Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/YzQbgR205wVSuVFjWc53j6UKrbI.roa
File:                     YzQbgR205wVSuVFjWc53j6UKrbI.roa (raw, json)
Hash identifier:          f/brU5nYg2BBkGRc8ne3ObF999iB/VrUOsqMjzbpWwY=
Subject key identifier:   63:34:1B:81:1D:B4:E7:05:52:B9:51:63:59:CE:77:8F:A5:0A:AD:B2
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019427B3917EFD010BD3648F454B70BF3C2B
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/YzQbgR205wVSuVFjWc53j6UKrbI.roa
Signing time:             Thu 02 Jan 2025 15:47:47 +0000
ROA not before:           Thu 02 Jan 2025 15:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9335
IP address blocks:        45.91.132.0/24 maxlen: 24
                          45.144.164.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:91:7e:fd:01:0b:d3:64:8f:45:4b:70:bf:3c:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 15:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63341b811db4e70552b9516359ce778fa50aadb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3e:02:56:26:a8:66:8f:58:2b:56:f3:37:69:
                    f9:f1:53:4f:97:43:51:d9:b2:58:2f:03:8b:44:71:
                    97:6c:41:87:69:8e:fd:6b:c9:05:a1:c7:8f:eb:06:
                    9d:3f:2a:b5:c3:ce:dc:10:0b:e5:31:d6:57:b9:02:
                    68:fa:a0:89:74:67:7e:2f:9c:1a:ea:41:95:a9:6b:
                    94:19:99:48:78:fa:24:17:4a:1d:72:29:15:84:f7:
                    f4:af:87:58:f3:3d:fe:8d:af:44:83:2e:12:7b:4d:
                    ba:3d:0e:22:5e:7e:3f:d7:17:b9:46:84:21:7f:78:
                    6d:f2:1a:bf:14:dd:df:c9:f7:1d:06:61:23:cf:58:
                    b0:23:f5:1a:35:da:c8:47:f9:9b:07:f3:cc:6e:01:
                    4a:1c:b9:5e:c8:82:99:72:1b:e6:b3:5f:07:8c:f7:
                    a6:79:77:20:2d:ec:07:5b:20:c1:35:26:e4:01:59:
                    2f:d4:32:66:56:bb:16:24:1a:04:fc:9b:3e:4d:70:
                    aa:11:be:6c:ff:c9:7f:2b:bc:c8:26:75:ba:1a:05:
                    da:43:90:cc:c8:64:bb:ab:a9:78:93:8b:e2:0a:83:
                    d8:75:48:79:35:85:13:5b:a3:1e:a3:10:97:e3:a3:
                    ed:1f:a5:62:5b:bd:a3:72:54:e4:ea:c2:e9:1d:f1:
                    67:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:34:1B:81:1D:B4:E7:05:52:B9:51:63:59:CE:77:8F:A5:0A:AD:B2
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/YzQbgR205wVSuVFjWc53j6UKrbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.132.0/24
                  45.144.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:c5:39:7e:72:39:83:4d:8e:99:9d:40:20:59:60:e2:2c:a8:
         97:5a:a5:fc:ef:8b:74:ba:da:93:0e:a5:e5:f0:d9:d3:78:6f:
         7c:79:a3:16:91:aa:39:b0:1d:73:f0:70:e5:1e:90:02:a9:9e:
         44:25:87:4c:a8:0d:42:b3:55:a7:c0:d9:a3:c7:14:88:46:14:
         db:61:f7:ab:30:b3:12:69:b4:5b:75:3b:a1:92:b9:1f:b1:aa:
         27:cf:7c:8a:0f:ce:cb:b7:23:94:94:9c:8c:7a:e7:d3:07:8e:
         48:6d:0f:02:cb:01:02:b5:e7:78:d3:48:b0:61:8b:81:83:e0:
         78:74:45:96:b7:37:67:39:3a:bd:9b:5c:78:8d:70:a2:9c:0c:
         d3:f8:7d:d5:52:e5:fb:71:ef:2d:f2:b0:48:95:0e:13:ba:f2:
         29:40:29:bb:5d:3e:40:01:dd:3e:f9:6a:3b:01:f3:36:04:b0:
         14:36:6d:af:09:e9:0e:19:97:d9:31:62:02:31:7a:0f:21:db:
         7b:59:14:33:a2:ed:c5:e4:e2:5f:cf:81:af:c3:ab:ed:85:ea:
         aa:69:3f:db:d1:0f:da:80:ff:4a:e5:b5:1a:24:32:8e:e8:12:
         88:15:3c:01:9e:1e:84:ae:e0:5e:90:d7:2c:0b:6c:57:be:1f:
         bc:3e:b0:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQns5F+/QEL02SPRUtwvzwrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjUwMTAyMTU0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzM0MWI4MTFkYjRlNzA1NTJiOTUxNjM1OWNlNzc4ZmE1MGFhZGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzT4CViaoZo9YK1bzN2n58VNPl0NR
2bJYLwOLRHGXbEGHaY79a8kFoceP6wadPyq1w87cEAvlMdZXuQJo+qCJdGd+L5wa
6kGVqWuUGZlIePokF0odcikVhPf0r4dY8z3+ja9Egy4Se026PQ4iXn4/1xe5RoQh
f3ht8hq/FN3fyfcdBmEjz1iwI/UaNdrIR/mbB/PMbgFKHLleyIKZchvms18HjPem
eXcgLewHWyDBNSbkAVkv1DJmVrsWJBoE/Js+TXCqEb5s/8l/K7zIJnW6GgXaQ5DM
yGS7q6l4k4viCoPYdUh5NYUTW6MeoxCX46PtH6ViW72jclTk6sLpHfFnHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGM0G4EdtOcFUrlRY1nOd4+lCq2yMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvWXpRYmdSMjA1d1ZTdVZGaldjNTNqNlVLcmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVuEAwQC
LZCkMA0GCSqGSIb3DQEBCwUAA4IBAQCYxTl+cjmDTY6ZnUAgWWDiLKiXWqX874t0
utqTDqXl8NnTeG98eaMWkao5sB1z8HDlHpACqZ5EJYdMqA1Cs1WnwNmjxxSIRhTb
YferMLMSabRbdTuhkrkfsaonz3yKD87LtyOUlJyMeufTB45IbQ8CywECted400iw
YYuBg+B4dEWWtzdnOTq9m1x4jXCinAzT+H3VUuX7ce8t8rBIlQ4TuvIpQCm7XT5A
Ad0++Wo7AfM2BLAUNm2vCekOGZfZMWICMXoPIdt7WRQzou3F5OJfz4Gvw6vtheqq
aT/b0Q/agP9K5bUaJDKO6BKIFTwBnh6EruBekNcsC2xXvh+8PrCY
-----END CERTIFICATE-----