Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/VeyJDEEty7IaphGW3rZRjoHUojg.roa
File:                     VeyJDEEty7IaphGW3rZRjoHUojg.roa (raw, json)
Hash identifier:          nlnkQXVcXOy604OjeWWR6cJfH3A2u1gS0XEnkUUPxgU=
Subject key identifier:   55:EC:89:0C:41:2D:CB:B2:1A:A6:11:96:DE:B6:51:8E:81:D4:A2:38
Certificate issuer:       /CN=cc6077e004e88eff8f13b7740df254d9e48dd574
Certificate serial:       019421B210E971A46B70FB2A42BF1B4F5D65
Authority key identifier: CC:60:77:E0:04:E8:8E:FF:8F:13:B7:74:0D:F2:54:D9:E4:8D:D5:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zGB34ATojv-PE7d0DfJU2eSN1XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/VeyJDEEty7IaphGW3rZRjoHUojg.roa
Signing time:             Wed 01 Jan 2025 11:48:25 +0000
ROA not before:           Wed 01 Jan 2025 11:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49030
IP address blocks:        45.10.120.0/22 maxlen: 24
                          2a0e:3d80:beaf::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/zGB34ATojv-PE7d0DfJU2eSN1XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/zGB34ATojv-PE7d0DfJU2eSN1XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zGB34ATojv-PE7d0DfJU2eSN1XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:10:e9:71:a4:6b:70:fb:2a:42:bf:1b:4f:5d:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc6077e004e88eff8f13b7740df254d9e48dd574
        Validity
            Not Before: Jan  1 11:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55ec890c412dcbb21aa61196deb6518e81d4a238
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:60:8a:25:65:5b:c6:a5:1c:2d:fe:18:8c:c6:
                    a9:12:a8:e0:09:d3:79:58:05:31:21:9a:8d:32:a6:
                    66:f4:9e:64:0b:b3:51:8c:b2:27:82:7a:56:1e:67:
                    6c:b0:27:1e:7f:15:28:6f:73:4c:c9:89:d4:0d:a1:
                    ca:f4:18:26:e2:86:bd:5d:b4:cd:7d:fd:2c:6b:12:
                    3a:8c:1f:77:13:df:dd:d8:4e:f7:6d:31:ed:6b:34:
                    14:86:f0:d5:f2:27:f3:a0:bb:14:1d:85:ca:26:fa:
                    7c:35:09:ff:f7:00:bc:51:88:5f:1e:5e:17:6e:91:
                    63:20:4f:a8:c2:b0:a7:85:db:3d:33:3e:69:94:d4:
                    71:95:88:b5:2d:80:bf:cb:5f:79:96:14:7e:ff:be:
                    3d:79:63:b8:87:41:59:66:07:e5:58:8c:86:79:2c:
                    3f:a5:9b:4f:73:dd:bc:93:41:f6:00:1d:a7:4f:f9:
                    b6:f3:16:de:9e:b2:28:df:dc:0f:8f:af:ef:76:4a:
                    80:76:2d:be:e3:83:40:dd:4c:3d:d8:31:db:1d:5c:
                    ec:7b:9d:ab:a2:bf:f5:90:d4:be:7e:32:f6:f6:de:
                    b7:a1:f8:65:d5:07:b5:1c:31:dc:3c:20:42:dc:45:
                    66:7e:8d:f4:d6:36:d8:9d:99:da:7b:4e:d3:8f:83:
                    ef:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:EC:89:0C:41:2D:CB:B2:1A:A6:11:96:DE:B6:51:8E:81:D4:A2:38
            X509v3 Authority Key Identifier:
                keyid:CC:60:77:E0:04:E8:8E:FF:8F:13:B7:74:0D:F2:54:D9:E4:8D:D5:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zGB34ATojv-PE7d0DfJU2eSN1XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/VeyJDEEty7IaphGW3rZRjoHUojg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/zGB34ATojv-PE7d0DfJU2eSN1XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.120.0/22
                IPv6:
                  2a0e:3d80:beaf::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:9f:db:a6:42:90:01:69:a8:6d:28:6c:a3:87:da:f1:28:a5:
         1e:c6:26:c6:49:a1:11:1c:77:9d:50:41:38:35:b4:61:7a:50:
         27:f8:92:1c:b2:9d:c0:09:88:84:87:dc:3c:b4:e8:44:67:2b:
         24:d1:9a:fd:33:77:03:ad:ee:70:74:f0:a8:77:95:4a:25:31:
         45:46:c1:e9:26:f7:2a:53:c5:f9:66:8b:b8:24:0e:33:60:df:
         99:da:61:83:7e:d9:d9:df:2d:c0:1f:c3:87:98:15:2a:51:98:
         bd:ce:3f:e3:30:42:ea:d8:13:23:79:f3:77:1c:3c:58:35:22:
         03:3b:5d:b5:83:58:89:67:4b:71:3d:a1:b3:b2:f1:f1:90:d0:
         ff:5a:ad:77:6d:21:5f:47:ee:3a:db:5c:42:0a:9d:c0:94:4e:
         57:ae:5e:e4:08:ae:67:1c:0e:eb:ed:e7:58:09:78:ba:2e:8b:
         da:16:60:ce:0b:56:a5:4e:80:58:22:57:9f:64:8e:2a:9b:fc:
         8b:d3:1c:43:aa:e2:30:99:c6:1b:2d:f9:b5:9b:56:65:7b:a4:
         35:22:79:46:1e:2b:fb:5b:6f:5c:0b:98:26:a3:91:8c:74:8f:
         e9:91:40:40:be:89:f4:d6:99:c8:1f:c3:70:29:7c:7c:43:6e:
         44:95:2e:4b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhshDpcaRrcPsqQr8bT11lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNjA3N2UwMDRlODhlZmY4ZjEzYjc3NDBkZjI1NGQ5ZTQ4
ZGQ1NzQwHhcNMjUwMTAxMTE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWVjODkwYzQxMmRjYmIyMWFhNjExOTZkZWI2NTE4ZTgxZDRhMjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGCKJWVbxqUcLf4YjMapEqjgCdN5
WAUxIZqNMqZm9J5kC7NRjLIngnpWHmdssCcefxUob3NMyYnUDaHK9Bgm4oa9XbTN
ff0saxI6jB93E9/d2E73bTHtazQUhvDV8ifzoLsUHYXKJvp8NQn/9wC8UYhfHl4X
bpFjIE+owrCnhds9Mz5plNRxlYi1LYC/y195lhR+/749eWO4h0FZZgflWIyGeSw/
pZtPc928k0H2AB2nT/m28xbenrIo39wPj6/vdkqAdi2+44NA3Uw92DHbHVzse52r
or/1kNS+fjL29t63ofhl1Qe1HDHcPCBC3EVmfo301jbYnZnae07Tj4PvHwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFXsiQxBLcuyGqYRlt62UY6B1KI4MB8GA1UdIwQY
MBaAFMxgd+AE6I7/jxO3dA3yVNnkjdV0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekdCMzRBVG9qdi1QRTdkMERmSlUyZVNOMVhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81ODE3OGQtMzc3Yi00NjBhLTk0YjEt
NDY3MWY0YmFhOWIxLzEvVmV5SkRFRXR5N0lhcGhHVzNyWlJqb0hVb2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81ODE3OGQtMzc3Yi00NjBhLTk0YjEtNDY3MWY0YmFhOWIx
LzEvekdCMzRBVG9qdi1QRTdkMERmSlUyZVNOMVhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCLQp4MA8E
AgACMAkDBwAqDj2Avq8wDQYJKoZIhvcNAQELBQADggEBACKf26ZCkAFpqG0obKOH
2vEopR7GJsZJoREcd51QQTg1tGF6UCf4khyyncAJiISH3Dy06ERnKyTRmv0zdwOt
7nB08Kh3lUolMUVGwekm9ypTxflmi7gkDjNg35naYYN+2dnfLcAfw4eYFSpRmL3O
P+MwQurYEyN583ccPFg1IgM7XbWDWIlnS3E9obOy8fGQ0P9arXdtIV9H7jrbXEIK
ncCUTleuXuQIrmccDuvt51gJeLoui9oWYM4LVqVOgFgiV59kjiqb/IvTHEOq4jCZ
xhst+bWbVmV7pDUieUYeK/tbb1wLmCajkYx0j+mRQEC+ifTWmcgfw3ApfHxDbkSV
Lks=
-----END CERTIFICATE-----