Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/aEXJ-GLDzjyP60FhTQdWJ8Fvt7E.roa
File:                     aEXJ-GLDzjyP60FhTQdWJ8Fvt7E.roa (raw, json)
Hash identifier:          0YpF7CPYi6PyoAg9TvQlat07FWQyIu8cHA137q7nQSc=
Subject key identifier:   68:45:C9:F8:62:C3:CE:3C:8F:EB:41:61:4D:07:56:27:C1:6F:B7:B1
Certificate issuer:       /CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
Certificate serial:       0194236A4BF22834FBF48F6254B50D1DE0FC
Authority key identifier: 98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/aEXJ-GLDzjyP60FhTQdWJ8Fvt7E.roa
Signing time:             Wed 01 Jan 2025 19:49:16 +0000
ROA not before:           Wed 01 Jan 2025 19:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212477
IP address blocks:        45.15.208.0/24 maxlen: 24
                          45.84.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:4b:f2:28:34:fb:f4:8f:62:54:b5:0d:1d:e0:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
        Validity
            Not Before: Jan  1 19:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6845c9f862c3ce3c8feb41614d075627c16fb7b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:47:03:43:57:83:06:c9:5d:11:e2:99:9f:80:
                    4a:85:fc:36:2b:69:59:8a:07:b4:6e:40:eb:99:7d:
                    32:f8:06:b6:15:aa:ae:5a:40:64:95:06:3b:d4:b9:
                    d9:dd:e2:7b:b6:03:5b:7c:65:21:ae:b2:24:22:6e:
                    25:20:90:0a:d7:dc:a1:83:b4:c0:10:eb:9f:7d:0c:
                    59:4a:e9:74:8f:33:f2:00:e4:89:e9:cf:3f:24:f2:
                    d1:7a:df:b1:a4:64:3a:54:78:c4:10:e6:0d:a0:8a:
                    50:82:da:d6:01:be:61:74:d3:c2:5e:2e:1b:c2:e1:
                    61:07:29:78:51:89:19:8a:97:25:6c:d5:e4:ef:ac:
                    f0:9e:e0:65:96:95:5d:67:f6:3f:a5:a6:6e:5b:df:
                    46:7f:11:b3:12:26:84:c6:0d:8c:7a:cb:b7:6d:ba:
                    2a:42:95:14:4f:36:c3:c4:31:db:75:1a:d2:fb:ca:
                    b8:0e:bb:67:d9:a2:73:07:ac:04:50:3f:51:41:12:
                    4f:2e:43:71:11:da:c2:52:b9:75:64:47:97:a9:3a:
                    9b:2b:b0:7e:cc:0a:a2:65:a9:01:cb:8d:84:d0:bd:
                    bf:f0:a7:f5:09:77:89:24:69:4c:c0:8d:a5:90:25:
                    1b:21:cf:bb:1a:eb:c4:39:1d:0c:05:8c:04:5f:22:
                    c6:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:45:C9:F8:62:C3:CE:3C:8F:EB:41:61:4D:07:56:27:C1:6F:B7:B1
            X509v3 Authority Key Identifier:
                keyid:98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/aEXJ-GLDzjyP60FhTQdWJ8Fvt7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.208.0/24
                  45.84.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d8:51:d9:1e:4c:31:aa:81:d4:86:bd:ee:b4:04:59:8b:51:83:
         6b:c4:20:be:a8:bb:dc:25:66:f0:8a:8e:3e:7c:46:03:fe:50:
         47:a6:22:6e:cb:8d:ed:2f:ec:03:53:1b:e7:c2:28:47:10:77:
         54:3c:de:7b:c8:24:0f:00:15:b6:ba:a5:95:07:af:16:b3:c7:
         11:06:93:7d:1f:e8:72:6e:ba:9f:be:72:91:36:30:60:5c:f4:
         4e:a6:a9:8f:79:47:fa:4a:4f:fe:49:40:a7:45:bc:56:81:2e:
         be:ef:d5:85:92:19:ff:19:df:9b:fd:39:66:3e:70:57:0b:3f:
         7e:90:b2:5b:06:b3:d0:09:bf:3a:6a:b0:7c:3b:51:d2:05:d8:
         7a:6c:d9:22:e4:76:32:cb:a5:82:9e:05:2f:3c:59:43:22:30:
         87:ef:d3:6f:04:c1:fc:2f:31:1d:02:65:c1:44:de:2f:b8:75:
         d2:5d:ae:35:a5:50:c2:90:61:19:51:e0:62:6a:c5:45:66:47:
         1a:15:72:2b:74:d2:ca:df:35:67:21:42:7b:93:f1:8a:a6:6e:
         f4:25:fa:7a:54:bd:e1:8a:1c:a4:74:f9:5f:d0:15:fa:a9:29:
         18:44:3e:4f:b4:ba:47:90:4c:f6:39:d7:ba:5d:2e:39:31:c7:
         ca:e3:e3:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjakvyKDT79I9iVLUNHeD8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjhhMTk5MmJiODAzN2RkZTgxZDBjOGNkYzA2OTVmY2Vl
MTdjMjcwHhcNMjUwMTAxMTk0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODQ1YzlmODYyYzNjZTNjOGZlYjQxNjE0ZDA3NTYyN2MxNmZiN2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUcDQ1eDBsldEeKZn4BKhfw2K2lZ
ige0bkDrmX0y+Aa2FaquWkBklQY71LnZ3eJ7tgNbfGUhrrIkIm4lIJAK19yhg7TA
EOuffQxZSul0jzPyAOSJ6c8/JPLRet+xpGQ6VHjEEOYNoIpQgtrWAb5hdNPCXi4b
wuFhByl4UYkZipclbNXk76zwnuBllpVdZ/Y/paZuW99GfxGzEiaExg2Mesu3bboq
QpUUTzbDxDHbdRrS+8q4Drtn2aJzB6wEUD9RQRJPLkNxEdrCUrl1ZEeXqTqbK7B+
zAqiZakBy42E0L2/8Kf1CXeJJGlMwI2lkCUbIc+7GuvEOR0MBYwEXyLGSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGhFyfhiw848j+tBYU0HVifBb7exMB8GA1UdIwQY
MBaAFJhooZkruAN93oHQyM3AaV/O4XwnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2It
ZDc4ZDU2MzFkN2Y2LzEvYUVYSi1HTER6anlQNjBGaFRRZFdKOEZ2dDdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2ItZDc4ZDU2MzFkN2Y2
LzEvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQ/QAwQA
LVQ7MA0GCSqGSIb3DQEBCwUAA4IBAQDYUdkeTDGqgdSGve60BFmLUYNrxCC+qLvc
JWbwio4+fEYD/lBHpiJuy43tL+wDUxvnwihHEHdUPN57yCQPABW2uqWVB68Ws8cR
BpN9H+hybrqfvnKRNjBgXPROpqmPeUf6Sk/+SUCnRbxWgS6+79WFkhn/Gd+b/Tlm
PnBXCz9+kLJbBrPQCb86arB8O1HSBdh6bNki5HYyy6WCngUvPFlDIjCH79NvBMH8
LzEdAmXBRN4vuHXSXa41pVDCkGEZUeBiasVFZkcaFXIrdNLK3zVnIUJ7k/GKpm70
Jfp6VL3hihykdPlf0BX6qSkYRD5PtLpHkEz2Ode6XS45McfK4+Oz
-----END CERTIFICATE-----