Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/Hnq1JrW3rKC7qVb_jqICfNgPyAM.roa
File:                     Hnq1JrW3rKC7qVb_jqICfNgPyAM.roa (raw, json)
Hash identifier:          TYbmRurDqEqD3aW/UVmyyU013h3qQfzgCOwAtEYbLyw=
Subject key identifier:   1E:7A:B5:26:B5:B7:AC:A0:BB:A9:56:FF:8E:A2:02:7C:D8:0F:C8:03
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01942369C6A40B1386BCD0CD8F003ADEE7D1
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/Hnq1JrW3rKC7qVb_jqICfNgPyAM.roa
Signing time:             Wed 01 Jan 2025 19:48:42 +0000
ROA not before:           Wed 01 Jan 2025 19:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39134
IP address blocks:        45.133.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:c6:a4:0b:13:86:bc:d0:cd:8f:00:3a:de:e7:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 19:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e7ab526b5b7aca0bba956ff8ea2027cd80fc803
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:99:20:fe:4f:49:85:9c:9f:c8:dd:74:1a:0a:
                    45:a6:af:20:54:32:a2:10:76:f2:c4:7d:01:f1:3f:
                    72:b9:ea:f4:bc:a0:8f:1a:92:82:61:3e:f3:30:5c:
                    d4:43:a2:52:4e:bd:de:46:65:60:f4:72:83:97:a2:
                    c6:da:59:37:ab:44:ba:91:66:a1:64:28:f2:07:85:
                    63:5e:c4:e9:dc:e7:57:43:4a:67:ce:83:6d:fa:3d:
                    15:42:cf:4e:91:3b:65:39:bf:d2:39:cf:d3:7b:84:
                    dc:03:5b:45:d0:b1:76:71:d0:de:c2:36:33:97:13:
                    fa:97:69:18:38:ef:52:c0:81:57:b6:95:bf:e3:51:
                    c5:ff:3b:50:6a:a2:d8:79:53:e4:49:98:ac:84:79:
                    e9:21:e2:05:39:6b:5b:ee:42:7e:f4:da:7a:19:64:
                    c0:9a:2c:8a:1e:a5:55:36:00:2b:e6:02:13:10:af:
                    50:d7:48:5c:ae:e7:36:c8:d2:82:16:05:4f:6c:2e:
                    1d:0f:19:f7:fd:5f:12:7d:1e:2b:69:98:99:4c:07:
                    6a:a7:40:62:ea:8d:54:bb:46:92:3a:18:f0:0f:d2:
                    7d:a7:a9:53:2f:09:7a:63:37:e0:ed:72:be:8e:a8:
                    13:7b:c5:b2:39:95:a6:b2:bb:2e:7b:d9:91:22:c4:
                    72:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:7A:B5:26:B5:B7:AC:A0:BB:A9:56:FF:8E:A2:02:7C:D8:0F:C8:03
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/Hnq1JrW3rKC7qVb_jqICfNgPyAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:26:b8:71:f5:00:be:76:52:2f:79:6a:7e:31:2d:6e:1a:fd:
         6f:4b:52:3a:e7:68:74:66:b0:b5:90:b6:4e:91:e3:a3:c7:ba:
         e0:b8:19:4a:e2:24:6e:14:78:65:7c:2e:c5:db:f7:6e:e4:ce:
         72:4b:9e:64:cb:2e:6d:ea:65:41:a2:25:ec:88:37:06:b6:ec:
         dc:e9:05:4e:1b:4d:57:14:d8:2e:4c:f4:5b:dd:94:c9:28:2f:
         a5:e5:61:c0:db:9c:69:9f:b0:72:bb:7c:f9:2d:20:b0:c6:44:
         6b:9d:54:18:aa:6d:de:89:1e:e9:b5:92:59:e7:3d:15:39:40:
         e7:d5:fa:ca:62:96:c2:bc:d5:dd:45:8f:35:52:22:ac:8d:72:
         01:ec:95:6a:9b:b0:d7:da:97:0b:47:04:7d:1c:32:83:61:c7:
         19:14:b1:f8:50:7c:dd:fc:77:d8:ff:d9:53:74:ac:1a:8e:b5:
         3d:79:15:d9:dd:37:81:61:e7:2b:02:59:aa:7a:f9:10:04:b0:
         c4:10:b5:b5:04:90:60:0c:ae:31:d2:92:75:93:0a:9e:ed:6c:
         1e:b3:da:ee:02:9b:e7:c0:66:fb:f1:4d:05:bf:e3:14:7b:9e:
         dd:14:9b:ef:91:2a:ce:57:f9:72:ea:d3:db:6f:94:20:d1:33:
         50:74:b4:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjacakCxOGvNDNjwA63ufRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTAxMTk0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTdhYjUyNmI1YjdhY2EwYmJhOTU2ZmY4ZWEyMDI3Y2Q4MGZjODAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA55kg/k9JhZyfyN10GgpFpq8gVDKi
EHbyxH0B8T9yuer0vKCPGpKCYT7zMFzUQ6JSTr3eRmVg9HKDl6LG2lk3q0S6kWah
ZCjyB4VjXsTp3OdXQ0pnzoNt+j0VQs9OkTtlOb/SOc/Te4TcA1tF0LF2cdDewjYz
lxP6l2kYOO9SwIFXtpW/41HF/ztQaqLYeVPkSZishHnpIeIFOWtb7kJ+9Np6GWTA
miyKHqVVNgAr5gITEK9Q10hcruc2yNKCFgVPbC4dDxn3/V8SfR4raZiZTAdqp0Bi
6o1Uu0aSOhjwD9J9p6lTLwl6Yzfg7XK+jqgTe8WyOZWmsrsue9mRIsRybQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB56tSa1t6ygu6lW/46iAnzYD8gDMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvSG5xMUpyVzNyS0M3cVZiX2pxSUNmTmdQeUFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYXqMA0G
CSqGSIb3DQEBCwUAA4IBAQBMJrhx9QC+dlIveWp+MS1uGv1vS1I652h0ZrC1kLZO
keOjx7rguBlK4iRuFHhlfC7F2/du5M5yS55kyy5t6mVBoiXsiDcGtuzc6QVOG01X
FNguTPRb3ZTJKC+l5WHA25xpn7Byu3z5LSCwxkRrnVQYqm3eiR7ptZJZ5z0VOUDn
1frKYpbCvNXdRY81UiKsjXIB7JVqm7DX2pcLRwR9HDKDYccZFLH4UHzd/HfY/9lT
dKwajrU9eRXZ3TeBYecrAlmqevkQBLDEELW1BJBgDK4x0pJ1kwqe7Wwes9ruApvn
wGb78U0Fv+MUe57dFJvvkSrOV/ly6tPbb5Qg0TNQdLRf
-----END CERTIFICATE-----