Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/JnBeNm2rTKYmdlnV7LD4ratnhIY.roa
File:                     JnBeNm2rTKYmdlnV7LD4ratnhIY.roa (raw, json)
Hash identifier:          7sx6YVexwt/Dz3KSILgflEf6IXU43pKeioOkcXpsk1E=
Subject key identifier:   26:70:5E:36:6D:AB:4C:A6:26:76:59:D5:EC:B0:F8:AD:AB:67:84:86
Certificate issuer:       /CN=84c17102b6e92e292ec8acaf659e3c290a8d0b68
Certificate serial:       0194258F31B97ADEA79AA49F2049D601D731
Authority key identifier: 84:C1:71:02:B6:E9:2E:29:2E:C8:AC:AF:65:9E:3C:29:0A:8D:0B:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hMFxArbpLikuyKyvZZ48KQqNC2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/JnBeNm2rTKYmdlnV7LD4ratnhIY.roa
Signing time:             Thu 02 Jan 2025 05:48:48 +0000
ROA not before:           Thu 02 Jan 2025 05:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216312
IP address blocks:        45.90.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/hMFxArbpLikuyKyvZZ48KQqNC2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/hMFxArbpLikuyKyvZZ48KQqNC2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hMFxArbpLikuyKyvZZ48KQqNC2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:31:b9:7a:de:a7:9a:a4:9f:20:49:d6:01:d7:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84c17102b6e92e292ec8acaf659e3c290a8d0b68
        Validity
            Not Before: Jan  2 05:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26705e366dab4ca6267659d5ecb0f8adab678486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:13:1a:33:a5:9c:47:bb:6c:0c:70:8e:f3:fe:
                    93:66:f5:ef:a5:2c:1f:46:02:f2:5d:9c:22:e1:63:
                    e8:76:80:73:cc:3c:57:06:8b:b4:2e:02:82:b7:ff:
                    df:dc:05:d4:0e:b6:32:5f:20:40:9f:56:6c:d9:d0:
                    11:8e:fb:a9:f8:3a:9e:cc:3d:3d:32:28:0a:68:26:
                    f1:9a:7d:bc:f6:7d:f7:cf:4e:85:38:3e:aa:49:8c:
                    05:36:8c:75:2f:1b:1e:ec:39:c5:8f:59:7c:98:4d:
                    ef:14:90:63:78:97:d2:02:3d:0a:10:2e:5a:ac:04:
                    29:fe:88:85:4c:9f:94:5d:ca:0f:46:d8:9d:b8:06:
                    4a:cf:b9:3c:b1:1a:81:c4:95:89:99:69:68:1f:2a:
                    56:49:41:8f:ea:56:c8:fc:b5:5a:3c:6e:fe:1a:c2:
                    2c:d5:fa:da:9b:e0:83:08:84:8d:42:ff:b1:85:59:
                    13:31:70:41:88:f1:e9:21:33:50:31:6f:cf:50:07:
                    49:99:e5:ba:eb:b1:ae:70:ca:2b:55:a9:21:d4:42:
                    a8:1d:5b:49:9a:9f:3b:80:f9:de:bd:b4:f4:a9:d8:
                    90:f2:58:25:07:22:87:db:9b:dd:21:e1:79:14:30:
                    87:e5:c7:a7:f9:1d:d8:73:b5:9e:8e:3b:30:56:b6:
                    5d:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:70:5E:36:6D:AB:4C:A6:26:76:59:D5:EC:B0:F8:AD:AB:67:84:86
            X509v3 Authority Key Identifier:
