Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/kJTqxuBl-Q6syRY_DacCTAczGBU.roa
File:                     kJTqxuBl-Q6syRY_DacCTAczGBU.roa (raw, json)
Hash identifier:          6et1FxTpD/+A6Pbq4fE+qn0f8s2ncSLUCy+g6P+v7sg=
Subject key identifier:   90:94:EA:C6:E0:65:F9:0E:AC:C9:16:3F:0D:A7:02:4C:07:33:18:15
Certificate issuer:       /CN=bf41addc9a4eea246d42f98c7c72b30b68d67a97
Certificate serial:       01960C02270AAC83288756547E03174D26C5
Authority key identifier: BF:41:AD:DC:9A:4E:EA:24:6D:42:F9:8C:7C:72:B3:0B:68:D6:7A:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v0Gt3JpO6iRtQvmMfHKzC2jWepc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/kJTqxuBl-Q6syRY_DacCTAczGBU.roa
Signing time:             Sun 06 Apr 2025 16:49:49 +0000
ROA not before:           Sun 06 Apr 2025 16:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53808
IP address blocks:        45.87.102.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/v0Gt3JpO6iRtQvmMfHKzC2jWepc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/v0Gt3JpO6iRtQvmMfHKzC2jWepc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v0Gt3JpO6iRtQvmMfHKzC2jWepc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:0c:02:27:0a:ac:83:28:87:56:54:7e:03:17:4d:26:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf41addc9a4eea246d42f98c7c72b30b68d67a97
        Validity
            Not Before: Apr  6 16:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9094eac6e065f90eacc9163f0da7024c07331815
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a9:6f:63:fe:70:b7:46:3f:9b:3b:f2:2d:9d:
                    76:58:ba:ec:73:d4:a1:0e:a6:45:13:65:d4:8e:7e:
                    3d:7a:8c:f8:8a:49:f7:39:6b:4a:f4:d1:5a:de:7d:
                    cf:2d:1e:54:a8:e6:73:88:5d:34:f0:75:69:31:d7:
                    76:45:91:5f:7e:79:8d:ef:fa:ed:6d:16:fc:f9:19:
                    4a:98:87:e3:90:a4:e9:99:f8:73:b2:fd:de:d5:1f:
                    59:70:05:e7:b6:7d:c4:72:e4:6c:3e:5b:ef:23:48:
                    d3:05:40:b4:90:4c:2a:cd:ed:84:25:6e:5c:d0:1e:
                    84:62:2d:23:ad:f9:b2:e5:e8:e8:1e:07:36:9a:3e:
                    96:8e:58:54:f1:e4:0d:f6:fb:37:e3:18:ed:3e:1d:
                    fc:61:f1:0c:93:c3:d7:46:ce:6b:91:31:ef:46:7c:
                    c9:64:5e:67:db:10:fd:56:56:cf:1a:46:52:9a:97:
                    43:42:f8:95:5f:08:57:c4:33:8f:b3:59:6b:60:f0:
                    6a:fa:76:47:d2:cf:22:30:3a:12:f7:ae:32:a3:29:
                    e2:44:0f:af:e7:12:e2:fe:d5:5e:bf:8d:0b:56:df:
                    e2:a7:e2:01:f7:42:03:0d:a9:c9:93:ab:6c:46:b9:
                    6f:e4:61:28:30:63:38:f2:9e:23:58:07:a8:69:54:
                    7d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:94:EA:C6:E0:65:F9:0E:AC:C9:16:3F:0D:A7:02:4C:07:33:18:15
            X509v3 Authority Key Identifier:
                keyid:BF:41:AD:DC:9A:4E:EA:24:6D:42:F9:8C:7C:72:B3:0B:68:D6:7A:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v0Gt3JpO6iRtQvmMfHKzC2jWepc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/kJTqxuBl-Q6syRY_DacCTAczGBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/70fcb3-8302-41e4-836a-eead508be4ee/1/v0Gt3JpO6iRtQvmMfHKzC2jWepc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:99:58:61:f6:13:d0:ce:5e:dc:6e:87:76:16:50:a4:0d:85:
         6c:dc:86:3c:bc:34:db:f0:89:26:48:d7:ad:ef:51:75:16:1d:
         7b:1d:f6:bf:1f:1e:42:65:1b:df:e3:4e:df:d5:36:81:fe:ed:
         f2:41:85:8e:10:a7:4a:9e:d3:ee:28:0b:bd:b1:8f:8c:84:f9:
         45:f9:b8:2e:90:62:08:ad:cf:6f:d5:b1:57:1c:a4:b1:87:e9:
         bd:cc:88:cd:e0:08:07:fb:a2:42:9b:6d:a3:47:1e:f4:d7:f9:
         21:84:9b:ec:76:d4:c2:0d:3a:d5:5b:66:41:8c:33:96:98:7d:
         9e:a8:fc:91:df:af:6f:98:90:47:ec:fe:51:58:30:a2:83:fc:
         75:48:e3:e0:60:ab:4b:73:a8:8a:24:ac:80:79:04:95:0b:60:
         23:a8:37:33:79:5c:00:a6:a9:ab:9f:c1:9c:a9:8b:97:d7:d5:
         35:79:b4:ab:f1:40:d1:59:c8:83:e9:ee:ac:b3:40:ee:7b:97:
         84:80:66:95:32:9f:39:b2:b7:71:61:08:07:5e:80:1a:1c:db:
         02:3a:c1:a5:60:56:2f:24:97:b2:7f:24:02:db:a6:c2:11:3c:
         cb:8f:da:2f:47:83:ed:49:63:05:99:f2:1a:91:5e:52:67:39:
         da:ff:e8:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYMAicKrIMoh1ZUfgMXTSbFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNDFhZGRjOWE0ZWVhMjQ2ZDQyZjk4YzdjNzJiMzBiNjhk
NjdhOTcwHhcNMjUwNDA2MTY0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDk0ZWFjNmUwNjVmOTBlYWNjOTE2M2YwZGE3MDI0YzA3MzMxODE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6lvY/5wt0Y/mzvyLZ12WLrsc9Sh
DqZFE2XUjn49eoz4ikn3OWtK9NFa3n3PLR5UqOZziF008HVpMdd2RZFffnmN7/rt
bRb8+RlKmIfjkKTpmfhzsv3e1R9ZcAXntn3EcuRsPlvvI0jTBUC0kEwqze2EJW5c
0B6EYi0jrfmy5ejoHgc2mj6WjlhU8eQN9vs34xjtPh38YfEMk8PXRs5rkTHvRnzJ
ZF5n2xD9VlbPGkZSmpdDQviVXwhXxDOPs1lrYPBq+nZH0s8iMDoS964yoyniRA+v
5xLi/tVev40LVt/ip+IB90IDDanJk6tsRrlv5GEoMGM48p4jWAeoaVR9PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJCU6sbgZfkOrMkWPw2nAkwHMxgVMB8GA1UdIwQY
MBaAFL9BrdyaTuokbUL5jHxyswto1nqXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjBHdDNKcE82aVJ0UXZtTWZIS3pDMmpXZXBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS83MGZjYjMtODMwMi00MWU0LTgzNmEt
ZWVhZDUwOGJlNGVlLzEva0pUcXh1QmwtUTZzeVJZX0RhY0NUQWN6R0JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS83MGZjYjMtODMwMi00MWU0LTgzNmEtZWVhZDUwOGJlNGVl
LzEvdjBHdDNKcE82aVJ0UXZtTWZIS3pDMmpXZXBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVdmMA0G
CSqGSIb3DQEBCwUAA4IBAQBJmVhh9hPQzl7cbod2FlCkDYVs3IY8vDTb8IkmSNet
71F1Fh17Hfa/Hx5CZRvf407f1TaB/u3yQYWOEKdKntPuKAu9sY+MhPlF+bgukGII
rc9v1bFXHKSxh+m9zIjN4AgH+6JCm22jRx701/khhJvsdtTCDTrVW2ZBjDOWmH2e
qPyR369vmJBH7P5RWDCig/x1SOPgYKtLc6iKJKyAeQSVC2AjqDczeVwApqmrn8Gc
qYuX19U1ebSr8UDRWciD6e6ss0Due5eEgGaVMp85srdxYQgHXoAaHNsCOsGlYFYv
JJeyfyQC26bCETzLj9ovR4PtSWMFmfIakV5SZzna/+gZ
-----END CERTIFICATE-----