Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/RaKLAB2smn45UsK3_N7EvTP4-a8.roa
File:                     RaKLAB2smn45UsK3_N7EvTP4-a8.roa (raw, json)
Hash identifier:          UNiaEX5/m7HFBIb1U1qvg3duo49HjTZsPkXySBHPnoA=
Subject key identifier:   45:A2:8B:00:1D:AC:9A:7E:39:52:C2:B7:FC:DE:C4:BD:33:F8:F9:AF
Certificate issuer:       /CN=bf41addc9a4eea246d42f98c7c72b30b68d67a97
Certificate serial:       01941FFA761A6BC2606F4ED094E1FECC511F
Authority key identifier: BF:41:AD:DC:9A:4E:EA:24:6D:42:F9:8C:7C:72:B3:0B:68:D6:7A:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v0Gt3JpO6iRtQvmMfHKzC2jWepc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/RaKLAB2smn45UsK3_N7EvTP4-a8.roa
Signing time:             Wed 01 Jan 2025 03:48:15 +0000
ROA not before:           Wed 01 Jan 2025 03:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     147003
IP address blocks:        45.87.102.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/v0Gt3JpO6iRtQvmMfHKzC2jWepc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/v0Gt3JpO6iRtQvmMfHKzC2jWepc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v0Gt3JpO6iRtQvmMfHKzC2jWepc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:76:1a:6b:c2:60:6f:4e:d0:94:e1:fe:cc:51:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf41addc9a4eea246d42f98c7c72b30b68d67a97
        Validity
            Not Before: Jan  1 03:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45a28b001dac9a7e3952c2b7fcdec4bd33f8f9af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:36:9e:44:05:9d:36:0c:e0:ff:94:5f:ed:7c:
                    4a:ad:36:1c:ab:d4:25:af:24:08:09:08:d1:8d:e6:
                    b9:65:dd:dd:43:8f:be:12:32:fa:e1:9a:78:09:f7:
                    0c:f4:94:af:ba:4f:77:b6:e4:12:04:a8:28:0e:c9:
                    c6:b3:62:43:4f:26:4d:2c:91:82:fe:1f:49:19:d5:
                    22:16:2e:de:6f:a8:36:8b:9b:6a:b0:b0:18:56:bb:
                    3d:1b:99:63:41:e0:5d:ee:ed:42:54:7a:97:0a:7a:
                    86:92:8d:68:ba:2c:28:a6:2f:40:1f:41:58:1c:53:
                    d4:1e:af:33:4d:a0:d0:2e:d6:61:e2:77:ed:7f:2a:
                    e3:04:12:9c:e2:2f:f1:01:ee:9f:84:41:f7:01:7f:
                    e0:18:51:08:4c:97:97:a0:80:d3:d6:d9:6d:e4:0c:
                    3d:6a:36:a5:c1:91:5f:44:e9:3a:e5:b6:37:ea:ea:
                    ff:34:ec:86:24:78:1d:0b:ac:c2:1a:44:d2:b2:bf:
                    cb:cc:f7:c8:c7:d9:52:89:33:a6:65:93:e4:e9:20:
                    28:80:5a:14:1d:73:bc:41:79:1c:01:a2:26:dc:df:
                    66:75:78:c6:9a:0f:f0:4c:91:d6:ad:bb:ae:8c:e6:
                    49:28:55:ee:b5:76:9c:1e:58:8a:54:bd:5d:c2:7c:
                    de:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:A2:8B:00:1D:AC:9A:7E:39:52:C2:B7:FC:DE:C4:BD:33:F8:F9:AF
            X509v3 Authority Key Identifier:
