Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/518f11-d8f9-47a0-9600-5b00fbf4a529/1/J_WwZWRwUeRaMtDotR_iY7Q6fWw.roa
File:                     J_WwZWRwUeRaMtDotR_iY7Q6fWw.roa (raw, json)
Hash identifier:          jAGifMZyJSQbsPFRP+S78wMNisVnQ/cWhKpvEThjZOI=
Subject key identifier:   27:F5:B0:65:64:70:51:E4:5A:32:D0:E8:B5:1F:E2:63:B4:3A:7D:6C
Certificate issuer:       /CN=d23f047b06c8b7271ee10c9af5d1443f0139c127
Certificate serial:       019423D750A15D9E306FA7F21E6B0E9C90D1
Authority key identifier: D2:3F:04:7B:06:C8:B7:27:1E:E1:0C:9A:F5:D1:44:3F:01:39:C1:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0j8EewbItyce4Qya9dFEPwE5wSc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/518f11-d8f9-47a0-9600-5b00fbf4a529/1/J_WwZWRwUeRaMtDotR_iY7Q6fWw.roa
Signing time:             Wed 01 Jan 2025 21:48:20 +0000
ROA not before:           Wed 01 Jan 2025 21:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203
IP address blocks:        45.133.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/518f11-d8f9-47a0-9600-5b00fbf4a529/1/0j8EewbItyce4Qya9dFEPwE5wSc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/518f11-d8f9-47a0-9600-5b00fbf4a529/1/0j8EewbItyce4Qya9dFEPwE5wSc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0j8EewbItyce4Qya9dFEPwE5wSc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:50:a1:5d:9e:30:6f:a7:f2:1e:6b:0e:9c:90:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d23f047b06c8b7271ee10c9af5d1443f0139c127
        Validity
            Not Before: Jan  1 21:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27f5b065647051e45a32d0e8b51fe263b43a7d6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:38:cd:95:fb:0b:85:4d:b2:e1:6e:18:be:4c:
                    32:1c:3f:1d:1e:17:b5:2c:d0:21:eb:d7:d5:41:48:
                    03:b5:c0:92:a5:ef:5f:06:1f:b7:0c:94:d3:a1:b1:
                    56:13:7e:ae:08:8f:b8:d4:4f:2d:c0:2c:ee:b5:ac:
                    4c:45:b2:ce:91:d7:b8:bf:91:06:ac:5d:07:5a:83:
                    b4:32:4b:c3:0b:cf:e2:9f:de:02:65:0c:03:6f:03:
                    0d:25:e7:91:1f:05:0a:3d:64:5e:52:8b:3e:ad:2d:
                    4a:d2:41:70:29:2b:dc:75:92:ea:6b:b7:99:60:37:
                    11:25:d0:ab:6e:8a:59:ad:e4:56:ab:2c:f3:89:5c:
                    59:d6:26:23:bd:c9:e2:19:7c:da:c8:23:f6:5a:fe:
                    14:88:c3:4b:19:d2:7f:0b:5a:cb:e1:a3:ef:ca:b8:
                    7b:d6:0b:55:a2:95:52:5f:8a:6c:bd:02:aa:f0:1b:
                    19:f6:78:50:23:02:0c:42:37:31:43:00:95:ad:0c:
                    2c:98:e8:5c:e3:b4:2f:6d:61:fc:e7:b1:29:f5:56:
                    02:e7:d4:ab:6b:69:9e:f3:c4:df:37:97:4d:85:20:
                    28:de:5f:df:43:8b:b1:62:97:1b:0a:f9:48:1b:60:
                    ec:8d:58:9a:f4:85:6b:68:03:eb:7b:9e:fb:ba:b4:
                    2f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:F5:B0:65:64:70:51:E4:5A:32:D0:E8:B5:1F:E2:63:B4:3A:7D:6C
            X509v3 Authority Key Identifier:
                keyid:D2:3F:04:7B:06:C8:B7:27:1E:E1:0C:9A:F5:D1:44:3F:01:39:C1:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0j8EewbItyce4Qya9dFEPwE5wSc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/518f11-d8f9-47a0-9600-5b00fbf4a529/1/J_WwZWRwUeRaMtDotR_iY7Q6fWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/518f11-d8f9-47a0-9600-5b00fbf4a529/1/0j8EewbItyce4Qya9dFEPwE5wSc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:b0:76:58:03:70:09:7e:d3:60:02:03:32:5d:57:7a:fa:c6:
         4e:ed:0d:78:c5:69:d2:56:d2:99:32:40:81:21:c7:43:93:1b:
         6f:51:73:f5:79:7a:cd:b5:0f:46:90:c1:db:be:12:f3:2f:62:
         7f:23:f3:d6:0a:1c:f0:36:d7:0c:4e:da:2f:f8:4d:d9:fa:b7:
         ab:6e:f0:6e:19:3d:b2:1a:6d:cc:71:f6:4c:35:1c:b7:22:00:
         b6:d0:a1:b8:06:7e:0d:c7:3a:cd:17:3b:3c:56:7a:d1:bd:b3:
         7d:c5:74:6c:55:e2:89:5d:86:73:e3:38:77:36:e9:6f:99:19:
         c4:d7:0e:f4:90:cc:b5:35:01:9e:4c:e3:94:0f:d3:28:db:0b:
         a2:a3:a4:22:68:b6:60:de:7d:f9:ec:76:73:42:93:26:54:ae:
         36:52:d4:f3:60:5d:90:72:82:18:27:e5:60:24:18:53:71:78:
         17:20:fd:47:97:0e:6b:42:3e:77:21:df:50:24:86:6a:ee:fe:
         e4:8a:9d:87:0f:22:33:6e:8a:7d:0d:59:62:6a:b2:ac:5d:a4:
         af:39:76:e7:71:8c:60:69:ab:03:33:eb:80:29:94:ba:ca:92:
         97:39:2a:cb:47:20:6f:19:1f:32:c1:d4:eb:04:7d:a2:e3:94:
         29:8f:81:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj11ChXZ4wb6fyHmsOnJDRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyM2YwNDdiMDZjOGI3MjcxZWUxMGM5YWY1ZDE0NDNmMDEz
OWMxMjcwHhcNMjUwMTAxMjE0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2Y1YjA2NTY0NzA1MWU0NWEzMmQwZThiNTFmZTI2M2I0M2E3ZDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTjNlfsLhU2y4W4YvkwyHD8dHhe1
LNAh69fVQUgDtcCSpe9fBh+3DJTTobFWE36uCI+41E8twCzutaxMRbLOkde4v5EG
rF0HWoO0MkvDC8/in94CZQwDbwMNJeeRHwUKPWReUos+rS1K0kFwKSvcdZLqa7eZ
YDcRJdCrbopZreRWqyzziVxZ1iYjvcniGXzayCP2Wv4UiMNLGdJ/C1rL4aPvyrh7
1gtVopVSX4psvQKq8BsZ9nhQIwIMQjcxQwCVrQwsmOhc47QvbWH857Ep9VYC59Sr
a2me88TfN5dNhSAo3l/fQ4uxYpcbCvlIG2DsjVia9IVraAPre577urQv1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCf1sGVkcFHkWjLQ6LUf4mO0On1sMB8GA1UdIwQY
MBaAFNI/BHsGyLcnHuEMmvXRRD8BOcEnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGo4RWV3Ykl0eWNlNFF5YTlkRkVQd0U1d1NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS81MThmMTEtZDhmOS00N2EwLTk2MDAt
NWIwMGZiZjRhNTI5LzEvSl9Xd1pXUndVZVJhTXREb3RSX2lZN1E2Zld3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS81MThmMTEtZDhmOS00N2EwLTk2MDAtNWIwMGZiZjRhNTI5
LzEvMGo4RWV3Ykl0eWNlNFF5YTlkRkVQd0U1d1NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYWEMA0G
CSqGSIb3DQEBCwUAA4IBAQBPsHZYA3AJftNgAgMyXVd6+sZO7Q14xWnSVtKZMkCB
IcdDkxtvUXP1eXrNtQ9GkMHbvhLzL2J/I/PWChzwNtcMTtov+E3Z+rerbvBuGT2y
Gm3McfZMNRy3IgC20KG4Bn4NxzrNFzs8VnrRvbN9xXRsVeKJXYZz4zh3NulvmRnE
1w70kMy1NQGeTOOUD9Mo2wuio6QiaLZg3n357HZzQpMmVK42UtTzYF2QcoIYJ+Vg
JBhTcXgXIP1Hlw5rQj53Id9QJIZq7v7kip2HDyIzbop9DVliarKsXaSvOXbncYxg
aasDM+uAKZS6ypKXOSrLRyBvGR8ywdTrBH2i45Qpj4Gg
-----END CERTIFICATE-----