Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/hXFvDfauLNPAF9WisFevrAfOB1o.roa
File:                     hXFvDfauLNPAF9WisFevrAfOB1o.roa (raw, json)
Hash identifier:          +PM39yo15WknA3d/avFILeomoy0TBmCYWA48pwr5g+I=
Subject key identifier:   85:71:6F:0D:F6:AE:2C:D3:C0:17:D5:A2:B0:57:AF:AC:07:CE:07:5A
Certificate issuer:       /CN=4638bf68b6675e2a5a3a7922f6477d2afb357fac
Certificate serial:       01942445A2AAFABE7E3D3FE1BB39EA76A15E
Authority key identifier: 46:38:BF:68:B6:67:5E:2A:5A:3A:79:22:F6:47:7D:2A:FB:35:7F:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rji_aLZnXipaOnki9kd9Kvs1f6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/hXFvDfauLNPAF9WisFevrAfOB1o.roa
Signing time:             Wed 01 Jan 2025 23:48:50 +0000
ROA not before:           Wed 01 Jan 2025 23:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215044
IP address blocks:        45.157.48.0/22 maxlen: 24
                          2a07:9840::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/Rji_aLZnXipaOnki9kd9Kvs1f6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/Rji_aLZnXipaOnki9kd9Kvs1f6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rji_aLZnXipaOnki9kd9Kvs1f6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:a2:aa:fa:be:7e:3d:3f:e1:bb:39:ea:76:a1:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4638bf68b6675e2a5a3a7922f6477d2afb357fac
        Validity
            Not Before: Jan  1 23:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85716f0df6ae2cd3c017d5a2b057afac07ce075a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e0:65:d1:0c:63:34:71:e2:4a:bc:73:85:aa:
                    2d:ca:39:36:96:03:79:1a:4b:4e:20:b4:fc:43:ab:
                    f1:c6:f1:a0:03:b7:37:ca:c7:bc:15:8b:a7:a9:92:
                    96:82:f1:84:d9:ed:b8:ee:56:bc:d3:eb:fd:b8:04:
                    29:8f:6f:f1:a3:19:87:bc:5b:3d:c3:18:88:2c:c7:
                    55:e6:c3:69:2c:7d:fe:fb:e2:3b:e0:84:6f:90:ef:
                    c3:3f:bc:b0:9a:db:e7:70:ef:1f:83:9f:b9:50:47:
                    f5:53:fb:ba:67:09:cf:32:a4:24:64:9c:9d:59:a9:
                    d9:39:d0:63:ec:ee:e0:d4:19:90:38:db:42:74:3a:
                    24:3d:a4:a4:81:ac:93:93:71:5f:f1:d4:94:58:eb:
                    50:14:f0:0d:67:6a:30:9b:47:2a:ea:6f:41:80:db:
                    64:96:5e:2e:8f:06:f3:06:d5:b6:51:24:3b:db:fb:
                    df:f2:b5:a9:ee:fc:00:77:d1:22:3c:14:ee:e2:c0:
                    69:3c:1b:14:5b:81:11:ad:da:ec:45:8a:27:18:06:
                    a2:7a:45:58:a5:a7:6c:d5:05:c4:bd:da:fd:86:42:
                    87:43:07:73:29:2f:93:4f:ba:cd:9d:4a:6b:cf:be:
                    68:d7:3c:4e:1f:ad:9b:df:47:55:da:bd:ea:9c:91:
                    c6:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:71:6F:0D:F6:AE:2C:D3:C0:17:D5:A2:B0:57:AF:AC:07:CE:07:5A
            X509v3 Authority Key Identifier:
                keyid:46:38:BF:68:B6:67:5E:2A:5A:3A:79:22:F6:47:7D:2A:FB:35:7F:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rji_aLZnXipaOnki9kd9Kvs1f6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/hXFvDfauLNPAF9WisFevrAfOB1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/Rji_aLZnXipaOnki9kd9Kvs1f6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.48.0/22
                IPv6:
                  2a07:9840::/29

    Signature Algorithm: sha256WithRSAEncryption
         53:cb:01:8b:cf:b3:11:eb:5c:ba:3f:bb:ca:2b:f6:da:5e:71:
         28:2a:3a:95:af:70:08:82:9b:66:21:92:e8:25:71:80:7e:78:
         0e:f3:1c:97:45:63:44:6e:9b:0b:f6:32:09:44:55:2d:99:f4:
         ab:02:9d:fb:10:77:76:df:0d:e8:82:77:5f:c7:3a:7b:a7:00:
         75:3c:e0:49:81:75:94:3f:d6:95:cf:b5:13:52:51:e6:e5:ba:
         9d:45:3e:de:01:ee:14:22:ab:9a:bd:cb:ce:9b:1b:a8:45:0d:
         8e:77:4a:e6:af:5e:bb:2e:39:72:84:14:2d:52:aa:50:ce:88:
         0a:38:54:6c:0b:78:3c:f1:cf:7c:ab:4f:3d:1d:e4:d2:9e:98:
         fa:b7:45:b3:61:3f:de:c2:1e:85:d9:cb:eb:ca:ae:ea:02:85:
         4f:b7:89:c6:e0:90:de:b1:b4:2d:9f:4c:b9:ab:2c:62:9e:d1:
         e3:9f:e9:89:be:fc:9a:bc:ac:c2:9f:76:0a:37:2c:16:c2:98:
         69:67:48:14:cf:cb:97:38:5c:39:c2:08:34:77:83:94:e7:04:
         f6:dd:e9:42:26:7c:55:74:91:18:a5:e9:1d:64:d8:50:56:c8:
         dc:95:8f:04:56:51:60:64:03:6c:82:b9:7b:ca:f0:3e:54:4d:
         bb:00:74:5d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRaKq+r5+PT/huznqdqFeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2MzhiZjY4YjY2NzVlMmE1YTNhNzkyMmY2NDc3ZDJhZmIz
NTdmYWMwHhcNMjUwMTAxMjM0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTcxNmYwZGY2YWUyY2QzYzAxN2Q1YTJiMDU3YWZhYzA3Y2UwNzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOBl0QxjNHHiSrxzhaotyjk2lgN5
GktOILT8Q6vxxvGgA7c3yse8FYunqZKWgvGE2e247la80+v9uAQpj2/xoxmHvFs9
wxiILMdV5sNpLH3+++I74IRvkO/DP7ywmtvncO8fg5+5UEf1U/u6ZwnPMqQkZJyd
WanZOdBj7O7g1BmQONtCdDokPaSkgayTk3Ff8dSUWOtQFPANZ2owm0cq6m9BgNtk
ll4ujwbzBtW2USQ72/vf8rWp7vwAd9EiPBTu4sBpPBsUW4ERrdrsRYonGAaiekVY
pads1QXEvdr9hkKHQwdzKS+TT7rNnUprz75o1zxOH62b30dV2r3qnJHGjQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIVxbw32rizTwBfVorBXr6wHzgdaMB8GA1UdIwQY
MBaAFEY4v2i2Z14qWjp5IvZHfSr7NX+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmppX2FMWm5YaXBhT25raTlrZDlLdnMxZjZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9lMmY2MTUtNmNhNC00YmY1LTlmNTMt
ODcwNzNmNDM0YjAzLzEvaFhGdkRmYXVMTlBBRjlXaXNGZXZyQWZPQjFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9lMmY2MTUtNmNhNC00YmY1LTlmNTMtODcwNzNmNDM0YjAz
LzEvUmppX2FMWm5YaXBhT25raTlrZDlLdnMxZjZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZ0wMA0E
AgACMAcDBQMqB5hAMA0GCSqGSIb3DQEBCwUAA4IBAQBTywGLz7MR61y6P7vKK/ba
XnEoKjqVr3AIgptmIZLoJXGAfngO8xyXRWNEbpsL9jIJRFUtmfSrAp37EHd23w3o
gndfxzp7pwB1POBJgXWUP9aVz7UTUlHm5bqdRT7eAe4UIquavcvOmxuoRQ2Od0rm
r167LjlyhBQtUqpQzogKOFRsC3g88c98q089HeTSnpj6t0WzYT/ewh6F2cvryq7q
AoVPt4nG4JDesbQtn0y5qyxintHjn+mJvvyavKzCn3YKNywWwphpZ0gUz8uXOFw5
wgg0d4OU5wT23elCJnxVdJEYpekdZNhQVsjclY8EVlFgZANsgrl7yvA+VE27AHRd
-----END CERTIFICATE-----