Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/6ce0b1-c776-4eff-81ac-2eedace4aac9/1/98GklQIoHkHkn0CoFh_6Dud54bo.roa
File:                     98GklQIoHkHkn0CoFh_6Dud54bo.roa (raw, json)
Hash identifier:          M+9C1iQsySZxvMjL702thfggxvSIoF6cEK1D5Lq/ro4=
Subject key identifier:   F7:C1:A4:95:02:28:1E:41:E4:9F:40:A8:16:1F:FA:0E:E7:79:E1:BA
Certificate issuer:       /CN=8810e7e3c9175eb98ff7815d3076fb02996a734a
Certificate serial:       019455945449F616AC8106EE55E55730D952
Authority key identifier: 88:10:E7:E3:C9:17:5E:B9:8F:F7:81:5D:30:76:FB:02:99:6A:73:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBDn48kXXrmP94FdMHb7Aplqc0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/6ce0b1-c776-4eff-81ac-2eedace4aac9/1/98GklQIoHkHkn0CoFh_6Dud54bo.roa
Signing time:             Sat 11 Jan 2025 13:36:11 +0000
ROA not before:           Sat 11 Jan 2025 13:36:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51154
IP address blocks:        45.131.244.0/22 maxlen: 22
                          185.62.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/6ce0b1-c776-4eff-81ac-2eedace4aac9/1/iBDn48kXXrmP94FdMHb7Aplqc0o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/6ce0b1-c776-4eff-81ac-2eedace4aac9/1/iBDn48kXXrmP94FdMHb7Aplqc0o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iBDn48kXXrmP94FdMHb7Aplqc0o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:55:94:54:49:f6:16:ac:81:06:ee:55:e5:57:30:d9:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8810e7e3c9175eb98ff7815d3076fb02996a734a
        Validity
            Not Before: Jan 11 13:36:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7c1a49502281e41e49f40a8161ffa0ee779e1ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e8:10:f0:e5:a3:e0:9d:9b:76:2d:98:2b:45:
                    d5:57:28:81:f5:e9:d4:27:ed:0e:a1:c6:c7:55:c7:
                    84:f1:de:99:86:da:e0:42:18:5a:54:71:76:6f:96:
                    84:11:60:c5:c1:7b:6c:b7:eb:96:5b:9f:0d:f3:4e:
                    0a:77:15:1d:c7:5a:aa:61:f5:6d:49:ea:ef:92:52:
                    44:6b:c1:04:08:eb:2a:2a:8a:7d:34:70:53:74:1f:
                    73:b4:be:6f:7d:2e:4a:3f:91:f0:4e:30:e1:16:da:
                    9e:61:77:78:cd:d6:c1:14:7a:f1:74:bc:f7:85:5b:
                    77:59:9c:1a:e5:f8:30:41:a9:dd:22:52:f6:9b:54:
                    9d:d7:4d:9b:81:22:b8:00:5c:9c:69:bd:70:a0:45:
                    ae:2b:37:9d:97:77:1a:7a:fe:c1:2a:f0:b0:81:53:
                    fe:d2:01:2a:d6:e5:7d:ad:07:18:99:bc:b5:ad:76:
                    3f:64:1c:7b:0a:96:f9:02:e0:d8:fc:61:db:9a:1a:
                    c7:ed:6b:e8:a3:cb:9e:5e:84:7a:30:78:3a:1e:a2:
                    85:0f:15:88:74:f3:9e:b4:88:7f:a9:68:4f:8c:63:
                    27:8f:20:76:40:f6:09:72:90:86:03:2c:c5:2f:db:
                    31:b2:36:e0:60:a2:1e:a5:04:62:09:09:9c:55:f5:
                    5d:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:C1:A4:95:02:28:1E:41:E4:9F:40:A8:16:1F:FA:0E:E7:79:E1:BA
            X509v3 Authority Key Identifier:
                keyid:88:10:E7:E3:C9:17:5E:B9:8F:F7:81:5D:30:76:FB:02:99:6A:73:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBDn48kXXrmP94FdMHb7Aplqc0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/6ce0b1-c776-4eff-81ac-2eedace4aac9/1/98GklQIoHkHkn0CoFh_6Dud54bo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/6ce0b1-c776-4eff-81ac-2eedace4aac9/1/iBDn48kXXrmP94FdMHb7Aplqc0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.244.0/22
                  185.62.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:0a:7b:8e:3e:eb:ee:73:80:16:d1:a5:9c:ef:05:d0:29:30:
         e7:c9:87:b6:d6:f6:b0:b8:92:68:af:22:d3:b7:21:63:a3:5a:
         b8:88:be:59:5e:26:36:19:50:b7:d0:c8:8b:0f:b3:1f:29:79:
         1c:c0:61:68:32:8b:74:14:df:55:66:3c:1f:3a:c2:87:f1:ec:
         a1:83:37:fe:b2:9c:80:a5:8f:12:2f:fc:19:3f:f5:4c:5f:32:
         aa:69:52:0b:d8:50:96:37:43:65:d8:e8:0c:f5:e8:de:ca:72:
         b7:e7:37:2d:f7:e3:45:cb:7b:7f:c6:b2:76:c9:82:6c:a4:f0:
         8a:9d:d3:9f:f9:8e:50:07:b7:39:c0:a1:75:74:6a:bb:2a:6d:
         98:9a:b1:95:0c:26:bc:07:2d:ce:1f:72:5e:e3:38:e9:0d:ea:
         67:58:0e:fb:7f:3b:29:a5:c9:cc:2e:41:cf:d9:fb:2b:e6:25:
         3e:09:e8:09:92:86:97:59:67:f3:49:76:8e:ac:6c:5d:37:2d:
         e7:47:66:d8:2b:d7:30:fd:08:c2:3d:7a:7c:24:02:3e:3b:f8:
         89:49:91:cf:d2:13:0f:89:0c:e2:df:f4:e0:9b:88:53:08:f7:
         78:e0:70:6a:dc:76:c0:53:eb:a2:a0:a7:25:fd:43:ef:07:56:
         2d:68:e6:46
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRVlFRJ9hasgQbuVeVXMNlSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTBlN2UzYzkxNzVlYjk4ZmY3ODE1ZDMwNzZmYjAyOTk2
YTczNGEwHhcNMjUwMTExMTMzNjExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2MxYTQ5NTAyMjgxZTQxZTQ5ZjQwYTgxNjFmZmEwZWU3NzllMWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOgQ8OWj4J2bdi2YK0XVVyiB9enU
J+0OocbHVceE8d6ZhtrgQhhaVHF2b5aEEWDFwXtst+uWW58N804KdxUdx1qqYfVt
ServklJEa8EECOsqKop9NHBTdB9ztL5vfS5KP5HwTjDhFtqeYXd4zdbBFHrxdLz3
hVt3WZwa5fgwQandIlL2m1Sd102bgSK4AFycab1woEWuKzedl3caev7BKvCwgVP+
0gEq1uV9rQcYmby1rXY/ZBx7Cpb5AuDY/GHbmhrH7Wvoo8ueXoR6MHg6HqKFDxWI
dPOetIh/qWhPjGMnjyB2QPYJcpCGAyzFL9sxsjbgYKIepQRiCQmcVfVdsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPfBpJUCKB5B5J9AqBYf+g7neeG6MB8GA1UdIwQY
MBaAFIgQ5+PJF165j/eBXTB2+wKZanNKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJEbjQ4a1hYcm1QOTRGZE1IYjdBcGxxYzBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My82Y2UwYjEtYzc3Ni00ZWZmLTgxYWMt
MmVlZGFjZTRhYWM5LzEvOThHa2xRSW9Ia0hrbjBDb0ZoXzZEdWQ1NGJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My82Y2UwYjEtYzc3Ni00ZWZmLTgxYWMtMmVlZGFjZTRhYWM5
LzEvaUJEbjQ4a1hYcm1QOTRGZE1IYjdBcGxxYzBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLYP0AwQC
uT7sMA0GCSqGSIb3DQEBCwUAA4IBAQBBCnuOPuvuc4AW0aWc7wXQKTDnyYe21vaw
uJJoryLTtyFjo1q4iL5ZXiY2GVC30MiLD7MfKXkcwGFoMot0FN9VZjwfOsKH8eyh
gzf+spyApY8SL/wZP/VMXzKqaVIL2FCWN0Nl2OgM9ejeynK35zct9+NFy3t/xrJ2
yYJspPCKndOf+Y5QB7c5wKF1dGq7Km2YmrGVDCa8By3OH3Je4zjpDepnWA77fzsp
pcnMLkHP2fsr5iU+CegJkoaXWWfzSXaOrGxdNy3nR2bYK9cw/QjCPXp8JAI+O/iJ
SZHP0hMPiQzi3/Tgm4hTCPd44HBq3HbAU+uioKcl/UPvB1YtaOZG
-----END CERTIFICATE-----