Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/NaXmOsDpDUrJU-L3cR4MsoyMUQA.roa
File:                     NaXmOsDpDUrJU-L3cR4MsoyMUQA.roa (raw, json)
Hash identifier:          dVVNZQbSo8+6scs7Gd+Q59/WTz4n0kcfFCZ13Y+qz7s=
Subject key identifier:   35:A5:E6:3A:C0:E9:0D:4A:C9:53:E2:F7:71:1E:0C:B2:8C:8C:51:00
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       0194222001EA7E42D6ADA120302A13BA5451
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/NaXmOsDpDUrJU-L3cR4MsoyMUQA.roa
Signing time:             Wed 01 Jan 2025 13:48:30 +0000
ROA not before:           Wed 01 Jan 2025 13:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41270
IP address blocks:        45.133.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:01:ea:7e:42:d6:ad:a1:20:30:2a:13:ba:54:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan  1 13:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35a5e63ac0e90d4ac953e2f7711e0cb28c8c5100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:dd:5a:41:b7:58:37:a2:21:90:df:2e:bc:b4:
                    7c:46:06:06:b1:c0:ca:a3:29:20:6f:6e:65:cb:6b:
                    43:3a:16:d6:54:e1:1e:85:b8:54:b1:1f:a9:fc:70:
                    6e:e4:44:0b:be:63:ca:94:c8:68:45:6b:0a:e8:ed:
                    92:f8:11:38:9d:75:cf:d1:08:1b:44:a4:46:79:e6:
                    dc:8b:1e:43:61:f1:be:cf:15:2b:a5:58:90:c7:c6:
                    bd:2e:8d:76:b0:0c:97:9a:34:32:18:5e:91:a7:a8:
                    d5:0b:a8:02:4f:7c:3e:04:ea:3c:07:ef:85:f5:f3:
                    41:53:63:52:72:eb:84:dd:0f:50:ec:e1:2d:3d:50:
                    48:95:db:fc:3a:b1:ed:9f:75:51:db:62:cf:37:a0:
                    fd:02:9e:e0:f5:13:34:31:89:f7:a6:4e:8c:54:12:
                    6f:ca:ad:f1:72:66:15:06:bb:9b:fb:9a:42:13:27:
                    8c:86:d0:82:39:b0:ca:54:68:3a:b5:38:42:eb:84:
                    90:ac:f1:de:c0:69:20:40:c8:13:f4:ba:05:7d:af:
                    09:de:cd:d9:6f:eb:7a:a2:52:1d:98:04:77:27:fa:
                    d4:7a:94:9e:95:48:f3:19:cc:1f:19:84:da:be:df:
                    fa:37:6d:c0:30:54:3f:29:6a:c3:06:26:26:a8:bf:
                    00:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:A5:E6:3A:C0:E9:0D:4A:C9:53:E2:F7:71:1E:0C:B2:8C:8C:51:00
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/NaXmOsDpDUrJU-L3cR4MsoyMUQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:6c:8f:67:82:42:1e:36:10:c9:d4:93:05:2e:08:ea:e9:80:
         bd:21:a2:e3:25:3b:c1:b2:c1:01:75:b7:cb:f9:19:69:ea:7a:
         d4:2a:90:c1:e8:f0:c2:fb:d2:8e:e7:a8:0e:e2:cb:c2:59:79:
         45:32:f0:cd:64:63:66:26:d9:ae:93:08:09:73:80:ea:3f:06:
         6d:19:8d:af:4e:d9:5a:31:6a:fe:d0:c3:1b:b7:2d:d0:5b:e1:
         6b:83:f6:b3:21:84:2f:e5:f8:6e:c5:84:51:fa:ed:10:47:b8:
         c0:b3:5c:b5:9d:10:06:c2:36:c2:30:da:8f:69:8f:54:81:ea:
         94:95:ea:1a:08:6e:fe:44:3e:b1:d9:2d:08:2d:c5:da:99:8c:
         53:56:cf:21:4d:78:2a:2c:38:0b:5e:b5:4e:5b:07:7d:db:0c:
         2f:0b:78:53:08:9f:28:25:4f:34:2d:e5:1e:5a:09:9c:ce:8f:
         2e:52:2a:93:75:07:50:9e:ee:64:82:46:81:38:53:cf:ef:1d:
         26:9f:0f:61:45:c1:2d:e6:a6:2d:e2:eb:4a:93:d6:da:26:79:
         fb:ed:25:19:f3:e2:f5:6e:fd:04:a3:f0:3f:24:d8:a5:66:bd:
         9c:a0:18:87:08:71:5b:05:2c:1a:c7:9e:b6:c6:a2:c3:6d:18:
         58:b0:03:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIAHqfkLWraEgMCoTulRRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjUwMTAxMTM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWE1ZTYzYWMwZTkwZDRhYzk1M2UyZjc3MTFlMGNiMjhjOGM1MTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp91aQbdYN6IhkN8uvLR8RgYGscDK
oykgb25ly2tDOhbWVOEehbhUsR+p/HBu5EQLvmPKlMhoRWsK6O2S+BE4nXXP0Qgb
RKRGeebcix5DYfG+zxUrpViQx8a9Lo12sAyXmjQyGF6Rp6jVC6gCT3w+BOo8B++F
9fNBU2NScuuE3Q9Q7OEtPVBIldv8OrHtn3VR22LPN6D9Ap7g9RM0MYn3pk6MVBJv
yq3xcmYVBrub+5pCEyeMhtCCObDKVGg6tThC64SQrPHewGkgQMgT9LoFfa8J3s3Z
b+t6olIdmAR3J/rUepSelUjzGcwfGYTavt/6N23AMFQ/KWrDBiYmqL8ASwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWl5jrA6Q1KyVPi93EeDLKMjFEAMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvTmFYbU9zRHBEVXJKVS1MM2NSNE1zb3lNVVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYWZMA0G
CSqGSIb3DQEBCwUAA4IBAQDLbI9ngkIeNhDJ1JMFLgjq6YC9IaLjJTvBssEBdbfL
+Rlp6nrUKpDB6PDC+9KO56gO4svCWXlFMvDNZGNmJtmukwgJc4DqPwZtGY2vTtla
MWr+0MMbty3QW+Frg/azIYQv5fhuxYRR+u0QR7jAs1y1nRAGwjbCMNqPaY9UgeqU
leoaCG7+RD6x2S0ILcXamYxTVs8hTXgqLDgLXrVOWwd92wwvC3hTCJ8oJU80LeUe
Wgmczo8uUiqTdQdQnu5kgkaBOFPP7x0mnw9hRcEt5qYt4utKk9baJnn77SUZ8+L1
bv0Eo/A/JNilZr2coBiHCHFbBSwax562xqLDbRhYsAMd
-----END CERTIFICATE-----