Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/ViJeyF7oh6YZ6eYaXKen3uE_9Xc.roa
File:                     ViJeyF7oh6YZ6eYaXKen3uE_9Xc.roa (raw, json)
Hash identifier:          MHiZms8pS17lVPcUrl63TEs9Bhd28ggsd7gjon4eS5k=
Subject key identifier:   56:22:5E:C8:5E:E8:87:A6:19:E9:E6:1A:5C:A7:A7:DE:E1:3F:F5:77
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0194282759D9D5A7BAED42CE79E62F4F2F50
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/ViJeyF7oh6YZ6eYaXKen3uE_9Xc.roa
Signing time:             Thu 02 Jan 2025 17:54:14 +0000
ROA not before:           Thu 02 Jan 2025 17:54:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43641
IP address blocks:        45.135.180.0/24 maxlen: 24
                          89.35.131.0/24 maxlen: 24
                          93.115.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:59:d9:d5:a7:ba:ed:42:ce:79:e6:2f:4f:2f:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56225ec85ee887a619e9e61a5ca7a7dee13ff577
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:dd:4a:a6:91:c0:bc:2c:d3:79:d4:54:4b:79:
                    c3:cb:a7:2d:25:57:1c:39:65:3c:c0:59:9b:e8:d1:
                    78:fb:97:a7:ee:ec:de:e4:72:25:61:5b:8f:e7:a9:
                    dd:87:5b:c3:2a:4c:3c:8d:87:4a:3c:ab:ca:4d:59:
                    30:4e:e6:58:68:c1:7b:29:50:77:e3:46:69:08:54:
                    4d:3d:fc:50:bd:6f:73:c0:51:55:59:66:55:bc:1c:
                    99:6b:48:bf:4e:1b:a7:ce:e4:a5:b7:de:a3:b5:b2:
                    d5:cd:df:60:47:8a:47:fd:e3:04:53:1a:58:90:fe:
                    f8:80:7d:93:ce:01:ff:22:24:bb:d3:e9:98:e2:b9:
                    e9:97:4b:d4:3e:bf:61:f8:8f:b5:fd:2a:63:dc:e8:
                    0b:d0:7a:c6:f5:46:d9:95:ba:c3:be:62:98:aa:d6:
                    84:69:20:79:3f:7b:53:ba:72:bc:94:83:13:44:d9:
                    e6:c1:32:70:d7:40:80:4d:f6:2a:20:2c:13:14:8e:
                    e7:32:50:22:25:6b:d7:eb:c7:1b:87:0e:5b:69:30:
                    a1:46:2a:4b:b0:95:35:49:c3:71:a1:a2:98:e9:70:
                    44:fb:e7:a4:43:4a:4e:1c:23:89:06:32:2a:4f:94:
                    cc:da:e4:58:bc:3e:8d:d5:c0:12:68:0b:e5:c8:11:
                    10:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:22:5E:C8:5E:E8:87:A6:19:E9:E6:1A:5C:A7:A7:DE:E1:3F:F5:77
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/ViJeyF7oh6YZ6eYaXKen3uE_9Xc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.180.0/24
                  89.35.131.0/24
                  93.115.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:00:6e:08:20:1a:22:2f:c2:cc:88:52:dd:9f:43:41:4b:2b:
         88:96:62:28:3d:83:f6:3f:3c:67:b8:b2:67:55:ec:01:81:80:
         51:0b:44:67:4e:e0:23:a8:4f:e3:d8:0c:27:86:cd:ad:a2:0d:
         dc:69:51:f4:1b:77:6c:f2:1c:d0:fb:91:82:4c:3a:06:e9:06:
         52:37:ca:c4:8c:9c:31:58:5d:c8:b9:7a:6f:d2:85:73:28:11:
         9c:cf:e4:18:e2:cd:8a:69:92:05:76:3a:f1:5f:61:c4:2e:bd:
         aa:20:e5:7a:9f:22:82:8e:e4:74:3b:1b:4e:2d:76:3c:3d:33:
         26:02:3f:31:c3:ac:f0:91:e5:42:43:c9:4f:7a:d9:fa:e6:7c:
         64:91:43:96:d7:76:65:91:94:5f:db:ad:7b:c5:c7:3c:81:b1:
         09:04:37:f8:f2:00:f8:54:4a:1b:ce:9d:63:67:af:d1:50:d4:
         c5:ea:a8:3b:f7:aa:23:79:de:11:2e:8b:20:54:42:6f:8e:32:
         89:c2:1b:13:a2:bb:15:96:0c:f4:8f:4c:6a:1e:41:22:8b:ee:
         3f:2e:14:50:b9:e1:98:76:81:06:3c:20:64:01:c9:dc:db:7b:
         35:37:48:c9:92:99:14:25:69:3e:04:f5:0a:6f:cc:16:57:ec:
         6a:c9:12:4d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQoJ1nZ1ae67ULOeeYvTy9QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjIyNWVjODVlZTg4N2E2MTllOWU2MWE1Y2E3YTdkZWUxM2ZmNTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3N1KppHAvCzTedRUS3nDy6ctJVcc
OWU8wFmb6NF4+5en7uze5HIlYVuP56ndh1vDKkw8jYdKPKvKTVkwTuZYaMF7KVB3
40ZpCFRNPfxQvW9zwFFVWWZVvByZa0i/ThunzuSlt96jtbLVzd9gR4pH/eMEUxpY
kP74gH2TzgH/IiS70+mY4rnpl0vUPr9h+I+1/Spj3OgL0HrG9UbZlbrDvmKYqtaE
aSB5P3tTunK8lIMTRNnmwTJw10CATfYqICwTFI7nMlAiJWvX68cbhw5baTChRipL
sJU1ScNxoaKY6XBE++ekQ0pOHCOJBjIqT5TM2uRYvD6N1cASaAvlyBEQJQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFYiXshe6IemGenmGlynp97hP/V3MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvVmlKZXlGN29oNllaNmVZYVhLZW4zdUVfOVhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYe0AwQA
WSODAwQAXXOsMA0GCSqGSIb3DQEBCwUAA4IBAQBzAG4IIBoiL8LMiFLdn0NBSyuI
lmIoPYP2PzxnuLJnVewBgYBRC0RnTuAjqE/j2Awnhs2tog3caVH0G3ds8hzQ+5GC
TDoG6QZSN8rEjJwxWF3IuXpv0oVzKBGcz+QY4s2KaZIFdjrxX2HELr2qIOV6nyKC
juR0OxtOLXY8PTMmAj8xw6zwkeVCQ8lPetn65nxkkUOW13ZlkZRf2617xcc8gbEJ
BDf48gD4VEobzp1jZ6/RUNTF6qg796ojed4RLosgVEJvjjKJwhsTorsVlgz0j0xq
HkEii+4/LhRQueGYdoEGPCBkAcnc23s1N0jJkpkUJWk+BPUKb8wWV+xqyRJN
-----END CERTIFICATE-----