Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/824d8d-b046-46f6-86b8-9b8ace4281f3/1/5Glc2B08f5NNNCUv9fqw3ZiV604.roa
File:                     5Glc2B08f5NNNCUv9fqw3ZiV604.roa (raw, json)
Hash identifier:          qKV0O/uQL4URhMfYX9S0ZOufXlqcIe3xRJXIrY3RJwE=
Subject key identifier:   E4:69:5C:D8:1D:3C:7F:93:4D:34:25:2F:F5:FA:B0:DD:98:95:EB:4E
Certificate issuer:       /CN=afedc3a63df17bb4bf34560957967e59a8b3e3a1
Certificate serial:       019427478C351020430417A9FB5FD5F04F1B
Authority key identifier: AF:ED:C3:A6:3D:F1:7B:B4:BF:34:56:09:57:96:7E:59:A8:B3:E3:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r-3Dpj3xe7S_NFYJV5Z-Waiz46E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/824d8d-b046-46f6-86b8-9b8ace4281f3/1/5Glc2B08f5NNNCUv9fqw3ZiV604.roa
Signing time:             Thu 02 Jan 2025 13:49:47 +0000
ROA not before:           Thu 02 Jan 2025 13:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34984
IP address blocks:        45.129.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/824d8d-b046-46f6-86b8-9b8ace4281f3/1/r-3Dpj3xe7S_NFYJV5Z-Waiz46E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/824d8d-b046-46f6-86b8-9b8ace4281f3/1/r-3Dpj3xe7S_NFYJV5Z-Waiz46E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r-3Dpj3xe7S_NFYJV5Z-Waiz46E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:8c:35:10:20:43:04:17:a9:fb:5f:d5:f0:4f:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afedc3a63df17bb4bf34560957967e59a8b3e3a1
        Validity
            Not Before: Jan  2 13:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4695cd81d3c7f934d34252ff5fab0dd9895eb4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fe:1e:26:a0:24:77:6c:8d:c8:95:48:25:46:b9:
                    89:30:b5:a6:aa:50:01:25:bd:bb:58:21:54:ee:40:
                    f5:69:b4:15:d2:00:0a:b7:d7:fc:fe:12:ca:2b:00:
                    c7:31:d9:20:1c:ac:22:8e:13:de:1a:81:5c:6e:01:
                    1f:9d:46:f0:76:18:da:f4:3d:b7:86:ae:95:b7:3a:
                    c3:77:02:4a:06:b2:5c:d9:db:17:22:bc:1a:c3:77:
                    89:8f:e3:42:17:06:be:c6:6f:52:00:95:e5:f6:f4:
                    ef:87:d3:07:2f:bb:b7:2b:a8:63:80:f4:a9:8c:1e:
                    b3:48:ef:9b:e3:b8:4d:20:6b:bf:12:9f:92:f0:f7:
                    74:b0:83:ea:7e:85:10:bc:a3:de:4c:4b:93:82:a0:
                    31:67:57:7c:f5:31:b5:de:92:c0:da:b9:6d:53:a0:
                    00:9e:02:11:8e:cd:a2:41:d9:01:2e:ea:44:ff:79:
                    57:43:37:dc:fa:6d:b0:36:3d:79:f1:19:ef:46:b5:
                    16:31:b9:82:c6:a3:47:40:7d:17:f9:65:de:09:1f:
                    7c:88:9f:3b:8d:9b:7b:bb:d7:ab:27:82:7d:02:22:
                    30:71:49:db:9d:c4:fd:a0:2c:ce:40:ac:25:61:32:
                    7f:4e:0b:ac:bc:a5:39:d6:8c:66:a5:bc:49:71:d7:
                    cd:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:69:5C:D8:1D:3C:7F:93:4D:34:25:2F:F5:FA:B0:DD:98:95:EB:4E
            X509v3 Authority Key Identifier:
