Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/f4ab5f-e6c2-48b8-94ec-49178296de86/1/dy6V06G8CC2FK34EGVuxtzegKH4.roa
File:                     dy6V06G8CC2FK34EGVuxtzegKH4.roa (raw, json)
Hash identifier:          gPhDzrN8RIm6TShQaGb5YzX92bCG0Thu0kMn08thu4Y=
Subject key identifier:   77:2E:95:D3:A1:BC:08:2D:85:2B:7E:04:19:5B:B1:B7:37:A0:28:7E
Certificate issuer:       /CN=0b58c921cb3e9c81ddc316ff039cb9c36d2a4390
Certificate serial:       019423D6FC2CA56E0F346E28331B0CCD11D3
Authority key identifier: 0B:58:C9:21:CB:3E:9C:81:DD:C3:16:FF:03:9C:B9:C3:6D:2A:43:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C1jJIcs-nIHdwxb_A5y5w20qQ5A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/f4ab5f-e6c2-48b8-94ec-49178296de86/1/dy6V06G8CC2FK34EGVuxtzegKH4.roa
Signing time:             Wed 01 Jan 2025 21:47:59 +0000
ROA not before:           Wed 01 Jan 2025 21:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40401
IP address blocks:        45.11.36.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/f4ab5f-e6c2-48b8-94ec-49178296de86/1/C1jJIcs-nIHdwxb_A5y5w20qQ5A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/f4ab5f-e6c2-48b8-94ec-49178296de86/1/C1jJIcs-nIHdwxb_A5y5w20qQ5A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C1jJIcs-nIHdwxb_A5y5w20qQ5A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:fc:2c:a5:6e:0f:34:6e:28:33:1b:0c:cd:11:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b58c921cb3e9c81ddc316ff039cb9c36d2a4390
        Validity
            Not Before: Jan  1 21:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=772e95d3a1bc082d852b7e04195bb1b737a0287e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1a:50:7e:8e:36:db:3c:cb:5c:97:83:39:5d:
                    22:d0:6c:01:72:4e:6b:51:10:a2:5b:6f:10:31:2a:
                    3d:30:fd:b4:21:05:40:07:68:30:67:39:03:ac:1d:
                    9b:5c:26:89:6c:90:4a:c6:10:02:ae:cf:13:a0:e1:
                    a3:08:bf:02:b8:87:d6:5a:68:de:34:3e:00:ca:c4:
                    56:d7:8c:b0:11:45:fd:37:9b:e6:f8:94:03:b7:2d:
                    08:87:6d:39:5c:ba:cc:67:ae:8a:31:12:b4:4d:5d:
                    e3:cd:34:d6:97:c0:91:43:64:57:01:fe:72:b3:f9:
                    2b:aa:2c:2a:29:68:9d:f0:15:4a:cf:89:56:fa:90:
                    f4:66:cd:bf:e8:7f:cb:6a:63:95:4a:82:79:03:04:
                    ca:9e:e7:ea:bb:0d:98:ec:81:4f:42:53:cd:fb:b5:
                    6b:95:21:82:56:a3:30:db:13:b7:4b:dc:c5:af:db:
                    e2:4f:23:64:87:2b:3c:0b:c5:59:d7:f5:f0:f3:0e:
                    4f:2f:c9:29:89:67:ac:07:cf:ac:3d:e5:81:13:99:
                    5c:1d:89:20:28:67:94:14:18:30:9e:4f:2a:c6:68:
                    05:e8:ca:c7:53:b1:bc:53:01:9c:b4:6a:e6:f6:17:
                    f2:21:4c:ce:86:67:36:ee:16:c2:c4:61:14:37:37:
                    7d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:2E:95:D3:A1:BC:08:2D:85:2B:7E:04:19:5B:B1:B7:37:A0:28:7E
            X509v3 Authority Key Identifier:
