Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/evx28IXwOssrh2ERCzJjqUVnHiA.roa
File:                     evx28IXwOssrh2ERCzJjqUVnHiA.roa (raw, json)
Hash identifier:          UTeUnE//0NUZdu2DWXKhAAFi5WcYzx4EajufTh1aEMI=
Subject key identifier:   7A:FC:76:F0:85:F0:3A:CB:2B:87:61:11:0B:32:63:A9:45:67:1E:20
Certificate issuer:       /CN=c738807abb9ce15b7a892592b6f003f1a3e16b60
Certificate serial:       0194266A536E000BD61BF9B803ABDBAF4CDA
Authority key identifier: C7:38:80:7A:BB:9C:E1:5B:7A:89:25:92:B6:F0:03:F1:A3:E1:6B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xziAeruc4Vt6iSWStvAD8aPha2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/evx28IXwOssrh2ERCzJjqUVnHiA.roa
Signing time:             Thu 02 Jan 2025 09:48:09 +0000
ROA not before:           Thu 02 Jan 2025 09:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39402
IP address blocks:        45.84.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/xziAeruc4Vt6iSWStvAD8aPha2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/xziAeruc4Vt6iSWStvAD8aPha2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xziAeruc4Vt6iSWStvAD8aPha2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:53:6e:00:0b:d6:1b:f9:b8:03:ab:db:af:4c:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c738807abb9ce15b7a892592b6f003f1a3e16b60
        Validity
            Not Before: Jan  2 09:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7afc76f085f03acb2b8761110b3263a945671e20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:06:4e:fe:a3:0b:a3:c8:9d:04:95:6d:92:84:
                    fa:83:82:03:b4:2f:8a:97:9f:1a:a4:a7:12:50:81:
                    90:b9:19:21:45:09:06:8a:cd:af:c7:15:fc:f4:67:
                    69:92:da:60:2e:0e:87:c2:67:3f:19:13:4e:42:b2:
                    26:7f:82:d9:57:58:a9:7c:90:40:86:e5:1a:f1:a7:
                    0b:70:4e:0e:3c:fc:05:34:a6:b3:cd:8c:c9:40:74:
                    17:8e:1d:d3:a5:22:1e:dc:7a:c2:1f:21:a1:d2:0c:
                    5d:21:5f:d0:7e:10:1e:6c:5d:4a:26:a7:5e:2f:6f:
                    f1:5a:b3:5d:13:71:43:2c:96:ea:50:6b:79:88:95:
                    ca:0f:29:a3:b6:7a:72:45:86:15:af:91:03:71:39:
                    25:78:c9:96:89:b9:38:3d:d8:3f:f9:fb:28:b4:9c:
                    35:8d:96:97:99:45:58:d4:47:cc:49:13:37:71:18:
                    d4:b6:24:b7:29:76:2b:78:1f:42:5b:7c:b8:70:a5:
                    02:9b:b4:da:9c:77:37:fa:cc:c9:bc:f7:34:40:c6:
                    3f:2d:68:0d:3c:99:d4:3d:76:e6:77:e1:72:93:54:
                    b8:cc:74:5a:7d:6f:ff:f7:41:e2:8d:3f:bd:74:e8:
                    ea:c7:24:49:ed:f7:5f:a2:49:99:c3:b6:f1:48:84:
                    5a:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:FC:76:F0:85:F0:3A:CB:2B:87:61:11:0B:32:63:A9:45:67:1E:20
            X509v3 Authority Key Identifier:
                keyid:C7:38:80:7A:BB:9C:E1:5B:7A:89:25:92:B6:F0:03:F1:A3:E1:6B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xziAeruc4Vt6iSWStvAD8aPha2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/evx28IXwOssrh2ERCzJjqUVnHiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/xziAeruc4Vt6iSWStvAD8aPha2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:b6:6f:5d:4d:8e:87:67:5e:7d:0c:cb:9e:19:c9:1b:9c:83:
         19:4c:d3:fc:ee:fd:a4:08:f1:0e:08:ff:53:6a:b9:29:2d:f8:
         a4:82:87:bc:f0:4a:b9:ce:31:c4:4b:aa:d3:be:f2:12:2a:50:
         09:00:ff:02:a4:35:65:b1:80:42:e5:3c:47:15:22:91:e7:dd:
         0f:3f:97:3c:83:02:8a:a2:97:f4:5d:1c:3c:33:fb:a2:c9:b4:
         1e:3c:3d:66:c9:61:17:cb:48:84:9d:88:88:7c:80:14:bf:a4:
         a1:da:08:d7:c6:a5:04:1c:9b:3a:f1:de:32:60:5f:20:45:63:
         31:a1:7b:bf:f5:06:5e:e0:56:f5:50:71:b3:59:e0:f3:14:a1:
         1a:8d:45:e5:cd:2f:6c:cc:55:3e:de:75:b6:f9:a9:39:62:be:
         6d:6b:0a:31:c1:34:cf:c6:94:00:72:04:7f:1d:9b:4a:d7:77:
         9e:0e:62:11:cd:03:14:0b:c3:20:98:ba:12:0a:f3:a4:df:e2:
         06:9f:b3:65:3d:fc:f3:54:2a:b2:22:b8:20:bb:df:d7:be:bc:
         74:87:14:75:4a:fd:38:e8:06:e4:d2:d9:05:ac:dd:b1:4e:e0:
         cf:5f:7b:a7:f0:ae:45:21:3a:d1:ff:75:7b:2a:13:1e:a4:ad:
         b8:6c:10:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmalNuAAvWG/m4A6vbr0zaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3Mzg4MDdhYmI5Y2UxNWI3YTg5MjU5MmI2ZjAwM2YxYTNl
MTZiNjAwHhcNMjUwMTAyMDk0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWZjNzZmMDg1ZjAzYWNiMmI4NzYxMTEwYjMyNjNhOTQ1NjcxZTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwZO/qMLo8idBJVtkoT6g4IDtC+K
l58apKcSUIGQuRkhRQkGis2vxxX89GdpktpgLg6Hwmc/GRNOQrImf4LZV1ipfJBA
huUa8acLcE4OPPwFNKazzYzJQHQXjh3TpSIe3HrCHyGh0gxdIV/QfhAebF1KJqde
L2/xWrNdE3FDLJbqUGt5iJXKDymjtnpyRYYVr5EDcTkleMmWibk4Pdg/+fsotJw1
jZaXmUVY1EfMSRM3cRjUtiS3KXYreB9CW3y4cKUCm7TanHc3+szJvPc0QMY/LWgN
PJnUPXbmd+Fyk1S4zHRafW//90HijT+9dOjqxyRJ7fdfokmZw7bxSIRaDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHr8dvCF8DrLK4dhEQsyY6lFZx4gMB8GA1UdIwQY
MBaAFMc4gHq7nOFbeoklkrbwA/Gj4WtgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHppQWVydWM0VnQ2aVNXU3R2QUQ4YVBoYTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8xZjQ1ZTktZTgzOS00NjdiLWI1YWIt
M2QxZjMwZTA5MjNiLzEvZXZ4MjhJWHdPc3NyaDJFUkN6SmpxVVZuSGlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8xZjQ1ZTktZTgzOS00NjdiLWI1YWItM2QxZjMwZTA5MjNi
LzEveHppQWVydWM0VnQ2aVNXU3R2QUQ4YVBoYTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVQkMA0G
CSqGSIb3DQEBCwUAA4IBAQBPtm9dTY6HZ159DMueGckbnIMZTNP87v2kCPEOCP9T
arkpLfikgoe88Eq5zjHES6rTvvISKlAJAP8CpDVlsYBC5TxHFSKR590PP5c8gwKK
opf0XRw8M/uiybQePD1myWEXy0iEnYiIfIAUv6Sh2gjXxqUEHJs68d4yYF8gRWMx
oXu/9QZe4Fb1UHGzWeDzFKEajUXlzS9szFU+3nW2+ak5Yr5tawoxwTTPxpQAcgR/
HZtK13eeDmIRzQMUC8MgmLoSCvOk3+IGn7NlPfzzVCqyIrggu9/Xvrx0hxR1Sv04
6Abk0tkFrN2xTuDPX3un8K5FITrR/3V7KhMepK24bBAL
-----END CERTIFICATE-----