Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/I_jmCqPZO5xbhmBSW6oqe_qriW4.roa
File:                     I_jmCqPZO5xbhmBSW6oqe_qriW4.roa (raw, json)
Hash identifier:          JxQE+4oam/Don0zUhbli74XxYIp1hI6g2u95TmemHNI=
Subject key identifier:   23:F8:E6:0A:A3:D9:3B:9C:5B:86:60:52:5B:AA:2A:7B:FA:AB:89:6E
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D72FA5957613D5FE2EFF1C55157719
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/I_jmCqPZO5xbhmBSW6oqe_qriW4.roa
Signing time:             Wed 01 Jan 2025 21:48:12 +0000
ROA not before:           Wed 01 Jan 2025 21:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215302
IP address blocks:        45.137.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:2f:a5:95:76:13:d5:fe:2e:ff:1c:55:15:77:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23f8e60aa3d93b9c5b8660525baa2a7bfaab896e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e8:89:e7:ba:6f:8a:e2:ed:cf:d7:1a:72:b2:
                    f6:3f:97:0e:8a:83:e2:7d:4e:2d:ef:d7:3f:cb:94:
                    40:ff:c3:7e:a3:38:52:07:f3:3d:18:00:82:d0:d6:
                    5f:a0:14:78:ea:50:fa:96:e1:f6:73:33:14:dc:73:
                    b9:06:a9:2d:16:3d:3b:ce:db:79:56:f8:dd:35:74:
                    da:61:5b:7c:b5:56:54:36:27:57:3c:3c:0f:0b:53:
                    31:df:e5:51:da:ba:03:b9:6d:3b:cd:9f:c3:70:f0:
                    6e:94:ba:cd:29:88:60:6f:15:23:85:37:3f:81:fd:
                    40:71:40:b6:61:37:44:22:22:1c:82:7c:bc:60:f2:
                    db:51:73:71:69:1e:57:52:02:e3:ba:84:74:8e:9d:
                    c3:74:93:34:6a:d5:b1:55:36:d6:0e:5d:9d:24:dc:
                    2d:22:ec:38:73:f3:ea:ad:39:ae:c3:9e:e9:f6:d9:
                    75:bc:f3:31:6d:7a:9f:af:de:23:30:69:80:8b:da:
                    58:35:17:a6:85:cd:45:49:6b:ae:ba:d5:28:04:0c:
                    0a:af:2b:3f:60:fd:4c:9a:ba:07:64:b8:c2:c6:bc:
                    37:f8:7c:f6:24:52:37:b1:2c:aa:a9:38:c7:a6:c2:
                    d5:a0:d7:63:ea:50:24:ba:97:7c:7b:58:b5:87:9e:
                    ae:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:F8:E6:0A:A3:D9:3B:9C:5B:86:60:52:5B:AA:2A:7B:FA:AB:89:6E
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/I_jmCqPZO5xbhmBSW6oqe_qriW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:a0:73:52:7d:77:a3:06:a8:56:91:58:55:80:32:bf:4d:d3:
         7d:fb:55:a4:86:fc:28:5c:f1:ff:a3:ba:a2:5c:64:9f:a4:70:
         1b:48:1d:70:26:3c:e5:87:d5:92:12:1a:8c:43:1b:db:0a:6a:
         29:c9:24:8f:3a:db:14:c3:22:46:2e:46:3c:cf:dd:e2:09:14:
         d8:e0:d4:6f:2d:76:dc:51:c0:87:48:11:08:31:a4:12:c1:46:
         29:23:3a:c6:08:df:49:a2:f6:bb:7f:24:78:a5:8d:45:22:9c:
         c8:2a:bb:67:53:a1:61:de:f8:7c:5d:b7:78:51:12:1a:17:6e:
         57:d5:e6:c2:ea:e0:fe:e6:2a:21:1f:d9:9c:56:c8:6a:9a:fd:
         5e:9e:6b:42:f7:5e:34:93:43:a2:71:3a:c2:72:16:31:14:2d:
         72:69:7e:9c:a3:de:2a:47:0a:a6:17:b9:6d:c5:86:6f:f4:19:
         c3:be:32:41:94:ac:0c:73:a9:57:a9:e9:c8:a7:cc:05:b4:59:
         b3:4f:f9:01:f2:70:ae:0b:02:e1:04:37:08:b7:4f:e6:60:cc:
         a6:12:7c:18:4d:30:d4:97:29:48:ea:6c:43:00:05:e3:ef:ab:
         cd:1b:99:73:a7:27:16:b1:c7:96:ef:44:99:ab:89:7c:72:fb:
         c9:0c:aa:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1y+llXYT1f4u/xxVFXcZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2Y4ZTYwYWEzZDkzYjljNWI4NjYwNTI1YmFhMmE3YmZhYWI4OTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+iJ57pviuLtz9cacrL2P5cOioPi
fU4t79c/y5RA/8N+ozhSB/M9GACC0NZfoBR46lD6luH2czMU3HO5BqktFj07ztt5
VvjdNXTaYVt8tVZUNidXPDwPC1Mx3+VR2roDuW07zZ/DcPBulLrNKYhgbxUjhTc/
gf1AcUC2YTdEIiIcgny8YPLbUXNxaR5XUgLjuoR0jp3DdJM0atWxVTbWDl2dJNwt
Iuw4c/PqrTmuw57p9tl1vPMxbXqfr94jMGmAi9pYNRemhc1FSWuuutUoBAwKrys/
YP1MmroHZLjCxrw3+Hz2JFI3sSyqqTjHpsLVoNdj6lAkupd8e1i1h56usQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCP45gqj2TucW4ZgUluqKnv6q4luMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvSV9qbUNxUFpPNXhiaG1CU1c2b3FlX3FyaVc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYlrMA0G
CSqGSIb3DQEBCwUAA4IBAQC/oHNSfXejBqhWkVhVgDK/TdN9+1WkhvwoXPH/o7qi
XGSfpHAbSB1wJjzlh9WSEhqMQxvbCmopySSPOtsUwyJGLkY8z93iCRTY4NRvLXbc
UcCHSBEIMaQSwUYpIzrGCN9Jova7fyR4pY1FIpzIKrtnU6Fh3vh8Xbd4URIaF25X
1ebC6uD+5iohH9mcVshqmv1enmtC9140k0OicTrCchYxFC1yaX6co94qRwqmF7lt
xYZv9BnDvjJBlKwMc6lXqenIp8wFtFmzT/kB8nCuCwLhBDcIt0/mYMymEnwYTTDU
lylI6mxDAAXj76vNG5lzpycWsceW70SZq4l8cvvJDKqw
-----END CERTIFICATE-----