Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/xliT3Gkp48ruEpepSAfNq6I5GMQ.roa
File:                     xliT3Gkp48ruEpepSAfNq6I5GMQ.roa (raw, json)
Hash identifier:          bQHFNVOpyqGGjO4nKM25+4E7+15cBfZcMGHHBW+MZU0=
Subject key identifier:   C6:58:93:DC:69:29:E3:CA:EE:12:97:A9:48:07:CD:AB:A2:39:18:C4
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019421B241C326256784832F6ADF3F376FD1
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/xliT3Gkp48ruEpepSAfNq6I5GMQ.roa
Signing time:             Wed 01 Jan 2025 11:48:37 +0000
ROA not before:           Wed 01 Jan 2025 11:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152179
IP address blocks:        45.8.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:41:c3:26:25:67:84:83:2f:6a:df:3f:37:6f:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 11:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c65893dc6929e3caee1297a94807cdaba23918c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:75:52:2c:22:93:95:63:ce:a1:b2:1d:dc:db:
                    71:d5:2c:6d:28:5a:f1:2e:b0:08:c8:dc:e9:a7:ca:
                    d1:95:4a:d3:27:be:84:75:69:18:e8:08:00:9e:a8:
                    bf:8a:4f:f8:08:c7:d1:40:07:da:61:69:d4:dd:22:
                    2f:60:92:e5:c9:a7:66:0a:76:d6:d5:ee:e4:9b:c1:
                    c2:8a:c9:d1:ed:81:24:55:68:40:89:72:bb:37:8c:
                    0d:d9:ee:db:68:95:3c:11:dd:0e:77:32:2e:60:4f:
                    fe:17:98:5b:8c:e3:4d:8a:00:98:4c:28:b9:8f:1a:
                    49:51:0a:50:c1:af:92:d3:de:e8:a8:e1:1f:8f:e5:
                    83:36:3c:f8:c6:c6:cd:71:b5:c1:12:0d:85:f2:de:
                    d4:0c:a7:74:97:b0:60:13:88:ad:55:48:6d:31:5b:
                    68:80:7c:76:96:6c:d1:84:24:4a:39:0a:5a:19:a1:
                    b4:d3:22:a0:94:fb:e9:64:55:c7:a1:7d:7c:3c:8d:
                    8a:c8:4c:04:ea:bb:be:10:57:83:6f:89:ff:81:4d:
                    61:37:0a:79:53:eb:62:f4:a7:47:a6:54:7e:cb:35:
                    6c:6a:2f:56:90:c2:8f:97:cc:75:53:3b:c8:00:94:
                    91:e7:ca:fe:71:41:d5:69:61:48:18:c8:bb:58:6d:
                    ee:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:58:93:DC:69:29:E3:CA:EE:12:97:A9:48:07:CD:AB:A2:39:18:C4
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/xliT3Gkp48ruEpepSAfNq6I5GMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:95:6c:29:22:cd:46:03:c0:2c:5b:68:e9:e8:4b:a5:63:b1:
         68:35:fc:e6:a0:44:5f:1a:9f:b8:2c:65:eb:95:80:92:71:09:
         e5:1c:e5:43:bc:6f:c7:99:0b:66:86:54:86:10:e5:28:a2:8a:
         80:59:98:6f:d9:22:92:d0:28:31:1c:d0:d2:74:a8:d4:2e:4b:
         4f:e9:77:ae:16:3f:b7:4b:7f:76:ec:56:08:f7:6e:30:73:96:
         8c:24:10:73:8f:5a:25:e0:2d:18:b9:ab:17:85:3c:41:16:c2:
         41:cd:df:0d:16:9b:24:82:0e:87:96:8e:40:d8:c6:4e:85:83:
         49:60:44:56:44:3f:e0:63:8a:08:64:69:94:27:81:82:85:77:
         c5:55:a9:05:ef:e3:11:a6:5c:3b:2d:17:22:1b:a1:3e:2f:7a:
         04:68:51:e8:b0:d4:82:dd:c0:00:4c:df:8b:6d:0d:13:cf:ed:
         83:88:65:97:a1:37:e9:73:d7:63:a4:59:b3:9a:6c:e7:f8:df:
         ad:23:91:87:f4:eb:c3:77:ff:1b:ee:41:61:06:50:f3:d5:fd:
         f9:7e:78:cb:d7:fc:71:34:95:31:46:56:42:8c:0e:8d:58:8d:
         bd:12:11:3a:b2:51:99:40:b6:3f:5a:8f:46:2b:02:ac:f4:66:
         e0:2d:7f:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhskHDJiVnhIMvat8/N2/RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwMTAxMTE0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjU4OTNkYzY5MjllM2NhZWUxMjk3YTk0ODA3Y2RhYmEyMzkxOGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XVSLCKTlWPOobId3Ntx1SxtKFrx
LrAIyNzpp8rRlUrTJ76EdWkY6AgAnqi/ik/4CMfRQAfaYWnU3SIvYJLlyadmCnbW
1e7km8HCisnR7YEkVWhAiXK7N4wN2e7baJU8Ed0OdzIuYE/+F5hbjONNigCYTCi5
jxpJUQpQwa+S097oqOEfj+WDNjz4xsbNcbXBEg2F8t7UDKd0l7BgE4itVUhtMVto
gHx2lmzRhCRKOQpaGaG00yKglPvpZFXHoX18PI2KyEwE6ru+EFeDb4n/gU1hNwp5
U+ti9KdHplR+yzVsai9WkMKPl8x1UzvIAJSR58r+cUHVaWFIGMi7WG3uaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZYk9xpKePK7hKXqUgHzauiORjEMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEveGxpVDNHa3A0OHJ1RXBlcFNBZk5xNkk1R01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQi/MA0G
CSqGSIb3DQEBCwUAA4IBAQBslWwpIs1GA8AsW2jp6EulY7FoNfzmoERfGp+4LGXr
lYCScQnlHOVDvG/HmQtmhlSGEOUoooqAWZhv2SKS0CgxHNDSdKjULktP6XeuFj+3
S3927FYI924wc5aMJBBzj1ol4C0YuasXhTxBFsJBzd8NFpskgg6Hlo5A2MZOhYNJ
YERWRD/gY4oIZGmUJ4GChXfFVakF7+MRplw7LRciG6E+L3oEaFHosNSC3cAATN+L
bQ0Tz+2DiGWXoTfpc9djpFmzmmzn+N+tI5GH9OvDd/8b7kFhBlDz1f35fnjL1/xx
NJUxRlZCjA6NWI29EhE6slGZQLY/Wo9GKwKs9GbgLX94
-----END CERTIFICATE-----