Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/1-PZ5ZpF6gj0Yt4InLMWwoBK29I4.roa
File:                     1-PZ5ZpF6gj0Yt4InLMWwoBK29I4.roa (raw, json)
Hash identifier:          d5dxv2wxeba+KXDQCu+0SgYnzXM8SMZK/V0ZfXKu5X4=
Subject key identifier:   F8:F6:79:66:91:7A:82:3D:18:B7:82:27:2C:C5:B0:A0:12:B6:F4:8E
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D715B048D1D940F1D28C07F8B231BA
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/1-PZ5ZpF6gj0Yt4InLMWwoBK29I4.roa
Signing time:             Wed 01 Jan 2025 21:48:05 +0000
ROA not before:           Wed 01 Jan 2025 21:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62282
IP address blocks:        45.137.106.0/24 maxlen: 24
                          193.34.233.0/24 maxlen: 24
                          2a0f:7b80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 05:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:15:b0:48:d1:d9:40:f1:d2:8c:07:f8:b2:31:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8f67966917a823d18b782272cc5b0a012b6f48e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ce:71:48:fe:e8:ca:81:40:7e:c1:15:d2:a7:
                    92:72:49:e9:41:3f:4d:05:3c:ad:ee:35:13:fe:68:
                    8a:6b:08:09:fa:d2:06:e4:0f:c1:77:ad:26:38:80:
                    44:11:c3:1e:a5:99:db:85:a3:d8:9c:88:0c:bd:f1:
                    65:af:60:12:25:50:56:31:fe:d2:d8:ae:16:e5:a8:
                    17:91:8a:ec:c4:12:0a:92:ef:1a:bd:28:6f:71:94:
                    b6:8a:ce:04:8d:0a:f9:cb:d7:67:d8:13:7d:4f:70:
                    fc:0e:4f:50:19:c1:8c:0d:00:3d:44:6e:46:46:f9:
                    6e:40:d1:47:4d:51:7a:b0:51:c0:a8:a1:d1:f1:fb:
                    68:39:58:83:6b:0b:97:61:e8:e0:1f:02:14:d8:cf:
                    0b:a0:ea:17:02:77:89:c7:c4:d9:d3:23:ef:97:7a:
                    ad:dd:94:79:b7:0b:15:1f:3d:1c:e7:ab:b6:f9:a4:
                    cd:d3:d5:3a:b6:8e:09:8d:5b:c7:39:e3:e3:bd:1c:
                    4b:10:f7:69:43:5b:06:8f:4d:b8:39:92:55:a5:85:
                    f4:38:a8:5b:27:69:71:5f:88:c4:fa:ed:6c:23:fa:
                    bb:96:c1:07:97:11:18:79:68:a9:56:c4:94:01:4c:
                    31:ec:31:0f:93:15:46:51:dd:1e:d5:d2:18:a9:41:
                    0a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:F6:79:66:91:7A:82:3D:18:B7:82:27:2C:C5:B0:A0:12:B6:F4:8E
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/1-PZ5ZpF6gj0Yt4InLMWwoBK29I4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.106.0/24
                  193.34.233.0/24
                IPv6:
                  2a0f:7b80::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:a2:6e:2c:a2:33:83:23:71:f2:f7:16:72:0c:0b:9f:8c:62:
         50:77:fd:64:62:63:80:e2:33:39:59:01:98:9d:ba:10:90:8b:
         15:d7:5c:3a:c5:d2:f4:72:46:6e:be:dd:13:b3:21:2d:bd:09:
         d3:4f:6a:2b:b1:94:0f:8c:98:01:83:21:9b:a3:22:52:15:ea:
         0a:61:a7:bc:d5:68:21:f1:6a:be:bd:b7:15:5e:ca:b1:72:3d:
         bb:8a:e4:ee:18:d0:83:2d:e8:e0:df:ac:17:cb:d8:6d:f1:d3:
         7b:87:18:a3:67:1d:cb:cd:01:f1:bc:f6:fc:bc:86:0e:cb:4d:
         b8:85:ee:4a:c8:66:e0:c3:ca:ba:bd:e8:08:ee:86:58:5a:3d:
         6e:9b:02:81:bb:7f:d1:df:2b:2f:19:cb:88:7d:ba:6d:77:44:
         e1:3e:98:79:99:31:9a:c0:bf:67:67:24:b5:bf:d5:8c:50:85:
         0e:41:00:e9:34:f4:b9:c1:c3:4b:8e:80:52:f5:c6:ef:b5:e3:
         4e:a3:3b:d2:37:e6:b1:8d:b4:35:63:0d:53:84:74:25:1a:fc:
         23:33:3e:a1:12:42:df:2e:c0:03:c7:f5:30:84:a6:e1:a3:dc:
         57:24:95:cd:8c:91:ce:f8:0f:24:c0:63:c0:53:5e:2b:7a:00:
         24:11:e8:72
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQj1xWwSNHZQPHSjAf4sjG6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGY2Nzk2NjkxN2E4MjNkMThiNzgyMjcyY2M1YjBhMDEyYjZmNDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt85xSP7oyoFAfsEV0qeScknpQT9N
BTyt7jUT/miKawgJ+tIG5A/Bd60mOIBEEcMepZnbhaPYnIgMvfFlr2ASJVBWMf7S
2K4W5agXkYrsxBIKku8avShvcZS2is4EjQr5y9dn2BN9T3D8Dk9QGcGMDQA9RG5G
RvluQNFHTVF6sFHAqKHR8ftoOViDawuXYejgHwIU2M8LoOoXAneJx8TZ0yPvl3qt
3ZR5twsVHz0c56u2+aTN09U6to4JjVvHOePjvRxLEPdpQ1sGj024OZJVpYX0OKhb
J2lxX4jE+u1sI/q7lsEHlxEYeWipVsSUAUwx7DEPkxVGUd0e1dIYqUEK5wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFPj2eWaReoI9GLeCJyzFsKAStvSOMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvMS1QWjVacEY2Z2owWXQ0SW5MTVd3b0JLMjlJNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzUvOGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2Nk
Mi8xL3RQbGpSZFB5THRzNVhTUl9lNGJTMXo1S0FKRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA2BggrBgEFBQcBBwEB/wQnMCUwEgQCAAEwDAMEAC2JagME
AMEi6TAPBAIAAjAJAwcAKg97gAAAMA0GCSqGSIb3DQEBCwUAA4IBAQANom4sojOD
I3Hy9xZyDAufjGJQd/1kYmOA4jM5WQGYnboQkIsV11w6xdL0ckZuvt0TsyEtvQnT
T2orsZQPjJgBgyGboyJSFeoKYae81Wgh8Wq+vbcVXsqxcj27iuTuGNCDLejg36wX
y9ht8dN7hxijZx3LzQHxvPb8vIYOy024he5KyGbgw8q6vegI7oZYWj1umwKBu3/R
3ysvGcuIfbptd0ThPph5mTGawL9nZyS1v9WMUIUOQQDpNPS5wcNLjoBS9cbvteNO
ozvSN+axjbQ1Yw1ThHQlGvwjMz6hEkLfLsADx/UwhKbho9xXJJXNjJHO+A8kwGPA
U14regAkEehy
-----END CERTIFICATE-----