Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/6I2gaP9FhkxlvefmvPa4kmQ9vW4.roa
File:                     6I2gaP9FhkxlvefmvPa4kmQ9vW4.roa (raw, json)
Hash identifier:          PfkA2sAGvojMmUDnP0DFBAaKzs9+yLIvti1ysD6j/5g=
Subject key identifier:   E8:8D:A0:68:FF:45:86:4C:65:BD:E7:E6:BC:F6:B8:92:64:3D:BD:6E
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D72580D986E178700161DE0C6D79DC
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/6I2gaP9FhkxlvefmvPa4kmQ9vW4.roa
Signing time:             Wed 01 Jan 2025 21:48:09 +0000
ROA not before:           Wed 01 Jan 2025 21:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208413
IP address blocks:        45.138.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:25:80:d9:86:e1:78:70:01:61:de:0c:6d:79:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e88da068ff45864c65bde7e6bcf6b892643dbd6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:55:98:e4:6e:1f:8a:80:1c:e6:72:b7:66:c8:
                    bc:ea:d6:f5:fe:56:a6:2b:4a:3c:9c:c4:97:a4:df:
                    6f:bb:7a:51:3e:19:6d:46:f6:b1:fb:fd:fa:ed:09:
                    83:02:26:b0:31:1d:87:36:64:82:0f:72:c5:8f:da:
                    4c:df:25:54:5b:0a:7a:28:78:b6:cf:af:a6:81:85:
                    72:0c:45:07:6d:f0:b7:39:ab:e7:ab:6d:84:7a:e3:
                    f4:bb:b7:be:56:b7:1e:8f:53:af:6b:4e:e9:f0:09:
                    fe:4c:63:9b:a4:29:90:a9:75:6d:bb:68:4c:7a:17:
                    9b:dd:00:e2:bf:68:76:c8:9c:0e:e9:e9:5f:a5:b1:
                    a2:3e:09:ea:79:14:3f:b3:11:67:42:94:8c:95:3b:
                    80:47:5d:77:3e:ed:b9:5a:f3:29:0b:55:24:4e:2f:
                    70:50:1a:84:e4:2b:ec:28:38:8f:6a:d6:b8:d4:6a:
                    c4:e5:e4:2d:6a:23:fa:dc:a9:ae:98:c0:3b:42:30:
                    5b:17:19:df:3a:0a:c5:4c:01:54:c1:95:e9:db:b8:
                    a6:bb:fb:c2:42:7e:f1:62:35:04:27:f6:35:57:4c:
                    c7:94:68:b7:76:f0:ef:f5:0e:cd:37:28:16:a5:0a:
                    c8:90:a0:3f:34:5a:93:24:cb:c3:ba:c7:59:8a:b5:
                    58:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:8D:A0:68:FF:45:86:4C:65:BD:E7:E6:BC:F6:B8:92:64:3D:BD:6E
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/6I2gaP9FhkxlvefmvPa4kmQ9vW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:67:86:f4:96:af:c2:c0:49:46:f0:a6:01:bf:c8:d5:43:52:
         e7:0f:4d:85:43:f7:e2:f2:6f:3b:9b:04:cf:ad:d9:dd:d0:c1:
         7b:f1:6f:1b:8a:78:54:b2:69:1c:bd:44:e9:0c:cb:d0:21:27:
         bc:db:f5:4b:e4:40:07:71:ea:e4:a7:77:b4:1c:5b:5d:b5:43:
         65:e1:20:99:2a:bc:bc:6d:37:81:80:c3:5d:c7:5b:ad:35:74:
         21:cb:dd:ea:1f:09:62:cc:e3:4e:1f:66:be:7a:57:ee:4e:05:
         50:ae:ed:53:b1:6b:3a:c1:87:18:31:60:b8:d2:6b:0e:ad:fd:
         3a:8b:11:9f:73:ac:56:58:15:73:c8:eb:88:93:ed:0c:81:bc:
         e3:63:a9:b3:11:97:cb:16:c7:7a:21:b3:6d:ba:a1:68:24:54:
         f1:a1:49:de:a7:b7:50:d7:9b:a7:63:d3:f7:64:21:15:33:d9:
         f6:64:6e:d8:29:79:59:31:58:6e:4f:fe:30:44:aa:cd:09:a2:
         16:93:9c:c1:6f:fa:f7:9d:f3:07:90:0a:97:19:8a:14:b8:45:
         e7:6f:9f:5e:70:3f:0f:de:4f:ee:8e:3a:f4:33:98:70:dd:6e:
         7e:ab:9b:e7:97:8a:cd:24:c4:69:98:d9:a8:5e:9f:c0:d6:19:
         61:57:e6:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1yWA2YbheHABYd4MbXncMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODhkYTA2OGZmNDU4NjRjNjViZGU3ZTZiY2Y2Yjg5MjY0M2RiZDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVWY5G4fioAc5nK3Zsi86tb1/lam
K0o8nMSXpN9vu3pRPhltRvax+/367QmDAiawMR2HNmSCD3LFj9pM3yVUWwp6KHi2
z6+mgYVyDEUHbfC3Oavnq22EeuP0u7e+Vrcej1Ova07p8An+TGObpCmQqXVtu2hM
eheb3QDiv2h2yJwO6elfpbGiPgnqeRQ/sxFnQpSMlTuAR113Pu25WvMpC1UkTi9w
UBqE5CvsKDiPata41GrE5eQtaiP63KmumMA7QjBbFxnfOgrFTAFUwZXp27imu/vC
Qn7xYjUEJ/Y1V0zHlGi3dvDv9Q7NNygWpQrIkKA/NFqTJMvDusdZirVYYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOiNoGj/RYZMZb3n5rz2uJJkPb1uMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvNkkyZ2FQOUZoa3hsdmVmbXZQYTRrbVE5dlc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYpLMA0G
CSqGSIb3DQEBCwUAA4IBAQBwZ4b0lq/CwElG8KYBv8jVQ1LnD02FQ/fi8m87mwTP
rdnd0MF78W8binhUsmkcvUTpDMvQISe82/VL5EAHcerkp3e0HFtdtUNl4SCZKry8
bTeBgMNdx1utNXQhy93qHwlizONOH2a+elfuTgVQru1TsWs6wYcYMWC40msOrf06
ixGfc6xWWBVzyOuIk+0MgbzjY6mzEZfLFsd6IbNtuqFoJFTxoUnep7dQ15unY9P3
ZCEVM9n2ZG7YKXlZMVhuT/4wRKrNCaIWk5zBb/r3nfMHkAqXGYoUuEXnb59ecD8P
3k/ujjr0M5hw3W5+q5vnl4rNJMRpmNmoXp/A1hlhV+ZH
-----END CERTIFICATE-----