Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/TMLy42deV5IiQ_Q_BSDpSBvNDKw.roa
File:                     TMLy42deV5IiQ_Q_BSDpSBvNDKw.roa (raw, json)
Hash identifier:          IAHErbCn7EuN/yqjcRl2eNWcVgtWtCfH7DJ+eUqMKI8=
Subject key identifier:   4C:C2:F2:E3:67:5E:57:92:22:43:F4:3F:05:20:E9:48:1B:CD:0C:AC
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01942827628CD92A625B5823266C91137A30
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/TMLy42deV5IiQ_Q_BSDpSBvNDKw.roa
Signing time:             Thu 02 Jan 2025 17:54:17 +0000
ROA not before:           Thu 02 Jan 2025 17:54:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198037
IP address blocks:        45.135.182.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:62:8c:d9:2a:62:5b:58:23:26:6c:91:13:7a:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4cc2f2e3675e57922243f43f0520e9481bcd0cac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a5:0b:2e:cb:49:85:3b:bd:96:fe:e4:ba:86:
                    a3:b0:72:ac:f2:8d:a2:8d:f6:4a:e5:d7:88:ad:88:
                    2f:6b:d4:ba:1c:ca:54:95:b9:65:5b:81:f5:0c:1f:
                    d4:e4:f2:cb:8a:87:d3:57:d6:a6:7a:6f:5d:36:0c:
                    b0:98:d1:aa:15:4d:f7:b1:40:2a:e8:a9:bc:a3:3a:
                    f6:f5:15:16:85:5e:86:a5:36:1d:f8:d8:df:b9:c2:
                    2d:fe:f1:7e:18:58:3a:5e:54:34:2d:b7:93:1b:b5:
                    11:54:a6:90:0d:31:b9:5f:5b:33:6d:c4:b5:66:e8:
                    41:e0:d9:b0:b0:88:c3:81:76:98:11:b2:7c:e5:ac:
                    58:4e:cb:22:79:24:46:a5:d8:05:eb:82:08:26:57:
                    b6:4d:a8:e9:99:60:1a:4b:42:1b:bf:16:54:30:4e:
                    51:74:a2:54:44:a0:ad:8d:b6:02:f3:b1:90:75:4f:
                    0a:e8:24:72:33:55:2d:cc:d4:c2:f4:09:6b:a4:e7:
                    00:3b:ee:cb:07:43:65:79:55:0b:7c:48:03:77:c8:
                    8a:66:58:32:18:58:8c:80:2f:4c:07:6d:fc:bd:9f:
                    a6:83:92:8b:50:f4:41:f6:34:b9:c8:fd:fb:d6:47:
                    75:53:43:27:5e:2f:3a:06:a7:b3:a4:2a:8a:4a:2e:
                    3a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:C2:F2:E3:67:5E:57:92:22:43:F4:3F:05:20:E9:48:1B:CD:0C:AC
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/TMLy42deV5IiQ_Q_BSDpSBvNDKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:90:c0:90:33:26:fb:12:fe:07:77:55:7b:cf:76:57:6e:c0:
         86:30:17:9e:8c:e8:82:a8:68:1c:23:1a:8d:06:90:e7:81:0e:
         91:79:66:12:33:d9:d2:fc:db:8e:ae:01:7d:bf:7d:ff:a7:42:
         79:35:1c:cc:de:72:e3:48:a5:7e:15:9c:dc:af:e4:f0:40:80:
         ce:a1:fa:5d:34:88:9f:63:02:c4:34:26:95:b7:64:18:c3:e6:
         3f:ae:c8:0c:27:92:a8:8d:d1:80:6c:d2:d4:31:50:97:e9:dd:
         91:f2:e4:90:42:21:fa:0b:39:fb:ee:37:ee:95:05:4f:ba:06:
         67:6b:ac:23:8c:b9:22:e7:fe:b2:4a:85:8c:2b:a0:f7:e8:81:
         4c:7b:f4:58:1c:a5:13:a5:1e:a0:f6:41:57:3e:5a:f4:72:79:
         e5:85:28:24:e7:78:61:05:86:0e:c6:c0:db:05:1d:a0:fe:4e:
         5c:81:10:98:db:95:a3:46:9f:ee:7f:5f:06:6c:1f:ad:0d:a5:
         a7:4e:ef:20:0b:a0:84:15:68:31:1a:62:70:29:6b:4a:9e:69:
         4a:9f:95:69:bd:3c:eb:8b:ce:2c:ee:36:e5:bf:4a:1b:4f:ad:
         a1:3e:f9:2c:23:f8:fe:58:25:ec:e7:ec:69:77:40:b8:c0:df:
         7e:e7:01:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ2KM2SpiW1gjJmyRE3owMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2MyZjJlMzY3NWU1NzkyMjI0M2Y0M2YwNTIwZTk0ODFiY2QwY2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KULLstJhTu9lv7kuoajsHKs8o2i
jfZK5deIrYgva9S6HMpUlbllW4H1DB/U5PLLiofTV9amem9dNgywmNGqFU33sUAq
6Km8ozr29RUWhV6GpTYd+NjfucIt/vF+GFg6XlQ0LbeTG7URVKaQDTG5X1szbcS1
ZuhB4NmwsIjDgXaYEbJ85axYTssieSRGpdgF64IIJle2TajpmWAaS0IbvxZUME5R
dKJURKCtjbYC87GQdU8K6CRyM1UtzNTC9AlrpOcAO+7LB0NleVULfEgDd8iKZlgy
GFiMgC9MB238vZ+mg5KLUPRB9jS5yP371kd1U0MnXi86BqezpCqKSi46AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzC8uNnXleSIkP0PwUg6UgbzQysMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvVE1MeTQyZGVWNUlpUV9RX0JTRHBTQnZOREt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYe2MA0G
CSqGSIb3DQEBCwUAA4IBAQADkMCQMyb7Ev4Hd1V7z3ZXbsCGMBeejOiCqGgcIxqN
BpDngQ6ReWYSM9nS/NuOrgF9v33/p0J5NRzM3nLjSKV+FZzcr+TwQIDOofpdNIif
YwLENCaVt2QYw+Y/rsgMJ5KojdGAbNLUMVCX6d2R8uSQQiH6Czn77jfulQVPugZn
a6wjjLki5/6ySoWMK6D36IFMe/RYHKUTpR6g9kFXPlr0cnnlhSgk53hhBYYOxsDb
BR2g/k5cgRCY25WjRp/uf18GbB+tDaWnTu8gC6CEFWgxGmJwKWtKnmlKn5VpvTzr
i84s7jblv0obT62hPvksI/j+WCXs5+xpd0C4wN9+5wHz
-----END CERTIFICATE-----