Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/FDaJnwtdKIaCGJVg6QNctNX3wpA.roa
File:                     FDaJnwtdKIaCGJVg6QNctNX3wpA.roa (raw, json)
Hash identifier:          nG1/6+0MejULa30YNNdRkzBTjiM/zpm9raBFToCey7o=
Subject key identifier:   14:36:89:9F:0B:5D:28:86:82:18:95:60:E9:03:5C:B4:D5:F7:C2:90
Certificate issuer:       /CN=a487782e3f70c5cd27b32f5274d0e5bc62e95caf
Certificate serial:       0194266B3B06E6BDAECB301858150FA21B6E
Authority key identifier: A4:87:78:2E:3F:70:C5:CD:27:B3:2F:52:74:D0:E5:BC:62:E9:5C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pId4Lj9wxc0nsy9SdNDlvGLpXK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/FDaJnwtdKIaCGJVg6QNctNX3wpA.roa
Signing time:             Thu 02 Jan 2025 09:49:09 +0000
ROA not before:           Thu 02 Jan 2025 09:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209164
IP address blocks:        45.132.52.0/22 maxlen: 24
                          2a11:ab00::/32 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/pId4Lj9wxc0nsy9SdNDlvGLpXK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/pId4Lj9wxc0nsy9SdNDlvGLpXK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pId4Lj9wxc0nsy9SdNDlvGLpXK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:3b:06:e6:bd:ae:cb:30:18:58:15:0f:a2:1b:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a487782e3f70c5cd27b32f5274d0e5bc62e95caf
        Validity
            Not Before: Jan  2 09:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1436899f0b5d288682189560e9035cb4d5f7c290
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:38:b6:64:04:9e:62:7c:24:bc:b9:cc:44:0c:
                    8f:a6:a5:81:c6:4f:5c:6f:f5:22:ac:6f:4e:b4:ee:
                    55:48:5e:7c:8e:be:b8:d9:03:e6:05:85:5a:f1:6c:
                    ea:a5:ca:f1:85:30:b4:76:4e:5b:a7:19:96:ae:01:
                    9c:3a:3f:24:c3:c3:52:ab:9b:8b:27:30:00:dd:4b:
                    91:57:82:31:b7:7d:06:be:81:64:32:33:60:28:da:
                    de:28:14:76:26:2d:3e:4a:5a:aa:0b:5e:ac:7e:ed:
                    21:07:bd:9c:39:8b:8b:68:e7:1a:34:90:d4:49:4b:
                    33:54:45:0f:4a:73:04:9b:73:f3:c9:e9:73:ee:21:
                    dc:64:7a:44:9e:77:9d:17:82:e8:60:4f:09:3a:88:
                    37:27:9e:68:03:91:97:ef:33:e4:4e:03:f8:d6:1e:
                    0c:bc:42:61:3d:28:ac:20:2a:bb:14:54:74:7d:f2:
                    de:03:99:1c:2e:7d:34:2b:0a:8e:7b:56:5c:c6:1d:
                    f6:23:72:a3:84:07:f4:53:e9:2a:af:7a:49:f4:78:
                    af:ba:b2:0d:70:a2:07:aa:7a:8f:66:57:d2:1b:e7:
                    2e:84:78:a9:24:e0:d6:b8:80:7d:35:da:97:06:86:
                    0b:96:73:7f:67:21:fa:ea:b0:6e:c5:29:4c:58:c0:
                    ac:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:36:89:9F:0B:5D:28:86:82:18:95:60:E9:03:5C:B4:D5:F7:C2:90
            X509v3 Authority Key Identifier:
