Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/xxWFbF3tgwbzUuCNrDoHcp9Qoi0.roa
File:                     xxWFbF3tgwbzUuCNrDoHcp9Qoi0.roa (raw, json)
Hash identifier:          nF/SPLRIzHvrKRFZBuGbHBJ7AWT0/rnH1yU0BqremkQ=
Subject key identifier:   C7:15:85:6C:5D:ED:83:06:F3:52:E0:8D:AC:3A:07:72:9F:50:A2:2D
Certificate issuer:       /CN=51ecf9babc9ca6bae9085ce292fb1c2cc18d344f
Certificate serial:       01941F8C50AFFFDDE06856482095C0CD714D
Authority key identifier: 51:EC:F9:BA:BC:9C:A6:BA:E9:08:5C:E2:92:FB:1C:2C:C1:8D:34:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/xxWFbF3tgwbzUuCNrDoHcp9Qoi0.roa
Signing time:             Wed 01 Jan 2025 01:47:56 +0000
ROA not before:           Wed 01 Jan 2025 01:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29066
IP address blocks:        45.158.60.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:50:af:ff:dd:e0:68:56:48:20:95:c0:cd:71:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51ecf9babc9ca6bae9085ce292fb1c2cc18d344f
        Validity
            Not Before: Jan  1 01:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c715856c5ded8306f352e08dac3a07729f50a22d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:35:75:fe:f8:e6:cc:26:b3:d7:bf:dd:66:18:
                    d2:92:20:f9:2a:65:9f:a7:7a:3e:62:f4:e2:1c:e2:
                    29:b3:1c:00:db:a0:4f:d7:94:c9:8b:5a:fc:c5:06:
                    45:ab:66:53:6e:e5:19:99:ed:4c:bc:a1:4f:d8:1e:
                    a1:81:06:63:a5:b7:4c:4a:61:71:6d:b7:69:11:5e:
                    55:ca:3b:0b:a5:e4:93:8e:48:ac:17:9f:da:8d:ae:
                    a4:d4:9a:22:f5:07:42:bc:61:3b:e6:0a:9c:1a:f7:
                    c4:28:d6:5d:76:3d:c6:f8:fb:da:c5:82:bc:2b:bb:
                    70:11:97:0c:43:54:4a:71:b5:1e:fb:d5:c4:a5:c2:
                    51:0d:5e:50:b2:57:02:f8:fe:3f:e0:a5:7d:ca:85:
                    01:79:c0:6a:9d:58:19:77:1f:6c:2c:f2:3a:d4:0d:
                    9c:68:ea:20:bd:e7:0e:30:c2:c7:ed:0a:11:9c:5d:
                    ab:c3:90:9d:28:9e:bd:b0:31:4c:60:14:32:ff:93:
                    45:72:f5:2f:ad:25:5e:ed:73:ca:b4:b7:af:e2:55:
                    89:2c:5e:66:27:83:69:c6:64:b8:5e:5d:43:af:d0:
                    54:ac:55:92:d1:87:a7:15:70:67:69:53:bf:32:f6:
                    9e:02:79:85:f1:1a:be:fd:e3:9e:70:40:f6:eb:0b:
                    89:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:15:85:6C:5D:ED:83:06:F3:52:E0:8D:AC:3A:07:72:9F:50:A2:2D
            X509v3 Authority Key Identifier:
                keyid:51:EC:F9:BA:BC:9C:A6:BA:E9:08:5C:E2:92:FB:1C:2C:C1:8D:34:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/xxWFbF3tgwbzUuCNrDoHcp9Qoi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:61:28:ec:bc:b9:c7:99:15:cb:84:b1:33:6a:94:e7:47:b6:
         02:ee:9f:34:dd:d8:de:74:3d:10:73:4b:06:ad:2a:65:6d:73:
         2a:3d:5f:74:7b:e7:09:f8:5f:21:52:88:46:b9:e9:58:d6:99:
         08:3c:6d:d1:a0:5e:cf:e7:d6:8b:64:ed:c2:e7:40:72:e0:fd:
         9e:c1:5a:24:46:fc:5a:da:bc:8e:b6:95:03:ee:8c:99:9a:0c:
         86:27:f7:74:f2:b5:59:86:2a:3b:fe:30:9b:45:0e:5f:50:4e:
         bb:b8:22:fb:cc:75:71:f2:5e:df:2c:b2:75:87:54:17:12:5e:
         dc:af:36:a0:d1:4c:70:ec:f9:a4:f9:3f:d8:ce:ed:ee:cc:ea:
         7a:6f:f1:1e:41:be:94:fb:eb:0b:ab:33:e1:0d:fe:87:de:15:
         b2:38:ff:48:08:22:73:65:b8:be:96:80:2b:0e:97:4f:b6:23:
         ae:e3:95:f0:94:fc:8b:97:d4:ba:a8:f7:89:56:45:25:f0:40:
         74:80:3c:23:ac:e1:a9:8a:c5:8b:00:b0:44:a6:3e:e9:a5:b7:
         76:b8:74:d7:77:29:08:a9:eb:16:16:bb:e6:ba:68:3b:53:82:
         52:0c:d6:c7:9b:af:d8:36:b3:98:5e:69:6d:aa:a4:2b:a9:b3:
         0a:ac:3d:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjFCv/93gaFZIIJXAzXFNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZWNmOWJhYmM5Y2E2YmFlOTA4NWNlMjkyZmIxYzJjYzE4
ZDM0NGYwHhcNMjUwMTAxMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzE1ODU2YzVkZWQ4MzA2ZjM1MmUwOGRhYzNhMDc3MjlmNTBhMjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDV1/vjmzCaz17/dZhjSkiD5KmWf
p3o+YvTiHOIpsxwA26BP15TJi1r8xQZFq2ZTbuUZme1MvKFP2B6hgQZjpbdMSmFx
bbdpEV5VyjsLpeSTjkisF5/aja6k1Joi9QdCvGE75gqcGvfEKNZddj3G+PvaxYK8
K7twEZcMQ1RKcbUe+9XEpcJRDV5QslcC+P4/4KV9yoUBecBqnVgZdx9sLPI61A2c
aOogvecOMMLH7QoRnF2rw5CdKJ69sDFMYBQy/5NFcvUvrSVe7XPKtLev4lWJLF5m
J4NpxmS4Xl1Dr9BUrFWS0YenFXBnaVO/MvaeAnmF8Rq+/eOecED26wuJXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMcVhWxd7YMG81Lgjaw6B3KfUKItMB8GA1UdIwQY
MBaAFFHs+bq8nKa66Qhc4pL7HCzBjTRPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWV6NXVyeWNwcnJwQ0Z6aWt2c2NMTUdOTkU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9mYjA0YzgtNzA1Ny00NWI3LWEzNGMt
ZGNmYzZhOWUwZGM3LzEveHhXRmJGM3Rnd2J6VXVDTnJEb0hjcDlRb2kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9mYjA0YzgtNzA1Ny00NWI3LWEzNGMtZGNmYzZhOWUwZGM3
LzEvVWV6NXVyeWNwcnJwQ0Z6aWt2c2NMTUdOTkU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZ48MA0G
CSqGSIb3DQEBCwUAA4IBAQBhYSjsvLnHmRXLhLEzapTnR7YC7p803djedD0Qc0sG
rSplbXMqPV90e+cJ+F8hUohGuelY1pkIPG3RoF7P59aLZO3C50By4P2ewVokRvxa
2ryOtpUD7oyZmgyGJ/d08rVZhio7/jCbRQ5fUE67uCL7zHVx8l7fLLJ1h1QXEl7c
rzag0Uxw7Pmk+T/Yzu3uzOp6b/EeQb6U++sLqzPhDf6H3hWyOP9ICCJzZbi+loAr
DpdPtiOu45XwlPyLl9S6qPeJVkUl8EB0gDwjrOGpisWLALBEpj7ppbd2uHTXdykI
qesWFrvmumg7U4JSDNbHm6/YNrOYXmltqqQrqbMKrD2O
-----END CERTIFICATE-----