Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/YLeQNZw3hcBtWoEAgnCwPxey47o.roa
File:                     YLeQNZw3hcBtWoEAgnCwPxey47o.roa (raw, json)
Hash identifier:          CS+XdvzVDUj/g/4LCEHu0vbk7Z3SBLKD2qg+1+JDXic=
Subject key identifier:   60:B7:90:35:9C:37:85:C0:6D:5A:81:00:82:70:B0:3F:17:B2:E3:BA
Certificate issuer:       /CN=55fad96dd05af8c2d26192c841131f2f97459fed
Certificate serial:       01968FB3D8EA75647177BD766DAB65696096
Authority key identifier: 55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/YLeQNZw3hcBtWoEAgnCwPxey47o.roa
Signing time:             Fri 02 May 2025 06:34:10 +0000
ROA not before:           Fri 02 May 2025 06:34:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203866
IP address blocks:        45.10.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 02:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8f:b3:d8:ea:75:64:71:77:bd:76:6d:ab:65:69:60:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55fad96dd05af8c2d26192c841131f2f97459fed
        Validity
            Not Before: May  2 06:34:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60b790359c3785c06d5a81008270b03f17b2e3ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:0a:50:ce:a2:e5:ac:94:eb:f3:5d:33:5a:aa:
                    eb:e5:b8:b8:91:4c:c0:4f:76:de:20:de:a5:cc:cf:
                    0c:a8:00:15:7c:0c:d3:48:49:fd:16:8b:8c:a6:f2:
                    b2:c0:94:99:bc:f4:b7:7b:a1:3f:de:16:ca:34:71:
                    ea:4e:19:2b:43:ab:b5:24:2c:46:2a:aa:2c:fa:dd:
                    0d:80:28:e9:af:b3:da:30:cf:1c:d0:53:f8:af:39:
                    59:90:c8:2e:ea:20:05:76:51:7f:d2:e9:c1:b6:b4:
                    31:14:e7:01:61:cc:f0:1f:8e:64:53:6a:33:f9:50:
                    d2:54:94:67:8e:4f:98:cf:26:b1:54:a7:39:f1:7a:
                    d7:f3:06:72:94:4a:67:4e:cf:ec:e2:bc:10:f8:2c:
                    c3:a9:6c:9f:7d:ac:b6:a3:8c:64:d5:eb:eb:51:a6:
                    46:b6:9c:2e:53:89:5e:80:78:04:3e:01:8d:91:54:
                    4f:50:23:c8:50:56:76:0f:9e:fa:7d:ee:63:c1:15:
                    ea:0f:c9:cf:8f:1e:9f:4d:e8:73:9f:a6:73:02:52:
                    36:56:35:bd:54:c8:ae:33:04:2c:b7:e8:0b:24:ff:
                    24:f4:7f:c2:3d:8c:33:55:84:48:84:ee:85:cf:c2:
                    e8:aa:39:7e:e5:ed:6c:0a:84:3d:f2:c9:7c:af:e4:
                    2f:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:B7:90:35:9C:37:85:C0:6D:5A:81:00:82:70:B0:3F:17:B2:E3:BA
            X509v3 Authority Key Identifier:
                keyid:55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/YLeQNZw3hcBtWoEAgnCwPxey47o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:8b:9d:12:28:26:74:d8:0d:c9:38:6a:4c:ea:91:64:7c:de:
         0a:07:0d:bd:57:5c:dd:53:aa:73:9c:f2:00:a7:b9:7a:8e:b3:
         bd:ba:85:59:06:7f:d6:f3:26:6c:3c:e1:07:87:0c:1c:ec:41:
         e0:0b:2d:c7:6d:a0:bf:90:70:4d:1a:a2:29:d1:63:fe:ff:e0:
         88:d7:b6:d0:b3:b2:a5:d6:76:cc:99:0a:c6:eb:9a:1a:76:8f:
         ff:47:fa:92:eb:c0:78:b7:d3:fb:13:8d:4a:00:4d:4f:c7:be:
         cf:66:2c:09:94:47:98:d8:e4:51:d2:25:ca:89:5c:70:4b:f4:
         6d:39:1c:db:a5:a9:1e:26:9d:b3:9a:19:0a:51:cd:60:ce:dc:
         3f:f6:d8:fe:e0:24:9d:cf:db:e2:06:11:c1:26:9e:fa:0b:9f:
         1b:77:fd:3c:5e:72:dc:3f:68:dd:d9:05:4f:78:4b:9c:2e:e5:
         89:63:dc:39:c2:19:41:09:ab:01:df:de:90:8b:8f:01:2f:d3:
         72:62:40:1e:7a:5d:6b:ab:c5:f3:1b:d7:1e:1e:7f:13:4c:33:
         4f:89:d5:a4:ca:92:40:7b:d2:75:4b:8e:51:86:c7:b5:b0:06:
         6b:27:c8:75:cd:25:fe:dd:9f:af:af:79:10:a7:63:0c:5e:df:
         1f:3b:11:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaPs9jqdWRxd712batlaWCWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZmFkOTZkZDA1YWY4YzJkMjYxOTJjODQxMTMxZjJmOTc0
NTlmZWQwHhcNMjUwNTAyMDYzNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGI3OTAzNTljMzc4NWMwNmQ1YTgxMDA4MjcwYjAzZjE3YjJlM2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3QpQzqLlrJTr810zWqrr5bi4kUzA
T3beIN6lzM8MqAAVfAzTSEn9FouMpvKywJSZvPS3e6E/3hbKNHHqThkrQ6u1JCxG
Kqos+t0NgCjpr7PaMM8c0FP4rzlZkMgu6iAFdlF/0unBtrQxFOcBYczwH45kU2oz
+VDSVJRnjk+YzyaxVKc58XrX8wZylEpnTs/s4rwQ+CzDqWyffay2o4xk1evrUaZG
tpwuU4legHgEPgGNkVRPUCPIUFZ2D576fe5jwRXqD8nPjx6fTehzn6ZzAlI2VjW9
VMiuMwQst+gLJP8k9H/CPYwzVYRIhO6Fz8Loqjl+5e1sCoQ98sl8r+QviQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGC3kDWcN4XAbVqBAIJwsD8XsuO6MB8GA1UdIwQY
MBaAFFX62W3QWvjC0mGSyEETHy+XRZ/tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAt
MzBmZjJjODNmMDAxLzEvWUxlUU5adzNoY0J0V29FQWduQ3dQeGV5NDdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAtMzBmZjJjODNmMDAx
LzEvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQpZMA0G
CSqGSIb3DQEBCwUAA4IBAQAei50SKCZ02A3JOGpM6pFkfN4KBw29V1zdU6pznPIA
p7l6jrO9uoVZBn/W8yZsPOEHhwwc7EHgCy3HbaC/kHBNGqIp0WP+/+CI17bQs7Kl
1nbMmQrG65oado//R/qS68B4t9P7E41KAE1Px77PZiwJlEeY2ORR0iXKiVxwS/Rt
ORzbpakeJp2zmhkKUc1gztw/9tj+4CSdz9viBhHBJp76C58bd/08XnLcP2jd2QVP
eEucLuWJY9w5whlBCasB396Qi48BL9NyYkAeel1rq8XzG9ceHn8TTDNPidWkypJA
e9J1S45Rhse1sAZrJ8h1zSX+3Z+vr3kQp2MMXt8fOxFw
-----END CERTIFICATE-----