Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/4cb1b1-701b-4e42-8b05-2cbc40e5fe62/1/IW5MetDCMFGxu8rYzXXJLVfrEXs.roa
File:                     IW5MetDCMFGxu8rYzXXJLVfrEXs.roa (raw, json)
Hash identifier:          PxElhxN0CgJUaapMy8lUadMMiJVr1RsLDM1uTzXhZNY=
Subject key identifier:   21:6E:4C:7A:D0:C2:30:51:B1:BB:CA:D8:CD:75:C9:2D:57:EB:11:7B
Certificate issuer:       /CN=7728052ae7d10fd2261a2248fc00d202b0f25574
Certificate serial:       01951D1FDE629CD4B670C26062946465C203
Authority key identifier: 77:28:05:2A:E7:D1:0F:D2:26:1A:22:48:FC:00:D2:02:B0:F2:55:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dygFKufRD9ImGiJI_ADSArDyVXQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/4cb1b1-701b-4e42-8b05-2cbc40e5fe62/1/IW5MetDCMFGxu8rYzXXJLVfrEXs.roa
Signing time:             Wed 19 Feb 2025 07:33:02 +0000
ROA not before:           Wed 19 Feb 2025 07:33:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214063
IP address blocks:        45.12.125.0/24 maxlen: 24
                          45.12.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/4cb1b1-701b-4e42-8b05-2cbc40e5fe62/1/dygFKufRD9ImGiJI_ADSArDyVXQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/4cb1b1-701b-4e42-8b05-2cbc40e5fe62/1/dygFKufRD9ImGiJI_ADSArDyVXQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dygFKufRD9ImGiJI_ADSArDyVXQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1d:1f:de:62:9c:d4:b6:70:c2:60:62:94:64:65:c2:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7728052ae7d10fd2261a2248fc00d202b0f25574
        Validity
            Not Before: Feb 19 07:33:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=216e4c7ad0c23051b1bbcad8cd75c92d57eb117b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:73:d4:4a:91:06:58:b0:5b:54:91:4b:ed:52:
                    43:74:85:e7:9b:6e:ec:bd:f5:c4:a2:69:f6:a7:c7:
                    65:6b:8b:0c:20:0a:98:83:2f:2d:0f:8f:20:18:d6:
                    3e:7a:f1:07:d4:f8:a6:67:ba:3f:dc:6a:09:51:23:
                    f6:34:6c:60:b4:70:37:93:1c:0b:dd:3b:a2:ab:2e:
                    cf:01:46:a9:5a:18:fd:eb:6b:a1:44:4d:d8:50:1c:
                    51:66:28:ac:6c:d1:2c:2d:68:80:09:72:b8:d6:b1:
                    5e:aa:12:fa:fd:91:98:da:bd:f7:d4:7c:ab:1c:25:
                    82:8f:ac:77:03:60:94:33:08:e0:94:30:b1:4c:28:
                    0d:e5:a5:e2:0a:a6:5b:49:b5:d7:2c:b7:73:e6:6c:
                    6f:e1:88:a2:6d:69:c3:da:36:69:25:a2:cf:92:cf:
                    a5:c0:55:9c:86:03:bd:bd:46:3e:74:28:a4:06:60:
                    9e:f3:aa:e7:e9:f9:af:ba:04:b5:4d:ae:62:03:c3:
                    d5:af:53:cc:dc:7f:41:fd:90:7e:67:d5:bb:23:39:
                    b8:18:24:49:94:84:27:f0:e4:5d:88:0f:f4:da:44:
                    b1:96:4f:85:00:38:20:37:8a:b7:e2:5c:64:61:fd:
                    7c:7c:34:0b:23:5c:36:16:8b:c7:94:5a:4f:84:6e:
                    04:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:6E:4C:7A:D0:C2:30:51:B1:BB:CA:D8:CD:75:C9:2D:57:EB:11:7B
            X509v3 Authority Key Identifier:
