Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/ln91rSDLIuySyhaiNIQohHN_rXE.roa
File:                     ln91rSDLIuySyhaiNIQohHN_rXE.roa (raw, json)
Hash identifier:          hm4nRwrnHBjEnQ14Rt4Ba09TbGWl8E21T94hpJTsxi8=
Subject key identifier:   96:7F:75:AD:20:CB:22:EC:92:CA:16:A2:34:84:28:84:73:7F:AD:71
Certificate issuer:       /CN=f6af433974df373b70abd76b13e1c70c775f554b
Certificate serial:       019423D72142DCA4DC7BF993238EB28E55F4
Authority key identifier: F6:AF:43:39:74:DF:37:3B:70:AB:D7:6B:13:E1:C7:0C:77:5F:55:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/ln91rSDLIuySyhaiNIQohHN_rXE.roa
Signing time:             Wed 01 Jan 2025 21:48:08 +0000
ROA not before:           Wed 01 Jan 2025 21:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44486
IP address blocks:        45.85.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:21:42:dc:a4:dc:7b:f9:93:23:8e:b2:8e:55:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6af433974df373b70abd76b13e1c70c775f554b
        Validity
            Not Before: Jan  1 21:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=967f75ad20cb22ec92ca16a234842884737fad71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:91:8b:07:dc:4e:c2:38:44:12:0b:23:ba:44:
                    07:52:be:0f:4b:5d:3c:6a:95:6e:5d:cf:35:bd:49:
                    f6:28:fb:19:57:d6:19:d3:98:fd:d5:df:d6:c9:53:
                    e7:5d:b2:03:7b:f6:ac:c5:a6:8c:ec:36:b0:8b:51:
                    27:c2:a1:b4:bd:ff:b3:90:e9:dd:2e:e0:9a:1d:1c:
                    6e:31:be:53:ac:a6:ec:19:e3:4c:4e:9d:d4:66:81:
                    80:28:b6:24:28:04:55:9e:3b:a4:d0:45:90:a0:de:
                    a3:27:ce:33:f9:56:81:d6:45:5f:a8:68:47:00:5d:
                    36:79:61:8a:4b:4d:35:66:af:21:f9:33:38:80:1c:
                    49:7d:34:84:25:db:74:57:7e:f1:69:52:98:29:4e:
                    0f:d8:5a:89:a7:51:2d:6b:3a:73:ee:e5:ff:4d:c6:
                    42:95:04:34:0b:ab:bc:43:26:90:4c:71:2a:a2:c9:
                    5c:a6:0b:7f:0e:b4:29:3c:e4:e8:71:bd:47:49:de:
                    5a:32:91:c2:00:fd:c3:45:d1:72:5e:aa:f7:6d:29:
                    b7:ba:87:c6:ae:f4:b4:ac:b9:8f:ea:d2:98:b8:e2:
                    e6:4a:f4:c2:21:0d:11:cd:6f:1e:31:47:9c:b5:50:
                    61:29:5d:df:2e:bc:6a:69:6c:65:b2:d5:4b:70:7d:
                    fb:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:7F:75:AD:20:CB:22:EC:92:CA:16:A2:34:84:28:84:73:7F:AD:71
            X509v3 Authority Key Identifier:
                keyid:F6:AF:43:39:74:DF:37:3B:70:AB:D7:6B:13:E1:C7:0C:77:5F:55:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/ln91rSDLIuySyhaiNIQohHN_rXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:0e:d0:72:69:ed:8a:e9:ba:dd:74:4e:77:6e:13:d1:ac:7e:
         ed:ec:ef:99:d8:7b:4b:40:00:71:8e:b2:e1:89:d1:d3:51:f7:
         ba:49:46:81:96:fd:19:30:94:ee:2f:98:f9:9c:92:0f:52:8d:
         02:8c:c0:62:78:f0:49:80:5c:43:df:ab:a7:cb:0c:22:78:56:
         06:46:76:19:ae:5d:bb:41:2f:10:21:04:1c:0a:46:e3:c0:7c:
         86:fe:12:b4:09:a5:e9:39:3b:a7:38:5f:c4:48:60:c6:40:73:
         50:ec:e0:04:e8:87:53:d4:79:8a:03:f6:2f:77:03:60:f4:7e:
         e2:df:68:08:4c:98:1f:33:7e:d4:28:1a:ce:02:ff:b8:22:9d:
         26:6c:bc:b1:32:47:ca:3e:a2:fd:ed:a9:c0:a5:7a:b8:df:e2:
         55:05:b8:16:0f:e2:33:83:c4:9e:9e:9d:0f:d6:4c:30:ba:7d:
         6a:d1:21:83:e8:93:3c:40:2d:5a:33:9f:36:ca:0d:3e:d6:a6:
         0b:51:d7:07:a9:f8:bb:aa:58:c3:c0:90:a3:7e:b5:51:b6:09:
         3e:da:ff:b0:83:a0:9c:34:6b:5b:6a:f0:ce:ae:07:f5:fe:76:
         69:8a:d1:99:ad:08:ea:d4:ba:69:5d:1d:5a:2c:c3:b6:82:70:
         d9:59:07:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1yFC3KTce/mTI46yjlX0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YWY0MzM5NzRkZjM3M2I3MGFiZDc2YjEzZTFjNzBjNzc1
ZjU1NGIwHhcNMjUwMTAxMjE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjdmNzVhZDIwY2IyMmVjOTJjYTE2YTIzNDg0Mjg4NDczN2ZhZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5GLB9xOwjhEEgsjukQHUr4PS108
apVuXc81vUn2KPsZV9YZ05j91d/WyVPnXbIDe/asxaaM7Dawi1EnwqG0vf+zkOnd
LuCaHRxuMb5TrKbsGeNMTp3UZoGAKLYkKARVnjuk0EWQoN6jJ84z+VaB1kVfqGhH
AF02eWGKS001Zq8h+TM4gBxJfTSEJdt0V37xaVKYKU4P2FqJp1Etazpz7uX/TcZC
lQQ0C6u8QyaQTHEqoslcpgt/DrQpPOTocb1HSd5aMpHCAP3DRdFyXqr3bSm3uofG
rvS0rLmP6tKYuOLmSvTCIQ0RzW8eMUectVBhKV3fLrxqaWxlstVLcH37IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJZ/da0gyyLsksoWojSEKIRzf61xMB8GA1UdIwQY
MBaAFPavQzl03zc7cKvXaxPhxwx3X1VLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXE5RE9YVGZOenR3cTlkckUtSEhESGRmVlVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mOWNhZjAtMmMyZS00ODk3LThhM2It
YTI2YmM2NTNiMDZiLzEvbG45MXJTRExJdXlTeWhhaU5JUW9oSE5fclhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mOWNhZjAtMmMyZS00ODk3LThhM2ItYTI2YmM2NTNiMDZi
LzEvOXE5RE9YVGZOenR3cTlkckUtSEhESGRmVlVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVXbMA0G
CSqGSIb3DQEBCwUAA4IBAQCnDtByae2K6brddE53bhPRrH7t7O+Z2HtLQABxjrLh
idHTUfe6SUaBlv0ZMJTuL5j5nJIPUo0CjMBiePBJgFxD36unywwieFYGRnYZrl27
QS8QIQQcCkbjwHyG/hK0CaXpOTunOF/ESGDGQHNQ7OAE6IdT1HmKA/YvdwNg9H7i
32gITJgfM37UKBrOAv+4Ip0mbLyxMkfKPqL97anApXq43+JVBbgWD+Izg8Senp0P
1kwwun1q0SGD6JM8QC1aM582yg0+1qYLUdcHqfi7qljDwJCjfrVRtgk+2v+wg6Cc
NGtbavDOrgf1/nZpitGZrQjq1LppXR1aLMO2gnDZWQf3
-----END CERTIFICATE-----