Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/izRvqhunc8ZF3jTN7b8s0naAOtw.roa
File:                     izRvqhunc8ZF3jTN7b8s0naAOtw.roa (raw, json)
Hash identifier:          irFGAMZXi7KJyx58X2cXzHOqTGW/7dBfL0PXacAiabs=
Subject key identifier:   8B:34:6F:AA:1B:A7:73:C6:45:DE:34:CD:ED:BF:2C:D2:76:80:3A:DC
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0194274826E5102B810D31C272DE199D7906
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/izRvqhunc8ZF3jTN7b8s0naAOtw.roa
Signing time:             Thu 02 Jan 2025 13:50:27 +0000
ROA not before:           Thu 02 Jan 2025 13:50:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     131642
IP address blocks:        45.12.62.0/23 maxlen: 23
                          45.12.62.0/24 maxlen: 24
                          45.12.62.45/32 maxlen: 32
                          45.12.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:26:e5:10:2b:81:0d:31:c2:72:de:19:9d:79:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan  2 13:50:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b346faa1ba773c645de34cdedbf2cd276803adc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ad:ff:63:f3:85:d3:ae:47:02:5f:6f:6a:0c:
                    79:01:c1:3c:10:e5:8e:4a:e2:dc:5b:c3:18:6a:00:
                    fe:38:b9:df:65:81:ad:a7:48:27:13:1d:32:19:21:
                    e4:3a:c4:47:ab:87:70:72:91:6f:88:39:3c:2b:17:
                    5f:aa:f4:e8:e9:85:35:c3:c5:f9:b3:6d:19:88:33:
                    17:c9:5a:fc:d6:b5:c8:24:e0:1e:9c:52:38:91:65:
                    af:d5:c5:6b:2f:c6:f4:f2:6c:bf:fa:c2:0a:71:af:
                    5e:09:4b:c5:30:05:3a:62:bb:2d:fe:2b:fa:71:0f:
                    ec:c3:75:0e:70:7b:0c:e6:11:ff:82:fa:1d:52:b6:
                    13:36:81:04:dd:10:d9:7a:6f:e7:3c:30:24:0e:ae:
                    70:90:9d:a6:d0:53:91:6f:d8:a3:a7:2a:26:5b:cf:
                    26:20:5d:8c:42:d2:cc:bf:06:70:8e:4b:ca:16:e7:
                    88:fe:a2:6c:2f:e3:22:67:4d:f1:ba:5c:1c:c3:f9:
                    66:07:58:5f:78:f2:81:68:58:c1:fd:e3:17:c2:ca:
                    85:82:6d:96:4f:41:32:2c:91:2f:26:ed:56:be:fd:
                    52:c5:da:26:dc:8c:af:04:5a:ee:43:ba:5e:c1:eb:
                    98:aa:d4:ec:a1:c8:13:f5:a2:98:1f:51:d3:c1:06:
                    b2:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:34:6F:AA:1B:A7:73:C6:45:DE:34:CD:ED:BF:2C:D2:76:80:3A:DC
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/izRvqhunc8ZF3jTN7b8s0naAOtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:81:ee:ee:df:ed:f5:4a:73:d8:47:a1:3d:6b:df:79:66:cb:
         5b:29:a4:5e:17:b7:5f:f1:c5:b4:ca:e0:60:76:36:a0:1c:27:
         62:a9:63:3f:80:fa:1b:98:b1:00:32:65:bf:33:88:2b:18:ff:
         c5:2c:e4:d3:15:41:b7:5e:6a:fa:33:e1:ad:04:e8:c4:31:2f:
         2e:18:47:4c:0f:97:a7:ae:77:a3:5d:06:ca:46:a9:41:7a:3a:
         37:bc:5d:da:af:6c:f5:b9:80:ca:12:28:7b:03:47:41:8a:42:
         fc:5f:9e:f6:ff:5d:53:2f:49:ea:be:c8:6c:77:e0:60:d3:d8:
         0d:aa:eb:23:26:8d:d3:a0:0d:84:24:ea:f0:fb:eb:78:d6:e3:
         8f:6c:20:d2:5c:ea:84:10:15:d4:35:0c:28:30:92:22:f4:e9:
         db:fd:d8:b6:51:3a:9a:6c:66:2e:42:d0:a2:22:e1:a2:d0:fa:
         d2:86:22:c2:47:46:82:e2:bc:a4:4d:37:d0:12:ce:db:24:84:
         b2:15:02:61:ea:1a:da:5c:46:d9:65:ea:75:af:04:c2:95:bc:
         45:a4:ec:ee:d0:7a:94:c8:cd:b5:64:be:80:df:82:b8:f8:08:
         7c:30:47:28:84:ba:9c:ec:45:00:96:af:ec:86:4c:71:e5:5e:
         af:39:d7:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSCblECuBDTHCct4ZnXkGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwMTAyMTM1MDI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjM0NmZhYTFiYTc3M2M2NDVkZTM0Y2RlZGJmMmNkMjc2ODAzYWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzq3/Y/OF065HAl9vagx5AcE8EOWO
SuLcW8MYagD+OLnfZYGtp0gnEx0yGSHkOsRHq4dwcpFviDk8KxdfqvTo6YU1w8X5
s20ZiDMXyVr81rXIJOAenFI4kWWv1cVrL8b08my/+sIKca9eCUvFMAU6Yrst/iv6
cQ/sw3UOcHsM5hH/gvodUrYTNoEE3RDZem/nPDAkDq5wkJ2m0FORb9ijpyomW88m
IF2MQtLMvwZwjkvKFueI/qJsL+MiZ03xulwcw/lmB1hfePKBaFjB/eMXwsqFgm2W
T0EyLJEvJu1Wvv1Sxdom3IyvBFruQ7peweuYqtTsocgT9aKYH1HTwQayDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIs0b6obp3PGRd40ze2/LNJ2gDrcMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvaXpSdnFodW5jOFpGM2pUTjdiOHMwbmFBT3R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLQw+MA0G
CSqGSIb3DQEBCwUAA4IBAQCmge7u3+31SnPYR6E9a995ZstbKaReF7df8cW0yuBg
djagHCdiqWM/gPobmLEAMmW/M4grGP/FLOTTFUG3Xmr6M+GtBOjEMS8uGEdMD5en
rnejXQbKRqlBejo3vF3ar2z1uYDKEih7A0dBikL8X572/11TL0nqvshsd+Bg09gN
qusjJo3ToA2EJOrw++t41uOPbCDSXOqEEBXUNQwoMJIi9Onb/di2UTqabGYuQtCi
IuGi0PrShiLCR0aC4rykTTfQEs7bJISyFQJh6hraXEbZZep1rwTClbxFpOzu0HqU
yM21ZL6A34K4+Ah8MEcohLqc7EUAlq/shkxx5V6vOddF
-----END CERTIFICATE-----