0ODlmMzZkZTA0MjE5Y2QyMTkyZTA0YTdiZGIxMzkx
NDY0OGYwHhcNMjUwMTAyMTM1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmZjMjNkMzgxMTNhYmQ2ZDBhYzVlMTczZTc4MGFlMzYzNzUyOWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYkkDSRi14sLAe6OU1VFbnJmVggB
RVylM+f/eJDzKCczIx9XMSvfqHXOl2Jjc3W4mxmZJnhxBT2jddejN3YTl1hy7KEC
LbcRaH8+F3MEWeFrnpCjT2X3C5RfCHYzAX3P+Gpq6O4Ha0OuYbExd3Kx24qAsJgQ
UGV3RuCxF0MQ87pkZbHsaeYPBPBvhPoBvj/AHx2nIcNZEnlMMi+5S6GpEUvZ4JNV
yTKRoWKEZNNkooE7LVtRMSuCJOs8E+WTzMIuuLFldn461rScQZnG3ILacoTq49kX
OS3WegUm92Trzud/9BFSBDdVb6TsVP6FXevC3nqM4g11fk6ffTUBsHjx+wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH/8I9OBE6vW0KxeFz54CuNjdSnwMB8GA1UdIwQY
MBaAFFLuSJ823gQhnNIZLgSnvbE5FGSPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXU1SW56YmVCQ0djMGhrdUJLZTlzVGtVWkk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9iMDA0NWQtM2ZmNy00M2FiLWE2NGQt
YzRjZjE2ZjIwODNmLzEvZl93ajA0RVRxOWJRckY0WFBuZ0s0Mk4xS2ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9iMDA0NWQtM2ZmNy00M2FiLWE2NGQtYzRjZjE2ZjIwODNm
LzEvVXU1SW56YmVCQ0djMGhrdUJLZTlzVGtVWkk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYeQMA0E
AgACMAcDBQMqDovAMA0GCSqGSIb3DQEBCwUAA4IBAQBW7cGvxMUW/RklOmVuh7Ya
vcNAt5BrHh3rWSpUChaseq9PYpNo4+ElY2v7tTHKHE81CeqUES5VvqjakuumWjqh
ivh/UNE0qh9zCzbxWtDk2vIoZAzcz85tKPRRnepex+JOF/lCqsib3AKuBzkwGqRF
l5EyZuNWqXwPpFrE4Lz9HtRZxsPiZbEhZlAnO5nNoiUH/c4a+n5Iw6P/OwHqQrpe
L49AewNriElp2q7d8CzlItSQ9XOWMEDCtStPGM/qVx/gL8wLu53de7dmfXnEGPiW
g8QNx6WrkLaiM6tIH5i/ikmsSzXICQyC4vm1i4vi39Qrtn98rtA+gT4DEAD3jC7J
-----END CERTIFICATE-----