Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/9b1f95-3b18-4812-924e-7bfda62544ce/1/AHyerdr5uxL6xuyGfsHFNBv_XjU.roa
File:                     AHyerdr5uxL6xuyGfsHFNBv_XjU.roa (raw, json)
Hash identifier:          /uUPID3475V6+DCQHcFaqhePNwogod/B8RgCIUOzHrI=
Subject key identifier:   00:7C:9E:AD:DA:F9:BB:12:FA:C6:EC:86:7E:C1:C5:34:1B:FF:5E:35
Certificate issuer:       /CN=a55075b8e42e4514ef49d3fea2f187264e74fb2e
Certificate serial:       0194221FB7A100CE785547EC0C4D653DA8B3
Authority key identifier: A5:50:75:B8:E4:2E:45:14:EF:49:D3:FE:A2:F1:87:26:4E:74:FB:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pVB1uOQuRRTvSdP-ovGHJk50-y4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/9b1f95-3b18-4812-924e-7bfda62544ce/1/AHyerdr5uxL6xuyGfsHFNBv_XjU.roa
Signing time:             Wed 01 Jan 2025 13:48:11 +0000
ROA not before:           Wed 01 Jan 2025 13:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24935
IP address blocks:        45.84.148.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/9b1f95-3b18-4812-924e-7bfda62544ce/1/pVB1uOQuRRTvSdP-ovGHJk50-y4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/9b1f95-3b18-4812-924e-7bfda62544ce/1/pVB1uOQuRRTvSdP-ovGHJk50-y4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pVB1uOQuRRTvSdP-ovGHJk50-y4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b7:a1:00:ce:78:55:47:ec:0c:4d:65:3d:a8:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a55075b8e42e4514ef49d3fea2f187264e74fb2e
        Validity
            Not Before: Jan  1 13:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=007c9eaddaf9bb12fac6ec867ec1c5341bff5e35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:af:a4:e8:33:73:83:87:e3:f8:c0:45:dd:29:
                    ce:2d:3c:87:7a:82:ac:05:58:a9:c3:22:30:af:45:
                    1c:4e:7d:3d:d9:c0:7a:4e:6d:90:70:6c:7a:91:1f:
                    49:fb:a8:36:fb:49:cc:1b:07:b1:e3:1c:8d:e2:cd:
                    e0:6d:11:81:9a:14:3b:98:8f:6c:d0:03:d6:29:aa:
                    a4:97:28:e7:c6:94:79:97:61:3d:b2:a4:1f:76:fd:
                    29:3d:63:e3:0d:dd:4c:18:07:9c:c2:9a:93:1c:39:
                    2f:70:6c:0c:96:52:9d:1d:e9:56:4c:2e:d0:41:09:
                    9d:90:a8:54:63:fb:22:24:be:3b:e0:72:27:59:c0:
                    40:1d:b8:a3:9e:ee:30:d5:52:2e:1c:a6:7c:2a:a9:
                    eb:ac:6a:6c:d8:bb:d0:56:aa:38:c4:9e:5c:08:7f:
                    b3:12:dd:ea:58:ca:b1:ee:a0:b2:1e:b3:84:b4:92:
                    68:a1:aa:51:e3:6e:d6:74:8a:8a:29:6d:80:ad:df:
                    5b:52:0e:28:31:76:ad:fc:43:14:9c:8c:5a:4d:2e:
                    13:0e:31:7a:3c:a8:bf:a3:c4:ba:fe:ca:47:7b:79:
                    e9:8b:ac:8d:c1:b9:e6:02:14:90:50:96:cc:31:23:
                    67:61:15:1f:50:5f:a5:6c:ae:c6:4a:12:60:fe:b3:
                    45:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:7C:9E:AD:DA:F9:BB:12:FA:C6:EC:86:7E:C1:C5:34:1B:FF:5E:35
            X509v3 Authority Key Identifier:
                keyid:A5:50:75:B8:E4:2E:45:14:EF:49:D3:FE:A2:F1:87:26:4E:74:FB:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pVB1uOQuRRTvSdP-ovGHJk50-y4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/9b1f95-3b18-4812-924e-7bfda62544ce/1/AHyerdr5uxL6xuyGfsHFNBv_XjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/9b1f95-3b18-4812-924e-7bfda62544ce/1/pVB1uOQuRRTvSdP-ovGHJk50-y4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:ee:c0:8c:86:00:00:cd:11:8b:45:c4:da:97:9e:af:1c:8a:
         56:6e:58:b4:27:4c:f4:a1:a6:e3:0c:f0:41:d3:fd:41:bb:56:
         03:e9:aa:b3:c6:0f:f1:72:d4:43:6c:ec:fb:d7:29:3f:20:7b:
         98:4f:1f:83:86:52:95:a6:6f:f6:58:f3:df:3e:d5:40:a2:d6:
         ee:f2:f4:00:5e:b0:35:79:81:3e:7a:1a:79:df:62:ea:41:97:
         da:c4:b3:50:1b:9f:6e:b5:8f:67:c2:25:d8:50:76:fe:df:31:
         03:11:7c:e0:3c:26:91:db:1e:0e:80:55:af:0f:26:5a:bb:c9:
         28:64:fc:74:f5:ef:db:c7:c2:7b:c0:b1:18:23:c2:77:8f:2f:
         0c:20:63:25:bc:6f:aa:f5:71:54:50:b2:cd:09:ab:0a:c6:d8:
         39:6d:a9:7a:7c:74:6f:69:f0:dd:9e:65:4a:a5:e7:90:26:5e:
         c3:be:db:34:84:14:72:e6:62:a3:be:dc:e4:a5:fb:bd:c7:62:
         a0:a1:21:ea:a4:9b:eb:d9:d2:33:5d:de:17:f0:2e:a4:93:8f:
         42:bc:9f:a6:d0:ff:85:a1:0c:89:8b:e9:9d:94:a3:97:c0:cc:
         ac:c8:93:5f:87:bd:8d:ca:d4:d1:4b:aa:55:2f:a7:67:1c:90:
         5e:6c:92:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH7ehAM54VUfsDE1lPaizMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NTA3NWI4ZTQyZTQ1MTRlZjQ5ZDNmZWEyZjE4NzI2NGU3
NGZiMmUwHhcNMjUwMTAxMTM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDdjOWVhZGRhZjliYjEyZmFjNmVjODY3ZWMxYzUzNDFiZmY1ZTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzK+k6DNzg4fj+MBF3SnOLTyHeoKs
BVipwyIwr0UcTn092cB6Tm2QcGx6kR9J+6g2+0nMGwex4xyN4s3gbRGBmhQ7mI9s
0APWKaqklyjnxpR5l2E9sqQfdv0pPWPjDd1MGAecwpqTHDkvcGwMllKdHelWTC7Q
QQmdkKhUY/siJL474HInWcBAHbijnu4w1VIuHKZ8KqnrrGps2LvQVqo4xJ5cCH+z
Et3qWMqx7qCyHrOEtJJooapR427WdIqKKW2Ard9bUg4oMXat/EMUnIxaTS4TDjF6
PKi/o8S6/spHe3npi6yNwbnmAhSQUJbMMSNnYRUfUF+lbK7GShJg/rNFPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAB8nq3a+bsS+sbshn7BxTQb/141MB8GA1UdIwQY
MBaAFKVQdbjkLkUU70nT/qLxhyZOdPsuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFZCMXVPUXVSUlR2U2RQLW92R0hKazUwLXk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS85YjFmOTUtM2IxOC00ODEyLTkyNGUt
N2JmZGE2MjU0NGNlLzEvQUh5ZXJkcjV1eEw2eHV5R2ZzSEZOQnZfWGpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS85YjFmOTUtM2IxOC00ODEyLTkyNGUtN2JmZGE2MjU0NGNl
LzEvcFZCMXVPUXVSUlR2U2RQLW92R0hKazUwLXk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVSUMA0G
CSqGSIb3DQEBCwUAA4IBAQAi7sCMhgAAzRGLRcTal56vHIpWbli0J0z0oabjDPBB
0/1Bu1YD6aqzxg/xctRDbOz71yk/IHuYTx+DhlKVpm/2WPPfPtVAotbu8vQAXrA1
eYE+ehp532LqQZfaxLNQG59utY9nwiXYUHb+3zEDEXzgPCaR2x4OgFWvDyZau8ko
ZPx09e/bx8J7wLEYI8J3jy8MIGMlvG+q9XFUULLNCasKxtg5bal6fHRvafDdnmVK
peeQJl7Dvts0hBRy5mKjvtzkpfu9x2KgoSHqpJvr2dIzXd4X8C6kk49CvJ+m0P+F
oQyJi+mdlKOXwMysyJNfh72NytTRS6pVL6dnHJBebJKb
-----END CERTIFICATE-----