Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/xelQwmSnZUsP7vwyXYG-OjnLzks.roa
File:                     xelQwmSnZUsP7vwyXYG-OjnLzks.roa (raw, json)
Hash identifier:          VANd7e1T8sboSWcnlJJpwtTBZNkVD3ZVwPQJ+ivjoHw=
Subject key identifier:   C5:E9:50:C2:64:A7:65:4B:0F:EE:FC:32:5D:81:BE:3A:39:CB:CE:4B
Certificate issuer:       /CN=f3751cf8c3a2d36c9744c96519899945ac607820
Certificate serial:       01941FFA96E5E7AA54A7ABB18CACA0D6F956
Authority key identifier: F3:75:1C:F8:C3:A2:D3:6C:97:44:C9:65:19:89:99:45:AC:60:78:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/83Uc-MOi02yXRMllGYmZRaxgeCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/xelQwmSnZUsP7vwyXYG-OjnLzks.roa
Signing time:             Wed 01 Jan 2025 03:48:23 +0000
ROA not before:           Wed 01 Jan 2025 03:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203140
IP address blocks:        45.90.2.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/83Uc-MOi02yXRMllGYmZRaxgeCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/83Uc-MOi02yXRMllGYmZRaxgeCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/83Uc-MOi02yXRMllGYmZRaxgeCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:96:e5:e7:aa:54:a7:ab:b1:8c:ac:a0:d6:f9:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3751cf8c3a2d36c9744c96519899945ac607820
        Validity
            Not Before: Jan  1 03:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5e950c264a7654b0feefc325d81be3a39cbce4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:5b:7d:d6:42:49:fb:5d:2d:ce:e9:74:84:d5:
                    71:1a:6f:64:7f:3b:4c:8a:1b:3f:6f:da:cd:09:3e:
                    de:b6:b6:6a:1b:c7:5d:80:9c:81:cf:99:ad:d7:ea:
                    4d:70:3f:1c:ae:63:4f:e1:b8:f5:12:af:cc:38:91:
                    e2:ac:e2:d6:9d:93:e7:22:d3:cf:22:a4:d1:fb:86:
                    a7:69:a9:36:d1:63:f2:87:7e:79:85:e5:37:9b:06:
                    85:25:8e:40:16:22:f0:76:02:ef:fd:da:2a:46:8a:
                    80:71:52:56:6e:7c:58:4f:82:d2:58:44:ed:47:ed:
                    37:32:2d:c7:49:ca:c2:35:18:d3:24:0b:d9:a5:e4:
                    65:4b:99:a8:20:a6:fc:dd:8b:0d:8f:65:88:d3:3b:
                    6f:e9:07:d6:f8:82:7a:03:ba:7e:3c:41:a9:86:97:
                    20:dd:28:9b:83:0f:19:eb:40:0a:a9:1f:54:dd:3f:
                    33:7d:e7:d2:2c:8f:72:e3:a3:34:ed:e2:8f:40:ba:
                    a1:fd:13:1d:e0:ec:23:f7:ee:34:b2:9c:1c:63:87:
                    a8:68:3d:83:b9:94:e2:a8:a1:cf:ca:4a:41:16:df:
                    2e:7a:ef:be:47:26:6e:04:60:8d:6f:e9:84:6b:af:
                    d1:df:11:2a:32:66:d7:74:26:96:4a:a4:b7:38:07:
                    46:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:E9:50:C2:64:A7:65:4B:0F:EE:FC:32:5D:81:BE:3A:39:CB:CE:4B
            X509v3 Authority Key Identifier:
