Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/ylAbJ59-6F4ZAbwoLXiKbYBu2XA.roa
File:                     ylAbJ59-6F4ZAbwoLXiKbYBu2XA.roa (raw, json)
Hash identifier:          IDkXWTS84Fvv3D5U1LadiDGtpmPn3EbQp1U5eFRNYhk=
Subject key identifier:   CA:50:1B:27:9F:7E:E8:5E:19:01:BC:28:2D:78:8A:6D:80:6E:D9:70
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       0194221F4C7DBC4215F0BD02BEFFCECF1672
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/ylAbJ59-6F4ZAbwoLXiKbYBu2XA.roa
Signing time:             Wed 01 Jan 2025 13:47:43 +0000
ROA not before:           Wed 01 Jan 2025 13:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55410
IP address blocks:        45.85.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 15:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:4c:7d:bc:42:15:f0:bd:02:be:ff:ce:cf:16:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jan  1 13:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca501b279f7ee85e1901bc282d788a6d806ed970
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:7f:9b:89:20:ce:54:fa:37:6d:da:55:ff:89:
                    d8:6b:64:c3:a6:70:2b:c5:d8:dd:a6:5a:55:d1:d8:
                    7b:77:b1:7f:03:79:1c:5e:bb:27:ab:d7:13:c5:a7:
                    2f:4a:84:c4:40:7b:c9:4b:8a:ce:a0:50:ef:f2:29:
                    77:ba:84:ef:68:81:64:11:c0:73:9a:0c:3a:cf:ca:
                    1f:29:a1:0c:56:9e:bf:71:b9:b4:57:be:60:57:e6:
                    af:f0:1e:ec:e3:85:bb:48:8f:fe:39:bf:bb:40:47:
                    2c:29:3d:55:57:42:77:b6:34:87:3e:1d:30:00:c8:
                    1f:e6:93:6a:f1:6b:86:fc:e4:62:42:9b:74:80:77:
                    9e:7a:64:59:f3:99:07:89:c6:be:c3:5d:7e:94:ed:
                    96:4f:8c:eb:f9:af:51:29:f6:d1:db:d5:c1:fb:cf:
                    c4:54:02:8e:91:c1:b4:f3:70:ee:1e:8b:55:0f:b4:
                    84:0d:31:08:0d:0d:91:e0:22:ea:fa:9d:32:17:63:
                    5c:63:b3:5e:14:30:60:eb:1a:43:63:22:5b:c6:ae:
                    6c:a9:03:33:2f:65:e9:ce:e1:36:17:19:12:82:01:
                    bc:1b:d7:09:b5:da:0d:1a:4a:53:ac:b7:af:4a:e6:
                    04:4b:7c:a3:a1:0d:5b:da:7c:71:27:2a:2d:67:1b:
                    32:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:50:1B:27:9F:7E:E8:5E:19:01:BC:28:2D:78:8A:6D:80:6E:D9:70
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/ylAbJ59-6F4ZAbwoLXiKbYBu2XA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:ce:ec:8f:95:e5:e9:82:da:0f:9e:39:db:68:55:dc:bd:ec:
         8b:31:00:c3:a5:ff:06:73:02:f7:40:d8:ac:5d:d2:00:80:7d:
         2e:74:91:4f:db:cd:c2:bf:54:9f:4b:01:f0:32:13:55:bb:31:
         b6:99:f9:4f:63:fe:e8:cf:5b:be:80:9e:02:42:9e:f4:b1:75:
         86:9a:55:87:6d:ea:b0:1c:a7:fe:c0:88:d2:65:0d:3d:2f:2d:
         2c:1d:63:ee:27:e5:98:a6:14:f9:46:b0:ae:ab:70:26:8c:98:
         71:d8:a1:c3:eb:a6:6f:33:cc:14:0a:75:c3:5a:5d:cb:44:25:
         1c:a2:38:56:33:70:42:d5:4d:97:e7:c6:27:6a:04:6b:df:4c:
         bc:d1:03:6f:ca:f4:4b:ce:52:db:1d:3f:52:71:05:0e:63:e2:
         8d:a6:37:98:67:68:f3:f5:39:98:1f:61:73:e6:d8:04:fb:cf:
         e2:b3:e9:f9:92:b1:bc:8a:5d:0a:93:c0:14:42:df:37:e3:09:
         02:4e:22:7c:06:85:62:16:1a:7d:7e:17:13:b9:0c:ea:aa:ea:
         e8:d5:92:ae:cb:e3:8e:7e:64:ab:6b:25:d5:fb:30:a4:28:eb:
         51:11:c5:ff:e3:b4:32:2d:ff:69:fb:ef:cb:9a:f0:28:49:1a:
         2d:7a:53:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH0x9vEIV8L0Cvv/OzxZyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjUwMTAxMTM0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTUwMWIyNzlmN2VlODVlMTkwMWJjMjgyZDc4OGE2ZDgwNmVkOTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23+biSDOVPo3bdpV/4nYa2TDpnAr
xdjdplpV0dh7d7F/A3kcXrsnq9cTxacvSoTEQHvJS4rOoFDv8il3uoTvaIFkEcBz
mgw6z8ofKaEMVp6/cbm0V75gV+av8B7s44W7SI/+Ob+7QEcsKT1VV0J3tjSHPh0w
AMgf5pNq8WuG/ORiQpt0gHeeemRZ85kHica+w11+lO2WT4zr+a9RKfbR29XB+8/E
VAKOkcG083DuHotVD7SEDTEIDQ2R4CLq+p0yF2NcY7NeFDBg6xpDYyJbxq5sqQMz
L2XpzuE2FxkSggG8G9cJtdoNGkpTrLevSuYES3yjoQ1b2nxxJyotZxsyPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpQGyeffuheGQG8KC14im2AbtlwMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEveWxBYko1OS02RjRaQWJ3b0xYaUtiWUJ1MlhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVW+MA0G
CSqGSIb3DQEBCwUAA4IBAQB2zuyPleXpgtoPnjnbaFXcveyLMQDDpf8GcwL3QNis
XdIAgH0udJFP283Cv1SfSwHwMhNVuzG2mflPY/7oz1u+gJ4CQp70sXWGmlWHbeqw
HKf+wIjSZQ09Ly0sHWPuJ+WYphT5RrCuq3AmjJhx2KHD66ZvM8wUCnXDWl3LRCUc
ojhWM3BC1U2X58YnagRr30y80QNvyvRLzlLbHT9ScQUOY+KNpjeYZ2jz9TmYH2Fz
5tgE+8/is+n5krG8il0Kk8AUQt834wkCTiJ8BoViFhp9fhcTuQzqquro1ZKuy+OO
fmSrayXV+zCkKOtREcX/47QyLf9p++/LmvAoSRotelPZ
-----END CERTIFICATE-----