Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/3alv3XwEbOFu7iiK8LFbOce6T6M.roa
File:                     3alv3XwEbOFu7iiK8LFbOce6T6M.roa (raw, json)
Hash identifier:          0D37DkikXSNhNHk7nw4gpplDRFgdjXDIi3MfBRU1TWY=
Subject key identifier:   DD:A9:6F:DD:7C:04:6C:E1:6E:EE:28:8A:F0:B1:5B:39:C7:BA:4F:A3
Certificate issuer:       /CN=bea649ef6030fc80848fdfe21d4321ac8011fd10
Certificate serial:       01942143C3B706990B60946EBEA06F3FF828
Authority key identifier: BE:A6:49:EF:60:30:FC:80:84:8F:DF:E2:1D:43:21:AC:80:11:FD:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/3alv3XwEbOFu7iiK8LFbOce6T6M.roa
Signing time:             Wed 01 Jan 2025 09:47:56 +0000
ROA not before:           Wed 01 Jan 2025 09:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208567
IP address blocks:        45.91.125.0/24 maxlen: 24
                          2a0e:f41::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:c3:b7:06:99:0b:60:94:6e:be:a0:6f:3f:f8:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bea649ef6030fc80848fdfe21d4321ac8011fd10
        Validity
            Not Before: Jan  1 09:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dda96fdd7c046ce16eee288af0b15b39c7ba4fa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:72:e9:b5:85:97:0b:48:8b:82:2e:dd:b7:55:
                    5f:33:39:ca:86:3d:bb:6b:76:17:c0:56:36:ee:f4:
                    ef:ac:49:40:48:1e:1c:30:49:e9:8c:04:ff:75:30:
                    83:86:cd:47:40:6c:9e:c9:49:e3:19:fe:46:b6:6e:
                    3a:40:43:b7:0d:fe:fb:fa:f9:73:44:d5:f8:30:cd:
                    1c:ea:e8:2a:bd:2d:5c:48:4c:cb:6e:26:f1:ba:aa:
                    c8:6c:a1:47:25:d1:d2:97:68:dd:2e:2f:25:cc:83:
                    28:fa:54:9c:c4:0b:fa:aa:c7:8c:2a:7b:ac:f9:b9:
                    a0:46:8d:d0:1b:29:fe:0e:60:9b:4c:45:80:09:9e:
                    f8:29:c1:47:03:2d:60:ab:f1:9b:a1:4c:b9:34:1a:
                    a6:ce:c0:90:fc:99:55:87:8f:06:9a:4b:2b:c3:90:
                    43:1d:0a:6e:de:67:3a:f2:98:47:ee:bb:4b:2d:09:
                    3f:5b:03:a5:5e:42:23:42:47:19:35:42:b9:18:aa:
                    c3:45:2f:0c:bc:1b:6d:df:e2:35:53:6a:ba:ab:21:
                    4d:77:a8:3b:9a:9b:6b:c9:63:87:87:e0:78:fd:de:
                    de:a2:8d:d4:1d:d0:e8:e1:69:ef:e4:f2:ad:d0:c9:
                    81:cc:59:18:fb:a8:b6:6e:dc:50:cb:78:bb:fe:d5:
                    29:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:A9:6F:DD:7C:04:6C:E1:6E:EE:28:8A:F0:B1:5B:39:C7:BA:4F:A3
            X509v3 Authority Key Identifier:
                keyid:BE:A6:49:EF:60:30:FC:80:84:8F:DF:E2:1D:43:21:AC:80:11:FD:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/3alv3XwEbOFu7iiK8LFbOce6T6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.125.0/24
