Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/bf8bca-c4a0-429d-9f4d-0eb6bbf65b1f/1/4G6PC7r1jLJaKqLvKiHJfqhR1e4.roa
File:                     4G6PC7r1jLJaKqLvKiHJfqhR1e4.roa (raw, json)
Hash identifier:          qfv1dvU9Pa4JA9Wl519haLOz9gG/Vfn4EhOnWCbqEOg=
Subject key identifier:   E0:6E:8F:0B:BA:F5:8C:B2:5A:2A:A2:EF:2A:21:C9:7E:A8:51:D5:EE
Certificate issuer:       /CN=618855635e4794f5878e3b985fed8935ae06c5a1
Certificate serial:       01942067DAE4C0000D9601C530DFDD75B039
Authority key identifier: 61:88:55:63:5E:47:94:F5:87:8E:3B:98:5F:ED:89:35:AE:06:C5:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYhVY15HlPWHjjuYX-2JNa4GxaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/bf8bca-c4a0-429d-9f4d-0eb6bbf65b1f/1/4G6PC7r1jLJaKqLvKiHJfqhR1e4.roa
Signing time:             Wed 01 Jan 2025 05:47:44 +0000
ROA not before:           Wed 01 Jan 2025 05:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        45.142.128.0/22 maxlen: 24
                          2a12:21c4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/bf8bca-c4a0-429d-9f4d-0eb6bbf65b1f/1/YYhVY15HlPWHjjuYX-2JNa4GxaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/bf8bca-c4a0-429d-9f4d-0eb6bbf65b1f/1/YYhVY15HlPWHjjuYX-2JNa4GxaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYhVY15HlPWHjjuYX-2JNa4GxaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:da:e4:c0:00:0d:96:01:c5:30:df:dd:75:b0:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618855635e4794f5878e3b985fed8935ae06c5a1
        Validity
            Not Before: Jan  1 05:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e06e8f0bbaf58cb25a2aa2ef2a21c97ea851d5ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:fd:d8:b5:2f:e5:7a:fc:a0:46:4a:59:9f:3f:
                    90:fe:54:46:59:90:e4:16:c4:3c:8a:70:a6:08:b1:
                    52:83:63:00:b5:ab:da:ad:ed:4f:3d:69:9e:74:e8:
                    b6:c2:d2:98:d0:15:77:c8:45:2d:f4:20:3a:b6:4a:
                    b7:03:be:71:22:f9:d4:9b:de:b6:b1:b9:cb:a9:99:
                    22:14:bf:f4:50:68:30:c1:f2:11:da:94:59:72:6e:
                    0e:17:0a:1f:ea:7a:7a:77:39:9f:df:80:8f:69:8f:
                    c1:e9:3a:01:86:df:39:0e:f1:0d:32:f0:c4:ab:f0:
                    42:78:3c:aa:12:df:ee:96:be:56:88:db:a2:ab:0a:
                    b5:45:dc:8e:51:6e:32:82:32:a6:02:46:d0:4a:ed:
                    40:2f:cc:ed:25:76:ce:2e:f1:04:a6:42:0f:5e:73:
                    fb:c7:e3:73:f7:a7:39:6a:70:fd:7b:25:5f:5b:a8:
                    2d:f9:89:27:ac:14:b3:a3:49:b6:9d:a5:25:6b:e8:
                    19:54:9d:d1:59:74:c0:89:26:00:64:a5:2d:6c:b0:
                    08:15:b9:81:cb:89:99:53:9e:7a:9d:7f:3b:48:51:
                    40:01:d3:91:3d:ec:18:17:a7:61:6a:a5:35:57:f4:
                    07:9d:7c:a3:07:24:b4:30:ab:f8:5a:81:df:5c:63:
                    51:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:6E:8F:0B:BA:F5:8C:B2:5A:2A:A2:EF:2A:21:C9:7E:A8:51:D5:EE
            X509v3 Authority Key Identifier:
                keyid:61:88:55:63:5E:47:94:F5:87:8E:3B:98:5F:ED:89:35:AE:06:C5:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYhVY15HlPWHjjuYX-2JNa4GxaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/bf8bca-c4a0-429d-9f4d-0eb6bbf65b1f/1/4G6PC7r1jLJaKqLvKiHJfqhR1e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/bf8bca-c4a0-429d-9f4d-0eb6bbf65b1f/1/YYhVY15HlPWHjjuYX-2JNa4GxaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.128.0/22
                IPv6:
                  2a12:21c4::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:b0:34:0a:e5:70:7e:c8:c0:5f:48:b7:77:17:eb:90:97:4c:
         f3:d7:61:f3:39:9b:fd:46:e4:1f:42:95:f8:1e:b8:2f:de:fe:
         4b:5a:4a:47:a3:a4:c1:d6:a6:87:c6:de:05:3f:56:58:2b:a7:
         32:68:d8:cc:ca:70:ed:af:ce:1b:2c:c0:3d:cb:27:44:93:32:
         15:0b:9c:ed:02:f2:4a:64:50:8c:e4:3c:7a:c8:66:38:0c:0b:
         ca:d5:be:8c:31:10:e3:e2:16:77:58:0f:6d:df:6c:8c:f6:a5:
         3f:50:a6:89:0a:c2:92:93:5b:eb:84:ca:cd:25:da:8b:9c:1f:
         c4:31:a6:65:95:7e:4f:d3:26:6c:50:db:70:e8:59:23:60:3b:
         4d:12:10:a3:5b:85:43:09:47:5d:8d:1d:94:02:00:8b:bc:e1:
         14:3d:d7:4d:62:35:12:cd:28:97:cf:d7:d3:73:15:b5:62:d6:
         9b:14:5e:74:8f:6f:94:a5:25:a1:38:2c:64:2e:67:92:a6:7e:
         39:2d:35:3f:e9:0f:70:20:a7:94:29:47:cc:f8:2a:8e:bd:73:
         df:9c:b9:a2:c2:00:f1:ea:cf:87:93:7c:ce:36:74:5c:66:fe:
         ba:ee:91:3a:66:11:78:0c:cc:52:9b:15:33:78:3d:7c:06:13:
         dc:ea:96:39
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgZ9rkwAANlgHFMN/ddbA5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODg1NTYzNWU0Nzk0ZjU4NzhlM2I5ODVmZWQ4OTM1YWUw
NmM1YTEwHhcNMjUwMTAxMDU0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDZlOGYwYmJhZjU4Y2IyNWEyYWEyZWYyYTIxYzk3ZWE4NTFkNWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArv3YtS/levygRkpZnz+Q/lRGWZDk
FsQ8inCmCLFSg2MAtavare1PPWmedOi2wtKY0BV3yEUt9CA6tkq3A75xIvnUm962
sbnLqZkiFL/0UGgwwfIR2pRZcm4OFwof6np6dzmf34CPaY/B6ToBht85DvENMvDE
q/BCeDyqEt/ulr5WiNuiqwq1RdyOUW4ygjKmAkbQSu1AL8ztJXbOLvEEpkIPXnP7
x+Nz96c5anD9eyVfW6gt+YknrBSzo0m2naUla+gZVJ3RWXTAiSYAZKUtbLAIFbmB
y4mZU556nX87SFFAAdORPewYF6dhaqU1V/QHnXyjByS0MKv4WoHfXGNRvQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOBujwu69YyyWiqi7yohyX6oUdXuMB8GA1UdIwQY
MBaAFGGIVWNeR5T1h447mF/tiTWuBsWhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVloVlkxNUhsUFdIamp1WVgtMkpOYTRHeGFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9iZjhiY2EtYzRhMC00MjlkLTlmNGQt
MGViNmJiZjY1YjFmLzEvNEc2UEM3cjFqTEphS3FMdktpSEpmcWhSMWU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9iZjhiY2EtYzRhMC00MjlkLTlmNGQtMGViNmJiZjY1YjFm
LzEvWVloVlkxNUhsUFdIamp1WVgtMkpOYTRHeGFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLY6AMA0E
AgACMAcDBQAqEiHEMA0GCSqGSIb3DQEBCwUAA4IBAQCGsDQK5XB+yMBfSLd3F+uQ
l0zz12HzOZv9RuQfQpX4Hrgv3v5LWkpHo6TB1qaHxt4FP1ZYK6cyaNjMynDtr84b
LMA9yydEkzIVC5ztAvJKZFCM5Dx6yGY4DAvK1b6MMRDj4hZ3WA9t32yM9qU/UKaJ
CsKSk1vrhMrNJdqLnB/EMaZllX5P0yZsUNtw6FkjYDtNEhCjW4VDCUddjR2UAgCL
vOEUPddNYjUSzSiXz9fTcxW1YtabFF50j2+UpSWhOCxkLmeSpn45LTU/6Q9wIKeU
KUfM+CqOvXPfnLmiwgDx6s+Hk3zONnRcZv667pE6ZhF4DMxSmxUzeD18BhPc6pY5
-----END CERTIFICATE-----