Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/04019c-ad17-428d-b3a2-1be13ba8d456/1/u25_l7rqpA4jc9Mn9X_nn6jE1D8.roa
File:                     u25_l7rqpA4jc9Mn9X_nn6jE1D8.roa (raw, json)
Hash identifier:          XxkiW8kKfa52GpQHHiGBtUNZJLczRvJy5PTfiodYsrs=
Subject key identifier:   BB:6E:7F:97:BA:EA:A4:0E:23:73:D3:27:F5:7F:E7:9F:A8:C4:D4:3F
Certificate issuer:       /CN=aa65af697df1f6cdaf4cbbd66de3d43bed869e90
Certificate serial:       019421445E8EA69DD61E967D3DA9C89B698F
Authority key identifier: AA:65:AF:69:7D:F1:F6:CD:AF:4C:BB:D6:6D:E3:D4:3B:ED:86:9E:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qmWvaX3x9s2vTLvWbePUO-2GnpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/04019c-ad17-428d-b3a2-1be13ba8d456/1/u25_l7rqpA4jc9Mn9X_nn6jE1D8.roa
Signing time:             Wed 01 Jan 2025 09:48:36 +0000
ROA not before:           Wed 01 Jan 2025 09:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208320
IP address blocks:        45.143.108.0/22 maxlen: 22
                          45.143.108.0/24 maxlen: 24
                          45.143.109.0/24 maxlen: 24
                          45.143.110.0/24 maxlen: 24
                          45.143.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/04019c-ad17-428d-b3a2-1be13ba8d456/1/qmWvaX3x9s2vTLvWbePUO-2GnpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/04019c-ad17-428d-b3a2-1be13ba8d456/1/qmWvaX3x9s2vTLvWbePUO-2GnpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qmWvaX3x9s2vTLvWbePUO-2GnpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 13:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:5e:8e:a6:9d:d6:1e:96:7d:3d:a9:c8:9b:69:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa65af697df1f6cdaf4cbbd66de3d43bed869e90
        Validity
            Not Before: Jan  1 09:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb6e7f97baeaa40e2373d327f57fe79fa8c4d43f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c0:f4:26:7f:7c:5a:62:13:55:22:a3:f6:0a:
                    a7:56:98:a2:48:50:66:db:36:6a:02:92:3b:6a:ee:
                    45:3b:a6:85:dc:3d:a5:d8:74:1e:a0:15:34:2b:44:
                    13:ac:3c:ea:88:8c:b0:29:ca:93:aa:8d:97:be:64:
                    0f:d8:3c:1a:c7:af:5b:b9:bb:f8:df:66:c2:f8:0e:
                    51:99:ad:1b:16:28:00:47:f5:17:0d:f0:82:bc:3d:
                    5a:3b:f9:95:b9:73:4e:71:05:cd:3c:8a:c5:60:5c:
                    7b:ff:b8:61:5e:b9:4b:ee:ae:08:b9:57:0a:87:d5:
                    a6:ae:47:89:c2:b1:75:06:20:c5:5c:3a:98:fa:91:
                    f9:2c:ef:6c:9c:d4:fb:71:1f:d6:24:d1:87:c9:7a:
                    67:f0:aa:b7:99:e3:71:5e:3e:73:20:f1:b1:f8:79:
                    ab:f8:b2:4b:1a:15:1e:a5:f1:46:8a:ac:be:3d:e0:
                    4e:ed:21:b6:c8:09:ab:b2:d5:4d:91:92:56:28:90:
                    c4:7a:d5:89:82:dd:1d:09:07:1d:77:17:a8:f6:bc:
                    78:80:5f:d6:87:21:1e:b9:4f:92:43:12:e3:da:9a:
                    6f:68:43:9b:d8:74:dd:4a:41:d5:35:b4:db:23:f8:
                    a6:12:ef:f7:c2:2c:1d:33:57:5e:f4:42:02:84:e6:
                    58:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:6E:7F:97:BA:EA:A4:0E:23:73:D3:27:F5:7F:E7:9F:A8:C4:D4:3F
