Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/5ec794-1bb3-4c65-ac42-a18c06ec52e8/1/SPkSmU2cuYPaslq98jH650uCm8U.roa
File:                     SPkSmU2cuYPaslq98jH650uCm8U.roa (raw, json)
Hash identifier:          3l9S6s2Phg4ZgQxgg2kV0SAhmKBDDFr+VpsMCOZHDtE=
Subject key identifier:   48:F9:12:99:4D:9C:B9:83:DA:B2:5A:BD:F2:31:FA:E7:4B:82:9B:C5
Certificate issuer:       /CN=7b08e16878744b88b84203eefe2d77a87dab90b1
Certificate serial:       019426D9677C2167697AF63D109337C0C33A
Authority key identifier: 7B:08:E1:68:78:74:4B:88:B8:42:03:EE:FE:2D:77:A8:7D:AB:90:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ewjhaHh0S4i4QgPu_i13qH2rkLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/5ec794-1bb3-4c65-ac42-a18c06ec52e8/1/SPkSmU2cuYPaslq98jH650uCm8U.roa
Signing time:             Thu 02 Jan 2025 11:49:29 +0000
ROA not before:           Thu 02 Jan 2025 11:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34903
IP address blocks:        45.130.208.0/22 maxlen: 24
                          2a0e:c240::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/5ec794-1bb3-4c65-ac42-a18c06ec52e8/1/ewjhaHh0S4i4QgPu_i13qH2rkLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/5ec794-1bb3-4c65-ac42-a18c06ec52e8/1/ewjhaHh0S4i4QgPu_i13qH2rkLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ewjhaHh0S4i4QgPu_i13qH2rkLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:67:7c:21:67:69:7a:f6:3d:10:93:37:c0:c3:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b08e16878744b88b84203eefe2d77a87dab90b1
        Validity
            Not Before: Jan  2 11:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=48f912994d9cb983dab25abdf231fae74b829bc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:07:16:f3:d1:9e:03:a2:09:0b:91:17:8a:3e:
                    c8:b9:16:0e:c7:7f:3c:9f:a6:15:35:81:ca:3a:b8:
                    32:c8:71:8e:4c:ad:47:18:07:b9:58:c4:55:80:3f:
                    2d:8e:ad:c1:b6:3e:f2:6f:cf:7a:42:6d:71:68:39:
                    c7:0b:5a:05:35:f0:83:8c:ac:88:f6:d0:c0:e7:99:
                    aa:55:d2:3f:90:86:76:60:48:28:11:4b:0c:d6:45:
                    48:dc:bf:e3:d4:b6:f0:34:5f:61:c1:84:b0:de:24:
                    40:5c:16:2a:57:da:37:d8:ae:0a:a3:3d:e1:3b:3b:
                    cf:36:d5:3b:77:80:68:eb:02:39:28:27:01:01:49:
                    9b:0d:b1:e5:aa:2a:a0:0c:62:f7:58:4f:7d:57:03:
                    15:70:75:fa:94:16:1f:0b:8a:74:31:b5:96:05:c6:
                    0e:65:07:cb:8d:bc:be:aa:b8:13:d9:35:e3:f2:03:
                    21:5a:85:19:d3:98:99:2c:a1:31:79:42:34:73:b9:
                    a5:2e:a3:47:bb:58:88:7b:f2:a8:7d:2c:93:46:98:
                    89:39:6d:5d:a4:ee:1b:63:1a:1d:c9:9c:4b:d6:8a:
                    f9:ac:45:c8:11:96:c2:b5:32:f6:57:78:c9:8a:d6:
                    ee:6c:f4:2a:a3:ab:e4:cb:15:6b:e6:0b:d9:39:31:
                    c0:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:F9:12:99:4D:9C:B9:83:DA:B2:5A:BD:F2:31:FA:E7:4B:82:9B:C5
            X509v3 Authority Key Identifier:
                keyid:7B:08:E1:68:78:74:4B:88:B8:42:03:EE:FE:2D:77:A8:7D:AB:90:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ewjhaHh0S4i4QgPu_i13qH2rkLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/5ec794-1bb3-4c65-ac42-a18c06ec52e8/1/SPkSmU2cuYPaslq98jH650uCm8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/5ec794-1bb3-4c65-ac42-a18c06ec52e8/1/ewjhaHh0S4i4QgPu_i13qH2rkLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.208.0/22
                IPv6:
                  2a0e:c240::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:c9:fe:57:08:f0:39:eb:da:c1:8b:a5:05:19:b7:99:2e:a7:
         d7:d1:38:ce:6c:93:8c:aa:fc:aa:0e:00:6e:60:d8:f8:f3:74:
         4b:16:77:cf:ab:04:a8:f6:b5:d7:05:08:f2:07:85:e5:63:89:
         4c:08:f0:c4:6b:3e:89:a3:89:93:a5:dd:12:66:8b:fa:9c:40:
         24:72:81:d7:b3:ef:32:a3:dc:a8:98:0a:9e:ef:6b:2b:6b:35:
         15:5b:7c:d5:62:a0:51:49:1e:4e:38:e7:c1:02:ff:25:e1:19:
         f8:a2:89:0a:f4:25:6b:a8:78:ae:e5:88:3a:c5:3b:54:c3:a0:
         8d:19:fd:0f:40:35:d4:bd:e2:5a:34:4e:90:08:b2:6c:5b:6d:
         c1:cc:c0:bf:6e:20:66:ca:c5:a9:d4:75:4d:e3:e8:d2:b8:5f:
         d1:bc:2a:b6:79:4f:eb:11:a2:e0:48:c1:1f:a9:4b:84:68:f6:
         c1:5b:ca:b1:5d:2a:14:ab:7a:69:80:c8:33:93:58:ad:f4:78:
         5a:4b:7a:a0:cc:c7:09:db:cf:29:d2:68:c0:c2:1f:c7:6c:85:
         a1:f6:3c:04:b0:1d:7d:35:30:6d:0e:6d:61:1c:c1:4e:b6:b3:
         ff:de:9b:ea:92:84:5d:83:18:9c:7f:03:d2:ca:5c:a4:ab:15:
         47:6a:26:ec
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2Wd8IWdpevY9EJM3wMM6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMDhlMTY4Nzg3NDRiODhiODQyMDNlZWZlMmQ3N2E4N2Rh
YjkwYjEwHhcNMjUwMTAyMTE0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGY5MTI5OTRkOWNiOTgzZGFiMjVhYmRmMjMxZmFlNzRiODI5YmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQcW89GeA6IJC5EXij7IuRYOx388
n6YVNYHKOrgyyHGOTK1HGAe5WMRVgD8tjq3Btj7yb896Qm1xaDnHC1oFNfCDjKyI
9tDA55mqVdI/kIZ2YEgoEUsM1kVI3L/j1LbwNF9hwYSw3iRAXBYqV9o32K4Koz3h
OzvPNtU7d4Bo6wI5KCcBAUmbDbHlqiqgDGL3WE99VwMVcHX6lBYfC4p0MbWWBcYO
ZQfLjby+qrgT2TXj8gMhWoUZ05iZLKExeUI0c7mlLqNHu1iIe/KofSyTRpiJOW1d
pO4bYxodyZxL1or5rEXIEZbCtTL2V3jJitbubPQqo6vkyxVr5gvZOTHAcQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEj5EplNnLmD2rJavfIx+udLgpvFMB8GA1UdIwQY
MBaAFHsI4Wh4dEuIuEID7v4td6h9q5CxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXdqaGFIaDBTNGk0UWdQdV9pMTNxSDJya0xFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC81ZWM3OTQtMWJiMy00YzY1LWFjNDIt
YTE4YzA2ZWM1MmU4LzEvU1BrU21VMmN1WVBhc2xxOThqSDY1MHVDbThVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC81ZWM3OTQtMWJiMy00YzY1LWFjNDItYTE4YzA2ZWM1MmU4
LzEvZXdqaGFIaDBTNGk0UWdQdV9pMTNxSDJya0xFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYLQMA0E
AgACMAcDBQMqDsJAMA0GCSqGSIb3DQEBCwUAA4IBAQBtyf5XCPA569rBi6UFGbeZ
LqfX0TjObJOMqvyqDgBuYNj483RLFnfPqwSo9rXXBQjyB4XlY4lMCPDEaz6Jo4mT
pd0SZov6nEAkcoHXs+8yo9yomAqe72srazUVW3zVYqBRSR5OOOfBAv8l4Rn4ookK
9CVrqHiu5Yg6xTtUw6CNGf0PQDXUveJaNE6QCLJsW23BzMC/biBmysWp1HVN4+jS
uF/RvCq2eU/rEaLgSMEfqUuEaPbBW8qxXSoUq3ppgMgzk1it9HhaS3qgzMcJ288p
0mjAwh/HbIWh9jwEsB19NTBtDm1hHMFOtrP/3pvqkoRdgxicfwPSylykqxVHaibs
-----END CERTIFICATE-----