Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/uS_eNJttBX5d2bBiNGi8o_-V1qw.roa
File:                     uS_eNJttBX5d2bBiNGi8o_-V1qw.roa (raw, json)
Hash identifier:          4uBi6d9Ejt3VJlBosKZzOt8ocCYLF07d22+zXDAl+n0=
Subject key identifier:   B9:2F:DE:34:9B:6D:05:7E:5D:D9:B0:62:34:68:BC:A3:FF:95:D6:AC
Certificate issuer:       /CN=64d864ae92bd7ceab5083bcc71101ef04676f8ac
Certificate serial:       01942521EE67CB4219B2D6B8B020C9B62572
Authority key identifier: 64:D8:64:AE:92:BD:7C:EA:B5:08:3B:CC:71:10:1E:F0:46:76:F8:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/uS_eNJttBX5d2bBiNGi8o_-V1qw.roa
Signing time:             Thu 02 Jan 2025 03:49:28 +0000
ROA not before:           Thu 02 Jan 2025 03:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209015
IP address blocks:        45.10.200.0/24 maxlen: 24
                          45.10.201.0/24 maxlen: 24
                          45.10.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ee:67:cb:42:19:b2:d6:b8:b0:20:c9:b6:25:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64d864ae92bd7ceab5083bcc71101ef04676f8ac
        Validity
            Not Before: Jan  2 03:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b92fde349b6d057e5dd9b0623468bca3ff95d6ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:62:14:17:fd:98:ad:7f:37:91:89:e3:36:c1:
                    f4:68:6b:bf:fa:e0:38:47:cf:c0:f5:2e:0a:d3:8d:
                    51:a9:26:e7:22:a4:ea:c4:2a:c1:9f:7d:cf:43:73:
                    da:3d:73:28:3e:00:71:ff:f0:ca:a5:e4:49:0f:c4:
                    ce:50:e2:15:dd:48:7b:dd:f3:bb:8c:ac:d4:13:50:
                    f1:ea:34:8c:22:7a:22:99:fd:2b:6e:bb:16:c8:50:
                    64:91:ba:64:60:9e:70:2d:04:8b:41:50:77:74:33:
                    93:75:e3:e7:3a:81:2f:d2:01:af:f6:b2:8a:d8:45:
                    99:0c:09:bb:a4:a3:d1:13:2c:fe:64:58:85:52:72:
                    9e:5a:ef:2c:36:23:5f:8c:71:e6:73:66:a7:a9:96:
                    68:a1:64:2d:bb:5a:08:a9:65:f3:c5:97:7a:70:3c:
                    24:92:08:2a:8d:20:7d:2b:3a:3f:58:a7:30:53:85:
                    88:d8:7e:bb:cd:b4:47:6e:08:0b:28:9a:97:a1:5f:
                    18:35:e6:7c:1e:39:05:39:fc:df:3a:f6:95:81:34:
                    e9:00:dc:b0:10:a4:56:4e:a0:31:f1:95:8a:51:14:
                    49:aa:81:a0:b5:e8:3c:2b:a4:16:00:9b:9f:3b:67:
                    f9:3f:af:4a:56:99:0a:f0:f6:2f:3d:29:dd:01:e4:
                    fb:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:2F:DE:34:9B:6D:05:7E:5D:D9:B0:62:34:68:BC:A3:FF:95:D6:AC
            X509v3 Authority Key Identifier:
                keyid:64:D8:64:AE:92:BD:7C:EA:B5:08:3B:CC:71:10:1E:F0:46:76:F8:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/uS_eNJttBX5d2bBiNGi8o_-V1qw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.200.0/23