                keyid:84:C1:71:02:B6:E9:2E:29:2E:C8:AC:AF:65:9E:3C:29:0A:8D:0B:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hMFxArbpLikuyKyvZZ48KQqNC2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/JnBeNm2rTKYmdlnV7LD4ratnhIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/hMFxArbpLikuyKyvZZ48KQqNC2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:d8:1a:41:19:64:e8:11:26:a7:a7:e8:1d:d2:f0:47:e1:a4:
         06:c1:9c:f1:cf:53:95:8c:fe:23:b0:fa:26:04:7e:df:3a:c2:
         a2:1d:23:25:89:9e:0b:b6:e0:f7:88:db:7c:fc:93:46:41:7b:
         c3:aa:1d:8e:2b:97:44:ae:28:1c:3d:31:97:0a:23:7e:16:20:
         10:b2:8e:56:d9:ec:d8:57:92:12:16:22:e6:e4:eb:b4:d9:0d:
         38:9f:7d:4e:ca:18:af:83:6a:2b:fc:ea:36:3d:3d:fa:99:19:
         ba:6b:0e:53:6a:06:3d:d3:9f:db:96:cf:f1:35:78:6d:26:d9:
         59:b4:b2:47:87:f0:34:12:c3:9a:c3:97:db:e8:d6:1a:df:0f:
         4a:63:73:66:12:f1:66:1a:a8:d9:b6:50:7b:b8:53:e5:30:a3:
         77:a5:1e:b8:50:c5:37:19:8d:bc:41:99:49:f5:f8:4a:b8:40:
         50:bd:c3:c7:57:ab:ab:3e:28:8b:c7:1d:e6:2d:b4:17:54:1a:
         40:07:e2:b7:20:80:fa:0f:6a:d6:74:2d:4d:34:ea:ee:d5:29:
         1e:02:77:f8:52:e9:94:95:1d:08:20:3a:fe:5c:30:bb:8f:06:
         c8:b7:b8:e1:3a:23:70:a3:be:ce:7d:8e:27:d2:ae:d3:c4:93:
         6f:a9:05:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljzG5et6nmqSfIEnWAdcxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YzE3MTAyYjZlOTJlMjkyZWM4YWNhZjY1OWUzYzI5MGE4
ZDBiNjgwHhcNMjUwMTAyMDU0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjcwNWUzNjZkYWI0Y2E2MjY3NjU5ZDVlY2IwZjhhZGFiNjc4NDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRMaM6WcR7tsDHCO8/6TZvXvpSwf
RgLyXZwi4WPodoBzzDxXBou0LgKCt//f3AXUDrYyXyBAn1Zs2dARjvup+DqezD09
MigKaCbxmn289n33z06FOD6qSYwFNox1Lxse7DnFj1l8mE3vFJBjeJfSAj0KEC5a
rAQp/oiFTJ+UXcoPRtiduAZKz7k8sRqBxJWJmWloHypWSUGP6lbI/LVaPG7+GsIs
1fram+CDCISNQv+xhVkTMXBBiPHpITNQMW/PUAdJmeW667GucMorVakh1EKoHVtJ
mp87gPnevbT0qdiQ8lglByKH25vdIeF5FDCH5cen+R3Yc7WejjswVrZdbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZwXjZtq0ymJnZZ1eyw+K2rZ4SGMB8GA1UdIwQY
MBaAFITBcQK26S4pLsisr2WePCkKjQtoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaE1GeEFyYnBMaWt1eUt5dlpaNDhLUXFOQzJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC82ZDU2OWQtYzQ0Yi00YzM0LWExNTkt
ZDU4M2Y5YTY2ZTNiLzEvSm5CZU5tMnJUS1ltZGxuVjdMRDRyYXRuaElZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC82ZDU2OWQtYzQ0Yi00YzM0LWExNTktZDU4M2Y5YTY2ZTNi
LzEvaE1GeEFyYnBMaWt1eUt5dlpaNDhLUXFOQzJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVpRMA0G
CSqGSIb3DQEBCwUAA4IBAQBi2BpBGWToESanp+gd0vBH4aQGwZzxz1OVjP4jsPom
BH7fOsKiHSMliZ4LtuD3iNt8/JNGQXvDqh2OK5dErigcPTGXCiN+FiAQso5W2ezY
V5ISFiLm5Ou02Q04n31Oyhivg2or/Oo2PT36mRm6aw5TagY905/bls/xNXhtJtlZ
tLJHh/A0EsOaw5fb6NYa3w9KY3NmEvFmGqjZtlB7uFPlMKN3pR64UMU3GY28QZlJ
9fhKuEBQvcPHV6urPiiLxx3mLbQXVBpAB+K3IID6D2rWdC1NNOru1SkeAnf4UumU
lR0IIDr+XDC7jwbIt7jhOiNwo77OfY4n0q7TxJNvqQUM
-----END CERTIFICATE-----