Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/o56KW7qmKI89RBX7wwhJRJnWzxA.roa
File:                     o56KW7qmKI89RBX7wwhJRJnWzxA.roa (raw, json)
Hash identifier:          TSisfXvRUilLYjnEFcF1fY33OVEAWdRk4KyWKFaY7ZA=
Subject key identifier:   A3:9E:8A:5B:BA:A6:28:8F:3D:44:15:FB:C3:08:49:44:99:D6:CF:10
Certificate issuer:       /CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
Certificate serial:       0194274873C12981B6DBD9620E2FB4EB20E7
Authority key identifier: 32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/o56KW7qmKI89RBX7wwhJRJnWzxA.roa
Signing time:             Thu 02 Jan 2025 13:50:47 +0000
ROA not before:           Thu 02 Jan 2025 13:50:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208393
IP address blocks:        45.141.52.0/24 maxlen: 24
                          2a05:4741:f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 07:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:73:c1:29:81:b6:db:d9:62:0e:2f:b4:eb:20:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
        Validity
            Not Before: Jan  2 13:50:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a39e8a5bbaa6288f3d4415fbc308494499d6cf10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:04:30:fb:10:35:e7:72:fd:a3:b7:6e:11:14:
                    76:21:ec:fa:96:be:6a:f8:6a:f1:1f:91:b6:38:e8:
                    85:e7:4d:7d:64:2e:fb:06:67:0c:92:0c:a6:49:6a:
                    6e:aa:6a:94:b4:e4:25:90:95:6b:cb:77:ad:8d:95:
                    2c:83:bc:3e:87:f6:4d:5c:78:64:b6:0a:16:5a:9c:
                    f3:9b:6a:7b:1f:0d:04:26:22:9a:b9:74:02:af:99:
                    70:6c:1b:f1:86:61:f0:ef:8a:b3:14:44:58:10:72:
                    44:3c:2f:e5:6a:a9:3e:98:ba:78:c0:50:06:e6:e1:
                    67:83:7b:33:96:bc:13:71:7e:bc:ea:8c:64:1f:45:
                    02:41:37:27:14:36:ed:9e:fe:59:49:aa:5f:fd:f3:
                    52:83:40:7a:f4:17:cf:87:e7:dd:5a:88:02:d7:1b:
                    42:a6:12:df:d3:15:5d:66:d9:e7:53:92:7b:9a:93:
                    9d:3b:27:a0:a9:72:e9:94:a4:79:1d:70:90:7f:1b:
                    10:0a:ca:36:00:2d:cd:dd:24:cf:f5:b7:70:78:a1:
                    c1:54:60:e3:5f:81:f1:1a:2e:df:96:e7:58:1a:57:
                    05:6e:57:57:66:29:22:42:c1:c3:8c:b1:13:8c:04:
                    b6:b1:26:57:b1:d1:ba:5f:7a:8a:36:6e:20:75:fc:
                    7c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:9E:8A:5B:BA:A6:28:8F:3D:44:15:FB:C3:08:49:44:99:D6:CF:10
            X509v3 Authority Key Identifier:
                keyid:32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/o56KW7qmKI89RBX7wwhJRJnWzxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.52.0/24
                IPv6:
                  2a05:4741:f::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:6f:03:2c:fe:bd:84:51:da:ba:d1:92:3c:3d:d2:af:13:a1:
         b0:0c:88:35:bb:0e:00:a0:e0:c5:15:70:20:fb:87:a0:87:d5:
         f6:ba:d9:61:17:f8:97:0e:f7:5a:ae:22:79:e6:64:4b:6d:a9:
         fb:6f:5f:4b:bb:98:48:8f:39:44:65:f6:9a:82:ce:a0:6b:87:
         33:ea:33:bf:b8:0b:67:41:95:29:21:0c:36:ca:5a:e4:52:cd:
         8e:ee:9a:8b:99:89:c1:07:2b:a7:62:6c:1d:b2:f7:30:3d:6d:
         88:3e:76:95:39:5b:12:f4:fc:cb:ae:ee:6d:ab:53:bf:c2:db:
         e7:05:7a:46:fd:87:20:cc:44:ec:f0:20:6d:23:57:cc:db:85:
         df:c2:6d:e4:a5:2e:61:3c:f2:2f:74:05:6f:e7:2c:a4:92:b4:
         f0:99:43:b5:64:b4:9e:ee:d4:d6:1d:7c:c3:61:a9:d8:34:20:
         3c:94:5c:39:a3:81:10:82:a8:58:71:46:e8:b6:ce:ce:3a:14:
         ea:6c:fc:92:86:d0:ae:d8:ac:69:86:fd:d2:1d:51:5b:18:10:
         b7:a3:7b:15:8e:8f:d5:dc:e1:fa:5f:e6:c9:c7:4f:1e:b7:78:
         b5:21:f2:69:e0:c7:ca:8a:bd:a0:b2:60:9b:c5:95:b6:09:b4:
         d4:0c:c9:a8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQnSHPBKYG229liDi+06yDnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDc0YWM3Y2E4NWUwOWMyZDQ4YjMzZTdiZjY2ZjhlZDc2
NGRlMGYwHhcNMjUwMTAyMTM1MDQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzllOGE1YmJhYTYyODhmM2Q0NDE1ZmJjMzA4NDk0NDk5ZDZjZjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5gQw+xA153L9o7duERR2Iez6lr5q
+GrxH5G2OOiF5019ZC77BmcMkgymSWpuqmqUtOQlkJVry3etjZUsg7w+h/ZNXHhk
tgoWWpzzm2p7Hw0EJiKauXQCr5lwbBvxhmHw74qzFERYEHJEPC/laqk+mLp4wFAG
5uFng3szlrwTcX686oxkH0UCQTcnFDbtnv5ZSapf/fNSg0B69BfPh+fdWogC1xtC
phLf0xVdZtnnU5J7mpOdOyegqXLplKR5HXCQfxsQCso2AC3N3STP9bdweKHBVGDj
X4HxGi7fludYGlcFbldXZikiQsHDjLETjAS2sSZXsdG6X3qKNm4gdfx8twIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKOeilu6piiPPUQV+8MISUSZ1s8QMB8GA1UdIwQY
MBaAFDJHSsfKheCcLUizPnv2b47XZN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzkt
MTJlYzIyYzljNWEyLzEvbzU2S1c3cW1LSTg5UkJYN3d3aEpSSm5XenhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzktMTJlYzIyYzljNWEy
LzEvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALY00MA8E
AgACMAkDBwAqBUdBAA8wDQYJKoZIhvcNAQELBQADggEBABpvAyz+vYRR2rrRkjw9
0q8TobAMiDW7DgCg4MUVcCD7h6CH1fa62WEX+JcO91quInnmZEttqftvX0u7mEiP
OURl9pqCzqBrhzPqM7+4C2dBlSkhDDbKWuRSzY7umouZicEHK6dibB2y9zA9bYg+
dpU5WxL0/Muu7m2rU7/C2+cFekb9hyDMROzwIG0jV8zbhd/CbeSlLmE88i90BW/n
LKSStPCZQ7VktJ7u1NYdfMNhqdg0IDyUXDmjgRCCqFhxRui2zs46FOps/JKG0K7Y
rGmG/dIdUVsYELejexWOj9Xc4fpf5snHTx63eLUh8mngx8qKvaCyYJvFlbYJtNQM
yag=
-----END CERTIFICATE-----