Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/S-w0HsGwAZFQF2Ks8Sg-IkujD2k.roa
File:                     S-w0HsGwAZFQF2Ks8Sg-IkujD2k.roa (raw, json)
Hash identifier:          97QhOeDn2Ynbz47Ce+Ud4P3JM4AhVHpCC+sCishuJQw=
Subject key identifier:   4B:EC:34:1E:C1:B0:01:91:50:17:62:AC:F1:28:3E:22:4B:A3:0F:69
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       019420D6334CCC9F0A1504C381B665B27183
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/S-w0HsGwAZFQF2Ks8Sg-IkujD2k.roa
Signing time:             Wed 01 Jan 2025 07:48:16 +0000
ROA not before:           Wed 01 Jan 2025 07:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215449
IP address blocks:        45.85.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:33:4c:cc:9f:0a:15:04:c3:81:b6:65:b2:71:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  1 07:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4bec341ec1b00191501762acf1283e224ba30f69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d7:78:27:06:4b:f3:45:2c:bd:bd:a2:b0:e7:
                    68:0c:77:47:bb:39:07:00:db:2a:c7:01:d1:01:71:
                    1e:b7:01:3d:44:bb:68:4a:63:51:d0:9a:03:68:3b:
                    0e:aa:3e:cf:f2:c9:b7:c7:c7:7d:f5:b5:48:a1:bc:
                    f6:29:e0:d5:67:ea:20:1f:b1:6f:54:86:88:91:3d:
                    19:dd:e8:d0:9e:a8:3f:b6:be:b8:c6:3c:d4:68:9b:
                    c2:a0:84:e7:e5:59:5e:e2:d2:b4:e0:c9:31:28:b4:
                    db:b6:9a:93:28:8f:f6:9b:b2:e4:55:4b:28:d8:b1:
                    b1:48:3c:b8:c0:a1:3a:31:05:8e:71:9d:a8:4c:6a:
                    99:57:37:a6:01:8b:25:c6:2f:f3:9f:d7:64:ae:29:
                    3a:2c:b2:5d:2d:bb:b0:25:59:4f:eb:fb:84:65:8e:
                    67:1b:09:23:33:b5:31:8d:52:4a:4c:4e:2c:7d:f9:
                    67:24:58:42:58:eb:77:5e:e5:bb:06:a4:c8:28:00:
                    c1:9e:42:40:65:36:2b:39:ec:bf:61:b5:b2:4e:1e:
                    4d:ab:ed:d4:20:77:53:8f:44:6c:98:75:1d:51:3c:
                    f2:40:5f:4c:44:dc:31:02:02:33:49:4d:e8:14:04:
                    d3:0d:4f:77:6c:fe:64:88:17:ea:71:d8:0b:df:06:
                    a9:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:EC:34:1E:C1:B0:01:91:50:17:62:AC:F1:28:3E:22:4B:A3:0F:69
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/S-w0HsGwAZFQF2Ks8Sg-IkujD2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:5d:2f:42:d2:07:71:1e:57:b4:37:09:be:3b:41:f8:6d:c8:
         f2:2c:ae:8b:49:d6:b6:d1:02:ac:ba:d9:94:ec:16:cc:8b:bc:
         1d:cb:8a:2c:3a:8d:ba:84:a3:d9:a4:10:b2:68:a9:71:0e:14:
         2a:c3:61:52:e3:98:06:25:fe:57:a2:21:dd:09:85:85:90:cf:
         40:ac:f0:15:eb:84:61:a1:79:e6:41:85:73:4e:a7:da:1e:a7:
         3d:c8:2f:81:a2:fe:1d:52:fa:45:76:9e:53:bd:52:69:60:f5:
         81:39:d6:44:65:9e:c9:10:08:aa:a6:58:cb:38:d6:ef:2c:37:
         72:59:fd:00:c1:e6:6a:fb:f4:51:76:e2:8a:fd:d0:f4:de:a1:
         cd:0a:15:83:21:1d:07:d0:c9:01:8a:fb:f6:c0:79:ff:5c:2d:
         f0:e0:4a:52:29:fe:62:ad:99:56:ea:a3:60:0f:5b:58:71:83:
         0f:c0:7b:98:00:6d:40:66:ac:e5:a0:40:d2:a0:f9:2f:be:99:
         0e:c1:6d:db:8c:fe:7c:17:17:f1:8b:5b:35:9d:73:b8:e6:7f:
         50:a0:2e:7e:fe:f2:81:e0:75:be:49:1d:c7:48:71:14:b6:38:
         1e:34:d0:3d:c7:73:05:32:aa:ef:e4:91:8c:6d:ca:c6:9a:fc:
         c5:ed:34:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1jNMzJ8KFQTDgbZlsnGDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjUwMTAxMDc0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmVjMzQxZWMxYjAwMTkxNTAxNzYyYWNmMTI4M2UyMjRiYTMwZjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtd4JwZL80Usvb2isOdoDHdHuzkH
ANsqxwHRAXEetwE9RLtoSmNR0JoDaDsOqj7P8sm3x8d99bVIobz2KeDVZ+ogH7Fv
VIaIkT0Z3ejQnqg/tr64xjzUaJvCoITn5Vle4tK04MkxKLTbtpqTKI/2m7LkVUso
2LGxSDy4wKE6MQWOcZ2oTGqZVzemAYslxi/zn9dkrik6LLJdLbuwJVlP6/uEZY5n
GwkjM7UxjVJKTE4sfflnJFhCWOt3XuW7BqTIKADBnkJAZTYrOey/YbWyTh5Nq+3U
IHdTj0RsmHUdUTzyQF9MRNwxAgIzSU3oFATTDU93bP5kiBfqcdgL3wapnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvsNB7BsAGRUBdirPEoPiJLow9pMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvUy13MEhzR3dBWkZRRjJLczhTZy1Ja3VqRDJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVV0MA0G
CSqGSIb3DQEBCwUAA4IBAQBiXS9C0gdxHle0Nwm+O0H4bcjyLK6LSda20QKsutmU
7BbMi7wdy4osOo26hKPZpBCyaKlxDhQqw2FS45gGJf5XoiHdCYWFkM9ArPAV64Rh
oXnmQYVzTqfaHqc9yC+Bov4dUvpFdp5TvVJpYPWBOdZEZZ7JEAiqpljLONbvLDdy
Wf0AweZq+/RRduKK/dD03qHNChWDIR0H0MkBivv2wHn/XC3w4EpSKf5irZlW6qNg
D1tYcYMPwHuYAG1AZqzloEDSoPkvvpkOwW3bjP58Fxfxi1s1nXO45n9QoC5+/vKB
4HW+SR3HSHEUtjgeNNA9x3MFMqrv5JGMbcrGmvzF7TRl
-----END CERTIFICATE-----