Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/17af94-7214-4adb-b304-10255718a185/1/N5E83UpLjMoi8mpIjadF8EBEZHc.roa
File:                     N5E83UpLjMoi8mpIjadF8EBEZHc.roa (raw, json)
Hash identifier:          cZc2s8T64g7zUGVGUfnt3YLhqIDpL+dicIuuj0vLjiE=
Subject key identifier:   37:91:3C:DD:4A:4B:8C:CA:22:F2:6A:48:8D:A7:45:F0:40:44:64:77
Certificate issuer:       /CN=a8847f64567e4aa4ad5cb7fc22f22df4e2bc6978
Certificate serial:       01942747B6DF7714DBC08B74C5A3665F5C3C
Authority key identifier: A8:84:7F:64:56:7E:4A:A4:AD:5C:B7:FC:22:F2:2D:F4:E2:BC:69:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qIR_ZFZ-SqStXLf8IvIt9OK8aXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/17af94-7214-4adb-b304-10255718a185/1/N5E83UpLjMoi8mpIjadF8EBEZHc.roa
Signing time:             Thu 02 Jan 2025 13:49:58 +0000
ROA not before:           Thu 02 Jan 2025 13:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208221
IP address blocks:        45.153.12.0/22 maxlen: 24
                          2a0f:8b00::/34 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/17af94-7214-4adb-b304-10255718a185/1/qIR_ZFZ-SqStXLf8IvIt9OK8aXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/17af94-7214-4adb-b304-10255718a185/1/qIR_ZFZ-SqStXLf8IvIt9OK8aXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qIR_ZFZ-SqStXLf8IvIt9OK8aXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:b6:df:77:14:db:c0:8b:74:c5:a3:66:5f:5c:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8847f64567e4aa4ad5cb7fc22f22df4e2bc6978
        Validity
            Not Before: Jan  2 13:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37913cdd4a4b8cca22f26a488da745f040446477
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:78:57:09:5b:32:31:28:38:a1:28:1f:3a:1d:
                    22:9d:7b:66:3f:8c:f0:8c:43:b8:81:b7:01:26:45:
                    76:fc:03:00:8f:4e:f7:ae:d8:21:bd:c5:90:38:e8:
                    ef:8e:b6:c0:eb:b0:e3:b6:ff:ea:16:82:45:1b:2d:
                    7a:e3:22:f8:b5:6c:e0:be:b1:91:dc:cf:e1:11:3d:
                    ac:0e:51:b4:89:e2:e3:0d:56:b6:00:ad:90:d3:dd:
                    a2:94:0d:c5:1a:71:8f:c7:4c:af:d8:c0:7f:0d:e1:
                    d5:30:a7:86:e8:88:6a:79:db:c8:86:6f:8a:44:27:
                    18:e1:d6:16:9c:2a:72:8a:ff:28:d0:0a:50:a4:5d:
                    f1:09:77:e6:99:bc:9c:1c:85:67:ed:7f:b4:51:5b:
                    b8:0a:fa:19:a0:a2:1e:a0:75:44:e8:9a:9f:e4:77:
                    e3:08:14:8d:c5:aa:04:57:46:f8:4a:03:69:81:ea:
                    cb:f8:25:cc:f5:2d:af:aa:a5:fe:c1:28:1f:9c:97:
                    0c:0e:4d:5e:65:33:04:2e:b4:68:b0:64:b8:64:76:
                    ed:52:17:9b:40:be:f2:60:5a:be:fc:b1:df:77:30:
                    69:d3:41:0e:bb:74:a3:cb:a1:85:5c:36:80:03:3c:
                    5b:d8:c6:f2:e0:8f:57:4d:e6:d4:e4:5c:f8:e5:c4:
                    fd:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:91:3C:DD:4A:4B:8C:CA:22:F2:6A:48:8D:A7:45:F0:40:44:64:77
            X509v3 Authority Key Identifier:
