Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/bLAtDlVH7cqOuD1SaYHu9MHumt0.roa
File:                     bLAtDlVH7cqOuD1SaYHu9MHumt0.roa (raw, json)
Hash identifier:          c2+7W041xMQSYAWw5dv6gRIylQ8yYDxEsY8uFcMFuTI=
Subject key identifier:   6C:B0:2D:0E:55:47:ED:CA:8E:B8:3D:52:69:81:EE:F4:C1:EE:9A:DD
Certificate issuer:       /CN=25cf9d8d552cdc7d8c0dc6f649b301f2351409ee
Certificate serial:       018CCA2A17125DAEBA3ADE445D3D7159655A
Authority key identifier: 25:CF:9D:8D:55:2C:DC:7D:8C:0D:C6:F6:49:B3:01:F2:35:14:09:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/bLAtDlVH7cqOuD1SaYHu9MHumt0.roa
Signing time:             Tue 02 Jan 2024 12:33:25 +0000
ROA not before:           Tue 02 Jan 2024 12:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47482
IP address blocks:        45.66.32.0/24 maxlen: 24
                          45.66.33.0/24 maxlen: 24
                          2a09:61c0::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:17:12:5d:ae:ba:3a:de:44:5d:3d:71:59:65:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25cf9d8d552cdc7d8c0dc6f649b301f2351409ee
        Validity
            Not Before: Jan  2 12:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cb02d0e5547edca8eb83d526981eef4c1ee9add
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:56:32:8c:62:68:c9:b9:0d:7c:7e:50:b8:8e:
                    08:60:fc:49:b5:db:55:db:b4:2d:d7:64:ea:dd:f9:
                    e7:0f:29:29:d3:52:95:b6:a6:1d:4f:e0:e4:d6:91:
                    1d:3c:a8:38:ca:a8:a4:7a:1b:d4:a5:ce:ba:34:c1:
                    e2:bc:e7:73:f9:2d:0e:78:8a:ba:0f:8b:19:b1:6b:
                    3a:9c:ef:60:6f:f8:e5:70:24:6a:ed:57:14:f7:49:
                    34:7e:e0:0a:78:e0:1b:3b:ad:01:25:1f:a2:e0:a6:
                    d6:f5:5a:98:fa:44:04:21:2c:7a:bd:d6:6b:fa:5d:
                    7e:c3:1d:74:64:5e:01:c8:0e:35:9f:5d:75:63:64:
                    c7:1a:dc:16:5b:c8:57:b1:b6:53:1f:f6:d2:2c:a5:
                    4a:f0:0a:fe:00:9f:60:b7:2b:75:ce:b4:43:c8:92:
                    6d:20:fe:d8:c4:ae:db:01:8e:c2:9d:63:28:48:49:
                    e3:9c:9e:d1:1d:4d:7e:34:c4:05:3b:ff:0e:4a:a5:
                    8e:50:c1:33:89:39:d9:81:3f:e5:dc:29:3e:e0:ca:
                    a3:0e:0f:85:fa:39:84:60:10:19:be:93:9d:6c:b4:
                    db:84:cb:34:0b:3b:fc:8b:1c:0c:61:58:0b:21:29:
                    ac:1c:56:8c:38:c0:06:37:0e:8d:b8:46:17:28:f8:
                    f3:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:B0:2D:0E:55:47:ED:CA:8E:B8:3D:52:69:81:EE:F4:C1:EE:9A:DD
            X509v3 Authority Key Identifier:
                keyid:25:CF:9D:8D:55:2C:DC:7D:8C:0D:C6:F6:49:B3:01:F2:35:14:09:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/bLAtDlVH7cqOuD1SaYHu9MHumt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.32.0/23