                keyid:0B:58:C9:21:CB:3E:9C:81:DD:C3:16:FF:03:9C:B9:C3:6D:2A:43:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C1jJIcs-nIHdwxb_A5y5w20qQ5A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/f4ab5f-e6c2-48b8-94ec-49178296de86/1/dy6V06G8CC2FK34EGVuxtzegKH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/f4ab5f-e6c2-48b8-94ec-49178296de86/1/C1jJIcs-nIHdwxb_A5y5w20qQ5A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:65:00:65:bf:d6:87:dd:b2:fd:fc:16:b3:5e:de:85:bd:2e:
         82:15:93:e6:84:d9:a5:ed:dd:42:bb:b0:d8:64:b7:32:1d:a6:
         76:2a:d0:22:b7:83:89:90:d6:a6:84:57:af:11:01:b9:35:6d:
         ca:93:ad:68:df:20:31:be:c5:f2:15:91:66:1d:52:5b:db:13:
         6f:e6:47:a4:65:a9:60:b0:6b:3c:42:34:34:37:80:32:be:eb:
         98:88:0c:d4:2e:c9:ca:73:e9:53:68:71:b0:6f:fd:65:de:ea:
         fc:67:7b:78:ec:43:5d:b8:13:f4:6c:02:13:c8:6f:ee:9d:4a:
         2d:91:19:87:2f:d6:95:14:1a:49:ec:28:ce:c4:4b:ea:0f:ff:
         06:23:95:34:7f:5b:57:69:80:41:f0:7d:e8:0b:1c:2f:e6:bb:
         5d:da:60:86:68:df:18:eb:67:70:bf:28:e3:ed:f7:74:0d:95:
         84:8b:f4:a2:4e:3c:68:c9:70:0a:33:7c:a4:18:e1:76:e1:c3:
         d3:1f:24:e4:3d:a0:ed:30:c8:57:03:25:fa:85:2f:bb:9c:ed:
         2e:ef:b2:cf:b1:27:a1:1e:4f:17:74:d6:9b:72:d6:c9:25:b4:
         50:d3:57:e8:2c:e9:f2:88:57:b5:24:8a:5e:2a:51:88:62:5c:
         d0:6c:a1:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1vwspW4PNG4oMxsMzRHTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNThjOTIxY2IzZTljODFkZGMzMTZmZjAzOWNiOWMzNmQy
YTQzOTAwHhcNMjUwMTAxMjE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzJlOTVkM2ExYmMwODJkODUyYjdlMDQxOTViYjFiNzM3YTAyODdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphpQfo422zzLXJeDOV0i0GwBck5r
URCiW28QMSo9MP20IQVAB2gwZzkDrB2bXCaJbJBKxhACrs8ToOGjCL8CuIfWWmje
ND4AysRW14ywEUX9N5vm+JQDty0Ih205XLrMZ66KMRK0TV3jzTTWl8CRQ2RXAf5y
s/krqiwqKWid8BVKz4lW+pD0Zs2/6H/LamOVSoJ5AwTKnufquw2Y7IFPQlPN+7Vr
lSGCVqMw2xO3S9zFr9viTyNkhys8C8VZ1/Xw8w5PL8kpiWesB8+sPeWBE5lcHYkg
KGeUFBgwnk8qxmgF6MrHU7G8UwGctGrm9hfyIUzOhmc27hbCxGEUNzd97QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHculdOhvAgthSt+BBlbsbc3oCh+MB8GA1UdIwQY
MBaAFAtYySHLPpyB3cMW/wOcucNtKkOQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzFqSkljcy1uSUhkd3hiX0E1eTV3MjBxUTVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9mNGFiNWYtZTZjMi00OGI4LTk0ZWMt
NDkxNzgyOTZkZTg2LzEvZHk2VjA2RzhDQzJGSzM0RUdWdXh0emVnS0g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9mNGFiNWYtZTZjMi00OGI4LTk0ZWMtNDkxNzgyOTZkZTg2
LzEvQzFqSkljcy1uSUhkd3hiX0E1eTV3MjBxUTVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQskMA0G
CSqGSIb3DQEBCwUAA4IBAQCCZQBlv9aH3bL9/BazXt6FvS6CFZPmhNml7d1Cu7DY
ZLcyHaZ2KtAit4OJkNamhFevEQG5NW3Kk61o3yAxvsXyFZFmHVJb2xNv5kekZalg
sGs8QjQ0N4AyvuuYiAzULsnKc+lTaHGwb/1l3ur8Z3t47ENduBP0bAITyG/unUot
kRmHL9aVFBpJ7CjOxEvqD/8GI5U0f1tXaYBB8H3oCxwv5rtd2mCGaN8Y62dwvyjj
7fd0DZWEi/SiTjxoyXAKM3ykGOF24cPTHyTkPaDtMMhXAyX6hS+7nO0u77LPsSeh
Hk8XdNabctbJJbRQ01foLOnyiFe1JIpeKlGIYlzQbKHU
-----END CERTIFICATE-----