Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/yFJjRro5JzpGdzShKj2Qbj-Hr50.roa
File:                     yFJjRro5JzpGdzShKj2Qbj-Hr50.roa (raw, json)
Hash identifier:          KNe/rWaTqo2IHu+MVm5qVm+k7A9vULCB7kmT0LNcB1c=
Subject key identifier:   C8:52:63:46:BA:39:27:3A:46:77:34:A1:2A:3D:90:6E:3F:87:AF:9D
Certificate issuer:       /CN=25cf9d8d552cdc7d8c0dc6f649b301f2351409ee
Certificate serial:       0194258F7778A0A6C2A80C46457FA5BD700A
Authority key identifier: 25:CF:9D:8D:55:2C:DC:7D:8C:0D:C6:F6:49:B3:01:F2:35:14:09:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/yFJjRro5JzpGdzShKj2Qbj-Hr50.roa
Signing time:             Thu 02 Jan 2025 05:49:06 +0000
ROA not before:           Thu 02 Jan 2025 05:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61125
IP address blocks:        45.66.35.0/24 maxlen: 24
                          2a09:61c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:77:78:a0:a6:c2:a8:0c:46:45:7f:a5:bd:70:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25cf9d8d552cdc7d8c0dc6f649b301f2351409ee
        Validity
            Not Before: Jan  2 05:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8526346ba39273a467734a12a3d906e3f87af9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:78:9e:5d:74:cf:42:5c:7a:1e:48:40:fb:e2:
                    25:78:b8:07:57:bf:d3:1c:34:02:30:f8:a7:c1:2e:
                    47:9e:33:5a:ab:5e:6b:61:c6:6e:d0:02:2e:7b:99:
                    91:e6:0c:23:c2:38:a4:e2:c0:30:c1:6c:13:06:5a:
                    d5:62:cb:a6:58:95:5b:fd:e7:20:e0:b5:15:c9:be:
                    d7:d9:51:b1:84:61:19:a1:e5:15:b1:21:50:31:b9:
                    72:07:6b:e1:f2:8e:9f:61:3e:25:fa:31:47:a0:8a:
                    7b:49:47:42:62:7d:37:3b:18:c4:f8:0f:ca:80:34:
                    d6:c2:db:e3:9a:fb:5f:60:fe:2a:c1:ce:40:12:b8:
                    7a:58:df:1c:07:48:65:c9:4e:8c:73:98:57:e3:21:
                    1e:23:a3:b1:98:53:1e:c8:a6:c9:f4:07:cc:59:9b:
                    1c:52:56:f0:f2:b3:af:ce:f0:dd:db:2d:cf:c5:25:
                    c3:5e:21:44:40:3f:14:3e:ec:17:da:ab:f4:5f:8e:
                    b0:5d:93:db:31:fc:c9:fa:5a:13:cd:de:10:fc:4d:
                    bc:09:59:d5:bd:c2:3c:c2:15:6a:12:04:50:79:f1:
                    8f:3a:3f:aa:b3:5c:5e:93:1c:f6:0c:07:8a:90:3e:
                    e2:be:b1:5c:72:dc:d0:fc:ca:04:6f:29:4e:54:0c:
                    80:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:52:63:46:BA:39:27:3A:46:77:34:A1:2A:3D:90:6E:3F:87:AF:9D
            X509v3 Authority Key Identifier:
                keyid:25:CF:9D:8D:55:2C:DC:7D:8C:0D:C6:F6:49:B3:01:F2:35:14:09:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/yFJjRro5JzpGdzShKj2Qbj-Hr50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.35.0/24