                keyid:F3:75:1C:F8:C3:A2:D3:6C:97:44:C9:65:19:89:99:45:AC:60:78:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/83Uc-MOi02yXRMllGYmZRaxgeCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/xelQwmSnZUsP7vwyXYG-OjnLzks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/83Uc-MOi02yXRMllGYmZRaxgeCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:99:63:13:bb:ec:d5:60:16:14:d8:fc:af:f4:c3:94:76:83:
         2d:f0:8a:44:c8:f3:72:cc:93:ce:f4:8a:12:06:51:23:b4:5d:
         73:23:42:41:3d:a7:47:4f:2f:d8:a8:c4:cc:fd:7b:3b:00:17:
         06:39:57:9e:8a:d2:12:51:dd:7c:6d:4c:9b:8a:d5:10:df:78:
         f6:a7:e6:e4:11:8b:ec:45:bc:e0:44:70:ec:b4:0f:1c:ea:42:
         45:88:7a:af:f6:79:73:51:11:8e:bc:91:a0:fa:69:95:0d:d3:
         31:a0:70:86:f4:51:75:f2:6c:f7:6f:4a:a9:46:25:3b:25:b5:
         16:38:44:71:e4:a4:5c:9d:9a:d2:b6:2b:2d:eb:a0:5f:4c:be:
         e8:19:97:4b:48:56:fa:48:52:da:89:60:c6:21:b2:cd:c8:9b:
         4f:33:cb:c3:25:06:eb:6e:50:49:46:10:4c:c7:2c:4d:a0:52:
         34:a3:d0:aa:e4:85:85:bb:d9:6a:c1:f4:2b:43:e3:8d:9b:eb:
         90:b0:0f:dc:95:7d:73:89:42:1d:10:05:a8:87:85:55:4b:85:
         5a:a4:13:93:e1:28:46:74:0b:00:de:0f:0e:dd:47:02:42:77:
         e9:6d:b0:46:a4:54:cd:7d:f2:8a:04:30:12:ba:a4:1b:46:fd:
         00:df:e4:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+pbl56pUp6uxjKyg1vlWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNzUxY2Y4YzNhMmQzNmM5NzQ0Yzk2NTE5ODk5OTQ1YWM2
MDc4MjAwHhcNMjUwMTAxMDM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWU5NTBjMjY0YTc2NTRiMGZlZWZjMzI1ZDgxYmUzYTM5Y2JjZTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71t91kJJ+10tzul0hNVxGm9kfztM
ihs/b9rNCT7etrZqG8ddgJyBz5mt1+pNcD8crmNP4bj1Eq/MOJHirOLWnZPnItPP
IqTR+4anaak20WPyh355heU3mwaFJY5AFiLwdgLv/doqRoqAcVJWbnxYT4LSWETt
R+03Mi3HScrCNRjTJAvZpeRlS5moIKb83YsNj2WI0ztv6QfW+IJ6A7p+PEGphpcg
3Sibgw8Z60AKqR9U3T8zfefSLI9y46M07eKPQLqh/RMd4Owj9+40spwcY4eoaD2D
uZTiqKHPykpBFt8ueu++RyZuBGCNb+mEa6/R3xEqMmbXdCaWSqS3OAdGdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXpUMJkp2VLD+78Ml2Bvjo5y85LMB8GA1UdIwQY
MBaAFPN1HPjDotNsl0TJZRmJmUWsYHggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODNVYy1NT2kwMnlYUk1sbEdZbVpSYXhnZUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8wOGY5YjQtMTE1Yy00NDg4LWI1Njct
NWNmN2MwNjIxMDY1LzEveGVsUXdtU25aVXNQN3Z3eVhZRy1Pam5MemtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8wOGY5YjQtMTE1Yy00NDg4LWI1NjctNWNmN2MwNjIxMDY1
LzEvODNVYy1NT2kwMnlYUk1sbEdZbVpSYXhnZUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVoCMA0G
CSqGSIb3DQEBCwUAA4IBAQB4mWMTu+zVYBYU2Pyv9MOUdoMt8IpEyPNyzJPO9IoS
BlEjtF1zI0JBPadHTy/YqMTM/Xs7ABcGOVeeitISUd18bUybitUQ33j2p+bkEYvs
RbzgRHDstA8c6kJFiHqv9nlzURGOvJGg+mmVDdMxoHCG9FF18mz3b0qpRiU7JbUW
OERx5KRcnZrStist66BfTL7oGZdLSFb6SFLaiWDGIbLNyJtPM8vDJQbrblBJRhBM
xyxNoFI0o9Cq5IWFu9lqwfQrQ+ONm+uQsA/clX1ziUIdEAWoh4VVS4VapBOT4ShG
dAsA3g8O3UcCQnfpbbBGpFTNffKKBDASuqQbRv0A3+SG
-----END CERTIFICATE-----