Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/f14bc3-1f96-4da8-a16f-7b45be0465aa/1/bKjmtKZ3Q_dbBV89_TPqXOrr9l8.roa
File:                     bKjmtKZ3Q_dbBV89_TPqXOrr9l8.roa (raw, json)
Hash identifier:          fkweW281SglBT4coSKgBxiwmush3g6XftqB0c+xmAws=
Subject key identifier:   6C:A8:E6:B4:A6:77:43:F7:5B:05:5F:3D:FD:33:EA:5C:EA:EB:F6:5F
Certificate issuer:       /CN=076b0185cabb66843d67f88601bc0a79a2eebcad
Certificate serial:       019424448A798BE77876A7954BC2210AB762
Authority key identifier: 07:6B:01:85:CA:BB:66:84:3D:67:F8:86:01:BC:0A:79:A2:EE:BC:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B2sBhcq7ZoQ9Z_iGAbwKeaLuvK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/f14bc3-1f96-4da8-a16f-7b45be0465aa/1/bKjmtKZ3Q_dbBV89_TPqXOrr9l8.roa
Signing time:             Wed 01 Jan 2025 23:47:39 +0000
ROA not before:           Wed 01 Jan 2025 23:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202942
IP address blocks:        45.9.64.0/22 maxlen: 24
                          185.135.224.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/f14bc3-1f96-4da8-a16f-7b45be0465aa/1/B2sBhcq7ZoQ9Z_iGAbwKeaLuvK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/f14bc3-1f96-4da8-a16f-7b45be0465aa/1/B2sBhcq7ZoQ9Z_iGAbwKeaLuvK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B2sBhcq7ZoQ9Z_iGAbwKeaLuvK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:8a:79:8b:e7:78:76:a7:95:4b:c2:21:0a:b7:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=076b0185cabb66843d67f88601bc0a79a2eebcad
        Validity
            Not Before: Jan  1 23:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ca8e6b4a67743f75b055f3dfd33ea5ceaebf65f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ac:bd:a0:6f:cd:4e:61:9e:98:eb:a2:39:05:
                    17:29:5f:ee:56:87:98:e6:9e:3a:df:3e:c5:c0:fa:
                    53:f8:b5:47:12:dc:ef:bd:d6:d3:c5:c6:c1:8c:d9:
                    8b:30:ca:6c:51:5d:4a:de:08:1d:5c:be:95:45:71:
                    41:c7:11:cf:0c:2f:bb:62:d7:0c:c0:48:df:8a:f4:
                    cb:d8:97:14:4b:6c:5c:41:81:71:a1:27:87:25:cb:
                    f6:ac:bf:2f:38:6a:75:1c:f9:79:a5:1f:5f:13:f9:
                    0f:17:7d:ae:c3:ae:f3:22:c9:07:cf:07:7b:84:b8:
                    f7:5e:f5:d5:78:21:19:31:c8:6c:80:79:c2:66:2b:
                    62:7d:84:67:cf:93:3e:50:53:7a:f1:b9:d8:c4:04:
                    15:b4:21:d5:1a:83:3c:dd:1f:c8:07:80:d2:8e:f8:
                    53:27:b9:89:b6:0c:95:3d:4a:69:99:79:23:e3:ab:
                    8c:0b:52:c0:bf:d5:5c:a6:5f:3e:e0:12:72:ab:db:
                    47:5a:76:e1:71:d3:c8:59:d6:b0:34:e7:18:f3:ad:
                    1a:b9:9b:01:32:47:9e:42:81:9b:03:fd:69:46:90:
                    f6:6b:82:fc:16:22:e4:ac:a1:52:87:1b:85:3e:5a:
                    b4:bd:cf:cb:6c:e5:4b:07:a0:ed:46:25:eb:b2:97:
                    54:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:A8:E6:B4:A6:77:43:F7:5B:05:5F:3D:FD:33:EA:5C:EA:EB:F6:5F
            X509v3 Authority Key Identifier:
                keyid:07:6B:01:85:CA:BB:66:84:3D:67:F8:86:01:BC:0A:79:A2:EE:BC:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B2sBhcq7ZoQ9Z_iGAbwKeaLuvK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/f14bc3-1f96-4da8-a16f-7b45be0465aa/1/bKjmtKZ3Q_dbBV89_TPqXOrr9l8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/f14bc3-1f96-4da8-a16f-7b45be0465aa/1/B2sBhcq7ZoQ9Z_iGAbwKeaLuvK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.64.0/22
                  185.135.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:d5:f3:ac:57:62:ed:f0:dc:e6:99:0a:c0:cb:ae:26:4e:bf:
         5b:f2:10:45:2c:38:d5:51:f0:3f:11:23:25:d9:59:92:7b:66:
         ef:3b:44:45:c3:ff:73:25:91:3b:18:61:04:06:77:68:40:d5:
         2b:eb:95:1d:1d:fb:49:f1:24:5c:a8:75:ec:f8:3c:6f:19:70:
         2d:c8:89:3c:5f:dc:94:c8:f9:6c:fe:cb:24:c3:c6:e6:00:3e:
         ad:51:5b:c7:60:2f:44:7f:66:b7:f6:44:4b:1d:b9:89:1f:a2:
         5d:8e:ce:7d:8c:d7:ef:22:e5:08:67:7b:01:18:ad:ef:70:06:
         d8:3f:d2:3f:db:ea:b3:cb:9b:51:0c:23:e4:69:76:d8:e0:69:
         0d:1e:3f:81:84:fc:3f:3c:38:e3:7f:bd:ff:a4:80:c1:b3:82:
         c4:1a:9b:93:5b:5e:95:e1:35:70:52:69:d5:c9:9a:09:ba:e2:
         28:25:31:51:44:1c:c1:cd:7e:3b:3f:3c:37:ee:fd:1c:17:4d:
         4b:65:61:87:5b:e1:6f:a6:3f:e2:f6:34:b3:05:30:39:4e:5d:
         e7:e0:1f:fb:89:f3:98:fb:db:88:f3:7c:ee:8e:da:5f:5e:69:
         27:09:45:f2:34:01:4e:62:77:1e:c5:f4:b0:5c:a4:a3:4a:43:
         c0:c0:f5:aa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRIp5i+d4dqeVS8IhCrdiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3NmIwMTg1Y2FiYjY2ODQzZDY3Zjg4NjAxYmMwYTc5YTJl
ZWJjYWQwHhcNMjUwMTAxMjM0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2E4ZTZiNGE2Nzc0M2Y3NWIwNTVmM2RmZDMzZWE1Y2VhZWJmNjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsay9oG/NTmGemOuiOQUXKV/uVoeY
5p463z7FwPpT+LVHEtzvvdbTxcbBjNmLMMpsUV1K3ggdXL6VRXFBxxHPDC+7YtcM
wEjfivTL2JcUS2xcQYFxoSeHJcv2rL8vOGp1HPl5pR9fE/kPF32uw67zIskHzwd7
hLj3XvXVeCEZMchsgHnCZitifYRnz5M+UFN68bnYxAQVtCHVGoM83R/IB4DSjvhT
J7mJtgyVPUppmXkj46uMC1LAv9Vcpl8+4BJyq9tHWnbhcdPIWdawNOcY860auZsB
MkeeQoGbA/1pRpD2a4L8FiLkrKFShxuFPlq0vc/LbOVLB6DtRiXrspdUHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGyo5rSmd0P3WwVfPf0z6lzq6/ZfMB8GA1UdIwQY
MBaAFAdrAYXKu2aEPWf4hgG8Cnmi7rytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjJzQmhjcTdab1E5Wl9pR0Fid0tlYUx1dkswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9mMTRiYzMtMWY5Ni00ZGE4LWExNmYt
N2I0NWJlMDQ2NWFhLzEvYktqbXRLWjNRX2RiQlY4OV9UUHFYT3JyOWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9mMTRiYzMtMWY5Ni00ZGE4LWExNmYtN2I0NWJlMDQ2NWFh
LzEvQjJzQmhjcTdab1E5Wl9pR0Fid0tlYUx1dkswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLQlAAwQC
uYfgMA0GCSqGSIb3DQEBCwUAA4IBAQBt1fOsV2Lt8NzmmQrAy64mTr9b8hBFLDjV
UfA/ESMl2VmSe2bvO0RFw/9zJZE7GGEEBndoQNUr65UdHftJ8SRcqHXs+DxvGXAt
yIk8X9yUyPls/sskw8bmAD6tUVvHYC9Ef2a39kRLHbmJH6Jdjs59jNfvIuUIZ3sB
GK3vcAbYP9I/2+qzy5tRDCPkaXbY4GkNHj+BhPw/PDjjf73/pIDBs4LEGpuTW16V
4TVwUmnVyZoJuuIoJTFRRBzBzX47Pzw37v0cF01LZWGHW+Fvpj/i9jSzBTA5Tl3n
4B/7ifOY+9uI83zujtpfXmknCUXyNAFOYncexfSwXKSjSkPAwPWq
-----END CERTIFICATE-----