Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/4shZBDKZZPGnSQMfuQiOImBHql8.roa
File:                     4shZBDKZZPGnSQMfuQiOImBHql8.roa (raw, json)
Hash identifier:          Jfoq3n1s/kyNKvCWlVGyWbHUx4CSO8/9+CCCYgnc/Us=
Subject key identifier:   E2:C8:59:04:32:99:64:F1:A7:49:03:1F:B9:08:8E:22:60:47:AA:5F
Certificate issuer:       /CN=62927b36b138f086358938e3acfda4638e56a792
Certificate serial:       019425FDD53DB2B6D958963F828F827520D1
Authority key identifier: 62:92:7B:36:B1:38:F0:86:35:89:38:E3:AC:FD:A4:63:8E:56:A7:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YpJ7NrE48IY1iTjjrP2kY45Wp5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/4shZBDKZZPGnSQMfuQiOImBHql8.roa
Signing time:             Thu 02 Jan 2025 07:49:39 +0000
ROA not before:           Thu 02 Jan 2025 07:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207265
IP address blocks:        45.151.128.0/22 maxlen: 22
                          2a10:20c0::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/YpJ7NrE48IY1iTjjrP2kY45Wp5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/YpJ7NrE48IY1iTjjrP2kY45Wp5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YpJ7NrE48IY1iTjjrP2kY45Wp5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:d5:3d:b2:b6:d9:58:96:3f:82:8f:82:75:20:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62927b36b138f086358938e3acfda4638e56a792
        Validity
            Not Before: Jan  2 07:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2c85904329964f1a749031fb9088e226047aa5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ec:f6:98:74:d4:9a:ce:62:fe:b4:b4:bf:ae:
                    30:41:b1:10:73:d0:cd:9f:c6:fd:67:46:3e:2a:be:
                    90:fd:4f:f1:5f:b5:77:d0:43:53:67:0e:48:4a:b1:
                    17:7f:54:7e:d4:4b:fa:be:73:13:19:4f:95:01:46:
                    42:f3:8d:07:0a:ce:60:f5:90:0f:a4:de:fb:0d:48:
                    ac:ec:d7:41:5a:51:07:0a:00:0a:34:a4:e8:f8:8d:
                    c5:75:b8:e8:7d:98:e9:0d:dc:dd:64:81:7c:f5:74:
                    c2:06:eb:df:9d:09:d4:44:b8:74:0a:71:59:0f:c1:
                    37:f8:b5:ee:68:3c:58:e6:ee:95:c0:dd:a4:29:9f:
                    3b:a4:6c:b8:ac:50:ab:ad:c1:a7:14:1e:3f:cb:df:
                    f0:5a:58:61:37:07:53:22:8e:40:33:ea:97:20:38:
                    c4:ef:cb:99:86:56:8b:44:79:3f:60:73:bf:09:2e:
                    8f:22:a4:f5:e7:4d:11:fe:c5:2b:db:62:4f:b8:6b:
                    9f:65:32:5f:50:c7:6b:7f:80:71:23:c5:80:fa:89:
                    87:e1:83:40:f6:20:ab:04:13:0c:fb:28:ef:dd:bb:
                    4a:ce:b4:dd:e2:60:d4:15:5c:4f:68:aa:4e:63:d6:
                    52:e6:0b:63:56:e3:2c:53:61:43:60:bb:12:15:66:
                    f9:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:C8:59:04:32:99:64:F1:A7:49:03:1F:B9:08:8E:22:60:47:AA:5F
            X509v3 Authority Key Identifier:
                keyid:62:92:7B:36:B1:38:F0:86:35:89:38:E3:AC:FD:A4:63:8E:56:A7:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YpJ7NrE48IY1iTjjrP2kY45Wp5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/4shZBDKZZPGnSQMfuQiOImBHql8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/YpJ7NrE48IY1iTjjrP2kY45Wp5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.128.0/22
                IPv6:
                  2a10:20c0::/30

    Signature Algorithm: sha256WithRSAEncryption
         13:51:56:95:cd:8f:e1:cb:02:af:27:dc:3c:d6:a2:e4:80:eb:
         21:df:9c:df:73:b8:1a:6b:4b:57:f4:2c:09:68:03:94:b1:87:
         06:f2:26:26:dd:80:c9:ea:bd:83:c9:d5:01:6b:a1:ed:00:03:
         aa:9f:58:ba:24:af:bb:96:f8:b9:7a:63:0d:1a:93:98:98:76:
         ae:d6:db:30:ba:31:1f:c1:bc:36:32:47:98:61:de:65:aa:d8:
         8d:83:50:99:fe:fe:5b:be:af:f5:b9:48:52:1a:09:1b:48:17:
         87:71:a0:ae:f0:20:e6:ff:fc:40:7e:03:5a:71:cc:10:3e:ba:
         67:03:eb:d7:32:32:b6:a7:cc:f2:a2:1b:89:0c:57:bf:dc:07:
         28:41:23:58:09:2f:48:be:2c:c5:3c:d1:df:d4:66:b5:c1:76:
         91:e6:15:06:67:de:34:be:3d:8c:0e:6c:42:09:72:41:20:23:
         8d:0b:ba:3b:70:8f:91:b6:67:4d:3b:f6:fb:1a:8e:5d:9d:1a:
         33:3b:c3:c3:4e:b6:f6:7d:bd:90:2d:83:e5:6a:fb:99:ab:5e:
         ed:89:04:9b:c1:93:0c:9c:fa:ee:ca:0e:c2:c2:66:d0:17:47:
         4f:78:1c:0f:76:30:04:e5:bb:8d:e0:2a:cb:74:de:51:7e:88:
         90:8e:54:ae
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/dU9srbZWJY/go+CdSDRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyOTI3YjM2YjEzOGYwODYzNTg5MzhlM2FjZmRhNDYzOGU1
NmE3OTIwHhcNMjUwMTAyMDc0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmM4NTkwNDMyOTk2NGYxYTc0OTAzMWZiOTA4OGUyMjYwNDdhYTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnez2mHTUms5i/rS0v64wQbEQc9DN
n8b9Z0Y+Kr6Q/U/xX7V30ENTZw5ISrEXf1R+1Ev6vnMTGU+VAUZC840HCs5g9ZAP
pN77DUis7NdBWlEHCgAKNKTo+I3FdbjofZjpDdzdZIF89XTCBuvfnQnURLh0CnFZ
D8E3+LXuaDxY5u6VwN2kKZ87pGy4rFCrrcGnFB4/y9/wWlhhNwdTIo5AM+qXIDjE
78uZhlaLRHk/YHO/CS6PIqT1500R/sUr22JPuGufZTJfUMdrf4BxI8WA+omH4YNA
9iCrBBMM+yjv3btKzrTd4mDUFVxPaKpOY9ZS5gtjVuMsU2FDYLsSFWb5dwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOLIWQQymWTxp0kDH7kIjiJgR6pfMB8GA1UdIwQY
MBaAFGKSezaxOPCGNYk446z9pGOOVqeSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXBKN05yRTQ4SVkxaVRqanJQMmtZNDVXcDVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZDI0MWYtNzFlYS00YTFiLTk2ZWEt
YTk5YzdlZTVjMjg0LzEvNHNoWkJES1paUEduU1FNZnVRaU9JbUJIcWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZDI0MWYtNzFlYS00YTFiLTk2ZWEtYTk5YzdlZTVjMjg0
LzEvWXBKN05yRTQ4SVkxaVRqanJQMmtZNDVXcDVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZeAMA0E
AgACMAcDBQIqECDAMA0GCSqGSIb3DQEBCwUAA4IBAQATUVaVzY/hywKvJ9w81qLk
gOsh35zfc7gaa0tX9CwJaAOUsYcG8iYm3YDJ6r2DydUBa6HtAAOqn1i6JK+7lvi5
emMNGpOYmHau1tswujEfwbw2MkeYYd5lqtiNg1CZ/v5bvq/1uUhSGgkbSBeHcaCu
8CDm//xAfgNaccwQPrpnA+vXMjK2p8zyohuJDFe/3AcoQSNYCS9IvizFPNHf1Ga1
wXaR5hUGZ940vj2MDmxCCXJBICONC7o7cI+RtmdNO/b7Go5dnRozO8PDTrb2fb2Q
LYPlavuZq17tiQSbwZMMnPruyg7CwmbQF0dPeBwPdjAE5buN4CrLdN5RfoiQjlSu
-----END CERTIFICATE-----