Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/B1nucPb7NWUbBUo9E6aO-U-ClRc.roa
File:                     B1nucPb7NWUbBUo9E6aO-U-ClRc.roa (raw, json)
Hash identifier:          JvGsvFvtRyqqdZt/kpyabUpQhS7hpxa8fDi+el1bUhg=
Subject key identifier:   07:59:EE:70:F6:FB:35:65:1B:05:4A:3D:13:A6:8E:F9:4F:82:95:17
Certificate issuer:       /CN=25cf9d8d552cdc7d8c0dc6f649b301f2351409ee
Certificate serial:       0194258F76F587B79D4B246171327C799337
Authority key identifier: 25:CF:9D:8D:55:2C:DC:7D:8C:0D:C6:F6:49:B3:01:F2:35:14:09:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/B1nucPb7NWUbBUo9E6aO-U-ClRc.roa
Signing time:             Thu 02 Jan 2025 05:49:06 +0000
ROA not before:           Thu 02 Jan 2025 05:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49127
IP address blocks:        45.66.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:76:f5:87:b7:9d:4b:24:61:71:32:7c:79:93:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25cf9d8d552cdc7d8c0dc6f649b301f2351409ee
        Validity
            Not Before: Jan  2 05:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0759ee70f6fb35651b054a3d13a68ef94f829517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1c:8d:4e:ac:b0:ae:e8:fb:db:52:6f:9d:26:
                    45:40:87:af:3b:c2:2f:76:32:f9:f0:93:3a:0c:63:
                    f5:b6:7f:50:2e:4f:2c:14:2b:cb:ba:59:c5:8d:18:
                    33:3e:36:7c:93:d8:f0:57:69:b0:db:50:e9:80:1b:
                    45:a4:a9:4a:5c:4a:7d:84:cd:18:59:78:01:0d:dc:
                    8c:0f:79:c5:a1:dd:3b:8c:23:d1:3d:56:5a:a1:6d:
                    1e:26:fc:86:fb:54:79:01:97:68:58:57:de:1c:81:
                    f9:fa:76:7d:2d:c1:30:ce:8a:de:1c:6e:c8:0d:f5:
                    55:48:f7:26:6e:b9:14:ad:82:3a:21:f0:2e:9f:bc:
                    47:c8:91:17:a6:70:da:16:f3:5f:d8:56:6a:a4:18:
                    cb:5c:b9:ed:49:b6:cb:38:cc:38:e6:fe:01:b4:96:
                    af:97:79:b9:e6:64:92:0c:08:03:d3:40:b2:82:f9:
                    49:1f:4c:06:17:b7:6c:78:72:1e:dc:24:d8:53:1d:
                    45:bc:d1:6f:5e:32:7e:9c:9b:aa:6e:43:d5:a9:c8:
                    95:5e:39:81:2c:4a:da:01:b4:40:25:0d:85:c2:21:
                    40:7e:0d:c4:13:9e:c7:34:e6:3c:85:e3:76:7c:5f:
                    dc:03:cb:ec:88:26:0f:f4:2c:b2:ec:75:bd:5d:be:
                    f7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:59:EE:70:F6:FB:35:65:1B:05:4A:3D:13:A6:8E:F9:4F:82:95:17
            X509v3 Authority Key Identifier:
                keyid:25:CF:9D:8D:55:2C:DC:7D:8C:0D:C6:F6:49:B3:01:F2:35:14:09:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/B1nucPb7NWUbBUo9E6aO-U-ClRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:92:15:af:a2:60:7f:96:f7:1b:2b:ea:2b:27:87:c7:ad:5e:
         f7:c4:64:2c:34:81:44:05:20:37:e9:77:17:20:c5:1c:cc:b0:
         b5:69:02:9b:32:f0:30:a2:09:60:27:35:34:54:69:0d:9d:f7:
         c8:59:63:8b:9f:09:cb:6e:c3:05:35:ba:2d:84:50:2f:a1:93:
         d2:ca:de:87:69:26:81:21:02:78:68:23:38:a5:81:f8:9a:a7:
         15:a8:2e:b8:25:06:81:8b:8a:e6:ea:84:75:e8:e9:63:eb:b6:
         71:2f:5d:fb:c1:f9:20:21:db:e5:ce:3d:fe:80:ae:01:59:4c:
         aa:89:7c:af:85:bf:37:0b:2c:4d:19:c6:10:10:a4:e6:ce:24:
         64:36:37:66:97:96:30:dd:f4:55:ef:95:18:1c:e8:47:3a:1f:
         3a:3e:bf:ad:7e:a6:5b:7f:de:b6:d4:d7:98:af:4c:12:34:65:
         42:d3:f0:e7:27:4a:74:15:5d:d4:0a:4c:99:37:3a:99:9e:aa:
         42:06:89:93:a8:ad:e1:2a:cd:22:f8:2b:e7:56:9e:10:30:fe:
         32:e1:97:a4:1e:2b:94:18:48:ed:ff:04:28:d9:57:7a:89:bc:
         c9:26:d5:a7:d4:af:e0:0c:91:ad:dc:d1:61:6b:42:14:25:7c:
         05:3f:c5:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj3b1h7edSyRhcTJ8eZM3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Y2Y5ZDhkNTUyY2RjN2Q4YzBkYzZmNjQ5YjMwMWYyMzUx
NDA5ZWUwHhcNMjUwMTAyMDU0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzU5ZWU3MGY2ZmIzNTY1MWIwNTRhM2QxM2E2OGVmOTRmODI5NTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRyNTqywruj721JvnSZFQIevO8Iv
djL58JM6DGP1tn9QLk8sFCvLulnFjRgzPjZ8k9jwV2mw21DpgBtFpKlKXEp9hM0Y
WXgBDdyMD3nFod07jCPRPVZaoW0eJvyG+1R5AZdoWFfeHIH5+nZ9LcEwzoreHG7I
DfVVSPcmbrkUrYI6IfAun7xHyJEXpnDaFvNf2FZqpBjLXLntSbbLOMw45v4BtJav
l3m55mSSDAgD00CygvlJH0wGF7dseHIe3CTYUx1FvNFvXjJ+nJuqbkPVqciVXjmB
LEraAbRAJQ2FwiFAfg3EE57HNOY8heN2fF/cA8vsiCYP9Cyy7HW9Xb73eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAdZ7nD2+zVlGwVKPROmjvlPgpUXMB8GA1UdIwQY
MBaAFCXPnY1VLNx9jA3G9kmzAfI1FAnuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmMtZGpWVXMzSDJNRGNiMlNiTUI4alVVQ2U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9hMGUwOGEtOWZmMC00NGI0LWJjYzQt
YTEwNjkwYTc0NGU0LzEvQjFudWNQYjdOV1ViQlVvOUU2YU8tVS1DbFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9hMGUwOGEtOWZmMC00NGI0LWJjYzQtYTEwNjkwYTc0NGU0
LzEvSmMtZGpWVXMzSDJNRGNiMlNiTUI4alVVQ2U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUIiMA0G
CSqGSIb3DQEBCwUAA4IBAQBRkhWvomB/lvcbK+orJ4fHrV73xGQsNIFEBSA36XcX
IMUczLC1aQKbMvAwoglgJzU0VGkNnffIWWOLnwnLbsMFNbothFAvoZPSyt6HaSaB
IQJ4aCM4pYH4mqcVqC64JQaBi4rm6oR16Olj67ZxL137wfkgIdvlzj3+gK4BWUyq
iXyvhb83CyxNGcYQEKTmziRkNjdml5Yw3fRV75UYHOhHOh86Pr+tfqZbf9621NeY
r0wSNGVC0/DnJ0p0FV3UCkyZNzqZnqpCBomTqK3hKs0i+CvnVp4QMP4y4ZekHiuU
GEjt/wQo2Vd6ibzJJtWn1K/gDJGt3NFha0IUJXwFP8Vn
-----END CERTIFICATE-----