Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/j2k6ZwwCoYdbRXccWL_N8jGmvQI.roa
File:                     j2k6ZwwCoYdbRXccWL_N8jGmvQI.roa (raw, json)
Hash identifier:          w7ebwT3KJy3faWUvy2fWfZ0lAeoGXL67yLrINDXPUpk=
Subject key identifier:   8F:69:3A:67:0C:02:A1:87:5B:45:77:1C:58:BF:CD:F2:31:A6:BD:02
Certificate issuer:       /CN=51ecf9babc9ca6bae9085ce292fb1c2cc18d344f
Certificate serial:       01941F8C50645FBAFD3883C896AEE7D48F16
Authority key identifier: 51:EC:F9:BA:BC:9C:A6:BA:E9:08:5C:E2:92:FB:1C:2C:C1:8D:34:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/j2k6ZwwCoYdbRXccWL_N8jGmvQI.roa
Signing time:             Wed 01 Jan 2025 01:47:56 +0000
ROA not before:           Wed 01 Jan 2025 01:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        45.158.62.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:50:64:5f:ba:fd:38:83:c8:96:ae:e7:d4:8f:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51ecf9babc9ca6bae9085ce292fb1c2cc18d344f
        Validity
            Not Before: Jan  1 01:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f693a670c02a1875b45771c58bfcdf231a6bd02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5b:5f:1a:8e:38:a5:19:3d:74:80:56:70:e5:
                    66:22:4f:df:87:e0:b0:37:b9:fc:4b:57:51:85:00:
                    49:17:64:6f:63:68:97:7d:35:29:62:bd:e9:7d:7a:
                    52:66:c9:28:7e:4c:72:10:83:76:f5:9b:cd:0e:5e:
                    18:e3:61:e1:74:d0:d4:a7:77:2c:60:90:46:b2:2e:
                    8d:41:0c:8c:8f:e1:98:16:e3:26:23:df:73:bc:81:
                    89:ed:9c:06:19:27:23:57:df:e2:da:01:3c:2e:64:
                    18:37:c4:51:af:5c:4c:d4:65:91:67:15:f8:27:85:
                    60:55:73:83:75:67:28:13:5d:56:0e:2d:22:9d:db:
                    c7:1f:25:2e:87:f0:67:95:b8:db:80:37:5d:62:0d:
                    fa:7b:53:ff:35:7b:a1:07:53:89:04:55:7a:e0:d5:
                    73:b5:cb:b3:74:94:d7:c2:7f:45:02:17:fe:b3:e0:
                    37:bb:fc:20:ec:c2:f5:42:67:c5:09:fa:69:1e:f5:
                    24:1b:44:89:17:e8:8c:02:7d:ee:7c:6a:76:6e:f1:
                    99:1e:f7:63:75:71:77:b5:fb:aa:9f:55:50:ad:6d:
                    7d:d8:af:81:79:65:07:87:ae:6c:73:b6:c1:5a:23:
                    a2:f0:ed:c6:d3:cc:0a:86:bc:70:3f:35:32:69:81:
                    83:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:69:3A:67:0C:02:A1:87:5B:45:77:1C:58:BF:CD:F2:31:A6:BD:02
            X509v3 Authority Key Identifier:
                keyid:51:EC:F9:BA:BC:9C:A6:BA:E9:08:5C:E2:92:FB:1C:2C:C1:8D:34:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/j2k6ZwwCoYdbRXccWL_N8jGmvQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:ad:41:a7:86:43:6d:2f:ef:8b:1a:27:c7:60:da:49:15:01:
         43:b1:23:9e:7f:2f:f5:d6:7d:15:e9:38:56:fb:39:18:86:1b:
         ce:8d:28:d8:32:ec:57:e2:1f:57:4d:07:a7:bc:ee:a4:16:88:
         ff:0f:07:09:2a:c2:a8:dc:a5:98:09:95:38:24:7b:0c:52:68:
         01:2f:84:ec:9c:0e:da:f5:ae:fd:ee:bb:f7:bc:d2:5b:3f:db:
         e0:e9:18:c3:fa:58:46:51:d7:8b:a5:ab:c1:fa:77:18:f7:ad:
         2c:0d:3f:d9:25:e0:ae:79:0a:45:11:f7:d2:69:1e:75:35:4e:
         0c:9f:fa:0d:e1:68:10:4c:48:91:d5:26:98:d4:93:20:a6:18:
         88:d0:25:51:03:a7:fd:69:6b:c3:c4:72:08:ac:cb:dd:f2:2f:
         09:9b:f0:41:7c:05:cc:c2:84:a8:bc:8c:40:0d:c0:f4:21:87:
         ec:b4:50:5c:47:f2:07:7d:ed:83:a0:ac:4f:9d:df:9b:21:32:
         fa:cb:1b:1c:58:91:c9:bb:58:87:de:b2:fa:2c:e4:8d:71:da:
         48:fd:12:4f:bb:01:03:50:93:7f:4c:68:0b:dc:04:e3:69:fb:
         4f:bb:29:3e:38:0c:43:9b:76:97:c0:3c:04:0e:90:cd:09:09:
         52:70:80:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjFBkX7r9OIPIlq7n1I8WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZWNmOWJhYmM5Y2E2YmFlOTA4NWNlMjkyZmIxYzJjYzE4
ZDM0NGYwHhcNMjUwMTAxMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjY5M2E2NzBjMDJhMTg3NWI0NTc3MWM1OGJmY2RmMjMxYTZiZDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtltfGo44pRk9dIBWcOVmIk/fh+Cw
N7n8S1dRhQBJF2RvY2iXfTUpYr3pfXpSZskofkxyEIN29ZvNDl4Y42HhdNDUp3cs
YJBGsi6NQQyMj+GYFuMmI99zvIGJ7ZwGGScjV9/i2gE8LmQYN8RRr1xM1GWRZxX4
J4VgVXODdWcoE11WDi0indvHHyUuh/BnlbjbgDddYg36e1P/NXuhB1OJBFV64NVz
tcuzdJTXwn9FAhf+s+A3u/wg7ML1QmfFCfppHvUkG0SJF+iMAn3ufGp2bvGZHvdj
dXF3tfuqn1VQrW192K+BeWUHh65sc7bBWiOi8O3G08wKhrxwPzUyaYGDVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI9pOmcMAqGHW0V3HFi/zfIxpr0CMB8GA1UdIwQY
MBaAFFHs+bq8nKa66Qhc4pL7HCzBjTRPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWV6NXVyeWNwcnJwQ0Z6aWt2c2NMTUdOTkU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9mYjA0YzgtNzA1Ny00NWI3LWEzNGMt
ZGNmYzZhOWUwZGM3LzEvajJrNlp3d0NvWWRiUlhjY1dMX044akdtdlFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9mYjA0YzgtNzA1Ny00NWI3LWEzNGMtZGNmYzZhOWUwZGM3
LzEvVWV6NXVyeWNwcnJwQ0Z6aWt2c2NMTUdOTkU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZ4+MA0G
CSqGSIb3DQEBCwUAA4IBAQCmrUGnhkNtL++LGifHYNpJFQFDsSOefy/11n0V6ThW
+zkYhhvOjSjYMuxX4h9XTQenvO6kFoj/DwcJKsKo3KWYCZU4JHsMUmgBL4TsnA7a
9a797rv3vNJbP9vg6RjD+lhGUdeLpavB+ncY960sDT/ZJeCueQpFEffSaR51NU4M
n/oN4WgQTEiR1SaY1JMgphiI0CVRA6f9aWvDxHIIrMvd8i8Jm/BBfAXMwoSovIxA
DcD0IYfstFBcR/IHfe2DoKxPnd+bITL6yxscWJHJu1iH3rL6LOSNcdpI/RJPuwED
UJN/TGgL3ATjaftPuyk+OAxDm3aXwDwEDpDNCQlScICK
-----END CERTIFICATE-----