Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/Cm5DqrbsctqFvXQRRyRwNPG00IY.roa
File:                     Cm5DqrbsctqFvXQRRyRwNPG00IY.roa (raw, json)
Hash identifier:          O06PA3Ks3knW3J57m8lSN/Hv9kQ6nHGAf+goTnk1j04=
Subject key identifier:   0A:6E:43:AA:B6:EC:72:DA:85:BD:74:11:47:24:70:34:F1:B4:D0:86
Certificate issuer:       /CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
Certificate serial:       0194236A47FFDDAF780836FC597343DB2898
Authority key identifier: 98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/Cm5DqrbsctqFvXQRRyRwNPG00IY.roa
Signing time:             Wed 01 Jan 2025 19:49:15 +0000
ROA not before:           Wed 01 Jan 2025 19:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137409
IP address blocks:        45.84.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:47:ff:dd:af:78:08:36:fc:59:73:43:db:28:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
        Validity
            Not Before: Jan  1 19:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a6e43aab6ec72da85bd741147247034f1b4d086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0a:53:c1:6a:1d:06:8e:37:c1:b9:61:72:fd:
                    af:77:f2:91:c8:02:21:5f:c8:a4:c7:6e:c7:93:5b:
                    e8:9b:fc:92:1c:71:13:55:6c:3a:c2:b2:a2:15:b8:
                    89:12:36:bc:b0:9e:e1:d8:e0:0a:a9:b6:bd:e8:9b:
                    ef:d5:4e:23:72:be:f0:5f:eb:6d:60:34:4d:db:7b:
                    9b:16:49:b4:1c:78:ea:06:4c:66:d9:e8:4d:59:66:
                    93:99:af:74:be:5f:9e:33:7c:5f:e4:2c:0d:73:82:
                    9a:4e:5e:99:4e:3f:9c:aa:ae:30:bf:54:a6:0f:1e:
                    c0:c2:74:04:48:26:c6:ec:0b:62:48:bc:f0:60:77:
                    4c:84:7e:c9:d1:ef:26:06:a1:dd:a6:7f:ff:11:2d:
                    ee:d2:81:f8:7b:dd:a6:b0:7a:45:d1:06:02:08:59:
                    10:d4:3f:4f:4e:65:da:f3:a6:8e:f2:ad:0c:fc:b2:
                    d3:e6:ff:f5:44:ca:08:1f:29:5c:15:c1:bf:cf:ae:
                    af:25:a8:f8:13:ca:42:53:e0:9d:48:5c:82:24:28:
                    42:55:de:db:ea:bb:9b:e9:fb:7f:91:c2:0d:c6:e5:
                    22:32:44:97:4b:ff:bc:f0:85:05:30:25:92:67:26:
                    67:74:2a:42:59:67:6f:e5:30:b6:d9:d9:3c:33:a3:
                    0e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:6E:43:AA:B6:EC:72:DA:85:BD:74:11:47:24:70:34:F1:B4:D0:86
            X509v3 Authority Key Identifier:
                keyid:98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/Cm5DqrbsctqFvXQRRyRwNPG00IY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:aa:be:c0:2e:03:24:3f:63:bc:12:f0:d1:e0:b6:d4:ea:e7:
         49:0c:cf:42:af:0d:eb:ab:6c:f1:02:a8:3c:1a:d7:b6:38:67:
         bd:7b:3b:52:36:93:0c:07:3b:1f:5f:b6:29:d0:e9:ab:fe:06:
         a2:71:14:5b:05:6b:7b:02:0d:be:b4:fb:03:87:96:6d:6c:2e:
         89:93:b4:49:71:eb:93:b4:a3:eb:ad:4c:dd:02:80:f8:7a:38:
         f5:e5:c7:34:5d:68:8e:85:43:03:a9:0d:8c:0c:ae:50:59:b0:
         42:c8:33:d3:a4:f7:5e:07:2b:ce:2c:c3:af:bb:d9:e1:bc:2b:
         9f:9b:47:49:c9:ea:8d:ca:ed:b0:00:2d:ed:f1:32:dc:b5:e0:
         61:a4:ec:9b:6b:94:a4:58:0d:b9:bf:f0:06:06:c5:c1:be:89:
         6a:cc:26:1d:ea:ae:3b:f4:c4:ec:49:6d:3d:0c:4c:ab:d8:8b:
         cf:aa:98:72:9f:cb:f7:e5:fa:94:60:02:61:f9:a6:e5:5f:9a:
         d1:23:54:11:d5:7d:c6:21:5f:78:19:1a:30:0c:1a:7e:1e:3b:
         9c:ba:f4:7f:db:73:ee:6f:a6:01:4d:51:05:20:10:4d:59:33:
         63:f0:92:c6:68:85:c8:bc:2a:ac:b7:78:75:a8:3c:db:2f:89:
         18:1f:45:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakf/3a94CDb8WXND2yiYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjhhMTk5MmJiODAzN2RkZTgxZDBjOGNkYzA2OTVmY2Vl
MTdjMjcwHhcNMjUwMTAxMTk0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTZlNDNhYWI2ZWM3MmRhODViZDc0MTE0NzI0NzAzNGYxYjRkMDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQpTwWodBo43wblhcv2vd/KRyAIh
X8ikx27Hk1vom/ySHHETVWw6wrKiFbiJEja8sJ7h2OAKqba96Jvv1U4jcr7wX+tt
YDRN23ubFkm0HHjqBkxm2ehNWWaTma90vl+eM3xf5CwNc4KaTl6ZTj+cqq4wv1Sm
Dx7AwnQESCbG7AtiSLzwYHdMhH7J0e8mBqHdpn//ES3u0oH4e92msHpF0QYCCFkQ
1D9PTmXa86aO8q0M/LLT5v/1RMoIHylcFcG/z66vJaj4E8pCU+CdSFyCJChCVd7b
6rub6ft/kcINxuUiMkSXS/+88IUFMCWSZyZndCpCWWdv5TC22dk8M6MO6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApuQ6q27HLahb10EUckcDTxtNCGMB8GA1UdIwQY
MBaAFJhooZkruAN93oHQyM3AaV/O4XwnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2It
ZDc4ZDU2MzFkN2Y2LzEvQ201RHFyYnNjdHFGdlhRUlJ5UndOUEcwMElZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2ItZDc4ZDU2MzFkN2Y2
LzEvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVQ4MA0G
CSqGSIb3DQEBCwUAA4IBAQAjqr7ALgMkP2O8EvDR4LbU6udJDM9Crw3rq2zxAqg8
Gte2OGe9eztSNpMMBzsfX7Yp0Omr/gaicRRbBWt7Ag2+tPsDh5ZtbC6Jk7RJceuT
tKPrrUzdAoD4ejj15cc0XWiOhUMDqQ2MDK5QWbBCyDPTpPdeByvOLMOvu9nhvCuf
m0dJyeqNyu2wAC3t8TLcteBhpOyba5SkWA25v/AGBsXBvolqzCYd6q479MTsSW09
DEyr2IvPqphyn8v35fqUYAJh+ablX5rRI1QR1X3GIV94GRowDBp+HjucuvR/23Pu
b6YBTVEFIBBNWTNj8JLGaIXIvCqst3h1qDzbL4kYH0XS
-----END CERTIFICATE-----