Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/aB7sKw4yBEcglwqSevB86YJRj7Y.roa
File:                     aB7sKw4yBEcglwqSevB86YJRj7Y.roa (raw, json)
Hash identifier:          PH14Cm3gVr59rgH3FX69SJ0GUOOG1kpk0YkBDPc5P9M=
Subject key identifier:   68:1E:EC:2B:0E:32:04:47:20:97:0A:92:7A:F0:7C:E9:82:51:8F:B6
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       0194228E0FBEC1B2604F49D1E9A26D090CF6
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/aB7sKw4yBEcglwqSevB86YJRj7Y.roa
Signing time:             Wed 01 Jan 2025 15:48:42 +0000
ROA not before:           Wed 01 Jan 2025 15:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214455
IP address blocks:        139.45.216.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:0f:be:c1:b2:60:4f:49:d1:e9:a2:6d:09:0c:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jan  1 15:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=681eec2b0e32044720970a927af07ce982518fb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:41:73:aa:75:d6:0d:59:b8:eb:8b:01:1e:21:
                    5b:ea:5b:da:ea:6e:c5:4b:d3:b9:fe:49:54:f4:2a:
                    c5:fc:4f:7a:98:7e:67:a2:e8:7d:f0:42:ad:50:6a:
                    d4:48:b9:b8:0b:f6:fc:28:2b:24:6e:a4:f5:80:3e:
                    cd:ee:26:78:a8:a1:5f:d5:7e:67:a0:18:c3:69:3e:
                    05:79:89:79:94:ed:76:4a:f6:23:e2:43:a8:09:a2:
                    80:23:e3:ee:f1:bd:25:02:4f:0a:1d:bf:2d:6b:68:
                    3a:5f:b8:1b:ca:22:70:34:26:b4:6d:69:24:3e:f3:
                    e4:cd:61:78:df:d4:85:09:ad:97:5e:c0:f5:4c:f9:
                    82:4a:c0:9e:2f:74:1a:88:c5:11:f8:a8:f5:da:2b:
                    d9:cb:65:94:90:00:9c:18:6d:b5:23:ad:81:f0:b6:
                    be:d2:92:88:db:cb:f9:a9:25:e6:d1:7e:a0:63:64:
                    01:20:b5:c7:c5:77:28:bf:9a:25:80:65:ee:a8:8f:
                    9c:5a:32:cf:2e:4f:a0:ee:3e:27:b8:83:a4:7e:53:
                    3e:33:b4:01:ea:9b:85:1d:70:91:5d:d3:f1:1e:61:
                    7f:0c:74:8d:ff:60:a1:ac:c7:ff:85:c7:29:ac:cc:
                    18:f9:d4:86:ac:f3:ef:ee:e5:5f:14:36:6c:93:a5:
                    03:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:1E:EC:2B:0E:32:04:47:20:97:0A:92:7A:F0:7C:E9:82:51:8F:B6
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/aB7sKw4yBEcglwqSevB86YJRj7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.45.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:e9:02:00:41:a4:23:60:bc:7f:73:73:a8:6c:da:02:a2:03:
         e8:a2:f9:1e:ba:9b:ed:a5:50:61:62:6b:80:75:89:0d:70:4b:
         28:79:93:d3:21:89:fc:f3:10:46:07:2b:b9:9a:7e:4d:2e:6f:
         1a:ab:94:ee:5a:1b:53:1b:14:30:a7:fa:69:1a:49:df:9f:e0:
         c5:01:00:3b:8a:1a:65:85:14:b9:5f:15:0f:4f:40:90:5b:9a:
         c4:f6:51:ba:12:b3:f3:dc:fa:c6:e0:33:21:bb:09:38:ee:b8:
         c8:20:79:dc:9e:ff:92:03:31:ec:6f:13:71:4c:db:01:a7:0f:
         28:31:2e:81:6d:f3:45:18:1f:12:b1:46:53:c8:5b:75:0d:63:
         20:8f:a1:41:00:43:f2:f6:9e:62:51:0d:a8:04:10:b7:05:f0:
         0c:72:52:bf:30:a4:da:c9:25:96:0d:c9:63:22:f2:7d:62:36:
         d7:4c:cc:8d:ee:1a:de:cb:1b:f8:21:c8:52:6a:23:a0:71:8e:
         22:d5:ba:5a:de:da:c3:c2:85:ba:dd:39:95:f1:b9:1a:be:7a:
         04:41:70:f3:a5:63:12:5f:78:c4:1e:12:0b:ad:57:9d:27:ec:
         00:d0:90:b5:62:74:72:bf:2a:eb:5c:de:56:25:f0:f5:e0:27:
         6e:ff:59:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijg++wbJgT0nR6aJtCQz2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjUwMTAxMTU0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODFlZWMyYjBlMzIwNDQ3MjA5NzBhOTI3YWYwN2NlOTgyNTE4ZmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEFzqnXWDVm464sBHiFb6lva6m7F
S9O5/klU9CrF/E96mH5nouh98EKtUGrUSLm4C/b8KCskbqT1gD7N7iZ4qKFf1X5n
oBjDaT4FeYl5lO12SvYj4kOoCaKAI+Pu8b0lAk8KHb8ta2g6X7gbyiJwNCa0bWkk
PvPkzWF439SFCa2XXsD1TPmCSsCeL3QaiMUR+Kj12ivZy2WUkACcGG21I62B8La+
0pKI28v5qSXm0X6gY2QBILXHxXcov5olgGXuqI+cWjLPLk+g7j4nuIOkflM+M7QB
6puFHXCRXdPxHmF/DHSN/2ChrMf/hccprMwY+dSGrPPv7uVfFDZsk6UDTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGge7CsOMgRHIJcKknrwfOmCUY+2MB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvYUI3c0t3NHlCRWNnbHdxU2V2Qjg2WUpSajdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBiy3YMA0G
CSqGSIb3DQEBCwUAA4IBAQA46QIAQaQjYLx/c3OobNoCogPoovkeupvtpVBhYmuA
dYkNcEsoeZPTIYn88xBGByu5mn5NLm8aq5TuWhtTGxQwp/ppGknfn+DFAQA7ihpl
hRS5XxUPT0CQW5rE9lG6ErPz3PrG4DMhuwk47rjIIHncnv+SAzHsbxNxTNsBpw8o
MS6BbfNFGB8SsUZTyFt1DWMgj6FBAEPy9p5iUQ2oBBC3BfAMclK/MKTaySWWDclj
IvJ9YjbXTMyN7hreyxv4IchSaiOgcY4i1bpa3trDwoW63TmV8bkavnoEQXDzpWMS
X3jEHhILrVedJ+wA0JC1YnRyvyrrXN5WJfD14Cdu/1nk
-----END CERTIFICATE-----