Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/96297d-c627-466d-9eba-107890801213/1/AnWhlH6XKqUu4_GnJM2nKdO071s.roa
File:                     AnWhlH6XKqUu4_GnJM2nKdO071s.roa (raw, json)
Hash identifier:          /ulEE3dLzdrGEic+8DMTJn8iVbu0rFN7I+VggC4+dZk=
Subject key identifier:   02:75:A1:94:7E:97:2A:A5:2E:E3:F1:A7:24:CD:A7:29:D3:B4:EF:5B
Certificate issuer:       /CN=f6e7d811954993a953b7948dd06765cbc090dcf7
Certificate serial:       019441301A308AE2F77E624B838F0A149A09
Authority key identifier: F6:E7:D8:11:95:49:93:A9:53:B7:94:8D:D0:67:65:CB:C0:90:DC:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9ufYEZVJk6lTt5SN0Gdly8CQ3Pc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/96297d-c627-466d-9eba-107890801213/1/AnWhlH6XKqUu4_GnJM2nKdO071s.roa
Signing time:             Tue 07 Jan 2025 14:34:19 +0000
ROA not before:           Tue 07 Jan 2025 14:34:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208372
IP address blocks:        45.142.56.0/22 maxlen: 22
                          2a0e:d640::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/96297d-c627-466d-9eba-107890801213/1/9ufYEZVJk6lTt5SN0Gdly8CQ3Pc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/96297d-c627-466d-9eba-107890801213/1/9ufYEZVJk6lTt5SN0Gdly8CQ3Pc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9ufYEZVJk6lTt5SN0Gdly8CQ3Pc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:41:30:1a:30:8a:e2:f7:7e:62:4b:83:8f:0a:14:9a:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6e7d811954993a953b7948dd06765cbc090dcf7
        Validity
            Not Before: Jan  7 14:34:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0275a1947e972aa52ee3f1a724cda729d3b4ef5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ef:28:7d:7b:0f:f9:92:63:ce:97:c5:bb:fc:
                    d6:cd:b6:36:98:2e:05:f2:14:e9:42:08:5e:73:11:
                    51:1e:f0:84:b9:6b:76:c8:b5:fb:11:a8:92:e0:44:
                    ba:ee:c3:2c:49:38:6c:15:26:61:1f:6f:24:a4:a2:
                    21:39:50:bb:95:ba:68:d6:9a:a9:f7:0a:7c:53:4b:
                    5e:f6:57:75:d9:df:cf:c7:62:72:f4:8d:07:9d:43:
                    cf:97:12:88:79:e8:84:fe:55:e1:6f:f5:75:91:50:
                    be:fa:93:a6:03:f1:cf:3e:a9:b7:37:b9:b3:d1:75:
                    f2:14:4d:34:5f:55:e2:c7:b8:ec:57:54:5c:7a:12:
                    43:76:72:4a:0b:0e:f6:6d:fd:e3:4e:06:17:5b:50:
                    ae:f0:94:3b:aa:ba:0e:26:90:0b:44:9a:4a:00:94:
                    02:db:8d:85:c3:85:6f:60:61:48:64:d8:8e:36:c6:
                    a1:2a:a8:bf:1c:b3:ee:c6:e2:ad:b3:0a:d7:af:90:
                    a0:cd:32:c1:28:4d:5c:b7:13:77:8a:fe:67:fb:8c:
                    d5:6b:93:ab:cc:3a:26:e0:b3:23:cf:e8:bd:83:49:
                    38:f7:15:6f:23:04:2c:d8:60:1d:6d:c0:cf:a4:11:
                    7d:d2:0f:a4:59:a4:79:27:8f:84:11:65:0f:e1:b3:
                    47:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:75:A1:94:7E:97:2A:A5:2E:E3:F1:A7:24:CD:A7:29:D3:B4:EF:5B
            X509v3 Authority Key Identifier:
                keyid:F6:E7:D8:11:95:49:93:A9:53:B7:94:8D:D0:67:65:CB:C0:90:DC:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9ufYEZVJk6lTt5SN0Gdly8CQ3Pc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/96297d-c627-466d-9eba-107890801213/1/AnWhlH6XKqUu4_GnJM2nKdO071s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/96297d-c627-466d-9eba-107890801213/1/9ufYEZVJk6lTt5SN0Gdly8CQ3Pc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.56.0/22
                IPv6:
                  2a0e:d640::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:d4:4c:c5:b5:2a:e3:11:ad:c3:46:6b:ff:15:c9:c9:11:3a:
         67:cc:c6:df:51:f1:8c:26:2c:08:c5:09:79:b3:75:cf:ad:3c:
         7a:92:56:be:b9:2a:43:bd:3c:83:59:77:ce:91:54:ca:ed:ad:
         00:43:19:70:32:77:e9:6c:3b:4a:83:26:fe:e8:86:e5:fb:ad:
         49:31:65:4c:03:ce:d9:65:31:78:6b:dc:ff:4e:b4:67:67:74:
         a3:27:f2:e3:31:d3:b1:85:35:2d:41:d8:c9:29:7f:d6:87:5e:
         15:70:4f:cd:ce:25:a4:45:84:2d:a0:79:d5:7b:96:d3:33:83:
         2a:7c:44:26:78:9e:28:97:d2:35:9c:40:16:19:7f:f7:c1:45:
         d5:ec:08:93:9d:2b:bb:f1:1e:4c:c7:2e:fe:55:b4:03:f3:94:
         56:5d:73:f0:84:f7:03:7b:16:f8:46:a7:ef:39:5c:2c:e2:bf:
         9f:a8:d5:2c:7f:48:20:3e:d1:70:4a:35:a5:ae:35:c0:21:b0:
         7e:d4:22:bf:6a:31:53:cb:5e:26:6a:d1:10:be:18:82:77:7b:
         1c:89:3e:03:b2:44:ae:6a:1a:b0:eb:56:db:ed:99:64:c2:14:
         3b:a6:44:e7:9b:10:4c:f4:e0:0e:a8:26:c9:9c:9c:b1:7d:0f:
         f4:a8:bb:86
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZRBMBowiuL3fmJLg48KFJoJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2ZTdkODExOTU0OTkzYTk1M2I3OTQ4ZGQwNjc2NWNiYzA5
MGRjZjcwHhcNMjUwMTA3MTQzNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjc1YTE5NDdlOTcyYWE1MmVlM2YxYTcyNGNkYTcyOWQzYjRlZjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsu8ofXsP+ZJjzpfFu/zWzbY2mC4F
8hTpQghecxFRHvCEuWt2yLX7EaiS4ES67sMsSThsFSZhH28kpKIhOVC7lbpo1pqp
9wp8U0te9ld12d/Px2Jy9I0HnUPPlxKIeeiE/lXhb/V1kVC++pOmA/HPPqm3N7mz
0XXyFE00X1Xix7jsV1RcehJDdnJKCw72bf3jTgYXW1Cu8JQ7qroOJpALRJpKAJQC
242Fw4VvYGFIZNiONsahKqi/HLPuxuKtswrXr5CgzTLBKE1ctxN3iv5n+4zVa5Or
zDom4LMjz+i9g0k49xVvIwQs2GAdbcDPpBF90g+kWaR5J4+EEWUP4bNHSQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAJ1oZR+lyqlLuPxpyTNpynTtO9bMB8GA1UdIwQY
MBaAFPbn2BGVSZOpU7eUjdBnZcvAkNz3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXVmWUVaVkprNmxUdDVTTjBHZGx5OENRM1BjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi85NjI5N2QtYzYyNy00NjZkLTllYmEt
MTA3ODkwODAxMjEzLzEvQW5XaGxINlhLcVV1NF9HbkpNMm5LZE8wNzFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi85NjI5N2QtYzYyNy00NjZkLTllYmEtMTA3ODkwODAxMjEz
LzEvOXVmWUVaVkprNmxUdDVTTjBHZGx5OENRM1BjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLY44MA0E
AgACMAcDBQMqDtZAMA0GCSqGSIb3DQEBCwUAA4IBAQCl1EzFtSrjEa3DRmv/FcnJ
ETpnzMbfUfGMJiwIxQl5s3XPrTx6kla+uSpDvTyDWXfOkVTK7a0AQxlwMnfpbDtK
gyb+6Ibl+61JMWVMA87ZZTF4a9z/TrRnZ3SjJ/LjMdOxhTUtQdjJKX/Wh14VcE/N
ziWkRYQtoHnVe5bTM4MqfEQmeJ4ol9I1nEAWGX/3wUXV7AiTnSu78R5Mxy7+VbQD
85RWXXPwhPcDexb4RqfvOVws4r+fqNUsf0ggPtFwSjWlrjXAIbB+1CK/ajFTy14m
atEQvhiCd3sciT4DskSuahqw61bb7ZlkwhQ7pkTnmxBM9OAOqCbJnJyxfQ/0qLuG
-----END CERTIFICATE-----