                IPv6:
                  2a0e:f41::/32

    Signature Algorithm: sha256WithRSAEncryption
         c0:61:01:8b:60:3f:92:d5:d4:64:9a:0b:f8:b8:ec:49:08:2d:
         b3:2b:b3:e1:81:6d:95:33:65:24:f6:ce:ea:64:6f:9c:73:cb:
         4a:68:e8:07:bc:a6:77:4f:a5:0c:35:33:d0:90:20:46:9b:89:
         c6:62:e8:22:ec:bc:35:1f:7b:e6:5c:87:44:46:52:56:78:0e:
         bf:97:51:88:90:4b:04:17:63:64:3c:10:43:52:a4:8a:06:56:
         a4:13:f1:d7:9d:87:36:4f:89:83:a2:e4:27:6f:15:89:57:9f:
         d3:b6:06:fa:0f:c6:ab:d3:4a:83:db:c6:69:cb:0f:c8:1c:30:
         6f:5c:1e:ea:66:89:7e:a5:f2:a9:57:20:31:77:64:c5:c8:6b:
         bf:6d:e6:54:45:47:30:f5:f5:61:70:62:18:a3:4b:dd:03:ff:
         26:6b:42:a3:fc:26:08:1a:6a:98:30:ff:5b:7d:c3:b9:f7:75:
         15:5d:cc:7a:5b:40:da:a0:99:ea:d3:5d:0a:71:44:5b:e9:38:
         c7:3f:b3:fc:07:be:ad:da:fb:15:1e:64:6e:17:16:89:ed:7d:
         be:67:15:b4:ab:40:a5:56:27:64:80:4f:b9:f7:0a:2b:da:02:
         b9:97:e4:d3:09:7d:48:db:35:d5:3b:e9:56:f4:99:93:47:5a:
         8d:34:5f:b6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhQ8O3BpkLYJRuvqBvP/goMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYTY0OWVmNjAzMGZjODA4NDhmZGZlMjFkNDMyMWFjODAx
MWZkMTAwHhcNMjUwMTAxMDk0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGE5NmZkZDdjMDQ2Y2UxNmVlZTI4OGFmMGIxNWIzOWM3YmE0ZmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XLptYWXC0iLgi7dt1VfMznKhj27
a3YXwFY27vTvrElASB4cMEnpjAT/dTCDhs1HQGyeyUnjGf5Gtm46QEO3Df77+vlz
RNX4MM0c6ugqvS1cSEzLbibxuqrIbKFHJdHSl2jdLi8lzIMo+lScxAv6qseMKnus
+bmgRo3QGyn+DmCbTEWACZ74KcFHAy1gq/GboUy5NBqmzsCQ/JlVh48Gmksrw5BD
HQpu3mc68phH7rtLLQk/WwOlXkIjQkcZNUK5GKrDRS8MvBtt3+I1U2q6qyFNd6g7
mptryWOHh+B4/d7eoo3UHdDo4Wnv5PKt0MmBzFkY+6i2btxQy3i7/tUpnQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN2pb918BGzhbu4oivCxWznHuk+jMB8GA1UdIwQY
MBaAFL6mSe9gMPyAhI/f4h1DIayAEf0QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnFaSjcyQXdfSUNFajlfaUhVTWhySUFSX1JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8xOTQ1NWItZDJjZi00ZTVmLWJmNTgt
MjFkZjU1YmE5ZWJmLzEvM2FsdjNYd0ViT0Z1N2lpSzhMRmJPY2U2VDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8xOTQ1NWItZDJjZi00ZTVmLWJmNTgtMjFkZjU1YmE5ZWJm
LzEvdnFaSjcyQXdfSUNFajlfaUhVTWhySUFSX1JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALVt9MA0E
AgACMAcDBQAqDg9BMA0GCSqGSIb3DQEBCwUAA4IBAQDAYQGLYD+S1dRkmgv4uOxJ
CC2zK7PhgW2VM2Uk9s7qZG+cc8tKaOgHvKZ3T6UMNTPQkCBGm4nGYugi7Lw1H3vm
XIdERlJWeA6/l1GIkEsEF2NkPBBDUqSKBlakE/HXnYc2T4mDouQnbxWJV5/Ttgb6
D8ar00qD28Zpyw/IHDBvXB7qZol+pfKpVyAxd2TFyGu/beZURUcw9fVhcGIYo0vd
A/8ma0Kj/CYIGmqYMP9bfcO593UVXcx6W0DaoJnq010KcURb6TjHP7P8B76t2vsV
HmRuFxaJ7X2+ZxW0q0ClVidkgE+59wor2gK5l+TTCX1I2zXVO+lW9JmTR1qNNF+2
-----END CERTIFICATE-----