Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/QvxWT4xY-nx_D6ZNWO2yetZnnpQ.roa
File:                     QvxWT4xY-nx_D6ZNWO2yetZnnpQ.roa (raw, json)
Hash identifier:          5hYT1EwCoWhfN9hDbCeHVlJcTh6HqFEGgKcOBfv7338=
Subject key identifier:   42:FC:56:4F:8C:58:FA:7C:7F:0F:A6:4D:58:ED:B2:7A:D6:67:9E:94
Certificate issuer:       /CN=ebbc0d60bd3a90bd5e31509deadf447076b078d8
Certificate serial:       019421446BC01CF1101FF3B666BA51428BE4
Authority key identifier: EB:BC:0D:60:BD:3A:90:BD:5E:31:50:9D:EA:DF:44:70:76:B0:78:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/67wNYL06kL1eMVCd6t9EcHaweNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/QvxWT4xY-nx_D6ZNWO2yetZnnpQ.roa
Signing time:             Wed 01 Jan 2025 09:48:39 +0000
ROA not before:           Wed 01 Jan 2025 09:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44525
IP address blocks:        212.45.68.0/22 maxlen: 22
                          212.45.68.0/24 maxlen: 24
                          212.45.69.0/24 maxlen: 24
                          212.45.70.0/24 maxlen: 24
                          212.45.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/67wNYL06kL1eMVCd6t9EcHaweNg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/67wNYL06kL1eMVCd6t9EcHaweNg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/67wNYL06kL1eMVCd6t9EcHaweNg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:6b:c0:1c:f1:10:1f:f3:b6:66:ba:51:42:8b:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebbc0d60bd3a90bd5e31509deadf447076b078d8
        Validity
            Not Before: Jan  1 09:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42fc564f8c58fa7c7f0fa64d58edb27ad6679e94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:34:4d:5b:1a:68:2a:03:ed:4a:66:80:3f:10:
                    a0:aa:f1:7a:32:20:d7:32:1b:c7:ea:e2:9b:7c:3b:
                    c2:04:e7:46:9b:5a:f8:dc:2e:9e:a4:9a:94:80:8a:
                    e6:52:19:74:d2:9c:27:08:65:8b:01:81:6b:e3:d3:
                    7d:eb:b5:e4:3e:09:8e:cd:44:83:40:d2:c9:57:b6:
                    97:4e:21:4c:65:a5:0d:5b:11:fb:21:ba:29:ba:44:
                    df:4d:91:51:8f:40:38:40:8f:0f:04:98:cf:5a:37:
                    74:f6:40:1d:46:07:bb:a8:25:7a:23:d4:1b:97:53:
                    e3:31:55:ec:e8:ed:4f:61:c1:6f:f0:10:e4:d2:ff:
                    da:04:4e:aa:cb:93:24:f1:7a:e2:32:a8:72:76:15:
                    ca:f8:aa:f9:74:09:2e:66:d1:96:97:7f:79:15:6b:
                    38:63:8c:d5:9f:85:ff:90:5b:f3:6f:91:ef:a6:44:
                    54:70:8e:a5:38:67:c9:6a:c6:d6:f8:79:0b:57:60:
                    8f:1c:8c:ff:0e:6b:30:b8:05:ee:7d:c5:76:49:83:
                    4c:25:1e:a5:7f:f6:f2:db:e5:20:c1:d6:fe:1d:8a:
                    c6:d2:7e:f6:e3:43:0a:f9:c0:77:f9:2f:86:92:87:
                    8e:4c:96:32:ac:af:03:6f:7b:4b:f2:d4:ee:bf:79:
                    94:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:FC:56:4F:8C:58:FA:7C:7F:0F:A6:4D:58:ED:B2:7A:D6:67:9E:94
            X509v3 Authority Key Identifier:
                keyid:EB:BC:0D:60:BD:3A:90:BD:5E:31:50:9D:EA:DF:44:70:76:B0:78:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/67wNYL06kL1eMVCd6t9EcHaweNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/QvxWT4xY-nx_D6ZNWO2yetZnnpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/67wNYL06kL1eMVCd6t9EcHaweNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.45.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:c0:c5:76:19:63:13:8c:1e:e1:76:8d:20:b7:78:1e:79:63:
         47:dd:1e:90:b0:41:0c:e5:b9:70:4a:28:3d:9a:0a:ce:96:1e:
         77:4b:58:eb:d0:16:66:40:a3:98:e2:87:31:de:4d:47:93:0a:
         ce:d5:2c:71:e4:b7:46:f0:5d:ef:48:a5:6b:a6:20:72:22:48:
         f7:67:8a:c1:68:11:30:24:12:da:3d:dd:a9:90:53:46:e2:da:
         7e:d5:ab:45:2c:94:9e:cd:7a:e2:7d:51:7e:54:c0:ea:9b:fe:
         4e:26:76:98:99:4f:25:0d:13:b4:17:28:40:2e:b2:82:f0:14:
         85:34:63:54:c3:e8:ac:d7:92:4c:b7:e5:54:c2:08:79:84:43:
         42:13:a5:42:2a:a2:03:b6:73:13:67:9a:bd:43:e8:b3:8e:e3:
         69:3d:b1:a9:fc:dd:41:c2:3b:ac:31:7e:1f:83:37:0a:f0:f6:
         af:11:ae:73:d0:d4:c7:e8:0f:77:07:88:87:a2:97:0e:0b:ef:
         2c:cf:41:04:98:40:2f:10:88:15:a1:3d:c9:85:96:7b:fe:ef:
         17:dc:9c:e5:40:14:0e:84:ac:c7:87:7b:5b:88:61:ce:10:1e:
         20:7d:ba:7d:1b:ad:18:51:42:b8:80:a3:d5:c6:d7:d1:4a:75:
         be:c0:ee:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRGvAHPEQH/O2ZrpRQovkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYmMwZDYwYmQzYTkwYmQ1ZTMxNTA5ZGVhZGY0NDcwNzZi
MDc4ZDgwHhcNMjUwMTAxMDk0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmZjNTY0ZjhjNThmYTdjN2YwZmE2NGQ1OGVkYjI3YWQ2Njc5ZTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTRNWxpoKgPtSmaAPxCgqvF6MiDX
MhvH6uKbfDvCBOdGm1r43C6epJqUgIrmUhl00pwnCGWLAYFr49N967XkPgmOzUSD
QNLJV7aXTiFMZaUNWxH7IbopukTfTZFRj0A4QI8PBJjPWjd09kAdRge7qCV6I9Qb
l1PjMVXs6O1PYcFv8BDk0v/aBE6qy5Mk8XriMqhydhXK+Kr5dAkuZtGWl395FWs4
Y4zVn4X/kFvzb5HvpkRUcI6lOGfJasbW+HkLV2CPHIz/DmswuAXufcV2SYNMJR6l
f/by2+Ugwdb+HYrG0n7240MK+cB3+S+GkoeOTJYyrK8Db3tL8tTuv3mU8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEL8Vk+MWPp8fw+mTVjtsnrWZ56UMB8GA1UdIwQY
MBaAFOu8DWC9OpC9XjFQnerfRHB2sHjYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjd3TllMMDZrTDFlTVZDZDZ0OUVjSGF3ZU5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8wODBhZjYtOGRjNC00OGU2LTljNjMt
YTZiOTU5OTFjZDJjLzEvUXZ4V1Q0eFktbnhfRDZaTldPMnlldFpubnBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8wODBhZjYtOGRjNC00OGU2LTljNjMtYTZiOTU5OTFjZDJj
LzEvNjd3TllMMDZrTDFlTVZDZDZ0OUVjSGF3ZU5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1C1EMA0G
CSqGSIb3DQEBCwUAA4IBAQCQwMV2GWMTjB7hdo0gt3geeWNH3R6QsEEM5blwSig9
mgrOlh53S1jr0BZmQKOY4ocx3k1HkwrO1Sxx5LdG8F3vSKVrpiByIkj3Z4rBaBEw
JBLaPd2pkFNG4tp+1atFLJSezXrifVF+VMDqm/5OJnaYmU8lDRO0FyhALrKC8BSF
NGNUw+is15JMt+VUwgh5hENCE6VCKqIDtnMTZ5q9Q+izjuNpPbGp/N1BwjusMX4f
gzcK8PavEa5z0NTH6A93B4iHopcOC+8sz0EEmEAvEIgVoT3JhZZ7/u8X3JzlQBQO
hKzHh3tbiGHOEB4gfbp9G60YUUK4gKPVxtfRSnW+wO71
-----END CERTIFICATE-----