Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/f2cd5e-fd1c-4b47-aa65-5e861165884c/1/fxhyywtkkeQkBb1LWBBLmBYmdhw.roa
File:                     fxhyywtkkeQkBb1LWBBLmBYmdhw.roa (raw, json)
Hash identifier:          JEDR1+B65jcWiXG9Txje4CaMRNTaWS3SE4CY6nIrNeE=
Subject key identifier:   7F:18:72:CB:0B:64:91:E4:24:05:BD:4B:58:10:4B:98:16:26:76:1C
Certificate issuer:       /CN=bc98da09f0a45a408f5b7f1bae6d91e3333d5732
Certificate serial:       019427B68D0AAF1A262B86BA1181D7624A13
Authority key identifier: BC:98:DA:09:F0:A4:5A:40:8F:5B:7F:1B:AE:6D:91:E3:33:3D:57:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vJjaCfCkWkCPW38brm2R4zM9VzI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/f2cd5e-fd1c-4b47-aa65-5e861165884c/1/fxhyywtkkeQkBb1LWBBLmBYmdhw.roa
Signing time:             Thu 02 Jan 2025 15:51:02 +0000
ROA not before:           Thu 02 Jan 2025 15:51:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        45.133.76.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/f2cd5e-fd1c-4b47-aa65-5e861165884c/1/vJjaCfCkWkCPW38brm2R4zM9VzI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/f2cd5e-fd1c-4b47-aa65-5e861165884c/1/vJjaCfCkWkCPW38brm2R4zM9VzI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vJjaCfCkWkCPW38brm2R4zM9VzI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:8d:0a:af:1a:26:2b:86:ba:11:81:d7:62:4a:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc98da09f0a45a408f5b7f1bae6d91e3333d5732
        Validity
            Not Before: Jan  2 15:51:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f1872cb0b6491e42405bd4b58104b981626761c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9e:70:50:0b:7f:6d:cb:a8:d6:f1:be:9a:05:
                    8b:35:e9:5f:11:16:fb:9f:aa:73:fa:19:fc:0e:4c:
                    13:ca:66:61:13:4e:bb:8d:a9:1a:4e:ae:50:07:7b:
                    82:a7:4e:bb:e8:4e:d6:14:80:42:98:e2:ad:ea:6b:
                    f5:22:dd:70:cf:f8:6f:92:8a:c2:d1:ce:b5:1d:c7:
                    0c:6c:25:01:d9:6f:44:0d:86:34:cc:f6:d7:41:3f:
                    e4:2c:b5:03:3e:53:8a:ad:81:26:e9:98:c3:54:b5:
                    d0:8b:de:37:ce:66:6e:04:10:00:c5:95:cf:0f:42:
                    cd:43:7f:81:6c:c9:f6:cc:2a:3b:1b:2f:0a:9d:10:
                    4c:40:91:7f:04:ba:8b:dc:f9:4d:d3:f9:1c:57:06:
                    7a:95:9e:a5:cc:24:bd:2f:f0:9b:1d:80:fa:13:a0:
                    0e:8e:1a:b8:a0:80:3b:28:b1:24:a1:d6:b8:60:01:
                    5c:71:53:9f:40:34:48:fd:58:b3:2c:a7:bd:80:9d:
                    39:0a:3f:81:a1:c3:8e:e3:f8:01:6e:20:a4:31:b1:
                    61:f4:ce:33:65:3d:b9:c7:3e:c8:5a:3b:21:7f:7a:
                    4b:5a:1a:4d:4f:9c:c2:72:2c:a4:aa:b4:6d:ac:08:
                    28:c7:12:45:7b:03:5c:93:2b:4a:e9:b1:bc:ab:e8:
                    7d:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:18:72:CB:0B:64:91:E4:24:05:BD:4B:58:10:4B:98:16:26:76:1C
            X509v3 Authority Key Identifier:
                keyid:BC:98:DA:09:F0:A4:5A:40:8F:5B:7F:1B:AE:6D:91:E3:33:3D:57:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vJjaCfCkWkCPW38brm2R4zM9VzI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/f2cd5e-fd1c-4b47-aa65-5e861165884c/1/fxhyywtkkeQkBb1LWBBLmBYmdhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/f2cd5e-fd1c-4b47-aa65-5e861165884c/1/vJjaCfCkWkCPW38brm2R4zM9VzI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:e2:55:01:2e:6b:f6:3d:d6:ad:44:8b:9e:be:e5:e3:49:56:
         32:4d:5d:61:16:d1:37:3c:a6:b5:32:ef:f0:56:78:4d:96:51:
         da:44:86:01:84:9d:ad:9f:0f:2e:88:76:0b:3b:24:be:75:3b:
         1a:fd:64:79:bf:dd:ce:c0:ce:0f:ed:0f:c5:00:7c:b6:0f:52:
         99:ab:42:46:aa:81:d1:5f:d7:09:29:1c:44:0a:29:86:29:be:
         12:e5:3e:2d:81:06:f8:af:57:27:7b:f5:30:fe:fb:76:d7:3d:
         1c:41:af:1b:7e:22:8d:eb:11:06:e2:00:3e:28:9e:70:11:9c:
         33:44:4e:a5:56:30:ae:87:89:81:24:0d:bb:9e:f3:33:40:90:
         54:15:de:8d:cc:73:51:8a:92:04:83:d1:c0:02:c0:79:56:43:
         01:b6:76:d5:a8:0d:ff:bd:69:c7:1e:c8:ed:dc:db:58:c9:01:
         dd:e6:fe:c2:5f:85:77:84:fc:d5:b5:65:c8:54:33:5f:12:a9:
         fa:4d:9c:98:2b:6d:b7:be:a1:18:7b:e1:bb:3b:23:10:e9:5d:
         4f:d6:8a:fb:17:7c:71:70:4d:d2:7b:fb:d8:dd:80:b8:70:78:
         f9:db:85:94:99:99:3b:30:dc:ea:53:e1:9b:56:1b:44:5b:dd:
         43:91:88:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnto0KrxomK4a6EYHXYkoTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjOThkYTA5ZjBhNDVhNDA4ZjViN2YxYmFlNmQ5MWUzMzMz
ZDU3MzIwHhcNMjUwMTAyMTU1MTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjE4NzJjYjBiNjQ5MWU0MjQwNWJkNGI1ODEwNGI5ODE2MjY3NjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJ5wUAt/bcuo1vG+mgWLNelfERb7
n6pz+hn8DkwTymZhE067jakaTq5QB3uCp0676E7WFIBCmOKt6mv1It1wz/hvkorC
0c61HccMbCUB2W9EDYY0zPbXQT/kLLUDPlOKrYEm6ZjDVLXQi943zmZuBBAAxZXP
D0LNQ3+BbMn2zCo7Gy8KnRBMQJF/BLqL3PlN0/kcVwZ6lZ6lzCS9L/CbHYD6E6AO
jhq4oIA7KLEkoda4YAFccVOfQDRI/VizLKe9gJ05Cj+BocOO4/gBbiCkMbFh9M4z
ZT25xz7IWjshf3pLWhpNT5zCciykqrRtrAgoxxJFewNckytK6bG8q+h9WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8YcssLZJHkJAW9S1gQS5gWJnYcMB8GA1UdIwQY
MBaAFLyY2gnwpFpAj1t/G65tkeMzPVcyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkpqYUNmQ2tXa0NQVzM4YnJtMlI0ek05VnpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9mMmNkNWUtZmQxYy00YjQ3LWFhNjUt
NWU4NjExNjU4ODRjLzEvZnhoeXl3dGtrZVFrQmIxTFdCQkxtQlltZGh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9mMmNkNWUtZmQxYy00YjQ3LWFhNjUtNWU4NjExNjU4ODRj
LzEvdkpqYUNmQ2tXa0NQVzM4YnJtMlI0ek05VnpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYVMMA0G
CSqGSIb3DQEBCwUAA4IBAQA84lUBLmv2PdatRIuevuXjSVYyTV1hFtE3PKa1Mu/w
VnhNllHaRIYBhJ2tnw8uiHYLOyS+dTsa/WR5v93OwM4P7Q/FAHy2D1KZq0JGqoHR
X9cJKRxECimGKb4S5T4tgQb4r1cne/Uw/vt21z0cQa8bfiKN6xEG4gA+KJ5wEZwz
RE6lVjCuh4mBJA27nvMzQJBUFd6NzHNRipIEg9HAAsB5VkMBtnbVqA3/vWnHHsjt
3NtYyQHd5v7CX4V3hPzVtWXIVDNfEqn6TZyYK223vqEYe+G7OyMQ6V1P1or7F3xx
cE3Se/vY3YC4cHj524WUmZk7MNzqU+GbVhtEW91DkYjJ
-----END CERTIFICATE-----