Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/tar55zvuH18kuOxMVvu0NW5b5Yw.roa
File:                     tar55zvuH18kuOxMVvu0NW5b5Yw.roa (raw, json)
Hash identifier:          A6vRPid9iNZmBQQQbcvjnNeHXEMvqtHNVZn5MSwsclo=
Subject key identifier:   B5:AA:F9:E7:3B:EE:1F:5F:24:B8:EC:4C:56:FB:B4:35:6E:5B:E5:8C
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       01941FFA053C6FA2F7224C87D68D4AB62FAD
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/tar55zvuH18kuOxMVvu0NW5b5Yw.roa
Signing time:             Wed 01 Jan 2025 03:47:46 +0000
ROA not before:           Wed 01 Jan 2025 03:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200590
IP address blocks:        45.151.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:05:3c:6f:a2:f7:22:4c:87:d6:8d:4a:b6:2f:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Jan  1 03:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5aaf9e73bee1f5f24b8ec4c56fbb4356e5be58c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:81:18:88:fd:ed:f0:63:65:7e:d9:42:e4:5e:
                    d3:eb:e2:14:33:3f:15:a0:48:c2:c7:db:d8:b9:4a:
                    90:02:ee:fd:8d:ef:5f:25:a8:b1:2f:0a:a0:e8:32:
                    4b:a5:d1:42:07:7a:56:84:ef:d9:ae:ca:c0:15:18:
                    ea:b7:5c:b9:01:ee:51:72:5f:d4:0a:13:50:11:b2:
                    b3:02:6e:b6:22:ee:41:a0:0c:e9:71:4b:e6:c5:b8:
                    a0:6c:f3:aa:8e:46:64:9f:9a:ad:aa:b2:49:97:30:
                    bb:2d:91:86:44:36:e6:99:13:c8:5a:1c:d6:74:82:
                    ac:1b:82:b6:ec:be:f0:39:89:e9:5e:17:dd:32:01:
                    2b:89:8f:c1:36:53:ea:50:8d:93:05:a2:d3:1a:ab:
                    88:26:70:00:16:a4:41:cd:bd:f2:65:91:6e:1c:0d:
                    9f:50:11:4e:ce:73:8f:92:e7:0e:eb:ba:05:9f:48:
                    07:21:b3:8e:a8:ca:5f:d1:2a:74:3f:6f:95:02:ca:
                    ee:71:2e:5c:95:d4:98:c5:0f:be:b7:2c:4f:5e:b2:
                    96:d2:a5:ad:8d:90:e4:9c:bd:47:c0:59:cb:df:1d:
                    fc:1b:28:53:21:aa:49:95:c4:42:81:17:7d:db:af:
                    3b:be:2e:2d:91:dd:2f:5f:07:db:d9:1c:36:bc:f4:
                    22:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:AA:F9:E7:3B:EE:1F:5F:24:B8:EC:4C:56:FB:B4:35:6E:5B:E5:8C
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/tar55zvuH18kuOxMVvu0NW5b5Yw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:7c:76:4c:7f:a4:40:86:60:7c:72:59:65:85:d3:41:5b:20:
         b2:0f:65:02:b0:90:6f:77:0d:90:a6:fd:2a:34:8d:0d:fd:b8:
         33:b0:fb:a0:30:62:cf:01:8a:da:f8:5f:5f:04:9c:3d:e5:05:
         7c:6f:df:21:a8:d7:45:63:7a:a7:a1:d1:ad:12:87:d6:5d:6d:
         58:03:0c:49:f0:7f:86:a8:2b:63:b5:87:be:4c:7a:ab:84:25:
         80:77:a8:28:80:c0:fb:7d:0a:63:0a:f5:f3:76:50:22:99:8d:
         48:c8:e4:76:73:87:44:dd:cc:e5:e2:91:69:42:39:1f:f8:c9:
         09:b2:22:54:5c:b6:3a:2a:2a:23:7d:e0:ff:26:92:22:91:d3:
         3f:09:2b:05:1c:ba:9e:49:c8:ed:1b:cb:1b:0a:93:30:90:83:
         6a:21:1a:1d:56:d5:78:bb:e6:72:07:24:df:00:8b:96:e0:c9:
         f5:d8:14:20:77:dd:20:18:1f:b4:77:5c:2d:74:5a:d1:90:01:
         76:f8:be:79:58:66:b9:9e:66:c4:ad:27:78:6d:e3:73:ae:b0:
         70:a3:3c:ae:d9:b3:68:f6:e0:6d:0c:68:bf:ed:a2:f4:01:f9:
         17:64:99:9c:5c:35:b9:6e:0d:76:5f:17:1b:b0:51:d1:30:dd:
         be:6a:6c:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+gU8b6L3IkyH1o1Kti+tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjUwMTAxMDM0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWFhZjllNzNiZWUxZjVmMjRiOGVjNGM1NmZiYjQzNTZlNWJlNThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYEYiP3t8GNlftlC5F7T6+IUMz8V
oEjCx9vYuUqQAu79je9fJaixLwqg6DJLpdFCB3pWhO/ZrsrAFRjqt1y5Ae5Rcl/U
ChNQEbKzAm62Iu5BoAzpcUvmxbigbPOqjkZkn5qtqrJJlzC7LZGGRDbmmRPIWhzW
dIKsG4K27L7wOYnpXhfdMgEriY/BNlPqUI2TBaLTGquIJnAAFqRBzb3yZZFuHA2f
UBFOznOPkucO67oFn0gHIbOOqMpf0Sp0P2+VAsrucS5cldSYxQ++tyxPXrKW0qWt
jZDknL1HwFnL3x38GyhTIapJlcRCgRd92687vi4tkd0vXwfb2Rw2vPQitwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWq+ec77h9fJLjsTFb7tDVuW+WMMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvdGFyNTV6dnVIMThrdU94TVZ2dTBOVzViNVl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZeLMA0G
CSqGSIb3DQEBCwUAA4IBAQBafHZMf6RAhmB8clllhdNBWyCyD2UCsJBvdw2Qpv0q
NI0N/bgzsPugMGLPAYra+F9fBJw95QV8b98hqNdFY3qnodGtEofWXW1YAwxJ8H+G
qCtjtYe+THqrhCWAd6gogMD7fQpjCvXzdlAimY1IyOR2c4dE3czl4pFpQjkf+MkJ
siJUXLY6KiojfeD/JpIikdM/CSsFHLqeScjtG8sbCpMwkINqIRodVtV4u+ZyByTf
AIuW4Mn12BQgd90gGB+0d1wtdFrRkAF2+L55WGa5nmbErSd4beNzrrBwozyu2bNo
9uBtDGi/7aL0AfkXZJmcXDW5bg12XxcbsFHRMN2+amy4
-----END CERTIFICATE-----