                IPv6:
                  2a09:61c0::/30

    Signature Algorithm: sha256WithRSAEncryption
         0c:f6:f4:9e:cc:f4:b8:f7:2a:c0:58:13:6f:4b:b5:8f:4f:a8:
         d2:bd:ab:74:a6:12:be:a1:e5:e7:e9:ef:1f:69:35:b6:49:c6:
         f5:d5:82:33:67:dc:f7:ac:07:4b:62:f0:f9:f1:20:da:e6:68:
         70:bc:ef:ad:d7:90:07:6e:ea:55:cc:06:90:a0:64:61:02:18:
         16:59:0c:1c:37:c1:bb:cc:bf:88:f2:da:be:e3:fc:0d:42:a9:
         ba:4c:9f:fd:ae:f2:dd:1c:c7:47:43:41:e4:d3:77:19:c9:58:
         e0:d4:1e:0d:17:99:a5:6e:18:8d:d1:d6:f6:8f:b7:f7:a2:78:
         06:9c:ea:c5:3d:7f:a8:ea:63:67:94:67:f9:66:b6:25:cf:45:
         2b:45:d3:07:1d:b9:20:f2:80:c1:7a:3c:5d:f7:83:1b:bf:dd:
         ff:03:ff:fd:27:34:08:5e:32:f7:67:dc:d7:f3:ba:b4:9d:fa:
         2e:52:42:fa:6c:a4:31:4e:74:08:74:ca:75:c5:4e:8f:ad:a8:
         91:d0:16:ff:d5:00:56:97:61:59:93:2e:ac:92:36:71:52:f2:
         ce:b4:f5:15:ab:b1:d0:de:cc:5f:9f:fa:d9:45:03:8d:42:45:
         5d:00:f2:8c:7d:30:36:c0:cc:d8:b9:09:38:f6:98:82:3e:7e:
         f3:dc:7e:6d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKhcSXa66Ot5EXT1xWWVaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Y2Y5ZDhkNTUyY2RjN2Q4YzBkYzZmNjQ5YjMwMWYyMzUx
NDA5ZWUwHhcNMjQwMTAyMTIzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2IwMmQwZTU1NDdlZGNhOGViODNkNTI2OTgxZWVmNGMxZWU5YWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFYyjGJoybkNfH5QuI4IYPxJtdtV
27Qt12Tq3fnnDykp01KVtqYdT+Dk1pEdPKg4yqikehvUpc66NMHivOdz+S0OeIq6
D4sZsWs6nO9gb/jlcCRq7VcU90k0fuAKeOAbO60BJR+i4KbW9VqY+kQEISx6vdZr
+l1+wx10ZF4ByA41n111Y2THGtwWW8hXsbZTH/bSLKVK8Ar+AJ9gtyt1zrRDyJJt
IP7YxK7bAY7CnWMoSEnjnJ7RHU1+NMQFO/8OSqWOUMEziTnZgT/l3Ck+4MqjDg+F
+jmEYBAZvpOdbLTbhMs0Czv8ixwMYVgLISmsHFaMOMAGNw6NuEYXKPjzWwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGywLQ5VR+3Kjrg9UmmB7vTB7prdMB8GA1UdIwQY
MBaAFCXPnY1VLNx9jA3G9kmzAfI1FAnuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmMtZGpWVXMzSDJNRGNiMlNiTUI4alVVQ2U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9hMGUwOGEtOWZmMC00NGI0LWJjYzQt
YTEwNjkwYTc0NGU0LzEvYkxBdERsVkg3Y3FPdUQxU2FZSHU5TUh1bXQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9hMGUwOGEtOWZmMC00NGI0LWJjYzQtYTEwNjkwYTc0NGU0
LzEvSmMtZGpWVXMzSDJNRGNiMlNiTUI4alVVQ2U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBLUIgMA0E
AgACMAcDBQIqCWHAMA0GCSqGSIb3DQEBCwUAA4IBAQAM9vSezPS49yrAWBNvS7WP
T6jSvat0phK+oeXn6e8faTW2Scb11YIzZ9z3rAdLYvD58SDa5mhwvO+t15AHbupV
zAaQoGRhAhgWWQwcN8G7zL+I8tq+4/wNQqm6TJ/9rvLdHMdHQ0Hk03cZyVjg1B4N
F5mlbhiN0db2j7f3ongGnOrFPX+o6mNnlGf5ZrYlz0UrRdMHHbkg8oDBejxd94Mb
v93/A//9JzQIXjL3Z9zX87q0nfouUkL6bKQxTnQIdMp1xU6PraiR0Bb/1QBWl2FZ
ky6skjZxUvLOtPUVq7HQ3sxfn/rZRQONQkVdAPKMfTA2wMzYuQk49piCPn7z3H5t
-----END CERTIFICATE-----