Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/cb31da-4491-4f3e-bae5-3d57b66b2134/1/v9XCpSvXJgFn93oqPO6QjvmDaV0.roa
File:                     v9XCpSvXJgFn93oqPO6QjvmDaV0.roa (raw, json)
Hash identifier:          2/0z9nylSvJWI46oSDGL4Lr6kTxicsj+PodL8IKe940=
Subject key identifier:   BF:D5:C2:A5:2B:D7:26:01:67:F7:7A:2A:3C:EE:90:8E:F9:83:69:5D
Certificate issuer:       /CN=45e3a0c1f1d81ee069643b40c323999bb5584631
Certificate serial:       019422FC20825B942F3B189D4A4DE8D0410F
Authority key identifier: 45:E3:A0:C1:F1:D8:1E:E0:69:64:3B:40:C3:23:99:9B:B5:58:46:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ReOgwfHYHuBpZDtAwyOZm7VYRjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/cb31da-4491-4f3e-bae5-3d57b66b2134/1/v9XCpSvXJgFn93oqPO6QjvmDaV0.roa
Signing time:             Wed 01 Jan 2025 17:48:56 +0000
ROA not before:           Wed 01 Jan 2025 17:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204152
IP address blocks:        185.112.232.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/cb31da-4491-4f3e-bae5-3d57b66b2134/1/ReOgwfHYHuBpZDtAwyOZm7VYRjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/cb31da-4491-4f3e-bae5-3d57b66b2134/1/ReOgwfHYHuBpZDtAwyOZm7VYRjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ReOgwfHYHuBpZDtAwyOZm7VYRjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:20:82:5b:94:2f:3b:18:9d:4a:4d:e8:d0:41:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e3a0c1f1d81ee069643b40c323999bb5584631
        Validity
            Not Before: Jan  1 17:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bfd5c2a52bd7260167f77a2a3cee908ef983695d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a4:97:0d:22:3b:5b:a8:1d:dd:19:29:e1:a5:
                    f7:a7:4f:53:61:50:77:55:47:a6:1c:e7:f3:40:23:
                    85:89:68:1c:81:2b:c3:06:b2:71:71:d7:a9:02:b9:
                    db:ec:fc:d1:dd:7b:8a:3a:04:0b:d1:2f:69:fc:90:
                    f9:6d:bb:8f:45:9c:c2:35:63:64:64:a8:a6:e0:83:
                    09:62:cb:6c:76:2b:c9:6b:60:1a:4a:98:7c:16:e3:
                    33:e4:25:3a:0c:a9:5a:2d:45:62:3f:35:e7:79:4f:
                    83:4d:f6:91:c8:ad:92:6a:0d:31:b4:cf:21:b7:70:
                    b9:44:f7:35:2c:33:1f:bb:2b:a3:49:8c:14:21:8e:
                    29:ce:99:a2:10:e0:16:5c:be:73:20:eb:55:2b:e0:
                    ca:5d:4f:0f:50:fc:e8:d2:61:9c:34:f4:7e:2d:ec:
                    b2:4d:6d:8d:7f:2f:c9:a2:23:8f:90:6d:6a:4a:71:
                    dc:a3:a7:0c:d3:fd:fc:30:10:08:29:34:76:e4:ae:
                    c9:76:0e:2e:f1:a1:a6:d5:67:c1:78:53:e1:7d:f1:
                    0d:74:37:33:4e:2e:98:17:da:b0:99:dd:40:dd:cb:
                    48:a3:cf:10:5f:eb:02:b7:6a:72:2a:d4:86:6d:d8:
                    94:10:11:12:52:08:cd:6c:c7:4e:5c:71:ea:83:bb:
                    e1:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:D5:C2:A5:2B:D7:26:01:67:F7:7A:2A:3C:EE:90:8E:F9:83:69:5D
            X509v3 Authority Key Identifier:
                keyid:45:E3:A0:C1:F1:D8:1E:E0:69:64:3B:40:C3:23:99:9B:B5:58:46:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ReOgwfHYHuBpZDtAwyOZm7VYRjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/cb31da-4491-4f3e-bae5-3d57b66b2134/1/v9XCpSvXJgFn93oqPO6QjvmDaV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/cb31da-4491-4f3e-bae5-3d57b66b2134/1/ReOgwfHYHuBpZDtAwyOZm7VYRjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:c7:78:f8:30:80:0b:31:a3:29:33:85:c1:1e:c8:c8:0f:09:
         c3:5a:fd:34:f3:cd:11:66:d8:df:e2:a4:09:2f:f3:da:3a:36:
         b4:37:d6:da:29:da:48:c0:ea:28:55:b5:2e:e7:94:c6:94:08:
         92:b7:79:59:47:c8:f0:c2:0b:32:39:df:6b:89:f2:8e:44:60:
         ea:c8:7b:a9:bf:a7:69:31:df:2a:8a:6a:a6:bf:5e:c0:90:40:
         54:bf:ea:2a:7b:30:17:33:c0:61:43:f8:c7:c3:63:67:40:8d:
         b5:af:ff:f4:dd:38:27:99:6f:38:be:14:79:79:5e:6d:87:db:
         19:32:95:56:04:46:d5:9e:71:bf:80:70:d4:c6:38:7e:66:af:
         ab:15:43:91:67:ff:3b:e8:1b:8b:99:c9:fb:b1:3b:86:7a:95:
         f5:04:f3:d7:72:05:9d:b1:4e:c9:2b:1c:52:d5:9d:1b:3b:73:
         39:e4:b0:a1:65:ab:41:ef:c9:e3:3a:b6:93:7f:6b:d5:b8:32:
         4c:ac:37:f6:26:ba:14:53:a5:2e:db:13:31:0e:6a:a3:09:6f:
         f7:51:47:19:9e:d7:dc:04:47:e9:ef:77:2f:59:67:ff:12:22:
         3d:6e:19:65:95:e6:45:3c:0b:3c:98:af:b6:3a:82:c1:c3:d3:
         a7:de:ce:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/CCCW5QvOxidSk3o0EEPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZTNhMGMxZjFkODFlZTA2OTY0M2I0MGMzMjM5OTliYjU1
ODQ2MzEwHhcNMjUwMTAxMTc0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmQ1YzJhNTJiZDcyNjAxNjdmNzdhMmEzY2VlOTA4ZWY5ODM2OTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6SXDSI7W6gd3Rkp4aX3p09TYVB3
VUemHOfzQCOFiWgcgSvDBrJxcdepArnb7PzR3XuKOgQL0S9p/JD5bbuPRZzCNWNk
ZKim4IMJYstsdivJa2AaSph8FuMz5CU6DKlaLUViPzXneU+DTfaRyK2Sag0xtM8h
t3C5RPc1LDMfuyujSYwUIY4pzpmiEOAWXL5zIOtVK+DKXU8PUPzo0mGcNPR+Leyy
TW2Nfy/JoiOPkG1qSnHco6cM0/38MBAIKTR25K7Jdg4u8aGm1WfBeFPhffENdDcz
Ti6YF9qwmd1A3ctIo88QX+sCt2pyKtSGbdiUEBESUgjNbMdOXHHqg7vhRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL/VwqUr1yYBZ/d6KjzukI75g2ldMB8GA1UdIwQY
MBaAFEXjoMHx2B7gaWQ7QMMjmZu1WEYxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmVPZ3dmSFlIdUJwWkR0QXd5T1ptN1ZZUmpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9jYjMxZGEtNDQ5MS00ZjNlLWJhZTUt
M2Q1N2I2NmIyMTM0LzEvdjlYQ3BTdlhKZ0ZuOTNvcVBPNlFqdm1EYVYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9jYjMxZGEtNDQ5MS00ZjNlLWJhZTUtM2Q1N2I2NmIyMTM0
LzEvUmVPZ3dmSFlIdUJwWkR0QXd5T1ptN1ZZUmpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXDoMA0G
CSqGSIb3DQEBCwUAA4IBAQBLx3j4MIALMaMpM4XBHsjIDwnDWv00880RZtjf4qQJ
L/PaOja0N9baKdpIwOooVbUu55TGlAiSt3lZR8jwwgsyOd9rifKORGDqyHupv6dp
Md8qimqmv17AkEBUv+oqezAXM8BhQ/jHw2NnQI21r//03TgnmW84vhR5eV5th9sZ
MpVWBEbVnnG/gHDUxjh+Zq+rFUORZ/876BuLmcn7sTuGepX1BPPXcgWdsU7JKxxS
1Z0bO3M55LChZatB78njOraTf2vVuDJMrDf2JroUU6Uu2xMxDmqjCW/3UUcZntfc
BEfp73cvWWf/EiI9bhllleZFPAs8mK+2OoLBw9On3s4p
-----END CERTIFICATE-----