Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/SpbFu7cu1hyzijH4Dcq1zO1wfcw.roa
File:                     SpbFu7cu1hyzijH4Dcq1zO1wfcw.roa (raw, json)
Hash identifier:          s7llN+uwGj/YltcQ4pU6jWvPZRuwP/LeuHpZEDrxXAg=
Subject key identifier:   4A:96:C5:BB:B7:2E:D6:1C:B3:8A:31:F8:0D:CA:B5:CC:ED:70:7D:CC
Certificate issuer:       /CN=0a30b635d357468d7f932d3e1f59d5373cf9f465
Certificate serial:       0194258EFFAA7922B2359CE2124B03E998EE
Authority key identifier: 0A:30:B6:35:D3:57:46:8D:7F:93:2D:3E:1F:59:D5:37:3C:F9:F4:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CjC2NdNXRo1_ky0-H1nVNzz59GU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/SpbFu7cu1hyzijH4Dcq1zO1wfcw.roa
Signing time:             Thu 02 Jan 2025 05:48:36 +0000
ROA not before:           Thu 02 Jan 2025 05:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        45.95.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/CjC2NdNXRo1_ky0-H1nVNzz59GU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/CjC2NdNXRo1_ky0-H1nVNzz59GU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CjC2NdNXRo1_ky0-H1nVNzz59GU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:ff:aa:79:22:b2:35:9c:e2:12:4b:03:e9:98:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a30b635d357468d7f932d3e1f59d5373cf9f465
        Validity
            Not Before: Jan  2 05:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a96c5bbb72ed61cb38a31f80dcab5cced707dcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:34:f5:ae:74:ae:a6:7e:d1:5f:aa:70:12:75:
                    ba:8f:db:ea:27:03:f0:10:8f:45:1f:fe:ed:83:ca:
                    45:af:0f:8e:01:65:07:8c:85:01:fa:89:ba:6d:b0:
                    4c:e4:af:b3:02:9a:46:39:60:6f:49:e9:e9:f1:91:
                    fd:53:51:5f:6e:3f:6d:4b:34:84:e3:98:f4:70:39:
                    a2:59:90:68:a8:35:65:c5:b7:45:e5:70:13:f0:78:
                    e1:61:ba:86:10:85:ee:7a:8b:e7:14:18:97:69:df:
                    34:02:78:33:0d:96:59:fb:25:7a:1e:1d:ed:23:c6:
                    72:8f:9a:df:18:0d:74:04:02:dd:a4:48:e4:df:9d:
                    1a:b0:a3:91:60:94:1e:c0:e3:9e:4d:ca:b6:f9:d0:
                    be:6f:7a:35:b2:e7:2c:57:86:25:c3:a9:04:e9:c9:
                    ae:d4:55:a4:eb:9b:c3:0c:11:bf:cb:e2:87:92:f9:
                    a6:dd:64:c2:c6:a5:7c:36:f2:c8:bf:bc:53:96:54:
                    f5:f4:b0:bd:dd:8c:72:a3:d1:39:9e:0c:1a:f6:a2:
                    22:5c:e1:6b:5e:8c:d3:a8:21:3e:44:8a:99:3f:96:
                    83:ee:ba:a1:72:a2:74:c2:0f:fb:74:21:47:01:e3:
                    5b:4d:3a:cc:67:9b:c2:07:3d:4a:4d:84:1c:27:a8:
                    d9:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:96:C5:BB:B7:2E:D6:1C:B3:8A:31:F8:0D:CA:B5:CC:ED:70:7D:CC
            X509v3 Authority Key Identifier:
                keyid:0A:30:B6:35:D3:57:46:8D:7F:93:2D:3E:1F:59:D5:37:3C:F9:F4:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjC2NdNXRo1_ky0-H1nVNzz59GU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/SpbFu7cu1hyzijH4Dcq1zO1wfcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/CjC2NdNXRo1_ky0-H1nVNzz59GU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:77:31:79:e4:58:1e:d8:ef:47:6a:5e:b5:2d:06:93:be:31:
         e4:27:13:2d:53:fd:8a:98:8b:b9:17:e8:fa:23:fa:1e:72:59:
         a6:b5:65:d7:80:2d:38:3a:18:5a:af:46:66:62:0c:18:d2:43:
         b7:b9:c7:d7:12:c5:81:76:2b:3f:93:dc:fe:ca:e6:9a:3a:94:
         1f:c9:37:60:bd:e5:9c:c8:c1:b1:67:ea:9b:1d:a4:30:aa:45:
         ad:40:13:b1:e1:f7:65:45:cf:01:cd:34:ad:cd:a8:d3:ea:09:
         09:13:79:cd:be:0a:6a:45:35:c7:17:84:46:20:55:93:17:8f:
         30:7f:db:00:c7:9b:14:22:ec:27:0d:73:35:b6:12:49:48:41:
         c9:bd:d0:80:98:52:a4:41:fa:90:12:db:f5:80:f0:f4:87:2d:
         77:0c:5b:16:d0:9f:6a:b0:06:06:18:8c:87:fe:05:76:56:ee:
         9c:d7:d1:26:d9:aa:6b:c7:75:22:78:eb:6a:55:d0:c5:f3:1f:
         d4:99:b3:3e:e5:ba:d4:9b:b3:29:c6:16:81:4f:e6:35:5f:63:
         60:97:a5:96:e1:bb:12:11:8d:32:b1:08:20:d7:a9:e8:35:a1:
         2c:a4:63:10:54:c3:56:2b:07:d4:da:0f:f2:52:94:ea:d0:c4:
         7a:c0:53:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljv+qeSKyNZziEksD6ZjuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzBiNjM1ZDM1NzQ2OGQ3ZjkzMmQzZTFmNTlkNTM3M2Nm
OWY0NjUwHhcNMjUwMTAyMDU0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTk2YzViYmI3MmVkNjFjYjM4YTMxZjgwZGNhYjVjY2VkNzA3ZGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjT1rnSupn7RX6pwEnW6j9vqJwPw
EI9FH/7tg8pFrw+OAWUHjIUB+om6bbBM5K+zAppGOWBvSenp8ZH9U1Ffbj9tSzSE
45j0cDmiWZBoqDVlxbdF5XAT8HjhYbqGEIXueovnFBiXad80AngzDZZZ+yV6Hh3t
I8Zyj5rfGA10BALdpEjk350asKORYJQewOOeTcq2+dC+b3o1sucsV4Ylw6kE6cmu
1FWk65vDDBG/y+KHkvmm3WTCxqV8NvLIv7xTllT19LC93Yxyo9E5ngwa9qIiXOFr
XozTqCE+RIqZP5aD7rqhcqJ0wg/7dCFHAeNbTTrMZ5vCBz1KTYQcJ6jZ3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEqWxbu3LtYcs4ox+A3KtcztcH3MMB8GA1UdIwQY
MBaAFAowtjXTV0aNf5MtPh9Z1Tc8+fRlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pDMk5kTlhSbzFfa3kwLUgxblZOeno1OUdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8xNzg1ZjEtYWUyMy00MGYwLTgzZjIt
NmRlZjM5OGNlNWM5LzEvU3BiRnU3Y3UxaHl6aWpINERjcTF6TzF3ZmN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8xNzg1ZjEtYWUyMy00MGYwLTgzZjItNmRlZjM5OGNlNWM5
LzEvQ2pDMk5kTlhSbzFfa3kwLUgxblZOeno1OUdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLV90MA0G
CSqGSIb3DQEBCwUAA4IBAQBadzF55Fge2O9Hal61LQaTvjHkJxMtU/2KmIu5F+j6
I/oeclmmtWXXgC04Ohhar0ZmYgwY0kO3ucfXEsWBdis/k9z+yuaaOpQfyTdgveWc
yMGxZ+qbHaQwqkWtQBOx4fdlRc8BzTStzajT6gkJE3nNvgpqRTXHF4RGIFWTF48w
f9sAx5sUIuwnDXM1thJJSEHJvdCAmFKkQfqQEtv1gPD0hy13DFsW0J9qsAYGGIyH
/gV2Vu6c19Em2aprx3UieOtqVdDF8x/UmbM+5brUm7MpxhaBT+Y1X2Ngl6WW4bsS
EY0ysQgg16noNaEspGMQVMNWKwfU2g/yUpTq0MR6wFPj
-----END CERTIFICATE-----