Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/afqnYcF-qXKjooO7MYgReRqXqCg.roa
File:                     afqnYcF-qXKjooO7MYgReRqXqCg.roa (raw, json)
Hash identifier:          VN9LGrCFv3+uSvy75n7ehHrUs96MUymv2eedAkqEyxk=
Subject key identifier:   69:FA:A7:61:C1:7E:A9:72:A3:A2:83:BB:31:88:11:79:1A:97:A8:28
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01942220068F8CCB37350E56D7FF4502CBD2
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/afqnYcF-qXKjooO7MYgReRqXqCg.roa
Signing time:             Wed 01 Jan 2025 13:48:31 +0000
ROA not before:           Wed 01 Jan 2025 13:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3170
IP address blocks:        45.141.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:06:8f:8c:cb:37:35:0e:56:d7:ff:45:02:cb:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69faa761c17ea972a3a283bb318811791a97a828
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:0a:2e:2c:40:31:78:37:aa:67:c2:7c:db:06:
                    31:15:7a:d8:26:e1:0c:2a:c7:68:d7:ee:25:57:c2:
                    17:df:52:2a:bd:ab:b1:42:d2:70:0a:2b:e3:bf:dc:
                    1c:1d:53:e1:f2:6a:ee:ea:44:dc:d7:b0:6a:43:b6:
                    e1:0c:32:44:a8:ea:a2:2f:1b:f5:d4:41:ee:68:ea:
                    74:81:3f:64:ce:98:d0:fc:af:68:bd:c0:9c:4f:d5:
                    b3:c2:18:94:f4:61:35:ff:d5:f2:3d:4b:1d:28:2d:
                    a6:63:a6:f2:56:2c:05:1f:3a:e9:64:10:0c:b3:ef:
                    7b:23:6b:c6:ce:43:55:53:2e:6e:04:da:7b:70:e5:
                    7b:7b:04:41:85:91:eb:19:16:3a:6c:39:10:e4:0f:
                    66:56:b1:33:cc:fe:fc:6a:9a:2c:c5:1c:83:d1:7c:
                    ef:9b:7f:57:18:d9:7f:65:d7:2f:f4:30:f4:50:52:
                    4a:24:e6:7f:cf:8d:e5:93:ba:51:c9:c4:f8:d4:85:
                    45:72:41:20:9b:26:70:af:bf:27:c5:89:af:43:22:
                    44:ed:da:0f:c3:f6:92:f3:bb:3f:01:ca:7d:1a:a4:
                    ff:c1:fc:f4:65:5b:86:ec:f6:9f:16:21:f5:0b:c8:
                    1f:5d:5c:3d:80:51:db:a0:56:d6:52:1d:65:20:1f:
                    16:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:FA:A7:61:C1:7E:A9:72:A3:A2:83:BB:31:88:11:79:1A:97:A8:28
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/afqnYcF-qXKjooO7MYgReRqXqCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:f5:98:02:ff:00:d1:60:85:25:93:73:6d:9d:6d:e0:c4:cc:
         a7:35:7b:39:44:16:30:bb:5d:40:7b:5c:01:6e:0f:e6:17:c8:
         26:63:2e:5d:73:b3:da:67:2f:2b:ed:c9:8e:ac:94:15:3a:50:
         ed:f0:6f:64:4a:27:80:97:6a:40:f1:0f:bc:06:d1:f8:58:48:
         67:e0:a9:e4:a3:6f:c5:46:a7:84:49:0d:b1:c9:2d:a9:94:29:
         c2:2e:84:59:56:27:41:47:5f:01:53:2e:32:3f:ca:34:eb:92:
         da:e6:6a:20:b1:ed:2e:53:19:85:89:90:af:5d:0f:c0:85:d3:
         7f:b2:32:71:17:a5:4d:85:f4:7b:c7:f6:b2:f3:00:1e:2d:53:
         f8:1e:2c:d3:44:20:bb:80:27:77:1c:8e:01:09:f9:39:b4:ec:
         d4:84:2d:04:c6:38:d0:07:ee:00:85:cc:4f:ff:3a:3e:0b:eb:
         7e:69:f5:6a:a8:af:62:b4:89:01:35:45:f8:c4:c4:b1:77:88:
         83:f3:21:d5:0d:11:7a:eb:ab:ba:c8:8f:85:62:b6:db:28:a1:
         e7:b2:15:3c:5d:76:ff:54:ee:6e:23:1a:07:c0:fa:a6:f0:7b:
         cf:f9:7c:f1:0e:10:cd:2c:d9:d9:0a:41:fb:dc:01:a1:d6:03:
         cb:c7:cd:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIAaPjMs3NQ5W1/9FAsvSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWZhYTc2MWMxN2VhOTcyYTNhMjgzYmIzMTg4MTE3OTFhOTdhODI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6wouLEAxeDeqZ8J82wYxFXrYJuEM
Ksdo1+4lV8IX31IqvauxQtJwCivjv9wcHVPh8mru6kTc17BqQ7bhDDJEqOqiLxv1
1EHuaOp0gT9kzpjQ/K9ovcCcT9WzwhiU9GE1/9XyPUsdKC2mY6byViwFHzrpZBAM
s+97I2vGzkNVUy5uBNp7cOV7ewRBhZHrGRY6bDkQ5A9mVrEzzP78aposxRyD0Xzv
m39XGNl/Zdcv9DD0UFJKJOZ/z43lk7pRycT41IVFckEgmyZwr78nxYmvQyJE7doP
w/aS87s/Acp9GqT/wfz0ZVuG7PafFiH1C8gfXVw9gFHboFbWUh1lIB8WIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGn6p2HBfqlyo6KDuzGIEXkal6goMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvYWZxblljRi1xWEtqb29PN01ZZ1JlUnFYcUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY0ZMA0G
CSqGSIb3DQEBCwUAA4IBAQCH9ZgC/wDRYIUlk3NtnW3gxMynNXs5RBYwu11Ae1wB
bg/mF8gmYy5dc7PaZy8r7cmOrJQVOlDt8G9kSieAl2pA8Q+8BtH4WEhn4Knko2/F
RqeESQ2xyS2plCnCLoRZVidBR18BUy4yP8o065La5mogse0uUxmFiZCvXQ/AhdN/
sjJxF6VNhfR7x/ay8wAeLVP4HizTRCC7gCd3HI4BCfk5tOzUhC0ExjjQB+4AhcxP
/zo+C+t+afVqqK9itIkBNUX4xMSxd4iD8yHVDRF666u6yI+FYrbbKKHnshU8XXb/
VO5uIxoHwPqm8HvP+XzxDhDNLNnZCkH73AGh1gPLx83z
-----END CERTIFICATE-----