                keyid:AF:ED:C3:A6:3D:F1:7B:B4:BF:34:56:09:57:96:7E:59:A8:B3:E3:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r-3Dpj3xe7S_NFYJV5Z-Waiz46E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/824d8d-b046-46f6-86b8-9b8ace4281f3/1/5Glc2B08f5NNNCUv9fqw3ZiV604.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/824d8d-b046-46f6-86b8-9b8ace4281f3/1/r-3Dpj3xe7S_NFYJV5Z-Waiz46E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:11:bc:63:b8:cd:66:00:ed:4d:2e:ba:2c:9c:b8:78:4f:8e:
         c5:be:c7:84:29:5a:f3:3a:ca:b5:f3:a4:7f:18:5b:3d:d6:7d:
         fe:09:76:3f:19:1b:4b:bd:6f:eb:3b:c5:4e:92:77:a7:c6:78:
         b2:66:71:23:76:c1:0b:36:e2:f3:38:d1:8b:79:c8:d3:bb:a4:
         b3:65:40:30:75:af:d6:aa:63:db:d8:5d:95:f8:49:90:41:8c:
         91:a5:d0:5e:17:ef:4a:78:5e:99:33:a3:26:b9:3e:52:b9:de:
         91:5a:81:be:70:19:55:79:35:87:e2:48:e5:cf:7d:9e:15:2c:
         a3:7f:64:bb:60:85:ad:cf:59:b1:31:1f:b4:14:30:a2:15:5f:
         62:59:8e:a8:fb:88:43:b7:dd:70:6b:11:eb:0e:14:c6:73:54:
         c3:5b:e3:12:aa:81:a1:a3:e8:69:f7:fe:78:4a:02:72:5b:36:
         f2:e0:55:45:a7:e1:0b:13:d8:88:aa:d4:89:e4:e2:f0:58:85:
         96:b6:51:1c:4f:73:cc:9c:e6:ef:73:8d:f6:86:46:c0:66:86:
         d2:5a:4a:c3:9a:ab:9c:74:b0:69:4e:83:9c:08:ac:a4:74:d3:
         5f:d5:6f:c6:cd:8d:12:a3:4c:18:fd:de:3b:2d:94:56:b3:5c:
         48:53:36:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR4w1ECBDBBep+1/V8E8bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZWRjM2E2M2RmMTdiYjRiZjM0NTYwOTU3OTY3ZTU5YThi
M2UzYTEwHhcNMjUwMTAyMTM0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDY5NWNkODFkM2M3ZjkzNGQzNDI1MmZmNWZhYjBkZDk4OTVlYjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/h4moCR3bI3IlUglRrmJMLWmqlAB
Jb27WCFU7kD1abQV0gAKt9f8/hLKKwDHMdkgHKwijhPeGoFcbgEfnUbwdhja9D23
hq6VtzrDdwJKBrJc2dsXIrwaw3eJj+NCFwa+xm9SAJXl9vTvh9MHL7u3K6hjgPSp
jB6zSO+b47hNIGu/Ep+S8Pd0sIPqfoUQvKPeTEuTgqAxZ1d89TG13pLA2rltU6AA
ngIRjs2iQdkBLupE/3lXQzfc+m2wNj158RnvRrUWMbmCxqNHQH0X+WXeCR98iJ87
jZt7u9erJ4J9AiIwcUnbncT9oCzOQKwlYTJ/TgusvKU51oxmpbxJcdfN0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFORpXNgdPH+TTTQlL/X6sN2YletOMB8GA1UdIwQY
MBaAFK/tw6Y98Xu0vzRWCVeWflmos+OhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvci0zRHBqM3hlN1NfTkZZSlY1Wi1XYWl6NDZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi84MjRkOGQtYjA0Ni00NmY2LTg2Yjgt
OWI4YWNlNDI4MWYzLzEvNUdsYzJCMDhmNU5OTkNVdjlmcXczWmlWNjA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi84MjRkOGQtYjA0Ni00NmY2LTg2YjgtOWI4YWNlNDI4MWYz
LzEvci0zRHBqM3hlN1NfTkZZSlY1Wi1XYWl6NDZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYGmMA0G
CSqGSIb3DQEBCwUAA4IBAQAMEbxjuM1mAO1NLrosnLh4T47FvseEKVrzOsq186R/
GFs91n3+CXY/GRtLvW/rO8VOknenxniyZnEjdsELNuLzONGLecjTu6SzZUAwda/W
qmPb2F2V+EmQQYyRpdBeF+9KeF6ZM6MmuT5Sud6RWoG+cBlVeTWH4kjlz32eFSyj
f2S7YIWtz1mxMR+0FDCiFV9iWY6o+4hDt91waxHrDhTGc1TDW+MSqoGho+hp9/54
SgJyWzby4FVFp+ELE9iIqtSJ5OLwWIWWtlEcT3PMnObvc432hkbAZobSWkrDmquc
dLBpToOcCKykdNNf1W/GzY0So0wY/d47LZRWs1xIUzYD
-----END CERTIFICATE-----