Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/18ce6c-7132-447d-8f0e-756274e447ea/1/jc3nJE4HlaAIZYtU9WTa-kp6P_0.roa
File:                     jc3nJE4HlaAIZYtU9WTa-kp6P_0.roa (raw, json)
Hash identifier:          ni65Uin42OxyzHPEODsDWUqZ0OwEhmfq3oGGPy0ODBg=
Subject key identifier:   8D:CD:E7:24:4E:07:95:A0:08:65:8B:54:F5:64:DA:FA:4A:7A:3F:FD
Certificate issuer:       /CN=b482a3e507a6f1400f6fbe2e148fa1644447e6cd
Certificate serial:       0194221FA8753FCF07092121DB50B6B4D595
Authority key identifier: B4:82:A3:E5:07:A6:F1:40:0F:6F:BE:2E:14:8F:A1:64:44:47:E6:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tIKj5Qem8UAPb74uFI-hZERH5s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/18ce6c-7132-447d-8f0e-756274e447ea/1/jc3nJE4HlaAIZYtU9WTa-kp6P_0.roa
Signing time:             Wed 01 Jan 2025 13:48:07 +0000
ROA not before:           Wed 01 Jan 2025 13:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42189
IP address blocks:        45.15.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/18ce6c-7132-447d-8f0e-756274e447ea/1/tIKj5Qem8UAPb74uFI-hZERH5s0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/18ce6c-7132-447d-8f0e-756274e447ea/1/tIKj5Qem8UAPb74uFI-hZERH5s0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tIKj5Qem8UAPb74uFI-hZERH5s0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:a8:75:3f:cf:07:09:21:21:db:50:b6:b4:d5:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b482a3e507a6f1400f6fbe2e148fa1644447e6cd
        Validity
            Not Before: Jan  1 13:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8dcde7244e0795a008658b54f564dafa4a7a3ffd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:57:a5:78:ed:06:08:3e:1e:0a:e9:1c:c6:1d:
                    39:60:ee:8e:c1:88:ce:81:50:44:e8:82:b9:83:da:
                    6a:e2:26:99:8a:ad:35:b7:ff:49:b6:36:5b:aa:63:
                    57:cd:8e:a5:9c:87:67:2b:1e:19:a6:3e:8f:f1:af:
                    bc:e8:cb:2a:f2:39:6f:48:e2:3a:ad:75:07:22:ae:
                    8c:6b:f9:9a:17:03:1e:47:77:20:0d:61:4f:6d:90:
                    fb:4f:cd:ff:52:b0:2f:bb:78:2c:58:5d:a6:ac:57:
                    ee:2f:d2:82:de:b0:2e:d3:ff:0e:f5:bf:dd:f0:7a:
                    01:fc:79:30:9a:7d:c5:c2:cc:04:ff:2c:21:9d:9f:
                    d3:f5:6b:75:67:3f:1a:e0:7f:70:8a:94:13:5a:08:
                    d8:21:e8:5d:ca:a7:8c:9d:d5:ec:9f:ce:5a:39:55:
                    a9:84:26:12:05:7f:86:f6:5f:4b:1c:11:77:ef:e7:
                    ef:52:97:71:47:6a:1e:82:02:c0:ac:60:0e:e5:ba:
                    42:8d:d6:74:97:ad:92:5a:3c:4b:c9:4f:1a:c9:4e:
                    a0:8f:d3:c7:4d:eb:dd:f1:07:da:1b:55:56:1c:f0:
                    cd:96:5b:b4:c5:6e:93:2a:27:f5:d5:b0:b0:af:d1:
                    98:8e:6e:1b:b4:79:a3:bc:62:83:26:86:07:4c:c5:
                    3e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:CD:E7:24:4E:07:95:A0:08:65:8B:54:F5:64:DA:FA:4A:7A:3F:FD
            X509v3 Authority Key Identifier:
