Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/4ec217-e8d7-4e80-87cd-039de784d941/1/hOIlW-rpHRc2nOKpMGO_mfzaetg.roa
File:                     hOIlW-rpHRc2nOKpMGO_mfzaetg.roa (raw, json)
Hash identifier:          VUIEi5LXdhfGKiMndwB/BQwcKviQdKt6bC3rAVXouZw=
Subject key identifier:   84:E2:25:5B:EA:E9:1D:17:36:9C:E2:A9:30:63:BF:99:FC:DA:7A:D8
Certificate issuer:       /CN=7292226567da72dd86883cadd5f3de6ffd5b3573
Certificate serial:       0194258F19256FD3EC97B36B4CA979A09BA8
Authority key identifier: 72:92:22:65:67:DA:72:DD:86:88:3C:AD:D5:F3:DE:6F:FD:5B:35:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cpIiZWfact2GiDyt1fPeb_1bNXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/4ec217-e8d7-4e80-87cd-039de784d941/1/hOIlW-rpHRc2nOKpMGO_mfzaetg.roa
Signing time:             Thu 02 Jan 2025 05:48:42 +0000
ROA not before:           Thu 02 Jan 2025 05:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215385
IP address blocks:        45.117.232.0/22 maxlen: 24
                          176.119.217.0/24 maxlen: 24
                          2a07:9340::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/4ec217-e8d7-4e80-87cd-039de784d941/1/cpIiZWfact2GiDyt1fPeb_1bNXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/4ec217-e8d7-4e80-87cd-039de784d941/1/cpIiZWfact2GiDyt1fPeb_1bNXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cpIiZWfact2GiDyt1fPeb_1bNXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:19:25:6f:d3:ec:97:b3:6b:4c:a9:79:a0:9b:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7292226567da72dd86883cadd5f3de6ffd5b3573
        Validity
            Not Before: Jan  2 05:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84e2255beae91d17369ce2a93063bf99fcda7ad8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:11:77:5d:51:b6:2e:6e:87:74:39:9f:9f:54:
                    47:11:62:12:4d:5a:f4:6f:1f:d4:10:6c:73:b3:db:
                    69:dd:92:be:68:09:5b:38:22:ce:45:fc:f6:96:9f:
                    a4:3d:f1:1c:53:c0:e9:9e:fc:29:13:3d:f4:a6:81:
                    32:28:3d:7c:3a:82:0b:04:fa:c4:a0:e1:98:a8:e6:
                    50:7b:37:ec:98:aa:e4:5e:18:10:c8:a8:7e:25:15:
                    e0:d5:ee:4c:f4:a1:e6:87:ce:ca:cd:bc:73:ad:1e:
                    74:be:bf:7c:7a:1b:bd:5b:0c:f0:39:d3:df:b0:58:
                    fb:ea:88:dd:1f:f7:54:ba:14:fb:14:fb:d5:30:79:
                    d5:31:66:7e:8a:e7:5a:40:48:7b:7b:57:37:3c:42:
                    45:11:40:2c:ad:1c:fa:fd:6f:23:b4:47:0c:7c:b2:
                    e3:a2:10:5d:e8:9b:4c:5f:3e:96:5c:8e:83:d3:d2:
                    b0:c4:54:04:76:bf:4c:62:53:43:59:de:4f:04:a4:
                    67:30:dd:f5:66:47:4b:5f:39:98:aa:43:42:2b:aa:
                    e3:a1:19:4c:b8:dc:96:1f:8a:82:47:41:72:7f:f0:
                    08:34:ce:71:03:38:cd:c3:21:ce:b5:79:de:f5:8c:
                    55:17:36:86:9b:d3:5d:0d:75:94:db:ae:86:dd:ef:
                    6d:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:E2:25:5B:EA:E9:1D:17:36:9C:E2:A9:30:63:BF:99:FC:DA:7A:D8
            X509v3 Authority Key Identifier:
                keyid:72:92:22:65:67:DA:72:DD:86:88:3C:AD:D5:F3:DE:6F:FD:5B:35:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cpIiZWfact2GiDyt1fPeb_1bNXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/4ec217-e8d7-4e80-87cd-039de784d941/1/hOIlW-rpHRc2nOKpMGO_mfzaetg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/4ec217-e8d7-4e80-87cd-039de784d941/1/cpIiZWfact2GiDyt1fPeb_1bNXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.117.232.0/22
                  176.119.217.0/24
                IPv6:
                  2a07:9340::/32

    Signature Algorithm: sha256WithRSAEncryption
         0d:57:80:16:5f:d6:94:68:74:26:2b:e5:be:03:7a:ff:81:1f:
         7d:26:9f:7c:ac:a9:1d:1b:5a:23:09:94:d9:7b:cd:40:e6:55:
         ec:89:6c:86:ef:d4:ef:0b:14:27:3b:b8:8b:6f:60:b8:73:ef:
         3a:8b:f3:0d:96:ce:ca:d9:77:35:f7:3a:d1:f6:82:34:3f:b8:
         f8:b4:e3:49:fa:77:45:2c:57:b0:57:db:3f:ab:42:7d:ea:6d:
         68:7f:00:0a:69:28:b4:2f:d8:5e:d2:2b:be:d9:78:1f:aa:02:
         10:01:14:57:45:d3:77:66:7f:c5:f6:8d:17:e7:c5:62:6b:e8:
         9c:82:0d:45:ed:0a:77:96:a1:46:22:ea:cb:9a:c4:3f:e2:e7:
         e5:96:ef:f1:3c:10:a5:64:e2:49:8d:24:d0:a7:54:66:cb:4c:
         e9:65:fc:6a:fe:89:e2:fd:05:00:8f:18:1e:df:a3:9c:98:da:
         b6:e3:00:98:d1:b6:62:9a:d6:f2:80:6d:17:c0:81:ed:eb:bf:
         05:3c:ce:7f:ba:09:63:f3:39:de:c5:a4:a6:40:ce:71:a0:75:
         d9:89:05:d0:ed:2c:c4:08:10:5e:ed:3a:cf:cc:83:52:cf:bd:
         dc:3e:a2:19:43:30:28:f0:aa:12:57:98:76:a8:7c:5e:c9:49:
         18:2f:eb:fe
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQljxklb9Psl7NrTKl5oJuoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyOTIyMjY1NjdkYTcyZGQ4Njg4M2NhZGQ1ZjNkZTZmZmQ1
YjM1NzMwHhcNMjUwMTAyMDU0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGUyMjU1YmVhZTkxZDE3MzY5Y2UyYTkzMDYzYmY5OWZjZGE3YWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxF3XVG2Lm6HdDmfn1RHEWISTVr0
bx/UEGxzs9tp3ZK+aAlbOCLORfz2lp+kPfEcU8DpnvwpEz30poEyKD18OoILBPrE
oOGYqOZQezfsmKrkXhgQyKh+JRXg1e5M9KHmh87KzbxzrR50vr98ehu9WwzwOdPf
sFj76ojdH/dUuhT7FPvVMHnVMWZ+iudaQEh7e1c3PEJFEUAsrRz6/W8jtEcMfLLj
ohBd6JtMXz6WXI6D09KwxFQEdr9MYlNDWd5PBKRnMN31ZkdLXzmYqkNCK6rjoRlM
uNyWH4qCR0Fyf/AINM5xAzjNwyHOtXne9YxVFzaGm9NdDXWU266G3e9tZwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFITiJVvq6R0XNpziqTBjv5n82nrYMB8GA1UdIwQY
MBaAFHKSImVn2nLdhog8rdXz3m/9WzVzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3BJaVpXZmFjdDJHaUR5dDFmUGViXzFiTlhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC80ZWMyMTctZThkNy00ZTgwLTg3Y2Qt
MDM5ZGU3ODRkOTQxLzEvaE9JbFctcnBIUmMybk9LcE1HT19tZnphZXRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC80ZWMyMTctZThkNy00ZTgwLTg3Y2QtMDM5ZGU3ODRkOTQx
LzEvY3BJaVpXZmFjdDJHaUR5dDFmUGViXzFiTlhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLXXoAwQA
sHfZMA0EAgACMAcDBQAqB5NAMA0GCSqGSIb3DQEBCwUAA4IBAQANV4AWX9aUaHQm
K+W+A3r/gR99Jp98rKkdG1ojCZTZe81A5lXsiWyG79TvCxQnO7iLb2C4c+86i/MN
ls7K2Xc19zrR9oI0P7j4tONJ+ndFLFewV9s/q0J96m1ofwAKaSi0L9he0iu+2Xgf
qgIQARRXRdN3Zn/F9o0X58Via+icgg1F7Qp3lqFGIurLmsQ/4ufllu/xPBClZOJJ
jSTQp1Rmy0zpZfxq/oni/QUAjxge36OcmNq24wCY0bZimtbygG0XwIHt678FPM5/
uglj8znexaSmQM5xoHXZiQXQ7SzECBBe7TrPzINSz73cPqIZQzAo8KoSV5h2qHxe
yUkYL+v+
-----END CERTIFICATE-----