Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/Rhvq-3I2JQodRxI7VKRql93OJ3M.roa
File:                     Rhvq-3I2JQodRxI7VKRql93OJ3M.roa (raw, json)
Hash identifier:          oIzcs0BJKAmA6GOFglDXu3e6/Eh1xz9z150djcj0rbQ=
Subject key identifier:   46:1B:EA:FB:72:36:25:0A:1D:47:12:3B:54:A4:6A:97:DD:CE:27:73
Certificate issuer:       /CN=b9f4779575cb9bf058243287e98234deca911fc9
Certificate serial:       019425FC20EE9A703B2E24AF76E1EE531E46
Authority key identifier: B9:F4:77:95:75:CB:9B:F0:58:24:32:87:E9:82:34:DE:CA:91:1F:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ufR3lXXLm_BYJDKH6YI03sqRH8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/Rhvq-3I2JQodRxI7VKRql93OJ3M.roa
Signing time:             Thu 02 Jan 2025 07:47:48 +0000
ROA not before:           Thu 02 Jan 2025 07:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57935
IP address blocks:        45.89.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/ufR3lXXLm_BYJDKH6YI03sqRH8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/ufR3lXXLm_BYJDKH6YI03sqRH8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ufR3lXXLm_BYJDKH6YI03sqRH8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:20:ee:9a:70:3b:2e:24:af:76:e1:ee:53:1e:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9f4779575cb9bf058243287e98234deca911fc9
        Validity
            Not Before: Jan  2 07:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=461beafb7236250a1d47123b54a46a97ddce2773
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:8e:e4:d0:6c:56:b3:01:da:7e:2e:47:42:ba:
                    02:a8:6d:0c:90:08:f0:e3:35:d6:c0:6e:93:32:89:
                    4f:94:a3:3f:b9:ef:de:93:26:a5:90:ce:70:cd:41:
                    49:be:f4:2e:9a:07:3c:b0:cd:14:ad:50:32:95:8d:
                    9a:25:a2:ce:63:aa:d2:a5:6f:e7:6b:47:23:14:bc:
                    ac:85:37:04:8b:1b:57:ed:7d:e3:04:4c:85:3a:31:
                    50:a4:a1:4f:f2:d7:7c:25:4c:5d:b7:06:86:71:2c:
                    a1:3c:4f:c8:75:c0:f6:71:37:28:9e:d3:9a:23:28:
                    0c:8b:f1:7a:c9:b9:8a:36:96:92:17:24:fa:b1:d2:
                    90:b9:49:e8:f4:ce:bc:c2:90:85:00:3b:98:d9:60:
                    ab:45:9a:6f:ae:dd:07:78:c6:ca:7d:87:36:5d:ea:
                    c0:59:2c:76:cb:38:ec:73:2b:0b:3a:9a:0a:80:9d:
                    8a:2b:08:b3:14:47:dd:13:07:9f:50:7c:d1:95:ca:
                    d4:21:a9:5b:66:03:79:d3:18:7c:69:09:fc:65:a8:
                    98:21:42:cd:f2:77:eb:d5:b5:d9:2d:50:73:fc:dc:
                    9e:52:9a:d6:43:7c:88:5c:5a:eb:b5:94:e2:fc:87:
                    ff:f7:55:78:7a:77:98:a7:d3:ba:64:c4:f5:93:5f:
                    6e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:1B:EA:FB:72:36:25:0A:1D:47:12:3B:54:A4:6A:97:DD:CE:27:73
            X509v3 Authority Key Identifier:
