Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9zaK0KFpFDugd2wcVNpO2QBpoKY.roa
File:                     9zaK0KFpFDugd2wcVNpO2QBpoKY.roa (raw, json)
Hash identifier:          y80WMn/I/lW4T8XeZCKI0lKyg4wEiST6LyU2Xtn8qGI=
Subject key identifier:   F7:36:8A:D0:A1:69:14:3B:A0:77:6C:1C:54:DA:4E:D9:00:69:A0:A6
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01945EA7F05C881DF63904C7F954CB1F51CD
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9zaK0KFpFDugd2wcVNpO2QBpoKY.roa
Signing time:             Mon 13 Jan 2025 07:54:11 +0000
ROA not before:           Mon 13 Jan 2025 07:54:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45671
IP address blocks:        45.12.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5e:a7:f0:5c:88:1d:f6:39:04:c7:f9:54:cb:1f:51:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 13 07:54:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7368ad0a169143ba0776c1c54da4ed90069a0a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6c:41:45:c6:3e:3f:62:f3:26:7e:5b:ff:c3:
                    5c:63:9e:be:ea:5b:d1:97:47:78:6d:55:3f:ab:63:
                    ba:a4:17:f7:52:c4:e3:4e:57:fa:fe:e4:53:0a:e0:
                    28:d7:2c:64:86:2c:c3:2a:0a:a4:3f:35:ac:5c:b8:
                    96:a7:3b:8c:5c:20:ac:09:a8:b5:7e:44:fb:ad:58:
                    f5:c9:0a:af:ed:6e:f2:e5:9e:8a:62:c5:90:df:44:
                    25:86:ff:cd:69:85:07:f7:99:6f:70:fd:72:2e:46:
                    ad:81:5f:5d:c3:6e:42:80:e5:d8:5b:11:c7:1b:28:
                    df:d1:a4:3d:58:b3:56:f6:0e:f9:33:86:76:67:6a:
                    74:41:6f:19:97:81:ab:ae:fc:75:6b:b8:36:23:97:
                    2e:36:c4:ea:47:15:c6:24:7b:55:45:65:ae:38:67:
                    53:ca:e3:eb:64:22:31:d0:78:68:9f:a1:18:cf:8f:
                    ca:1a:7f:6c:86:bf:49:35:22:a3:5a:db:37:b8:45:
                    f1:0e:5b:28:31:fe:b0:2d:7e:b4:34:e3:46:fe:37:
                    b7:5b:b3:5a:36:07:8c:81:98:08:17:71:15:6c:66:
                    5b:92:9e:10:9e:77:69:b8:02:56:6f:96:38:e2:5f:
                    19:08:2f:28:3d:dd:46:df:88:d0:f0:d1:9d:ec:90:
                    ce:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:36:8A:D0:A1:69:14:3B:A0:77:6C:1C:54:DA:4E:D9:00:69:A0:A6
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9zaK0KFpFDugd2wcVNpO2QBpoKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:6e:fe:54:35:c4:55:ca:36:c7:f6:c0:3e:02:a1:a8:bc:d8:
         8a:07:51:3c:2b:5c:25:17:5e:5d:b9:7a:87:35:9b:a6:9e:4f:
         2f:19:a8:28:d6:d3:36:7c:8b:3f:34:23:5d:0b:15:9b:e0:c5:
         e9:94:91:13:22:3c:5e:cc:fa:57:7f:64:5f:c8:b7:b9:be:31:
         55:91:3f:49:74:78:b3:a6:a3:d3:e4:f4:29:ca:d6:9b:a3:33:
         f5:4b:bf:78:04:a1:bc:25:1c:2c:7b:b2:f5:68:54:13:c4:02:
         00:f4:33:be:7a:b0:95:13:83:cc:9a:a4:2a:73:d1:61:35:9f:
         c2:6b:c4:7b:90:ed:3c:bb:d7:46:0e:e4:bc:dc:13:a3:5b:06:
         25:0e:56:65:3f:f4:2b:69:e2:ad:04:77:77:7f:be:38:71:c2:
         da:50:1a:96:a4:86:be:a6:fe:93:4b:92:42:2d:1c:bf:7c:ff:
         ed:d1:64:2c:76:e3:fe:0e:79:e4:63:d3:89:a3:df:14:54:af:
         9d:21:15:6e:92:28:05:0e:a5:7b:c0:44:f4:50:0c:dd:40:e9:
         cc:b7:4f:a6:06:15:37:7a:2c:91:31:1d:33:9f:70:29:fb:7f:
         86:ed:f4:52:e8:52:c4:00:67:c2:5b:f2:b7:48:fa:68:5b:f8:
         73:7d:28:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRep/BciB32OQTH+VTLH1HNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTEzMDc1NDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzM2OGFkMGExNjkxNDNiYTA3NzZjMWM1NGRhNGVkOTAwNjlhMGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGxBRcY+P2LzJn5b/8NcY56+6lvR
l0d4bVU/q2O6pBf3UsTjTlf6/uRTCuAo1yxkhizDKgqkPzWsXLiWpzuMXCCsCai1
fkT7rVj1yQqv7W7y5Z6KYsWQ30Qlhv/NaYUH95lvcP1yLkatgV9dw25CgOXYWxHH
Gyjf0aQ9WLNW9g75M4Z2Z2p0QW8Zl4Grrvx1a7g2I5cuNsTqRxXGJHtVRWWuOGdT
yuPrZCIx0Hhon6EYz4/KGn9shr9JNSKjWts3uEXxDlsoMf6wLX60NONG/je3W7Na
NgeMgZgIF3EVbGZbkp4QnndpuAJWb5Y44l8ZCC8oPd1G34jQ8NGd7JDO4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPc2itChaRQ7oHdsHFTaTtkAaaCmMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOXphSzBLRnBGRHVnZDJ3Y1ZOcE8yUUJwb0tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQxHMA0G
CSqGSIb3DQEBCwUAA4IBAQCZbv5UNcRVyjbH9sA+AqGovNiKB1E8K1wlF15duXqH
NZumnk8vGago1tM2fIs/NCNdCxWb4MXplJETIjxezPpXf2RfyLe5vjFVkT9JdHiz
pqPT5PQpytabozP1S794BKG8JRwse7L1aFQTxAIA9DO+erCVE4PMmqQqc9FhNZ/C
a8R7kO08u9dGDuS83BOjWwYlDlZlP/QraeKtBHd3f744ccLaUBqWpIa+pv6TS5JC
LRy/fP/t0WQsduP+DnnkY9OJo98UVK+dIRVukigFDqV7wET0UAzdQOnMt0+mBhU3
eiyRMR0zn3Ap+3+G7fRS6FLEAGfCW/K3SPpoW/hzfSgz
-----END CERTIFICATE-----