Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/dfc110-7924-49a9-8564-0bebfcbde1f3/1/uy61Z_8RU66-jPuUHYoqaPIOhik.roa
File:                     uy61Z_8RU66-jPuUHYoqaPIOhik.roa (raw, json)
Hash identifier:          L9o3XCU/iUGm+BZYXWE1H2NgYx1sjgSieqKtDG+tWqs=
Subject key identifier:   BB:2E:B5:67:FF:11:53:AE:BE:8C:FB:94:1D:8A:2A:68:F2:0E:86:29
Certificate issuer:       /CN=736d724e239efb7f2f7bea526a9e0c5e7fc89bbe
Certificate serial:       019424B3A9274E5F23F951D25BC3AA0D71DC
Authority key identifier: 73:6D:72:4E:23:9E:FB:7F:2F:7B:EA:52:6A:9E:0C:5E:7F:C8:9B:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c21yTiOe-38ve-pSap4MXn_Im74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/dfc110-7924-49a9-8564-0bebfcbde1f3/1/uy61Z_8RU66-jPuUHYoqaPIOhik.roa
Signing time:             Thu 02 Jan 2025 01:49:01 +0000
ROA not before:           Thu 02 Jan 2025 01:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42072
IP address blocks:        45.154.74.0/23 maxlen: 24
                          2a0f:b300:2000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/dfc110-7924-49a9-8564-0bebfcbde1f3/1/c21yTiOe-38ve-pSap4MXn_Im74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/dfc110-7924-49a9-8564-0bebfcbde1f3/1/c21yTiOe-38ve-pSap4MXn_Im74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c21yTiOe-38ve-pSap4MXn_Im74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:a9:27:4e:5f:23:f9:51:d2:5b:c3:aa:0d:71:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=736d724e239efb7f2f7bea526a9e0c5e7fc89bbe
        Validity
            Not Before: Jan  2 01:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb2eb567ff1153aebe8cfb941d8a2a68f20e8629
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:44:95:5c:56:68:9b:10:4d:91:6a:ed:d4:aa:
                    1b:0e:92:5a:90:b4:09:10:1c:37:56:01:16:6a:61:
                    81:1f:7b:eb:b9:21:f4:09:e8:85:ed:6e:b2:af:4b:
                    f3:c0:5a:59:dc:b0:d7:a3:43:0d:e0:f9:09:6a:48:
                    27:dd:16:92:02:3e:85:3c:a2:93:98:dd:7e:24:38:
                    74:a4:23:ca:da:f6:10:83:24:4e:32:1e:65:2c:96:
                    fa:43:de:8a:53:d4:91:56:9c:fa:17:70:c5:db:89:
                    d5:a7:1a:c0:80:83:f3:19:14:01:ef:85:43:3f:6f:
                    f4:fe:9a:9a:d8:f2:f0:92:49:1a:43:75:20:01:01:
                    09:d3:ee:fd:ec:74:1d:75:e3:27:96:aa:c0:a8:18:
                    9c:b0:e3:77:71:cf:d8:38:88:ce:6e:ba:eb:dd:bf:
                    90:c8:b9:c6:8a:71:f0:a6:1d:13:60:93:60:c9:bc:
                    24:7b:54:54:c2:a8:3b:63:89:d2:34:2e:39:46:fa:
                    d9:56:a5:75:82:7b:cb:28:00:c7:4e:b2:bb:68:1c:
                    76:0f:26:11:18:93:1c:8a:23:f0:92:a7:dd:31:15:
                    22:f2:a0:c8:0f:5a:3d:47:e6:1f:d3:cf:72:bf:89:
                    30:e2:cc:a5:49:76:b5:80:ba:1d:90:8a:a5:5b:cc:
                    4d:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:2E:B5:67:FF:11:53:AE:BE:8C:FB:94:1D:8A:2A:68:F2:0E:86:29
            X509v3 Authority Key Identifier:
                keyid:73:6D:72:4E:23:9E:FB:7F:2F:7B:EA:52:6A:9E:0C:5E:7F:C8:9B:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c21yTiOe-38ve-pSap4MXn_Im74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dfc110-7924-49a9-8564-0bebfcbde1f3/1/uy61Z_8RU66-jPuUHYoqaPIOhik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dfc110-7924-49a9-8564-0bebfcbde1f3/1/c21yTiOe-38ve-pSap4MXn_Im74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.74.0/23
                IPv6:
                  2a0f:b300:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         57:08:33:fe:72:32:27:c6:6b:a3:6c:2b:61:c8:f4:c7:e7:c0:
         83:d4:7b:49:70:f5:0a:1a:2d:c1:5c:54:44:4d:bb:b6:34:38:
         d5:b2:3e:09:ec:2a:23:cb:25:c9:e4:14:b2:6d:fe:f3:e7:72:
         45:14:f0:aa:08:ea:8d:22:f1:67:b5:9f:dd:99:4a:02:4b:59:
         3b:06:dd:db:0c:1b:5e:c8:76:4c:19:8c:bc:6a:5a:c5:b1:a2:
         8b:f1:c1:ce:95:42:5e:26:0d:6e:c2:72:44:67:59:8f:85:05:
         28:a5:3f:8b:65:3c:7d:d0:49:76:49:47:99:9a:d3:26:de:72:
         f1:e3:a1:f4:48:bb:2d:16:fa:9f:86:e0:c7:e8:ec:a0:d4:ab:
         5c:81:2f:6d:d3:51:5e:db:b1:7a:4f:1e:a3:32:58:d1:79:12:
         82:82:b7:89:2b:5c:ed:b8:0d:57:d6:01:02:0a:c0:f6:eb:16:
         06:47:be:54:78:4a:fc:ea:3c:52:00:c5:a0:0f:5a:66:2a:f1:
         38:c5:56:ac:68:83:f7:c1:15:1f:84:b5:6f:fe:20:71:fb:53:
         f4:38:3f:18:87:8c:78:f1:fc:cb:3a:49:68:27:a0:81:bb:5f:
         3c:c0:c7:6c:ca:dc:f6:5c:05:75:18:e8:12:00:07:74:b0:91:
         ff:ea:de:2b
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQks6knTl8j+VHSW8OqDXHcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczNmQ3MjRlMjM5ZWZiN2YyZjdiZWE1MjZhOWUwYzVlN2Zj
ODliYmUwHhcNMjUwMTAyMDE0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjJlYjU2N2ZmMTE1M2FlYmU4Y2ZiOTQxZDhhMmE2OGYyMGU4NjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUSVXFZomxBNkWrt1KobDpJakLQJ
EBw3VgEWamGBH3vruSH0CeiF7W6yr0vzwFpZ3LDXo0MN4PkJakgn3RaSAj6FPKKT
mN1+JDh0pCPK2vYQgyROMh5lLJb6Q96KU9SRVpz6F3DF24nVpxrAgIPzGRQB74VD
P2/0/pqa2PLwkkkaQ3UgAQEJ0+797HQddeMnlqrAqBicsON3cc/YOIjObrrr3b+Q
yLnGinHwph0TYJNgybwke1RUwqg7Y4nSNC45RvrZVqV1gnvLKADHTrK7aBx2DyYR
GJMciiPwkqfdMRUi8qDID1o9R+Yf089yv4kw4sylSXa1gLodkIqlW8xNmQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFLsutWf/EVOuvoz7lB2KKmjyDoYpMB8GA1UdIwQY
MBaAFHNtck4jnvt/L3vqUmqeDF5/yJu+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzIxeVRpT2UtMzh2ZS1wU2FwNE1Ybl9JbTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9kZmMxMTAtNzkyNC00OWE5LTg1NjQt
MGJlYmZjYmRlMWYzLzEvdXk2MVpfOFJVNjYtalB1VUhZb3FhUElPaGlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9kZmMxMTAtNzkyNC00OWE5LTg1NjQtMGJlYmZjYmRlMWYz
LzEvYzIxeVRpT2UtMzh2ZS1wU2FwNE1Ybl9JbTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQBLZpKMA4E
AgACMAgDBgQqD7MAIDANBgkqhkiG9w0BAQsFAAOCAQEAVwgz/nIyJ8Zro2wrYcj0
x+fAg9R7SXD1ChotwVxURE27tjQ41bI+CewqI8slyeQUsm3+8+dyRRTwqgjqjSLx
Z7Wf3ZlKAktZOwbd2wwbXsh2TBmMvGpaxbGii/HBzpVCXiYNbsJyRGdZj4UFKKU/
i2U8fdBJdklHmZrTJt5y8eOh9Ei7LRb6n4bgx+jsoNSrXIEvbdNRXtuxek8eozJY
0XkSgoK3iStc7bgNV9YBAgrA9usWBke+VHhK/Oo8UgDFoA9aZirxOMVWrGiD98EV
H4S1b/4gcftT9Dg/GIeMePH8yzpJaCeggbtfPMDHbMrc9lwFdRjoEgAHdLCR/+re
Kw==
-----END CERTIFICATE-----