                IPv6:
                  2a09:61c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         dc:8d:fd:fd:8c:41:aa:64:95:1d:b5:2c:45:94:db:de:e7:b9:
         e6:4a:a7:86:04:ad:27:53:50:e4:77:03:bb:6d:c6:f7:dc:a6:
         e2:50:38:9d:91:d9:87:97:db:a6:ce:77:8d:6e:1c:dd:93:1a:
         cc:5b:80:7c:cc:1d:f1:63:44:1b:06:90:2c:c8:5c:19:4c:88:
         83:fc:e1:d6:01:01:a1:bf:b3:4f:2f:88:a8:90:72:8a:3e:69:
         f1:e6:ab:32:a4:db:1d:9a:0b:3c:76:ab:df:10:bb:69:dc:04:
         05:e4:e2:c9:af:33:3a:1b:60:b0:e4:a8:14:8b:09:4f:52:05:
         9f:a0:13:ec:dd:0d:96:b7:bb:dc:fe:d5:18:ba:5e:4e:0a:cf:
         4c:76:af:0a:07:7a:0f:c2:a0:68:2d:5e:01:48:1b:4e:87:59:
         19:63:22:0e:39:ed:2a:51:a7:51:96:79:9e:dc:72:e9:92:af:
         09:31:eb:4f:2a:fd:14:b9:35:f5:02:af:cc:e2:fb:e4:ea:1f:
         40:72:fa:00:44:f9:18:5f:b7:48:71:bf:33:d8:08:9f:da:98:
         a0:a0:18:f7:15:b0:24:34:4a:46:b1:88:b3:cf:cb:fb:a3:a4:
         c4:5b:8e:02:97:b9:ba:a9:e7:b6:98:f4:a6:cb:4c:15:5e:15:
         54:7e:99:ab
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlj3d4oKbCqAxGRX+lvXAKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Y2Y5ZDhkNTUyY2RjN2Q4YzBkYzZmNjQ5YjMwMWYyMzUx
NDA5ZWUwHhcNMjUwMTAyMDU0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODUyNjM0NmJhMzkyNzNhNDY3NzM0YTEyYTNkOTA2ZTNmODdhZjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3ieXXTPQlx6HkhA++IleLgHV7/T
HDQCMPinwS5HnjNaq15rYcZu0AIue5mR5gwjwjik4sAwwWwTBlrVYsumWJVb/ecg
4LUVyb7X2VGxhGEZoeUVsSFQMblyB2vh8o6fYT4l+jFHoIp7SUdCYn03OxjE+A/K
gDTWwtvjmvtfYP4qwc5AErh6WN8cB0hlyU6Mc5hX4yEeI6OxmFMeyKbJ9AfMWZsc
Ulbw8rOvzvDd2y3PxSXDXiFEQD8UPuwX2qv0X46wXZPbMfzJ+loTzd4Q/E28CVnV
vcI8whVqEgRQefGPOj+qs1xekxz2DAeKkD7ivrFcctzQ/MoEbylOVAyAqQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMhSY0a6OSc6Rnc0oSo9kG4/h6+dMB8GA1UdIwQY
MBaAFCXPnY1VLNx9jA3G9kmzAfI1FAnuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmMtZGpWVXMzSDJNRGNiMlNiTUI4alVVQ2U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9hMGUwOGEtOWZmMC00NGI0LWJjYzQt
YTEwNjkwYTc0NGU0LzEveUZKalJybzVKenBHZHpTaEtqMlFiai1IcjUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9hMGUwOGEtOWZmMC00NGI0LWJjYzQtYTEwNjkwYTc0NGU0
LzEvSmMtZGpWVXMzSDJNRGNiMlNiTUI4alVVQ2U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALUIjMA8E
AgACMAkDBwAqCWHAAAAwDQYJKoZIhvcNAQELBQADggEBANyN/f2MQapklR21LEWU
297nueZKp4YErSdTUOR3A7ttxvfcpuJQOJ2R2YeX26bOd41uHN2TGsxbgHzMHfFj
RBsGkCzIXBlMiIP84dYBAaG/s08viKiQcoo+afHmqzKk2x2aCzx2q98Qu2ncBAXk
4smvMzobYLDkqBSLCU9SBZ+gE+zdDZa3u9z+1Ri6Xk4Kz0x2rwoHeg/CoGgtXgFI
G06HWRljIg457SpRp1GWeZ7ccumSrwkx608q/RS5NfUCr8zi++TqH0By+gBE+Rhf
t0hxvzPYCJ/amKCgGPcVsCQ0SkaxiLPPy/ujpMRbjgKXubqp57aY9KbLTBVeFVR+
mas=
-----END CERTIFICATE-----