                keyid:B4:82:A3:E5:07:A6:F1:40:0F:6F:BE:2E:14:8F:A1:64:44:47:E6:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tIKj5Qem8UAPb74uFI-hZERH5s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/18ce6c-7132-447d-8f0e-756274e447ea/1/jc3nJE4HlaAIZYtU9WTa-kp6P_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/18ce6c-7132-447d-8f0e-756274e447ea/1/tIKj5Qem8UAPb74uFI-hZERH5s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         be:e2:15:93:fa:4a:09:9a:8c:09:99:01:61:65:cc:3b:5f:9c:
         2d:81:b1:c9:56:59:74:17:76:03:6c:c4:3b:ca:74:70:68:fd:
         6f:fd:00:3f:dd:78:bb:48:d5:9a:c7:3a:55:f1:c4:46:73:e8:
         b7:9e:03:4c:17:6d:a0:54:aa:ce:d8:79:94:b8:c6:b4:c6:a2:
         ad:ae:1f:12:c0:87:08:d6:1e:a3:93:39:de:6c:84:93:ce:68:
         0d:e9:3c:64:6f:d6:c4:5c:f2:7e:f4:07:78:cf:a5:e9:dd:5d:
         4e:74:18:f4:a9:5c:bf:ef:1f:a7:95:3a:5b:e1:04:9c:fc:68:
         1b:59:65:2b:52:c2:6e:5f:ba:6b:50:8d:35:d8:fa:b4:1d:66:
         dc:cb:44:f4:cf:d5:2a:e3:eb:53:c1:7d:88:c1:8b:59:6a:12:
         51:01:7e:7b:8b:16:7c:2a:56:7a:ae:5b:9b:76:84:a7:58:5d:
         43:47:91:55:46:6d:b4:b3:b1:7d:f6:50:d1:8f:de:88:1c:7c:
         a9:86:da:09:bb:52:89:d7:dd:f4:04:88:6a:14:92:e8:e6:91:
         46:51:b5:3d:4c:88:50:04:b2:49:1b:3e:a7:8c:d8:8a:26:80:
         a2:24:0c:8b:fe:66:d8:47:34:9a:27:48:e9:35:ad:fc:44:25:
         78:f0:0a:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH6h1P88HCSEh21C2tNWVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ODJhM2U1MDdhNmYxNDAwZjZmYmUyZTE0OGZhMTY0NDQ0
N2U2Y2QwHhcNMjUwMTAxMTM0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGNkZTcyNDRlMDc5NWEwMDg2NThiNTRmNTY0ZGFmYTRhN2EzZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwleleO0GCD4eCukcxh05YO6OwYjO
gVBE6IK5g9pq4iaZiq01t/9JtjZbqmNXzY6lnIdnKx4Zpj6P8a+86Msq8jlvSOI6
rXUHIq6Ma/maFwMeR3cgDWFPbZD7T83/UrAvu3gsWF2mrFfuL9KC3rAu0/8O9b/d
8HoB/Hkwmn3FwswE/ywhnZ/T9Wt1Zz8a4H9wipQTWgjYIehdyqeMndXsn85aOVWp
hCYSBX+G9l9LHBF37+fvUpdxR2oeggLArGAO5bpCjdZ0l62SWjxLyU8ayU6gj9PH
Tevd8QfaG1VWHPDNllu0xW6TKif11bCwr9GYjm4btHmjvGKDJoYHTMU+yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3N5yROB5WgCGWLVPVk2vpKej/9MB8GA1UdIwQY
MBaAFLSCo+UHpvFAD2++LhSPoWRER+bNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdElLajVRZW04VUFQYjc0dUZJLWhaRVJINXMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8xOGNlNmMtNzEzMi00NDdkLThmMGUt
NzU2Mjc0ZTQ0N2VhLzEvamMzbkpFNEhsYUFJWll0VTlXVGEta3A2UF8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8xOGNlNmMtNzEzMi00NDdkLThmMGUtNzU2Mjc0ZTQ0N2Vh
LzEvdElLajVRZW04VUFQYjc0dUZJLWhaRVJINXMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ84MA0G
CSqGSIb3DQEBCwUAA4IBAQC+4hWT+koJmowJmQFhZcw7X5wtgbHJVll0F3YDbMQ7
ynRwaP1v/QA/3Xi7SNWaxzpV8cRGc+i3ngNMF22gVKrO2HmUuMa0xqKtrh8SwIcI
1h6jkznebISTzmgN6Txkb9bEXPJ+9Ad4z6Xp3V1OdBj0qVy/7x+nlTpb4QSc/Ggb
WWUrUsJuX7prUI012Pq0HWbcy0T0z9Uq4+tTwX2IwYtZahJRAX57ixZ8KlZ6rlub
doSnWF1DR5FVRm20s7F99lDRj96IHHyphtoJu1KJ1930BIhqFJLo5pFGUbU9TIhQ
BLJJGz6njNiKJoCiJAyL/mbYRzSaJ0jpNa38RCV48Ar+
-----END CERTIFICATE-----