Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/tBypEuD8_6LGvghrSbHbTC7iVgU.roa
File:                     tBypEuD8_6LGvghrSbHbTC7iVgU.roa (raw, json)
Hash identifier:          XOS8vBivruT/FLYxxS0etrQ1c1DImhE/euhY8wg9G6s=
Subject key identifier:   B4:1C:A9:12:E0:FC:FF:A2:C6:BE:08:6B:49:B1:DB:4C:2E:E2:56:05
Certificate issuer:       /CN=29a9964e0cd35fb36757e5653ffa7626ac5deee8
Certificate serial:       0194236A39431C18A342A68222C2631DF8A1
Authority key identifier: 29:A9:96:4E:0C:D3:5F:B3:67:57:E5:65:3F:FA:76:26:AC:5D:EE:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/tBypEuD8_6LGvghrSbHbTC7iVgU.roa
Signing time:             Wed 01 Jan 2025 19:49:11 +0000
ROA not before:           Wed 01 Jan 2025 19:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25244
IP address blocks:        45.131.118.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 22:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:39:43:1c:18:a3:42:a6:82:22:c2:63:1d:f8:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29a9964e0cd35fb36757e5653ffa7626ac5deee8
        Validity
            Not Before: Jan  1 19:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b41ca912e0fcffa2c6be086b49b1db4c2ee25605
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4e:4f:4b:7b:ae:1c:b9:bf:10:b0:20:32:17:
                    8a:d0:a7:c4:97:fa:14:10:e7:e1:f7:b8:97:e2:67:
                    07:4c:6b:39:f6:8c:da:80:25:36:25:51:ca:8c:4d:
                    5d:fb:e3:64:fc:07:fa:ba:46:90:da:15:b3:89:cd:
                    76:03:e2:95:81:e8:f0:16:0e:dc:c0:98:c3:05:18:
                    c1:bd:47:e7:2e:a8:0b:5c:58:aa:8d:d2:5b:88:c1:
                    ef:51:b7:69:3a:ca:95:ca:48:49:63:c9:f4:a5:a0:
                    f6:b2:77:86:95:88:64:aa:bf:e1:b1:e7:29:72:c0:
                    61:a0:e2:61:fd:88:68:65:42:7a:92:a6:30:79:1e:
                    bb:31:fa:e9:c0:a9:e0:21:9c:be:39:4f:7b:13:bd:
                    e7:d4:57:f9:33:46:19:21:ae:d4:08:93:cc:f6:65:
                    76:b9:b0:f4:5f:d4:8a:18:95:79:2d:59:49:17:da:
                    84:a2:84:86:50:45:50:65:a6:10:de:ba:9d:a5:99:
                    14:1b:52:c3:57:d4:aa:d5:85:16:c3:4c:ff:37:b6:
                    7f:f5:3d:0a:bd:d3:7b:bc:2d:aa:fc:5e:80:85:62:
                    bc:d9:2b:93:b3:bb:c4:60:0e:8f:59:01:3d:e8:0c:
                    80:0e:a8:ba:17:db:0a:30:45:b4:61:66:d2:f1:45:
                    72:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:1C:A9:12:E0:FC:FF:A2:C6:BE:08:6B:49:B1:DB:4C:2E:E2:56:05
            X509v3 Authority Key Identifier:
                keyid:29:A9:96:4E:0C:D3:5F:B3:67:57:E5:65:3F:FA:76:26:AC:5D:EE:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/tBypEuD8_6LGvghrSbHbTC7iVgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c8:99:08:c5:4f:2a:81:ec:08:71:a5:b4:34:79:0f:3c:32:73:
         a3:49:77:5d:88:54:cd:ea:37:19:7f:32:93:8e:9f:ed:f5:47:
         25:ce:c5:0e:cd:30:f9:a5:e9:05:68:40:89:c2:b4:02:59:09:
         84:1c:b9:42:dd:34:1d:10:e9:69:aa:5d:81:0c:43:04:9d:15:
         8d:5b:a0:88:54:4c:77:11:15:9f:0f:14:67:08:f8:b7:ca:5e:
         27:d7:52:fc:ca:9a:17:d1:af:38:87:0a:88:98:ec:f3:31:a1:
         96:9f:b8:69:7f:8a:a9:7c:0b:63:84:15:ae:b3:f9:d9:43:ae:
         8d:84:eb:44:e2:8d:08:9a:3b:0f:fb:b0:1d:e1:09:6e:d5:53:
         05:5c:53:42:e3:c2:5d:59:5c:73:76:d5:f6:06:5a:96:dc:6f:
         d8:1a:f1:6b:60:ad:c9:79:f7:50:08:61:84:5f:54:85:7e:97:
         81:4d:00:9d:b4:bb:dd:eb:2c:ef:0a:a7:75:0f:df:49:1e:59:
         74:77:fc:7a:73:bd:fa:99:a0:5a:af:a5:0e:3a:29:87:0d:5b:
         6a:03:c7:a7:c1:6f:c7:77:e2:08:5a:18:0d:30:46:e2:b8:cc:
         8e:39:67:7a:59:bc:96:38:22:f0:bf:2c:b2:82:41:4d:69:18:
         4f:e5:67:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjajlDHBijQqaCIsJjHfihMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YTk5NjRlMGNkMzVmYjM2NzU3ZTU2NTNmZmE3NjI2YWM1
ZGVlZTgwHhcNMjUwMTAxMTk0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDFjYTkxMmUwZmNmZmEyYzZiZTA4NmI0OWIxZGI0YzJlZTI1NjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvE5PS3uuHLm/ELAgMheK0KfEl/oU
EOfh97iX4mcHTGs59ozagCU2JVHKjE1d++Nk/Af6ukaQ2hWzic12A+KVgejwFg7c
wJjDBRjBvUfnLqgLXFiqjdJbiMHvUbdpOsqVykhJY8n0paD2sneGlYhkqr/hsecp
csBhoOJh/YhoZUJ6kqYweR67MfrpwKngIZy+OU97E73n1Ff5M0YZIa7UCJPM9mV2
ubD0X9SKGJV5LVlJF9qEooSGUEVQZaYQ3rqdpZkUG1LDV9Sq1YUWw0z/N7Z/9T0K
vdN7vC2q/F6AhWK82SuTs7vEYA6PWQE96AyADqi6F9sKMEW0YWbS8UVy/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQcqRLg/P+ixr4Ia0mx20wu4lYFMB8GA1UdIwQY
MBaAFCmplk4M01+zZ1flZT/6diasXe7oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2FtV1RnelRYN05uVi1WbFBfcDJKcXhkN3VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8yMTQwNjMtZjg4Zi00OTU4LWFlNTIt
ZDliNTMzZjdmYmMzLzEvdEJ5cEV1RDhfNkxHdmdoclNiSGJUQzdpVmdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8yMTQwNjMtZjg4Zi00OTU4LWFlNTItZDliNTMzZjdmYmMz
LzEvS2FtV1RnelRYN05uVi1WbFBfcDJKcXhkN3VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYN2MA0G
CSqGSIb3DQEBCwUAA4IBAQDImQjFTyqB7AhxpbQ0eQ88MnOjSXddiFTN6jcZfzKT
jp/t9UclzsUOzTD5pekFaECJwrQCWQmEHLlC3TQdEOlpql2BDEMEnRWNW6CIVEx3
ERWfDxRnCPi3yl4n11L8ypoX0a84hwqImOzzMaGWn7hpf4qpfAtjhBWus/nZQ66N
hOtE4o0ImjsP+7Ad4Qlu1VMFXFNC48JdWVxzdtX2BlqW3G/YGvFrYK3JefdQCGGE
X1SFfpeBTQCdtLvd6yzvCqd1D99JHll0d/x6c736maBar6UOOimHDVtqA8enwW/H
d+IIWhgNMEbiuMyOOWd6WbyWOCLwvyyygkFNaRhP5WeA
-----END CERTIFICATE-----