                keyid:A4:87:78:2E:3F:70:C5:CD:27:B3:2F:52:74:D0:E5:BC:62:E9:5C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pId4Lj9wxc0nsy9SdNDlvGLpXK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/FDaJnwtdKIaCGJVg6QNctNX3wpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/pId4Lj9wxc0nsy9SdNDlvGLpXK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.52.0/22
                IPv6:
                  2a11:ab00::/32

    Signature Algorithm: sha256WithRSAEncryption
         bc:89:3c:f4:c7:f8:56:b0:92:d1:d0:12:8f:3b:e9:e0:ce:f9:
         3c:15:24:07:0f:46:15:7e:db:bc:51:b4:1d:22:dd:20:ea:96:
         a4:80:1c:e2:bb:de:5f:99:4b:d0:a6:56:8b:4d:5d:fa:f4:ca:
         92:08:ee:ea:9f:cf:69:6b:15:a7:e2:0e:0d:7b:ae:90:67:61:
         37:14:64:f2:08:bb:8d:3a:46:be:04:39:6d:06:75:1b:1f:b6:
         81:b3:4c:d9:de:5b:b4:81:24:7b:3b:ff:ba:eb:b0:19:fc:a0:
         f0:46:94:4a:96:e8:e7:72:12:46:48:d0:a6:4a:44:59:de:6b:
         89:da:19:90:ee:94:85:60:2c:d4:9b:0e:c4:c8:e1:70:07:f9:
         e9:6a:22:86:c5:99:7d:32:be:6b:c2:19:be:26:a2:9f:03:cf:
         8a:c3:67:c2:51:8f:07:ec:36:da:fb:c3:a1:0d:1c:0f:db:ee:
         f7:0f:68:56:4a:ce:97:19:66:1f:c3:89:74:e2:58:9a:72:04:
         1b:0c:82:47:f7:38:03:aa:47:ac:45:95:14:b7:15:2d:7f:ca:
         dc:8b:7c:46:ad:7a:6d:c7:b1:8e:87:ec:56:b3:1f:4b:cd:a4:
         83:09:a2:5d:47:aa:99:09:aa:36:d8:a0:37:78:15:96:11:28:
         fa:fb:c0:d9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQmazsG5r2uyzAYWBUPohtuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ODc3ODJlM2Y3MGM1Y2QyN2IzMmY1Mjc0ZDBlNWJjNjJl
OTVjYWYwHhcNMjUwMTAyMDk0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDM2ODk5ZjBiNWQyODg2ODIxODk1NjBlOTAzNWNiNGQ1ZjdjMjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDi2ZASeYnwkvLnMRAyPpqWBxk9c
b/UirG9OtO5VSF58jr642QPmBYVa8WzqpcrxhTC0dk5bpxmWrgGcOj8kw8NSq5uL
JzAA3UuRV4Ixt30GvoFkMjNgKNreKBR2Ji0+SlqqC16sfu0hB72cOYuLaOcaNJDU
SUszVEUPSnMEm3Pzyelz7iHcZHpEnnedF4LoYE8JOog3J55oA5GX7zPkTgP41h4M
vEJhPSisICq7FFR0ffLeA5kcLn00KwqOe1Zcxh32I3KjhAf0U+kqr3pJ9HivurIN
cKIHqnqPZlfSG+cuhHipJODWuIB9NdqXBoYLlnN/ZyH66rBuxSlMWMCsoQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBQ2iZ8LXSiGghiVYOkDXLTV98KQMB8GA1UdIwQY
MBaAFKSHeC4/cMXNJ7MvUnTQ5bxi6VyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcElkNExqOXd4YzBuc3k5U2RORGx2R0xwWEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9iZWY2ZTgtODg3My00NTI5LThlNzIt
MjM4YzZkOGE0YzE3LzEvRkRhSm53dGRLSWFDR0pWZzZRTmN0Tlgzd3BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9iZWY2ZTgtODg3My00NTI5LThlNzItMjM4YzZkOGE0YzE3
LzEvcElkNExqOXd4YzBuc3k5U2RORGx2R0xwWEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYQ0MA0E
AgACMAcDBQAqEasAMA0GCSqGSIb3DQEBCwUAA4IBAQC8iTz0x/hWsJLR0BKPO+ng
zvk8FSQHD0YVftu8UbQdIt0g6pakgBziu95fmUvQplaLTV369MqSCO7qn89paxWn
4g4Ne66QZ2E3FGTyCLuNOka+BDltBnUbH7aBs0zZ3lu0gSR7O/+667AZ/KDwRpRK
lujnchJGSNCmSkRZ3muJ2hmQ7pSFYCzUmw7EyOFwB/npaiKGxZl9Mr5rwhm+JqKf
A8+Kw2fCUY8H7Dba+8OhDRwP2+73D2hWSs6XGWYfw4l04liacgQbDIJH9zgDqkes
RZUUtxUtf8rci3xGrXptx7GOh+xWsx9LzaSDCaJdR6qZCao22KA3eBWWESj6+8DZ
-----END CERTIFICATE-----