Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/6cf712-dd0b-4a90-958e-693bf67e61f3/1/Vz4KDvni-pIG9pERT0AYceBbHa0.roa
File:                     Vz4KDvni-pIG9pERT0AYceBbHa0.roa (raw, json)
Hash identifier:          pYtbdwqDoFmUa9j2KOPzRaeu3zPU5WrvlE2/yiAXzDw=
Subject key identifier:   57:3E:0A:0E:F9:E2:FA:92:06:F6:91:11:4F:40:18:71:E0:5B:1D:AD
Certificate issuer:       /CN=a39b4943e7d6b4b0e1de85c9bc38b857554dd47d
Certificate serial:       019427B5810E18893CEC0CECE0E314AEA2B2
Authority key identifier: A3:9B:49:43:E7:D6:B4:B0:E1:DE:85:C9:BC:38:B8:57:55:4D:D4:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o5tJQ-fWtLDh3oXJvDi4V1VN1H0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/6cf712-dd0b-4a90-958e-693bf67e61f3/1/Vz4KDvni-pIG9pERT0AYceBbHa0.roa
Signing time:             Thu 02 Jan 2025 15:49:53 +0000
ROA not before:           Thu 02 Jan 2025 15:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59877
IP address blocks:        45.67.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/6cf712-dd0b-4a90-958e-693bf67e61f3/1/o5tJQ-fWtLDh3oXJvDi4V1VN1H0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/6cf712-dd0b-4a90-958e-693bf67e61f3/1/o5tJQ-fWtLDh3oXJvDi4V1VN1H0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o5tJQ-fWtLDh3oXJvDi4V1VN1H0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 12:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:81:0e:18:89:3c:ec:0c:ec:e0:e3:14:ae:a2:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a39b4943e7d6b4b0e1de85c9bc38b857554dd47d
        Validity
            Not Before: Jan  2 15:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=573e0a0ef9e2fa9206f691114f401871e05b1dad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:cb:0e:2d:c0:f5:6b:bb:5a:49:d0:07:f5:ce:
                    30:73:41:03:68:c6:88:e1:67:04:30:db:84:4f:66:
                    33:5e:fe:c8:98:b0:a7:be:0f:d0:e4:3e:4e:f3:1f:
                    53:9e:72:d4:a5:f9:39:10:57:26:4f:5f:2d:5a:26:
                    fa:fd:3a:52:ff:e9:d6:ec:17:f7:d0:58:37:0e:57:
                    44:30:2f:3f:d9:ba:34:bd:0a:c6:c5:8c:cb:82:e5:
                    c4:6c:3e:55:af:24:d8:ee:0b:73:a5:99:80:67:b6:
                    92:ca:b6:66:91:7b:b2:54:58:ab:a1:cd:05:61:ff:
                    2a:58:5d:4b:23:88:95:9e:28:0b:6c:2c:47:f1:f5:
                    2f:ac:f5:3b:4d:59:80:62:9a:3d:fb:d2:3c:d2:41:
                    d9:3f:51:b1:80:68:6a:c9:c2:18:b8:21:1b:48:4b:
                    5c:59:f3:14:17:33:14:e5:7f:9e:bd:8f:8e:62:7b:
                    d9:bb:64:85:22:f5:c4:80:10:38:f2:92:e5:fb:9c:
                    7a:f7:da:7b:2c:d9:cb:ff:d1:1e:36:e5:dc:dd:8e:
                    8e:fb:bc:13:b8:c7:64:91:64:a9:cb:5e:31:71:aa:
                    d6:ea:02:82:3d:7c:4a:e5:72:0d:1c:fd:ab:63:85:
                    f3:f3:ed:1c:0f:1c:af:ce:99:52:e3:db:ac:f7:97:
                    c5:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:3E:0A:0E:F9:E2:FA:92:06:F6:91:11:4F:40:18:71:E0:5B:1D:AD
            X509v3 Authority Key Identifier:
                keyid:A3:9B:49:43:E7:D6:B4:B0:E1:DE:85:C9:BC:38:B8:57:55:4D:D4:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o5tJQ-fWtLDh3oXJvDi4V1VN1H0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/6cf712-dd0b-4a90-958e-693bf67e61f3/1/Vz4KDvni-pIG9pERT0AYceBbHa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/6cf712-dd0b-4a90-958e-693bf67e61f3/1/o5tJQ-fWtLDh3oXJvDi4V1VN1H0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:f7:8a:9f:9d:26:b2:87:d0:45:d0:41:56:a3:31:55:b7:69:
         0d:7f:da:45:10:cb:fa:78:70:b4:b3:be:94:f8:e0:23:33:fc:
         18:a2:e6:da:6a:80:ba:0d:b6:88:74:34:66:60:8d:1c:b4:0b:
         e3:55:24:03:9e:c7:5e:3d:4e:77:33:71:a4:87:0a:92:ce:b6:
         d8:09:1c:01:a1:ff:50:78:8a:73:85:63:b4:54:82:10:a0:94:
         b4:58:63:82:54:8c:4f:b6:2c:e2:89:44:ca:57:85:a4:b2:a2:
         7a:68:4d:60:52:b6:82:59:99:9d:fe:52:e8:61:cc:4f:85:ab:
         86:81:9e:31:f2:b2:0b:bc:96:33:29:73:36:c4:96:aa:74:9e:
         0b:94:dc:fe:9b:66:49:9e:17:cd:53:1f:78:82:3a:f2:cd:c3:
         88:38:48:78:98:2b:76:89:96:d3:2e:82:ad:22:c7:81:97:87:
         cd:ec:2f:86:e4:45:23:36:1d:ae:de:ef:d2:19:a4:c8:e8:e5:
         86:e1:bd:5d:5c:72:4f:85:ce:2b:81:94:10:ec:b8:45:60:70:
         ca:14:ce:41:ef:76:67:8b:ad:25:ce:2f:7f:2e:2a:ed:84:96:
         b1:6e:64:77:a6:f0:46:e2:d7:b0:cb:83:00:13:b4:5e:03:ca:
         15:cf:6c:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntYEOGIk87Azs4OMUrqKyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzOWI0OTQzZTdkNmI0YjBlMWRlODVjOWJjMzhiODU3NTU0
ZGQ0N2QwHhcNMjUwMTAyMTU0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzNlMGEwZWY5ZTJmYTkyMDZmNjkxMTE0ZjQwMTg3MWUwNWIxZGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMsOLcD1a7taSdAH9c4wc0EDaMaI
4WcEMNuET2YzXv7ImLCnvg/Q5D5O8x9TnnLUpfk5EFcmT18tWib6/TpS/+nW7Bf3
0Fg3DldEMC8/2bo0vQrGxYzLguXEbD5VryTY7gtzpZmAZ7aSyrZmkXuyVFiroc0F
Yf8qWF1LI4iVnigLbCxH8fUvrPU7TVmAYpo9+9I80kHZP1GxgGhqycIYuCEbSEtc
WfMUFzMU5X+evY+OYnvZu2SFIvXEgBA48pLl+5x699p7LNnL/9EeNuXc3Y6O+7wT
uMdkkWSpy14xcarW6gKCPXxK5XINHP2rY4Xz8+0cDxyvzplS49us95fFkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFc+Cg754vqSBvaREU9AGHHgWx2tMB8GA1UdIwQY
MBaAFKObSUPn1rSw4d6Fybw4uFdVTdR9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzV0SlEtZld0TERoM29YSnZEaTRWMVZOMUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS82Y2Y3MTItZGQwYi00YTkwLTk1OGUt
NjkzYmY2N2U2MWYzLzEvVno0S0R2bmktcElHOXBFUlQwQVljZUJiSGEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS82Y2Y3MTItZGQwYi00YTkwLTk1OGUtNjkzYmY2N2U2MWYz
LzEvbzV0SlEtZld0TERoM29YSnZEaTRWMVZOMUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUP9MA0G
CSqGSIb3DQEBCwUAA4IBAQAq94qfnSayh9BF0EFWozFVt2kNf9pFEMv6eHC0s76U
+OAjM/wYoubaaoC6DbaIdDRmYI0ctAvjVSQDnsdePU53M3GkhwqSzrbYCRwBof9Q
eIpzhWO0VIIQoJS0WGOCVIxPtiziiUTKV4WksqJ6aE1gUraCWZmd/lLoYcxPhauG
gZ4x8rILvJYzKXM2xJaqdJ4LlNz+m2ZJnhfNUx94gjryzcOIOEh4mCt2iZbTLoKt
IseBl4fN7C+G5EUjNh2u3u/SGaTI6OWG4b1dXHJPhc4rgZQQ7LhFYHDKFM5B73Zn
i60lzi9/LirthJaxbmR3pvBG4tewy4MAE7ReA8oVz2z3
-----END CERTIFICATE-----