                  45.10.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:57:fe:37:e3:6d:aa:90:bb:4b:83:28:a7:20:08:b2:10:45:
         0b:f0:5f:61:d9:d8:e2:a2:55:ed:7a:5c:05:1a:01:5f:b7:42:
         7c:a9:3a:87:70:6f:43:c6:dc:b3:02:5d:5e:43:66:8a:76:3d:
         21:b3:7f:50:36:46:e4:2c:3b:cd:1c:5a:ca:77:12:b9:85:8c:
         c1:f0:9f:14:40:f1:a3:51:eb:4a:a5:6c:b2:e7:e4:cd:03:9c:
         a9:30:b4:1d:73:25:0b:06:be:86:06:7d:ba:5a:39:a4:87:d0:
         93:86:30:f3:e8:37:c8:e1:e5:7e:ae:ac:05:6e:27:e0:04:78:
         ad:07:19:0a:e9:52:65:2d:60:6b:74:1d:0a:b0:bf:8e:1b:63:
         bf:a6:25:71:38:c6:69:90:3d:7b:a4:51:c3:85:16:49:9e:0b:
         51:b1:7a:ba:ca:dc:c4:5f:59:f7:fb:7f:3b:81:2e:4d:77:da:
         08:11:0d:67:76:52:d0:ae:0d:44:f6:4f:b7:1e:30:91:c4:8f:
         53:ce:0e:28:3e:80:16:83:fa:00:d1:75:19:9f:a5:c7:65:bf:
         3b:51:0b:0c:92:01:20:f9:4a:09:a0:23:79:cb:d8:ba:a9:73:
         ed:5f:81:69:cb:cd:32:8a:b1:90:b9:50:3f:ee:65:8c:bb:17:
         c4:ff:b1:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIe5ny0IZsta4sCDJtiVyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZDg2NGFlOTJiZDdjZWFiNTA4M2JjYzcxMTAxZWYwNDY3
NmY4YWMwHhcNMjUwMTAyMDM0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTJmZGUzNDliNmQwNTdlNWRkOWIwNjIzNDY4YmNhM2ZmOTVkNmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGIUF/2YrX83kYnjNsH0aGu/+uA4
R8/A9S4K041RqSbnIqTqxCrBn33PQ3PaPXMoPgBx//DKpeRJD8TOUOIV3Uh73fO7
jKzUE1Dx6jSMInoimf0rbrsWyFBkkbpkYJ5wLQSLQVB3dDOTdePnOoEv0gGv9rKK
2EWZDAm7pKPREyz+ZFiFUnKeWu8sNiNfjHHmc2anqZZooWQtu1oIqWXzxZd6cDwk
kggqjSB9Kzo/WKcwU4WI2H67zbRHbggLKJqXoV8YNeZ8HjkFOfzfOvaVgTTpANyw
EKRWTqAx8ZWKURRJqoGgteg8K6QWAJufO2f5P69KVpkK8PYvPSndAeT7xwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLkv3jSbbQV+XdmwYjRovKP/ldasMB8GA1UdIwQY
MBaAFGTYZK6SvXzqtQg7zHEQHvBGdvisMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5oa3JwSzlmT3ExQ0R2TWNSQWU4RVoyLUt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni83MGIyYzQtMWQ0YS00YjkxLWIwZDAt
MmMwNWNjOTIyMDAxLzEvdVNfZU5KdHRCWDVkMmJCaU5HaThvXy1WMXF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni83MGIyYzQtMWQ0YS00YjkxLWIwZDAtMmMwNWNjOTIyMDAx
LzEvWk5oa3JwSzlmT3ExQ0R2TWNSQWU4RVoyLUt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLQrIAwQA
LQrLMA0GCSqGSIb3DQEBCwUAA4IBAQCgV/43422qkLtLgyinIAiyEEUL8F9h2dji
olXtelwFGgFft0J8qTqHcG9DxtyzAl1eQ2aKdj0hs39QNkbkLDvNHFrKdxK5hYzB
8J8UQPGjUetKpWyy5+TNA5ypMLQdcyULBr6GBn26Wjmkh9CThjDz6DfI4eV+rqwF
bifgBHitBxkK6VJlLWBrdB0KsL+OG2O/piVxOMZpkD17pFHDhRZJngtRsXq6ytzE
X1n3+387gS5Nd9oIEQ1ndlLQrg1E9k+3HjCRxI9Tzg4oPoAWg/oA0XUZn6XHZb87
UQsMkgEg+UoJoCN5y9i6qXPtX4Fpy80yirGQuVA/7mWMuxfE/7E+
-----END CERTIFICATE-----