Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/f25506-6a6c-497d-a4ab-248c47b3c7d8/1/57xvgs1C64qj87aIpNvXlZvGXRo.roa
File:                     57xvgs1C64qj87aIpNvXlZvGXRo.roa (raw, json)
Hash identifier:          zjoFwMxs5GYLsG8xg0G8PjPosJWEnHUje1reYWnSt8s=
Subject key identifier:   E7:BC:6F:82:CD:42:EB:8A:A3:F3:B6:88:A4:DB:D7:95:9B:C6:5D:1A
Certificate issuer:       /CN=35216a360277876e3e93b29bd4bb9c9231fad2f7
Certificate serial:       019422FBF26FAC512D04DCF3FBA5C9243757
Authority key identifier: 35:21:6A:36:02:77:87:6E:3E:93:B2:9B:D4:BB:9C:92:31:FA:D2:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSFqNgJ3h24-k7Kb1LuckjH60vc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/f25506-6a6c-497d-a4ab-248c47b3c7d8/1/57xvgs1C64qj87aIpNvXlZvGXRo.roa
Signing time:             Wed 01 Jan 2025 17:48:44 +0000
ROA not before:           Wed 01 Jan 2025 17:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208802
IP address blocks:        45.84.200.0/22 maxlen: 22
                          45.84.200.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/f25506-6a6c-497d-a4ab-248c47b3c7d8/1/NSFqNgJ3h24-k7Kb1LuckjH60vc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/f25506-6a6c-497d-a4ab-248c47b3c7d8/1/NSFqNgJ3h24-k7Kb1LuckjH60vc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NSFqNgJ3h24-k7Kb1LuckjH60vc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:f2:6f:ac:51:2d:04:dc:f3:fb:a5:c9:24:37:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35216a360277876e3e93b29bd4bb9c9231fad2f7
        Validity
            Not Before: Jan  1 17:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7bc6f82cd42eb8aa3f3b688a4dbd7959bc65d1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:67:af:0a:43:f9:5a:59:d6:da:53:58:8c:c9:
                    c7:68:93:04:08:23:2b:2d:6e:ee:25:fa:c7:48:20:
                    58:af:6a:0a:bd:2c:2c:01:ab:45:87:dd:bf:8d:e9:
                    e5:9c:86:42:d4:fa:8e:90:d7:b8:4b:99:95:b8:5f:
                    a6:c0:01:a6:06:a3:58:28:ca:c6:dc:41:7c:36:44:
                    b8:7e:c8:11:a5:46:23:05:c3:78:a3:b8:8b:f6:af:
                    07:10:09:00:1c:08:ce:c9:a8:7d:60:6f:a2:11:fa:
                    1b:6a:75:5f:f2:f0:f3:77:c4:24:a1:b5:27:51:cb:
                    b0:fc:58:06:37:8a:92:44:ca:38:5e:b8:a3:d8:a8:
                    cb:39:d1:04:8d:c7:ea:74:1a:ab:1a:92:8a:0d:2b:
                    c4:0c:b0:13:51:4a:49:06:6a:d1:07:c3:20:75:10:
                    9b:58:a6:cc:7d:89:89:f0:92:c4:14:92:34:d1:00:
                    e5:fd:11:57:77:7f:16:15:ba:c4:03:be:5e:0f:14:
                    da:a4:de:58:68:09:b3:98:e9:fc:e7:f9:84:bd:a3:
                    30:a7:b8:f3:d7:91:cf:fd:a2:66:99:89:43:45:d1:
                    9c:77:1f:cb:32:19:d3:04:06:4c:8b:53:c1:06:cd:
                    43:f7:52:4c:a6:8c:e9:d2:dd:0a:d5:06:b9:cb:24:
                    03:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:BC:6F:82:CD:42:EB:8A:A3:F3:B6:88:A4:DB:D7:95:9B:C6:5D:1A
            X509v3 Authority Key Identifier:
                keyid:35:21:6A:36:02:77:87:6E:3E:93:B2:9B:D4:BB:9C:92:31:FA:D2:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSFqNgJ3h24-k7Kb1LuckjH60vc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/f25506-6a6c-497d-a4ab-248c47b3c7d8/1/57xvgs1C64qj87aIpNvXlZvGXRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/f25506-6a6c-497d-a4ab-248c47b3c7d8/1/NSFqNgJ3h24-k7Kb1LuckjH60vc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:0e:d6:d1:82:f1:cd:f9:53:ba:d9:ac:2d:68:61:98:06:d1:
         a3:37:ab:24:62:3e:d9:74:3c:a7:d5:d6:9e:c9:8c:a1:78:83:
         27:e6:3d:3a:ad:3a:f1:18:86:03:77:eb:06:b4:e5:97:4a:ed:
         60:0f:f1:c3:3f:6c:4c:c7:a1:3b:d1:75:76:e8:62:cd:b5:17:
         91:3e:37:56:69:3c:ca:07:e4:6c:9c:55:d0:ef:da:bc:98:5c:
         28:79:e3:1b:76:4c:fb:3c:c5:4a:65:e7:64:95:9f:c7:72:e1:
         c1:57:26:e9:e3:92:52:3b:3e:a4:7a:d4:92:eb:14:4b:45:9a:
         7d:91:7b:91:a1:c3:8a:c1:cb:8a:c1:46:63:28:75:ea:b9:36:
         09:6a:f1:0f:86:fd:21:8f:27:e7:f7:17:f1:b6:86:79:83:42:
         42:ec:89:c2:35:bb:00:b8:52:d5:38:1b:ee:66:f9:18:75:84:
         71:c7:9c:0b:4d:9f:71:08:23:5d:ce:b2:e6:fa:16:0b:eb:56:
         93:70:e7:c2:d2:14:57:fd:cc:2a:3a:da:9f:e2:cf:0d:fd:33:
         5c:be:b8:a0:1c:fc:32:c5:84:40:b8:93:46:c9:89:97:83:2a:
         21:54:3c:80:9f:ef:82:31:0e:71:8c:7c:95:d2:d1:1f:3a:74:
         15:32:39:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+/JvrFEtBNzz+6XJJDdXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MjE2YTM2MDI3Nzg3NmUzZTkzYjI5YmQ0YmI5YzkyMzFm
YWQyZjcwHhcNMjUwMTAxMTc0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2JjNmY4MmNkNDJlYjhhYTNmM2I2ODhhNGRiZDc5NTliYzY1ZDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGevCkP5WlnW2lNYjMnHaJMECCMr
LW7uJfrHSCBYr2oKvSwsAatFh92/jenlnIZC1PqOkNe4S5mVuF+mwAGmBqNYKMrG
3EF8NkS4fsgRpUYjBcN4o7iL9q8HEAkAHAjOyah9YG+iEfobanVf8vDzd8QkobUn
Ucuw/FgGN4qSRMo4Xrij2KjLOdEEjcfqdBqrGpKKDSvEDLATUUpJBmrRB8MgdRCb
WKbMfYmJ8JLEFJI00QDl/RFXd38WFbrEA75eDxTapN5YaAmzmOn85/mEvaMwp7jz
15HP/aJmmYlDRdGcdx/LMhnTBAZMi1PBBs1D91JMpozp0t0K1Qa5yyQDYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOe8b4LNQuuKo/O2iKTb15Wbxl0aMB8GA1UdIwQY
MBaAFDUhajYCd4duPpOym9S7nJIx+tL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNGcU5nSjNoMjQtazdLYjFMdWNrakg2MHZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9mMjU1MDYtNmE2Yy00OTdkLWE0YWIt
MjQ4YzQ3YjNjN2Q4LzEvNTd4dmdzMUM2NHFqODdhSXBOdlhsWnZHWFJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9mMjU1MDYtNmE2Yy00OTdkLWE0YWItMjQ4YzQ3YjNjN2Q4
LzEvTlNGcU5nSjNoMjQtazdLYjFMdWNrakg2MHZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVTIMA0G
CSqGSIb3DQEBCwUAA4IBAQCJDtbRgvHN+VO62awtaGGYBtGjN6skYj7ZdDyn1dae
yYyheIMn5j06rTrxGIYDd+sGtOWXSu1gD/HDP2xMx6E70XV26GLNtReRPjdWaTzK
B+RsnFXQ79q8mFwoeeMbdkz7PMVKZedklZ/HcuHBVybp45JSOz6ketSS6xRLRZp9
kXuRocOKwcuKwUZjKHXquTYJavEPhv0hjyfn9xfxtoZ5g0JC7InCNbsAuFLVOBvu
ZvkYdYRxx5wLTZ9xCCNdzrLm+hYL61aTcOfC0hRX/cwqOtqf4s8N/TNcvrigHPwy
xYRAuJNGyYmXgyohVDyAn++CMQ5xjHyV0tEfOnQVMjk6
-----END CERTIFICATE-----