Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/5x1mXJRMR-DtaboYiXal_xHZ6sg.roa
File:                     5x1mXJRMR-DtaboYiXal_xHZ6sg.roa (raw, json)
Hash identifier:          2AXTa3uomcifYZMwWJ5BzsgSVgO6/LqKdlCTbEktszE=
Subject key identifier:   E7:1D:66:5C:94:4C:47:E0:ED:69:BA:18:89:76:A5:FF:11:D9:EA:C8
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422201FCABDD008678CF54F6569CC617C
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/5x1mXJRMR-DtaboYiXal_xHZ6sg.roa
Signing time:             Wed 01 Jan 2025 13:48:38 +0000
ROA not before:           Wed 01 Jan 2025 13:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51681
IP address blocks:        45.133.2.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:1f:ca:bd:d0:08:67:8c:f5:4f:65:69:cc:61:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e71d665c944c47e0ed69ba188976a5ff11d9eac8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:9a:7c:c2:5a:2a:08:f2:e6:50:3d:ff:0d:7a:
                    7e:23:6d:6d:f6:08:bb:17:df:68:89:c3:3d:b8:10:
                    41:7a:f3:a1:9c:f9:40:9a:fc:1b:16:f7:80:21:3a:
                    e8:cf:0b:a7:85:c7:7d:91:1c:e9:94:cf:9a:cd:4d:
                    2b:79:1b:f1:10:5a:e1:ab:48:91:a9:41:0d:e0:34:
                    73:51:db:08:ac:4f:20:5b:77:0f:04:d5:f9:d3:4b:
                    18:55:32:f2:50:26:79:98:d2:a2:bc:0c:19:db:3a:
                    80:f5:db:8c:f7:1e:03:77:99:94:14:65:4f:ef:ed:
                    a1:5d:4b:a2:f1:9d:75:86:5e:a7:27:9f:10:5c:5a:
                    3e:54:37:e8:ad:e8:25:f7:8b:0c:6e:05:68:c5:ba:
                    8f:50:7e:13:c6:74:6f:d7:9d:8d:da:bc:b8:84:1f:
                    27:ae:10:66:17:88:7a:a4:ae:1f:22:66:08:d5:58:
                    44:ad:46:0a:db:84:bf:22:52:3f:32:dd:32:11:34:
                    c1:1f:d0:53:88:26:0f:9f:65:32:5a:b6:22:98:f2:
                    5d:55:24:71:8d:41:b1:5a:a8:ac:9a:7d:49:7f:69:
                    f0:60:34:63:d0:fc:63:cc:78:e1:b2:ae:18:5d:29:
                    f6:fd:e0:27:1e:a3:6b:32:53:3b:87:34:4c:d8:b7:
                    cc:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:1D:66:5C:94:4C:47:E0:ED:69:BA:18:89:76:A5:FF:11:D9:EA:C8
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/5x1mXJRMR-DtaboYiXal_xHZ6sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:38:36:e2:dc:d1:96:eb:6e:2c:79:e3:0a:c0:64:0f:19:58:
         7c:f9:aa:91:d5:65:48:9b:b2:e2:46:77:b9:09:05:6e:5c:86:
         3a:c6:72:7e:06:45:54:56:fe:94:41:bb:d3:f2:51:22:d2:c9:
         9b:90:4c:fd:1e:e4:21:b5:24:88:84:d1:f4:fe:67:79:bc:50:
         64:03:06:4d:04:80:b4:c8:b3:7a:4b:d4:ef:57:8a:7f:97:ea:
         4a:7a:f4:71:7d:e9:6a:6b:94:24:8e:d5:10:fa:f8:f1:29:69:
         1b:0f:62:81:83:d2:be:94:90:a4:39:10:76:e3:4d:1a:3e:aa:
         88:23:c6:79:ec:f6:57:84:e5:6a:e2:4f:07:45:93:fe:fd:4b:
         1b:eb:0b:44:60:b7:df:6e:1f:01:8a:0c:49:bc:01:1f:f3:81:
         9b:f4:ff:44:c4:3b:9b:ba:90:dc:15:bd:64:9c:a7:95:5e:7a:
         76:39:5e:9b:7f:62:c6:6b:16:d1:d7:8c:f8:c8:76:0b:95:39:
         7f:c0:53:7d:b7:2f:4f:26:f0:bd:fd:95:dc:b8:b5:ec:af:2a:
         3d:f3:72:f1:c1:11:5a:98:12:b9:87:df:02:8e:e7:75:74:3d:
         43:12:5d:c8:94:bd:c5:b4:bc:91:5f:87:f8:36:e7:fc:0c:74:
         91:d4:ec:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIB/KvdAIZ4z1T2VpzGF8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzFkNjY1Yzk0NGM0N2UwZWQ2OWJhMTg4OTc2YTVmZjExZDllYWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJp8wloqCPLmUD3/DXp+I21t9gi7
F99oicM9uBBBevOhnPlAmvwbFveAITrozwunhcd9kRzplM+azU0reRvxEFrhq0iR
qUEN4DRzUdsIrE8gW3cPBNX500sYVTLyUCZ5mNKivAwZ2zqA9duM9x4Dd5mUFGVP
7+2hXUui8Z11hl6nJ58QXFo+VDforegl94sMbgVoxbqPUH4TxnRv152N2ry4hB8n
rhBmF4h6pK4fImYI1VhErUYK24S/IlI/Mt0yETTBH9BTiCYPn2UyWrYimPJdVSRx
jUGxWqismn1Jf2nwYDRj0PxjzHjhsq4YXSn2/eAnHqNrMlM7hzRM2LfMXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcdZlyUTEfg7Wm6GIl2pf8R2erIMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvNXgxbVhKUk1SLUR0YWJvWWlYYWxfeEhaNnNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYUCMA0G
CSqGSIb3DQEBCwUAA4IBAQAwODbi3NGW624seeMKwGQPGVh8+aqR1WVIm7LiRne5
CQVuXIY6xnJ+BkVUVv6UQbvT8lEi0smbkEz9HuQhtSSIhNH0/md5vFBkAwZNBIC0
yLN6S9TvV4p/l+pKevRxfelqa5QkjtUQ+vjxKWkbD2KBg9K+lJCkORB2400aPqqI
I8Z57PZXhOVq4k8HRZP+/Usb6wtEYLffbh8BigxJvAEf84Gb9P9ExDubupDcFb1k
nKeVXnp2OV6bf2LGaxbR14z4yHYLlTl/wFN9ty9PJvC9/ZXcuLXsryo983LxwRFa
mBK5h98Cjud1dD1DEl3IlL3FtLyRX4f4Nuf8DHSR1OzC
-----END CERTIFICATE-----