Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/c2fbe1-dd9d-4204-9066-e225a249378e/1/K7qTK9pIyiEZfe3oYQ_ZP0X2yEA.roa
File:                     K7qTK9pIyiEZfe3oYQ_ZP0X2yEA.roa (raw, json)
Hash identifier:          aRm9dSDweAWyai2Lyi7lBDWMUI5ncN0CehfI1VhjASU=
Subject key identifier:   2B:BA:93:2B:DA:48:CA:21:19:7D:ED:E8:61:0F:D9:3F:45:F6:C8:40
Certificate issuer:       /CN=a384a56317ac8179851b570f0e3a7aa044e808a6
Certificate serial:       019421B231BDCF080969ECF2B603B211D4B2
Authority key identifier: A3:84:A5:63:17:AC:81:79:85:1B:57:0F:0E:3A:7A:A0:44:E8:08:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o4SlYxesgXmFG1cPDjp6oEToCKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/c2fbe1-dd9d-4204-9066-e225a249378e/1/K7qTK9pIyiEZfe3oYQ_ZP0X2yEA.roa
Signing time:             Wed 01 Jan 2025 11:48:33 +0000
ROA not before:           Wed 01 Jan 2025 11:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204252
IP address blocks:        45.134.232.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/c2fbe1-dd9d-4204-9066-e225a249378e/1/o4SlYxesgXmFG1cPDjp6oEToCKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/c2fbe1-dd9d-4204-9066-e225a249378e/1/o4SlYxesgXmFG1cPDjp6oEToCKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o4SlYxesgXmFG1cPDjp6oEToCKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:31:bd:cf:08:09:69:ec:f2:b6:03:b2:11:d4:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a384a56317ac8179851b570f0e3a7aa044e808a6
        Validity
            Not Before: Jan  1 11:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2bba932bda48ca21197dede8610fd93f45f6c840
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c5:cb:1f:0e:13:ec:93:b0:5c:e9:cb:43:1d:
                    f7:3e:3b:b0:17:9e:12:43:b4:8c:0d:24:e2:46:ac:
                    a8:48:af:00:06:0c:5d:24:98:4f:f2:03:69:8c:4b:
                    f6:24:ee:da:95:a4:1b:44:f6:00:c9:3b:ba:e2:44:
                    b2:10:56:51:2f:cf:d5:93:3e:ea:eb:ce:9f:75:4a:
                    70:0d:af:37:9d:8d:f0:97:20:13:12:44:24:8a:cc:
                    ec:8a:15:70:72:ab:fc:71:af:a7:b4:a9:14:fa:f0:
                    89:18:61:c1:3f:ab:fe:57:9f:93:27:96:18:5a:f1:
                    88:fc:b5:bb:68:39:19:e2:66:d3:e7:ac:9f:8e:71:
                    10:eb:b1:f7:12:66:51:a1:37:50:5f:66:b0:8e:62:
                    5d:09:ce:3b:a7:27:18:9d:af:03:56:b9:3c:7e:1c:
                    67:1f:a2:cf:7a:99:33:6b:c2:2e:a6:6b:01:32:d1:
                    14:a1:c0:f6:48:1d:f9:e2:34:82:9f:f1:e6:02:36:
                    99:ee:9f:a5:53:01:50:62:66:af:b9:f9:c7:ea:e8:
                    14:e8:08:a9:5a:71:16:4b:fd:c9:7b:2a:5a:62:3a:
                    12:31:53:57:7d:e6:21:96:99:6f:b2:d8:b8:85:45:
                    1a:b4:cc:86:88:b4:03:e4:93:4b:e9:58:df:70:0e:
                    6d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:BA:93:2B:DA:48:CA:21:19:7D:ED:E8:61:0F:D9:3F:45:F6:C8:40
            X509v3 Authority Key Identifier:
                keyid:A3:84:A5:63:17:AC:81:79:85:1B:57:0F:0E:3A:7A:A0:44:E8:08:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o4SlYxesgXmFG1cPDjp6oEToCKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/c2fbe1-dd9d-4204-9066-e225a249378e/1/K7qTK9pIyiEZfe3oYQ_ZP0X2yEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/c2fbe1-dd9d-4204-9066-e225a249378e/1/o4SlYxesgXmFG1cPDjp6oEToCKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:77:7e:58:4f:70:16:9b:6b:4f:82:0a:9d:9e:cd:f8:f5:cd:
         9d:b5:68:4b:06:c5:e8:e0:40:fb:e8:47:e4:6c:31:b0:71:07:
         fe:42:21:da:ef:80:d6:9f:a5:c6:3c:ab:3b:23:c8:d9:f8:be:
         39:d3:a4:fc:d2:cf:23:d4:32:36:b4:e8:4f:3a:08:09:1a:1c:
         bd:7d:6f:86:f2:0b:18:05:a2:bf:0d:a2:40:5c:82:54:0e:54:
         ef:b7:17:d1:3e:b3:9c:30:3e:b3:28:54:ad:9b:13:e7:bf:f3:
         82:4e:bd:f3:0d:98:9e:4f:d2:a8:07:66:86:9f:4a:6e:84:b3:
         e2:8a:b8:3f:ea:66:65:65:2a:c3:cc:51:b0:18:0e:fe:f1:33:
         36:a3:49:5c:11:56:db:42:ac:60:19:6b:0d:72:59:cb:2a:51:
         62:83:e0:d7:d2:1b:2c:2e:ec:f8:31:96:3f:5d:a7:71:80:fb:
         19:21:eb:6b:7f:6c:bb:68:06:cf:46:30:f1:8c:6f:c0:70:36:
         df:c7:e9:6e:cf:93:1b:29:45:5b:70:fc:a9:ab:f8:04:79:f2:
         49:e2:8c:ef:68:18:c0:ff:cf:fd:78:af:a4:d8:67:9f:02:c4:
         a8:d5:ef:5b:2d:2c:c4:4b:2c:4b:b9:e8:15:07:62:b7:5c:09:
         76:87:5a:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsjG9zwgJaezytgOyEdSyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzODRhNTYzMTdhYzgxNzk4NTFiNTcwZjBlM2E3YWEwNDRl
ODA4YTYwHhcNMjUwMTAxMTE0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmJhOTMyYmRhNDhjYTIxMTk3ZGVkZTg2MTBmZDkzZjQ1ZjZjODQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8XLHw4T7JOwXOnLQx33PjuwF54S
Q7SMDSTiRqyoSK8ABgxdJJhP8gNpjEv2JO7alaQbRPYAyTu64kSyEFZRL8/Vkz7q
686fdUpwDa83nY3wlyATEkQkiszsihVwcqv8ca+ntKkU+vCJGGHBP6v+V5+TJ5YY
WvGI/LW7aDkZ4mbT56yfjnEQ67H3EmZRoTdQX2awjmJdCc47pycYna8DVrk8fhxn
H6LPepkza8IupmsBMtEUocD2SB354jSCn/HmAjaZ7p+lUwFQYmavufnH6ugU6Aip
WnEWS/3JeypaYjoSMVNXfeYhlplvsti4hUUatMyGiLQD5JNL6VjfcA5twwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCu6kyvaSMohGX3t6GEP2T9F9shAMB8GA1UdIwQY
MBaAFKOEpWMXrIF5hRtXDw46eqBE6AimMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzRTbFl4ZXNnWG1GRzFjUERqcDZvRVRvQ0tZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9jMmZiZTEtZGQ5ZC00MjA0LTkwNjYt
ZTIyNWEyNDkzNzhlLzEvSzdxVEs5cEl5aUVaZmUzb1lRX1pQMFgyeUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9jMmZiZTEtZGQ5ZC00MjA0LTkwNjYtZTIyNWEyNDkzNzhl
LzEvbzRTbFl4ZXNnWG1GRzFjUERqcDZvRVRvQ0tZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYboMA0G
CSqGSIb3DQEBCwUAA4IBAQB/d35YT3AWm2tPggqdns349c2dtWhLBsXo4ED76Efk
bDGwcQf+QiHa74DWn6XGPKs7I8jZ+L4506T80s8j1DI2tOhPOggJGhy9fW+G8gsY
BaK/DaJAXIJUDlTvtxfRPrOcMD6zKFStmxPnv/OCTr3zDZieT9KoB2aGn0puhLPi
irg/6mZlZSrDzFGwGA7+8TM2o0lcEVbbQqxgGWsNclnLKlFig+DX0hssLuz4MZY/
XadxgPsZIetrf2y7aAbPRjDxjG/AcDbfx+luz5MbKUVbcPypq/gEefJJ4ozvaBjA
/8/9eK+k2GefAsSo1e9bLSzESyxLuegVB2K3XAl2h1qH
-----END CERTIFICATE-----