Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/212dd2-da8d-4048-916a-45a8fed3a2a5/1/FAJgXHKouxn1NIiI1ev8JXSE61Q.roa
File:                     FAJgXHKouxn1NIiI1ev8JXSE61Q.roa (raw, json)
Hash identifier:          8t7YcNGHmBNdk3Ehp7fmi3HGBZDTLV33VOOXqYdX/R0=
Subject key identifier:   14:02:60:5C:72:A8:BB:19:F5:34:88:88:D5:EB:FC:25:74:84:EB:54
Certificate issuer:       /CN=a6562d0869480dc11b74a552cd167b6f6339c8ba
Certificate serial:       019424B391193B65DDD882F9B3876ED09B0E
Authority key identifier: A6:56:2D:08:69:48:0D:C1:1B:74:A5:52:CD:16:7B:6F:63:39:C8:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/plYtCGlIDcEbdKVSzRZ7b2M5yLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/212dd2-da8d-4048-916a-45a8fed3a2a5/1/FAJgXHKouxn1NIiI1ev8JXSE61Q.roa
Signing time:             Thu 02 Jan 2025 01:48:55 +0000
ROA not before:           Thu 02 Jan 2025 01:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210118
IP address blocks:        45.154.61.0/24 maxlen: 24
                          2a0f:b100:100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/212dd2-da8d-4048-916a-45a8fed3a2a5/1/plYtCGlIDcEbdKVSzRZ7b2M5yLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/212dd2-da8d-4048-916a-45a8fed3a2a5/1/plYtCGlIDcEbdKVSzRZ7b2M5yLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/plYtCGlIDcEbdKVSzRZ7b2M5yLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:91:19:3b:65:dd:d8:82:f9:b3:87:6e:d0:9b:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6562d0869480dc11b74a552cd167b6f6339c8ba
        Validity
            Not Before: Jan  2 01:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1402605c72a8bb19f5348888d5ebfc257484eb54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:5d:0d:79:b5:01:37:e3:0d:e3:87:58:01:72:
                    be:c8:8c:95:e3:1e:25:32:e5:76:20:c8:e5:f6:6a:
                    ca:2d:99:9a:c2:4d:ee:82:49:ac:14:50:2f:bf:2e:
                    b8:50:67:e9:c8:8a:05:ea:bd:ae:8f:83:cc:1e:70:
                    f1:f5:74:e1:21:bb:5e:1d:15:8a:b8:1e:08:8e:ec:
                    21:ec:43:40:23:4a:58:8b:54:b5:65:2b:3f:d2:7b:
                    68:db:33:2b:a7:06:e4:fc:6a:3b:58:38:58:93:08:
                    3b:6f:53:90:18:67:89:d4:4f:e4:b5:3a:e7:fa:52:
                    a7:12:0e:90:53:26:01:04:5a:f7:1c:57:42:0c:9b:
                    2e:f9:28:bf:10:30:55:19:05:f6:cc:40:10:9c:4e:
                    b8:0d:de:71:fb:18:56:90:0e:1b:ac:2e:c1:a7:7e:
                    3c:55:12:11:3f:8e:cd:57:2f:4b:a2:f4:71:d0:0d:
                    cd:85:71:db:f7:d1:ee:7e:2a:ec:65:f9:e8:19:a8:
                    6c:f1:db:72:47:b1:51:48:24:33:ab:f6:3b:74:d3:
                    e6:31:ff:4e:77:cb:88:01:aa:38:a7:2b:71:78:b1:
                    10:fe:50:12:c8:da:36:25:89:c3:f7:c4:56:be:8a:
                    15:12:7b:ab:c2:e6:73:44:8f:af:58:13:23:49:bf:
                    bc:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:02:60:5C:72:A8:BB:19:F5:34:88:88:D5:EB:FC:25:74:84:EB:54
            X509v3 Authority Key Identifier:
                keyid:A6:56:2D:08:69:48:0D:C1:1B:74:A5:52:CD:16:7B:6F:63:39:C8:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/plYtCGlIDcEbdKVSzRZ7b2M5yLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/212dd2-da8d-4048-916a-45a8fed3a2a5/1/FAJgXHKouxn1NIiI1ev8JXSE61Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/212dd2-da8d-4048-916a-45a8fed3a2a5/1/plYtCGlIDcEbdKVSzRZ7b2M5yLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.61.0/24
                IPv6:
                  2a0f:b100:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         6b:60:c4:35:17:b8:26:78:73:44:48:28:69:07:f2:ba:03:86:
         3a:5f:3c:4f:f6:97:38:2e:70:80:ec:ac:3b:f3:53:0a:09:11:
         17:79:68:31:65:3c:e1:35:71:4e:36:e8:b3:f6:fc:5b:aa:c4:
         e5:5c:ea:da:2b:4f:ef:57:63:58:2b:fd:52:f1:4e:c2:2c:b8:
         d9:61:ce:00:e7:2c:0e:e2:ae:19:39:d8:95:cf:10:c5:5a:46:
         c5:29:f5:48:d5:49:c2:97:7e:4d:1b:31:be:d8:7b:d1:7b:79:
         88:e2:d6:65:f0:39:a7:97:2d:3c:d9:c7:e5:17:d9:e6:b5:e9:
         67:ab:b9:bd:67:92:01:f5:74:01:ff:4d:24:85:fc:94:a5:82:
         2c:20:b5:39:cf:77:64:e3:86:0d:80:31:c5:bc:5b:09:66:ca:
         f6:ed:e5:67:32:0a:1e:9b:5b:2d:7b:52:69:e4:97:5f:9a:9d:
         55:0e:74:e7:98:39:75:1f:b5:8c:00:47:07:1b:38:a5:1d:3e:
         04:d7:71:35:07:37:a4:33:64:63:54:26:b7:a2:5d:33:54:da:
         f9:30:63:b5:51:6b:15:2e:04:f6:a9:99:7c:85:0f:d1:f7:a7:
         21:fb:9b:28:88:26:60:f8:13:f8:49:c7:e3:4d:0e:ce:b9:d0:
         7b:f8:00:b9
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQks5EZO2Xd2IL5s4du0JsOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NTYyZDA4Njk0ODBkYzExYjc0YTU1MmNkMTY3YjZmNjMz
OWM4YmEwHhcNMjUwMTAyMDE0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDAyNjA1YzcyYThiYjE5ZjUzNDg4ODhkNWViZmMyNTc0ODRlYjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0l0NebUBN+MN44dYAXK+yIyV4x4l
MuV2IMjl9mrKLZmawk3ugkmsFFAvvy64UGfpyIoF6r2uj4PMHnDx9XThIbteHRWK
uB4Ijuwh7ENAI0pYi1S1ZSs/0nto2zMrpwbk/Go7WDhYkwg7b1OQGGeJ1E/ktTrn
+lKnEg6QUyYBBFr3HFdCDJsu+Si/EDBVGQX2zEAQnE64Dd5x+xhWkA4brC7Bp348
VRIRP47NVy9LovRx0A3NhXHb99HufirsZfnoGahs8dtyR7FRSCQzq/Y7dNPmMf9O
d8uIAao4pytxeLEQ/lASyNo2JYnD98RWvooVEnurwuZzRI+vWBMjSb+8gQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFBQCYFxyqLsZ9TSIiNXr/CV0hOtUMB8GA1UdIwQY
MBaAFKZWLQhpSA3BG3SlUs0We29jOci6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGxZdENHbElEY0ViZEtWU3pSWjdiMk01eUxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8yMTJkZDItZGE4ZC00MDQ4LTkxNmEt
NDVhOGZlZDNhMmE1LzEvRkFKZ1hIS291eG4xTklpSTFldjhKWFNFNjFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8yMTJkZDItZGE4ZC00MDQ4LTkxNmEtNDVhOGZlZDNhMmE1
LzEvcGxZdENHbElEY0ViZEtWU3pSWjdiMk01eUxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQALZo9MA4E
AgACMAgDBgAqD7EAATANBgkqhkiG9w0BAQsFAAOCAQEAa2DENRe4JnhzREgoaQfy
ugOGOl88T/aXOC5wgOysO/NTCgkRF3loMWU84TVxTjbos/b8W6rE5Vzq2itP71dj
WCv9UvFOwiy42WHOAOcsDuKuGTnYlc8QxVpGxSn1SNVJwpd+TRsxvth70Xt5iOLW
ZfA5p5ctPNnH5RfZ5rXpZ6u5vWeSAfV0Af9NJIX8lKWCLCC1Oc93ZOOGDYAxxbxb
CWbK9u3lZzIKHptbLXtSaeSXX5qdVQ5055g5dR+1jABHBxs4pR0+BNdxNQc3pDNk
Y1Qmt6JdM1Ta+TBjtVFrFS4E9qmZfIUP0fenIfubKIgmYPgT+EnH400OzrnQe/gA
uQ==
-----END CERTIFICATE-----