            X509v3 Authority Key Identifier:
                keyid:AA:65:AF:69:7D:F1:F6:CD:AF:4C:BB:D6:6D:E3:D4:3B:ED:86:9E:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qmWvaX3x9s2vTLvWbePUO-2GnpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/04019c-ad17-428d-b3a2-1be13ba8d456/1/u25_l7rqpA4jc9Mn9X_nn6jE1D8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/04019c-ad17-428d-b3a2-1be13ba8d456/1/qmWvaX3x9s2vTLvWbePUO-2GnpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ba:33:81:99:44:2a:fb:91:f8:e4:0d:db:ec:96:38:f8:75:36:
         59:39:19:dc:ee:ca:0f:3b:85:86:d3:76:22:10:d4:71:eb:4b:
         6c:89:74:af:b2:b4:e5:36:36:ff:da:39:f9:db:f6:0e:0f:1a:
         b0:77:de:1f:e6:b3:8f:37:1f:4b:12:12:b0:25:df:30:e4:3a:
         61:a0:fe:74:cc:db:f5:c5:14:60:c0:b9:1b:d7:9d:b0:03:22:
         80:c9:d7:06:42:33:2d:8b:af:c7:dd:53:e9:0a:94:7e:1d:59:
         af:86:6b:63:a9:ae:78:d3:4b:b6:37:b7:3c:69:1f:02:25:8c:
         31:c5:93:1f:8c:25:79:90:2b:54:09:c9:78:7c:93:0a:7d:8c:
         59:7a:b1:20:1d:11:a1:50:a2:94:61:07:ee:19:1d:e2:a2:27:
         6c:90:a2:78:ed:11:02:2f:66:1b:bc:21:88:95:8b:f3:18:56:
         d3:a7:6f:9d:de:3c:b4:97:d7:9b:95:07:c3:70:b6:22:a4:c0:
         ae:33:6b:f9:ac:79:01:a3:56:9c:38:7a:60:8d:45:b1:01:a2:
         d2:a2:af:fe:90:ca:97:e5:fb:3b:3f:16:1d:a6:5c:50:34:b9:
         34:d7:e3:29:81:d1:1f:72:bc:a9:c5:9d:66:0e:b1:c9:05:cd:
         f9:ff:e0:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRF6Opp3WHpZ9PanIm2mPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNjVhZjY5N2RmMWY2Y2RhZjRjYmJkNjZkZTNkNDNiZWQ4
NjllOTAwHhcNMjUwMTAxMDk0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjZlN2Y5N2JhZWFhNDBlMjM3M2QzMjdmNTdmZTc5ZmE4YzRkNDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMD0Jn98WmITVSKj9gqnVpiiSFBm
2zZqApI7au5FO6aF3D2l2HQeoBU0K0QTrDzqiIywKcqTqo2XvmQP2Dwax69bubv4
32bC+A5Rma0bFigAR/UXDfCCvD1aO/mVuXNOcQXNPIrFYFx7/7hhXrlL7q4IuVcK
h9WmrkeJwrF1BiDFXDqY+pH5LO9snNT7cR/WJNGHyXpn8Kq3meNxXj5zIPGx+Hmr
+LJLGhUepfFGiqy+PeBO7SG2yAmrstVNkZJWKJDEetWJgt0dCQcddxeo9rx4gF/W
hyEeuU+SQxLj2ppvaEOb2HTdSkHVNbTbI/imEu/3wiwdM1de9EIChOZYuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtuf5e66qQOI3PTJ/V/55+oxNQ/MB8GA1UdIwQY
MBaAFKplr2l98fbNr0y71m3j1Dvthp6QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW1XdmFYM3g5czJ2VEx2V2JlUFVPLTJHbnBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8wNDAxOWMtYWQxNy00MjhkLWIzYTIt
MWJlMTNiYThkNDU2LzEvdTI1X2w3cnFwQTRqYzlNbjlYX25uNmpFMUQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8wNDAxOWMtYWQxNy00MjhkLWIzYTItMWJlMTNiYThkNDU2
LzEvcW1XdmFYM3g5czJ2VEx2V2JlUFVPLTJHbnBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLY9sMA0G
CSqGSIb3DQEBCwUAA4IBAQC6M4GZRCr7kfjkDdvsljj4dTZZORnc7soPO4WG03Yi
ENRx60tsiXSvsrTlNjb/2jn52/YODxqwd94f5rOPNx9LEhKwJd8w5DphoP50zNv1
xRRgwLkb152wAyKAydcGQjMti6/H3VPpCpR+HVmvhmtjqa5400u2N7c8aR8CJYwx
xZMfjCV5kCtUCcl4fJMKfYxZerEgHRGhUKKUYQfuGR3ioidskKJ47RECL2YbvCGI
lYvzGFbTp2+d3jy0l9eblQfDcLYipMCuM2v5rHkBo1acOHpgjUWxAaLSoq/+kMqX
5fs7PxYdplxQNLk01+MpgdEfcrypxZ1mDrHJBc35/+Dz
-----END CERTIFICATE-----