Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/t7-lVymTI7BBAmfc0HyT7P4YiOk.roa
File:                     t7-lVymTI7BBAmfc0HyT7P4YiOk.roa (raw, json)
Hash identifier:          5liRD96jP/HBEKpzaeMEPIuWW26VUEfUx+5EWcBIeqI=
Subject key identifier:   B7:BF:A5:57:29:93:23:B0:41:02:67:DC:D0:7C:93:EC:FE:18:88:E9
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       019422202B9950D6677F9540B71597FAFCD7
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/t7-lVymTI7BBAmfc0HyT7P4YiOk.roa
Signing time:             Wed 01 Jan 2025 13:48:41 +0000
ROA not before:           Wed 01 Jan 2025 13:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44094
IP address blocks:        45.84.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:2b:99:50:d6:67:7f:95:40:b7:15:97:fa:fc:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Jan  1 13:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7bfa557299323b0410267dcd07c93ecfe1888e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:a7:d5:bf:85:f0:a3:39:2d:3e:77:83:4f:62:
                    b9:71:64:b7:bc:73:62:61:99:17:62:bf:68:dd:fb:
                    5c:dd:b7:33:7c:4b:81:bf:e3:93:8d:97:74:4c:f5:
                    88:3c:73:cb:52:a8:fb:f3:0a:7f:22:53:46:1d:bc:
                    72:c2:af:af:b6:46:fa:52:d3:f9:dc:a6:fa:40:45:
                    a7:a1:bf:3e:15:b7:d4:d3:b7:59:d1:c6:de:5d:3b:
                    e5:a7:34:8c:cc:c8:7c:90:7e:01:8e:b6:d9:cf:3c:
                    f5:37:70:02:ec:cc:73:35:47:5f:69:9a:50:39:63:
                    4b:17:af:89:86:23:b5:e7:ad:7d:a5:d0:0e:8e:ba:
                    82:60:ff:68:62:a3:89:48:f8:e3:77:67:eb:2b:7d:
                    21:13:6a:ee:cd:28:29:54:50:1f:43:1a:24:93:a1:
                    5f:f5:7c:a2:53:90:0a:00:6a:a3:a2:e2:cf:50:2a:
                    0e:93:ed:72:55:ec:bd:2b:ab:70:15:57:e6:1f:af:
                    4d:20:58:5e:bd:05:75:f6:ec:6d:49:61:97:79:08:
                    aa:75:94:45:19:4d:b8:56:ea:ae:a8:5c:c9:c1:4a:
                    17:75:ca:aa:72:fd:fe:02:6b:2f:96:65:2f:76:ab:
                    08:08:0e:4a:ee:d6:1d:74:8e:d0:17:80:18:fe:18:
                    60:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:BF:A5:57:29:93:23:B0:41:02:67:DC:D0:7C:93:EC:FE:18:88:E9
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/t7-lVymTI7BBAmfc0HyT7P4YiOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:e9:b7:e7:07:37:a1:29:22:aa:6d:e2:ed:62:71:89:33:5e:
         34:90:89:e2:15:71:f1:2b:c9:b7:b0:57:c9:5e:51:22:0d:ba:
         32:f7:6d:fd:8b:25:c2:28:52:c1:34:9a:31:53:32:ba:9b:47:
         d8:5b:57:b9:ae:9a:73:03:e0:10:c6:5a:03:03:0b:00:c3:83:
         f5:7e:0d:0f:45:4e:8b:01:b0:07:fc:9d:7c:f3:a6:cd:ea:28:
         27:99:bd:a1:ae:e4:08:a4:cc:73:d8:6d:1c:41:03:ec:66:bf:
         58:a4:3e:de:ed:ab:c0:80:2b:af:9e:7a:57:11:4d:f2:54:54:
         cd:e8:1a:f4:ce:29:37:69:c2:93:55:19:54:98:67:02:ec:31:
         8c:f8:ff:c9:8d:f0:57:ab:0c:8a:6c:68:cc:6c:a4:48:f2:66:
         30:0f:ff:47:c0:01:cd:cc:67:1d:43:9a:7e:b5:ac:f1:06:97:
         43:14:86:c3:ae:a7:a0:65:b6:4a:5b:4e:ca:d4:c9:e3:3c:33:
         a2:99:aa:0a:0e:63:8e:29:fa:5e:b5:b1:e7:62:45:b8:b4:77:
         8d:b3:9c:72:65:d0:1f:6f:47:0c:c3:1e:b0:d8:c6:b6:a0:44:
         59:81:92:7c:d7:2c:90:b2:d9:a2:93:50:8e:34:40:95:d5:c4:
         db:5c:d8:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiICuZUNZnf5VAtxWX+vzXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjUwMTAxMTM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2JmYTU1NzI5OTMyM2IwNDEwMjY3ZGNkMDdjOTNlY2ZlMTg4OGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36fVv4XwozktPneDT2K5cWS3vHNi
YZkXYr9o3ftc3bczfEuBv+OTjZd0TPWIPHPLUqj78wp/IlNGHbxywq+vtkb6UtP5
3Kb6QEWnob8+FbfU07dZ0cbeXTvlpzSMzMh8kH4BjrbZzzz1N3AC7MxzNUdfaZpQ
OWNLF6+JhiO15619pdAOjrqCYP9oYqOJSPjjd2frK30hE2ruzSgpVFAfQxokk6Ff
9XyiU5AKAGqjouLPUCoOk+1yVey9K6twFVfmH69NIFhevQV19uxtSWGXeQiqdZRF
GU24VuquqFzJwUoXdcqqcv3+AmsvlmUvdqsICA5K7tYddI7QF4AY/hhgVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLe/pVcpkyOwQQJn3NB8k+z+GIjpMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvdDctbFZ5bVRJN0JCQW1mYzBIeVQ3UDRZaU9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVQBMA0G
CSqGSIb3DQEBCwUAA4IBAQDC6bfnBzehKSKqbeLtYnGJM140kIniFXHxK8m3sFfJ
XlEiDboy9239iyXCKFLBNJoxUzK6m0fYW1e5rppzA+AQxloDAwsAw4P1fg0PRU6L
AbAH/J1886bN6ignmb2hruQIpMxz2G0cQQPsZr9YpD7e7avAgCuvnnpXEU3yVFTN
6Br0zik3acKTVRlUmGcC7DGM+P/JjfBXqwyKbGjMbKRI8mYwD/9HwAHNzGcdQ5p+
tazxBpdDFIbDrqegZbZKW07K1MnjPDOimaoKDmOOKfpetbHnYkW4tHeNs5xyZdAf
b0cMwx6w2Ma2oERZgZJ81yyQstmik1CONECV1cTbXNiY
-----END CERTIFICATE-----