                keyid:BF:41:AD:DC:9A:4E:EA:24:6D:42:F9:8C:7C:72:B3:0B:68:D6:7A:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v0Gt3JpO6iRtQvmMfHKzC2jWepc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/RaKLAB2smn45UsK3_N7EvTP4-a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/v0Gt3JpO6iRtQvmMfHKzC2jWepc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:d0:87:05:22:c0:91:08:1c:41:5c:21:eb:b1:c2:09:0b:1a:
         fa:c8:99:8a:3d:59:ad:fe:70:40:06:f2:c8:6d:d9:a8:4f:be:
         f5:cd:1d:cf:1f:d7:08:be:40:36:3c:2b:47:73:be:28:0f:d3:
         6c:e2:5b:30:9d:67:af:fa:23:4d:1f:aa:f5:71:f4:4a:da:eb:
         d0:f8:96:7c:92:c7:a4:46:83:eb:94:c9:ec:6a:22:26:f8:db:
         5e:c6:54:e1:00:1c:81:1b:1b:94:d5:d9:50:cf:b6:ad:d1:3b:
         ac:7a:ca:bc:24:8e:7e:04:81:d9:27:c7:56:04:57:af:23:68:
         5e:05:f5:28:06:a3:d1:34:8c:86:64:d5:38:67:7c:0f:2f:11:
         b3:b5:d2:39:53:2a:06:e8:54:56:15:f8:c8:88:bc:f4:6d:74:
         40:61:30:49:59:db:52:2f:a2:71:82:c4:e6:76:d6:f3:18:6a:
         27:a1:f5:4e:f5:34:b6:c6:04:6e:f7:d2:0a:05:0b:74:a5:8c:
         72:50:b7:cd:81:a1:2a:d7:e2:f4:4a:c6:fd:cf:3f:13:c7:41:
         f4:77:93:e0:c9:b2:eb:e5:9b:ed:2f:c1:ae:c2:f9:5a:09:fa:
         07:05:0d:0c:be:a2:dc:4b:f6:46:57:42:e1:ab:14:03:c2:f0:
         82:8f:fa:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+nYaa8Jgb07QlOH+zFEfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNDFhZGRjOWE0ZWVhMjQ2ZDQyZjk4YzdjNzJiMzBiNjhk
NjdhOTcwHhcNMjUwMTAxMDM0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWEyOGIwMDFkYWM5YTdlMzk1MmMyYjdmY2RlYzRiZDMzZjhmOWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8zaeRAWdNgzg/5Rf7XxKrTYcq9Ql
ryQICQjRjea5Zd3dQ4++EjL64Zp4CfcM9JSvuk93tuQSBKgoDsnGs2JDTyZNLJGC
/h9JGdUiFi7eb6g2i5tqsLAYVrs9G5ljQeBd7u1CVHqXCnqGko1ouiwopi9AH0FY
HFPUHq8zTaDQLtZh4nftfyrjBBKc4i/xAe6fhEH3AX/gGFEITJeXoIDT1tlt5Aw9
ajalwZFfROk65bY36ur/NOyGJHgdC6zCGkTSsr/LzPfIx9lSiTOmZZPk6SAogFoU
HXO8QXkcAaIm3N9mdXjGmg/wTJHWrbuujOZJKFXutXacHliKVL1dwnzeUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEWiiwAdrJp+OVLCt/zexL0z+PmvMB8GA1UdIwQY
MBaAFL9BrdyaTuokbUL5jHxyswto1nqXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjBHdDNKcE82aVJ0UXZtTWZIS3pDMmpXZXBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS83MGZjYjMtODMwMi00MWU0LTgzNmEt
ZWVhZDUwOGJlNGVlLzEvUmFLTEFCMnNtbjQ1VXNLM19ON0V2VFA0LWE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS83MGZjYjMtODMwMi00MWU0LTgzNmEtZWVhZDUwOGJlNGVl
LzEvdjBHdDNKcE82aVJ0UXZtTWZIS3pDMmpXZXBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVdmMA0G
CSqGSIb3DQEBCwUAA4IBAQA/0IcFIsCRCBxBXCHrscIJCxr6yJmKPVmt/nBABvLI
bdmoT771zR3PH9cIvkA2PCtHc74oD9Ns4lswnWev+iNNH6r1cfRK2uvQ+JZ8ksek
RoPrlMnsaiIm+NtexlThAByBGxuU1dlQz7at0Tusesq8JI5+BIHZJ8dWBFevI2he
BfUoBqPRNIyGZNU4Z3wPLxGztdI5UyoG6FRWFfjIiLz0bXRAYTBJWdtSL6JxgsTm
dtbzGGonofVO9TS2xgRu99IKBQt0pYxyULfNgaEq1+L0Ssb9zz8Tx0H0d5PgybLr
5ZvtL8GuwvlaCfoHBQ0MvqLcS/ZGV0LhqxQDwvCCj/qJ
-----END CERTIFICATE-----