                keyid:A8:84:7F:64:56:7E:4A:A4:AD:5C:B7:FC:22:F2:2D:F4:E2:BC:69:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qIR_ZFZ-SqStXLf8IvIt9OK8aXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/17af94-7214-4adb-b304-10255718a185/1/N5E83UpLjMoi8mpIjadF8EBEZHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/17af94-7214-4adb-b304-10255718a185/1/qIR_ZFZ-SqStXLf8IvIt9OK8aXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.12.0/22
                IPv6:
                  2a0f:8b00::/34

    Signature Algorithm: sha256WithRSAEncryption
         ad:4b:fc:31:98:ac:dd:a0:ba:e4:bb:22:06:b3:e0:e1:65:69:
         c9:6f:a0:b6:f4:c9:61:8e:81:8f:54:27:bc:41:8a:f7:c4:36:
         36:f5:e6:5d:ed:35:c3:0d:32:e5:28:1d:eb:99:43:ce:3f:64:
         bb:98:26:db:e3:3b:ed:1b:86:10:dd:00:ec:58:d0:ff:6f:63:
         6f:d6:f7:2f:be:00:6e:01:5c:49:43:e4:c1:df:7d:fb:60:bf:
         3b:b1:f8:5a:b1:c1:56:53:31:14:a6:c7:ce:a1:86:7e:d8:d2:
         d9:ef:d5:8f:9a:a1:21:a6:6f:32:0f:30:8d:90:c7:58:5e:25:
         1d:08:a4:a6:69:e7:97:28:9a:e1:09:ed:40:0c:6d:de:a8:97:
         1e:53:e1:ca:a9:1a:10:79:99:8a:70:58:24:ff:57:b1:42:27:
         7a:e8:6a:33:58:fb:c1:fe:e0:51:ef:a6:10:82:67:52:fc:74:
         a3:d4:af:16:b0:01:55:d6:b1:67:f7:8b:20:fd:aa:1b:4f:36:
         5b:ec:26:c6:d3:7c:f4:05:11:90:34:ce:87:56:f6:eb:e6:62:
         a4:ad:4f:16:6f:dc:7c:6a:3e:2d:bc:ff:17:68:16:11:e2:fe:
         8a:d1:de:2a:d7:94:54:98:5e:bb:e6:3e:45:2d:7f:19:77:81:
         9e:7b:fe:ee
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQnR7bfdxTbwIt0xaNmX1w8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ODQ3ZjY0NTY3ZTRhYTRhZDVjYjdmYzIyZjIyZGY0ZTJi
YzY5NzgwHhcNMjUwMTAyMTM0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzkxM2NkZDRhNGI4Y2NhMjJmMjZhNDg4ZGE3NDVmMDQwNDQ2NDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXhXCVsyMSg4oSgfOh0inXtmP4zw
jEO4gbcBJkV2/AMAj073rtghvcWQOOjvjrbA67Djtv/qFoJFGy164yL4tWzgvrGR
3M/hET2sDlG0ieLjDVa2AK2Q092ilA3FGnGPx0yv2MB/DeHVMKeG6IhqedvIhm+K
RCcY4dYWnCpyiv8o0ApQpF3xCXfmmbycHIVn7X+0UVu4CvoZoKIeoHVE6Jqf5Hfj
CBSNxaoEV0b4SgNpgerL+CXM9S2vqqX+wSgfnJcMDk1eZTMELrRosGS4ZHbtUheb
QL7yYFq+/LHfdzBp00EOu3Sjy6GFXDaAAzxb2Mby4I9XTebU5Fz45cT95QIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFDeRPN1KS4zKIvJqSI2nRfBARGR3MB8GA1UdIwQY
MBaAFKiEf2RWfkqkrVy3/CLyLfTivGl4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUlSX1pGWi1TcVN0WExmOEl2SXQ5T0s4YVhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8xN2FmOTQtNzIxNC00YWRiLWIzMDQt
MTAyNTU3MThhMTg1LzEvTjVFODNVcExqTW9pOG1wSWphZEY4RUJFWkhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8xN2FmOTQtNzIxNC00YWRiLWIzMDQtMTAyNTU3MThhMTg1
LzEvcUlSX1pGWi1TcVN0WExmOEl2SXQ5T0s4YVhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCLZkMMA4E
AgACMAgDBgYqD4sAADANBgkqhkiG9w0BAQsFAAOCAQEArUv8MZis3aC65LsiBrPg
4WVpyW+gtvTJYY6Bj1QnvEGK98Q2NvXmXe01ww0y5Sgd65lDzj9ku5gm2+M77RuG
EN0A7FjQ/29jb9b3L74AbgFcSUPkwd99+2C/O7H4WrHBVlMxFKbHzqGGftjS2e/V
j5qhIaZvMg8wjZDHWF4lHQikpmnnlyia4QntQAxt3qiXHlPhyqkaEHmZinBYJP9X
sUIneuhqM1j7wf7gUe+mEIJnUvx0o9SvFrABVdaxZ/eLIP2qG082W+wmxtN89AUR
kDTOh1b26+ZipK1PFm/cfGo+Lbz/F2gWEeL+itHeKteUVJheu+Y+RS1/GXeBnnv+
7g==
-----END CERTIFICATE-----