                keyid:77:28:05:2A:E7:D1:0F:D2:26:1A:22:48:FC:00:D2:02:B0:F2:55:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dygFKufRD9ImGiJI_ADSArDyVXQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/4cb1b1-701b-4e42-8b05-2cbc40e5fe62/1/IW5MetDCMFGxu8rYzXXJLVfrEXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/4cb1b1-701b-4e42-8b05-2cbc40e5fe62/1/dygFKufRD9ImGiJI_ADSArDyVXQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.125.0/24
                  45.12.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:cc:b8:a6:65:95:34:09:b1:50:4f:dd:ce:d8:1d:64:af:db:
         e3:b0:c0:fc:3e:90:a1:71:74:8b:4c:37:40:52:ce:c1:f5:44:
         0a:12:9e:5f:6c:cb:fa:88:0f:a1:90:80:16:43:4b:02:cd:c7:
         e4:c0:d4:fa:cb:0c:d7:1f:69:3c:49:b3:b7:22:4f:d2:a0:05:
         36:7f:89:ff:aa:c0:90:56:54:40:3c:c5:75:13:70:58:9c:86:
         81:be:8b:7e:0c:80:25:bd:c4:3c:05:c3:b7:16:07:7f:d8:57:
         f4:b8:e8:10:98:eb:38:67:dd:91:61:2b:77:6f:2f:59:33:9e:
         e5:6d:87:90:c2:b1:5c:8b:e7:94:ce:14:32:31:d0:a1:25:f2:
         aa:46:2b:4a:6c:d0:62:00:00:c0:35:a5:6c:c5:bc:52:7d:47:
         12:24:4c:97:a5:7b:9d:42:77:cc:36:34:6c:08:91:6d:cf:99:
         15:79:76:f9:32:37:c7:50:08:7e:f2:0e:f1:d8:fc:0a:b8:25:
         73:68:de:a2:a1:a1:b1:98:9a:7a:24:84:67:16:68:4c:9f:e9:
         93:10:1a:0c:da:ed:3c:c9:f3:6a:6e:5c:ea:c7:26:b3:fd:75:
         9e:34:c2:70:96:ec:c5:66:54:91:7e:13:e3:dd:3e:70:f2:cd:
         b3:da:3b:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZUdH95inNS2cMJgYpRkZcIDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MjgwNTJhZTdkMTBmZDIyNjFhMjI0OGZjMDBkMjAyYjBm
MjU1NzQwHhcNMjUwMjE5MDczMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTZlNGM3YWQwYzIzMDUxYjFiYmNhZDhjZDc1YzkyZDU3ZWIxMTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznPUSpEGWLBbVJFL7VJDdIXnm27s
vfXEomn2p8dla4sMIAqYgy8tD48gGNY+evEH1PimZ7o/3GoJUSP2NGxgtHA3kxwL
3Tuiqy7PAUapWhj962uhRE3YUBxRZiisbNEsLWiACXK41rFeqhL6/ZGY2r331Hyr
HCWCj6x3A2CUMwjglDCxTCgN5aXiCqZbSbXXLLdz5mxv4YiibWnD2jZpJaLPks+l
wFWchgO9vUY+dCikBmCe86rn6fmvugS1Ta5iA8PVr1PM3H9B/ZB+Z9W7Izm4GCRJ
lIQn8ORdiA/02kSxlk+FADggN4q34lxkYf18fDQLI1w2FovHlFpPhG4EGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCFuTHrQwjBRsbvK2M11yS1X6xF7MB8GA1UdIwQY
MBaAFHcoBSrn0Q/SJhoiSPwA0gKw8lV0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHlnRkt1ZlJEOUltR2lKSV9BRFNBckR5VlhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS80Y2IxYjEtNzAxYi00ZTQyLThiMDUt
MmNiYzQwZTVmZTYyLzEvSVc1TWV0RENNRkd4dThyWXpYWEpMVmZyRVhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS80Y2IxYjEtNzAxYi00ZTQyLThiMDUtMmNiYzQwZTVmZTYy
LzEvZHlnRkt1ZlJEOUltR2lKSV9BRFNBckR5VlhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQx9AwQA
LQx/MA0GCSqGSIb3DQEBCwUAA4IBAQB8zLimZZU0CbFQT93O2B1kr9vjsMD8PpCh
cXSLTDdAUs7B9UQKEp5fbMv6iA+hkIAWQ0sCzcfkwNT6ywzXH2k8SbO3Ik/SoAU2
f4n/qsCQVlRAPMV1E3BYnIaBvot+DIAlvcQ8BcO3Fgd/2Ff0uOgQmOs4Z92RYSt3
by9ZM57lbYeQwrFci+eUzhQyMdChJfKqRitKbNBiAADANaVsxbxSfUcSJEyXpXud
QnfMNjRsCJFtz5kVeXb5MjfHUAh+8g7x2PwKuCVzaN6ioaGxmJp6JIRnFmhMn+mT
EBoM2u08yfNqblzqxyaz/XWeNMJwluzFZlSRfhPj3T5w8s2z2jst
-----END CERTIFICATE-----