Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/cecfb6-07fb-4275-b06a-8aa50d67037c/1/tbW3C2BxGOP8RipICwkXorNWMa0.roa
File:                     tbW3C2BxGOP8RipICwkXorNWMa0.roa (raw, json)
Hash identifier:          sAyggufTAiW8TAkDGmUgXEYrufIqSzYFIzTOlTIqneg=
Subject key identifier:   B5:B5:B7:0B:60:71:18:E3:FC:46:2A:48:0B:09:17:A2:B3:56:31:AD
Certificate issuer:       /CN=d3a7c3be06bc45c3f12b90b185278ad4ec919756
Certificate serial:       01942143C13D79EBF4183A99BC991AF9E182
Authority key identifier: D3:A7:C3:BE:06:BC:45:C3:F1:2B:90:B1:85:27:8A:D4:EC:91:97:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/06fDvga8RcPxK5CxhSeK1OyRl1Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/cecfb6-07fb-4275-b06a-8aa50d67037c/1/tbW3C2BxGOP8RipICwkXorNWMa0.roa
Signing time:             Wed 01 Jan 2025 09:47:55 +0000
ROA not before:           Wed 01 Jan 2025 09:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209879
IP address blocks:        45.148.88.0/22 maxlen: 27
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/cecfb6-07fb-4275-b06a-8aa50d67037c/1/06fDvga8RcPxK5CxhSeK1OyRl1Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/cecfb6-07fb-4275-b06a-8aa50d67037c/1/06fDvga8RcPxK5CxhSeK1OyRl1Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/06fDvga8RcPxK5CxhSeK1OyRl1Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 09:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:c1:3d:79:eb:f4:18:3a:99:bc:99:1a:f9:e1:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3a7c3be06bc45c3f12b90b185278ad4ec919756
        Validity
            Not Before: Jan  1 09:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5b5b70b607118e3fc462a480b0917a2b35631ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:4e:d2:24:77:bf:41:13:47:2f:21:39:a6:d0:
                    87:8e:f0:30:37:84:7a:34:8c:3a:22:4a:e4:66:5d:
                    63:49:75:b7:74:bd:6c:42:ca:6e:cc:ba:7c:e7:fd:
                    6b:10:65:0b:22:0a:c7:8f:77:e1:48:07:fa:24:b9:
                    fa:e1:52:ca:d1:87:a2:d0:8e:b2:36:23:36:ac:75:
                    3c:56:a6:50:91:ba:21:f5:b9:ed:0c:e9:42:db:2a:
                    e8:3f:8b:7c:25:c3:a7:62:02:16:02:98:54:ba:08:
                    61:ff:69:25:57:cc:32:98:aa:a8:db:44:20:17:2b:
                    18:e9:5b:18:42:e9:42:66:ae:b8:b8:a7:f0:5f:3a:
                    4d:f0:7d:52:41:ba:f5:e5:c6:09:88:fe:35:da:ce:
                    b2:aa:2a:f2:0d:5f:03:5d:6a:30:e7:9c:d1:90:d7:
                    70:83:77:d1:6e:6b:5b:38:ef:ec:06:a5:7d:16:b0:
                    88:fd:b4:2b:13:16:34:38:21:00:fe:3a:8a:ac:76:
                    94:dc:dc:17:63:e7:5c:17:d6:cd:df:48:c3:a5:f1:
                    cb:4e:c3:81:e3:10:70:1c:be:12:75:81:c0:53:76:
                    ba:76:c1:f1:50:13:d0:ff:31:de:a2:80:d6:a3:06:
                    15:a9:c3:5d:76:5f:81:f4:43:66:c7:e8:87:db:d3:
                    f0:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:B5:B7:0B:60:71:18:E3:FC:46:2A:48:0B:09:17:A2:B3:56:31:AD
            X509v3 Authority Key Identifier:
                keyid:D3:A7:C3:BE:06:BC:45:C3:F1:2B:90:B1:85:27:8A:D4:EC:91:97:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/06fDvga8RcPxK5CxhSeK1OyRl1Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/cecfb6-07fb-4275-b06a-8aa50d67037c/1/tbW3C2BxGOP8RipICwkXorNWMa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/cecfb6-07fb-4275-b06a-8aa50d67037c/1/06fDvga8RcPxK5CxhSeK1OyRl1Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:f7:42:5c:c8:dd:66:49:06:a0:40:39:01:7f:13:7e:f6:91:
         74:5a:82:a8:c0:7d:04:a8:1c:4c:b4:cb:4a:4b:7f:8b:0b:83:
         f1:f4:fc:55:8f:cd:06:10:28:ea:80:12:c5:9b:1c:75:3b:4f:
         71:5f:89:7e:a0:15:e7:cd:e9:bd:7b:9e:de:08:b8:cd:dc:15:
         55:ae:b5:58:6c:d8:15:a0:c7:c4:09:a2:58:1b:8d:9e:6b:68:
         a8:05:a0:95:01:b2:02:db:84:f8:9d:29:90:b0:6d:55:26:9a:
         d4:24:24:be:ee:1f:94:07:2e:53:b2:0a:71:96:9c:91:ff:d9:
         4f:5e:79:42:91:4e:c6:7d:b9:23:fc:3c:41:23:95:b6:06:01:
         c4:cf:eb:0c:c8:09:60:8e:bf:e3:c9:f7:e8:c8:ad:0f:d6:42:
         d8:59:8c:48:21:f3:25:cc:01:14:06:f9:3b:ff:bd:1e:9a:96:
         24:16:41:a7:cb:65:13:d7:aa:5d:f2:eb:92:c5:a4:ae:15:c6:
         09:25:c5:1b:e6:a8:cd:32:e5:e4:48:cd:58:dd:af:a8:1b:a7:
         11:c0:1a:da:d7:62:fb:83:80:34:57:7b:27:7e:f0:8a:e6:24:
         bf:37:e2:b4:94:2c:24:42:7c:4e:bd:db:6d:23:80:70:56:53:
         d9:f3:5e:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ8E9eev0GDqZvJka+eGCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYTdjM2JlMDZiYzQ1YzNmMTJiOTBiMTg1Mjc4YWQ0ZWM5
MTk3NTYwHhcNMjUwMTAxMDk0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWI1YjcwYjYwNzExOGUzZmM0NjJhNDgwYjA5MTdhMmIzNTYzMWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy07SJHe/QRNHLyE5ptCHjvAwN4R6
NIw6IkrkZl1jSXW3dL1sQspuzLp85/1rEGULIgrHj3fhSAf6JLn64VLK0Yei0I6y
NiM2rHU8VqZQkboh9bntDOlC2yroP4t8JcOnYgIWAphUughh/2klV8wymKqo20Qg
FysY6VsYQulCZq64uKfwXzpN8H1SQbr15cYJiP412s6yqiryDV8DXWow55zRkNdw
g3fRbmtbOO/sBqV9FrCI/bQrExY0OCEA/jqKrHaU3NwXY+dcF9bN30jDpfHLTsOB
4xBwHL4SdYHAU3a6dsHxUBPQ/zHeooDWowYVqcNddl+B9ENmx+iH29PwIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLW1twtgcRjj/EYqSAsJF6KzVjGtMB8GA1UdIwQY
MBaAFNOnw74GvEXD8SuQsYUnitTskZdWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDZmRHZnYThSY1B4SzVDeGhTZUsxT3lSbDFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9jZWNmYjYtMDdmYi00Mjc1LWIwNmEt
OGFhNTBkNjcwMzdjLzEvdGJXM0MyQnhHT1A4UmlwSUN3a1hvck5XTWEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9jZWNmYjYtMDdmYi00Mjc1LWIwNmEtOGFhNTBkNjcwMzdj
LzEvMDZmRHZnYThSY1B4SzVDeGhTZUsxT3lSbDFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZRYMA0G
CSqGSIb3DQEBCwUAA4IBAQCm90JcyN1mSQagQDkBfxN+9pF0WoKowH0EqBxMtMtK
S3+LC4Px9PxVj80GECjqgBLFmxx1O09xX4l+oBXnzem9e57eCLjN3BVVrrVYbNgV
oMfECaJYG42ea2ioBaCVAbIC24T4nSmQsG1VJprUJCS+7h+UBy5TsgpxlpyR/9lP
XnlCkU7Gfbkj/DxBI5W2BgHEz+sMyAlgjr/jyffoyK0P1kLYWYxIIfMlzAEUBvk7
/70empYkFkGny2UT16pd8uuSxaSuFcYJJcUb5qjNMuXkSM1Y3a+oG6cRwBra12L7
g4A0V3snfvCK5iS/N+K0lCwkQnxOvdttI4BwVlPZ814T
-----END CERTIFICATE-----