                keyid:B9:F4:77:95:75:CB:9B:F0:58:24:32:87:E9:82:34:DE:CA:91:1F:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufR3lXXLm_BYJDKH6YI03sqRH8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/Rhvq-3I2JQodRxI7VKRql93OJ3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/ufR3lXXLm_BYJDKH6YI03sqRH8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:0e:fc:5e:24:34:16:9c:c5:7d:7d:8e:11:51:db:d3:eb:5c:
         f1:e4:d8:ff:c4:dc:97:0a:c8:b5:22:72:cb:33:31:46:12:23:
         14:1e:13:68:33:b6:fa:30:95:cb:fa:99:34:92:c7:54:6c:fd:
         2c:8b:45:6e:b7:ce:4f:b0:90:23:41:f5:a6:39:a6:0f:54:6e:
         4b:c5:21:65:d8:2a:12:07:96:af:5f:2d:0f:f6:12:92:14:50:
         89:ff:c1:55:7c:94:89:3c:3e:fa:c6:78:dc:50:bd:2f:0a:27:
         ae:f2:55:17:90:84:32:8e:c9:82:b6:bb:26:3f:1f:82:97:f7:
         d6:a3:0e:b8:8d:ad:35:54:20:5e:5e:6c:7c:32:04:5e:c8:bf:
         5d:96:36:ee:30:ea:58:ac:ae:57:dd:09:e3:39:a0:93:5d:cf:
         17:7a:39:2a:c7:b2:95:9a:f7:fe:11:16:4a:a3:7d:f2:e7:59:
         d8:ad:85:77:b3:49:d5:2f:ff:1c:d8:45:02:69:41:b8:ac:7d:
         47:c6:93:17:b7:b9:67:46:49:b6:3d:81:41:27:8d:0e:1a:eb:
         b7:21:fe:d5:7f:de:18:1f:33:27:39:86:0a:04:6a:5a:85:05:
         e4:e9:9d:2d:80:b1:6f:fd:42:8f:92:57:ba:83:9d:21:32:95:
         62:ff:a2:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/CDumnA7LiSvduHuUx5GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjQ3Nzk1NzVjYjliZjA1ODI0MzI4N2U5ODIzNGRlY2E5
MTFmYzkwHhcNMjUwMTAyMDc0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjFiZWFmYjcyMzYyNTBhMWQ0NzEyM2I1NGE0NmE5N2RkY2UyNzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Y7k0GxWswHafi5HQroCqG0MkAjw
4zXWwG6TMolPlKM/ue/ekyalkM5wzUFJvvQumgc8sM0UrVAylY2aJaLOY6rSpW/n
a0cjFLyshTcEixtX7X3jBEyFOjFQpKFP8td8JUxdtwaGcSyhPE/IdcD2cTcontOa
IygMi/F6ybmKNpaSFyT6sdKQuUno9M68wpCFADuY2WCrRZpvrt0HeMbKfYc2XerA
WSx2yzjscysLOpoKgJ2KKwizFEfdEwefUHzRlcrUIalbZgN50xh8aQn8ZaiYIULN
8nfr1bXZLVBz/NyeUprWQ3yIXFrrtZTi/If/91V4eneYp9O6ZMT1k19u/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYb6vtyNiUKHUcSO1SkapfdzidzMB8GA1UdIwQY
MBaAFLn0d5V1y5vwWCQyh+mCNN7KkR/JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZSM2xYWExtX0JZSkRLSDZZSTAzc3FSSDhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9mNmQyZGQtMDNhNy00ZjFmLWI4OTAt
Y2Q5ZmYwNTUyZjkyLzEvUmh2cS0zSTJKUW9kUnhJN1ZLUnFsOTNPSjNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9mNmQyZGQtMDNhNy00ZjFmLWI4OTAtY2Q5ZmYwNTUyZjky
LzEvdWZSM2xYWExtX0JZSkRLSDZZSTAzc3FSSDhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVmIMA0G
CSqGSIb3DQEBCwUAA4IBAQBMDvxeJDQWnMV9fY4RUdvT61zx5Nj/xNyXCsi1InLL
MzFGEiMUHhNoM7b6MJXL+pk0ksdUbP0si0Vut85PsJAjQfWmOaYPVG5LxSFl2CoS
B5avXy0P9hKSFFCJ/8FVfJSJPD76xnjcUL0vCieu8lUXkIQyjsmCtrsmPx+Cl/fW
ow64ja01VCBeXmx8MgReyL9dljbuMOpYrK5X3QnjOaCTXc8Xejkqx7KVmvf+ERZK
o33y51nYrYV3s0nVL/8c2EUCaUG4rH1HxpMXt7lnRkm2PYFBJ40OGuu3If7Vf94Y
HzMnOYYKBGpahQXk6Z0tgLFv/UKPkle6g50hMpVi/6Kj
-----END CERTIFICATE-----