Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/yp3RHpeevW6c6NYkWbLhg7EyEkw.roa
File:                     yp3RHpeevW6c6NYkWbLhg7EyEkw.roa (raw, json)
Hash identifier:          fbZfE/XNHbd7jhWcMuoJzJ+cbwvszA8ixW8vIw/spao=
Subject key identifier:   CA:9D:D1:1E:97:9E:BD:6E:9C:E8:D6:24:59:B2:E1:83:B1:32:12:4C
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D70DC1A8632019E62F79ECFC4A97C9
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/yp3RHpeevW6c6NYkWbLhg7EyEkw.roa
Signing time:             Wed 01 Jan 2025 21:48:03 +0000
ROA not before:           Wed 01 Jan 2025 21:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47895
IP address blocks:        45.132.252.0/22 maxlen: 22
                          45.132.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:0d:c1:a8:63:20:19:e6:2f:79:ec:fc:4a:97:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca9dd11e979ebd6e9ce8d62459b2e183b132124c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:93:5d:6f:86:73:db:54:fd:5e:96:e5:ef:11:
                    55:80:af:b2:a4:7e:1d:da:2a:ed:fa:ba:09:9f:45:
                    32:47:af:4d:e8:e5:c9:6b:7d:bf:34:69:25:22:e8:
                    2a:d5:33:51:b4:6b:84:50:69:13:6e:d6:8e:e5:ee:
                    98:da:43:8a:c4:d3:a2:38:33:70:9d:b3:a1:11:3f:
                    b6:b6:dd:76:7a:41:ad:eb:8e:fb:12:eb:13:a0:1c:
                    a6:09:6c:17:e7:f7:7f:60:ba:c4:bc:df:f6:93:6e:
                    36:4e:69:74:8a:f8:66:5d:ed:c8:2b:79:5f:a7:1f:
                    fd:1a:11:42:9a:68:a3:e4:3c:8c:da:b0:ce:44:c5:
                    12:d6:c6:57:65:89:8f:a7:40:7e:ce:6b:85:1f:da:
                    91:d2:ff:e4:72:20:5f:04:fd:e7:77:81:ba:98:32:
                    0a:e4:3a:33:d1:7e:27:88:f4:5e:87:49:1d:5e:1c:
                    38:d1:3b:b6:10:67:c1:0d:07:63:58:b7:57:0e:59:
                    e6:6c:d1:a2:05:68:52:ec:75:14:30:ba:36:5d:bf:
                    f2:2b:e9:0f:ab:79:85:c7:69:25:3e:8f:13:29:45:
                    c1:24:4d:04:99:60:fd:e3:78:3f:d1:6d:6e:6c:c1:
                    a0:b9:7f:0a:c3:c5:26:3f:72:ef:88:75:1b:39:cf:
                    f8:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:9D:D1:1E:97:9E:BD:6E:9C:E8:D6:24:59:B2:E1:83:B1:32:12:4C
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/yp3RHpeevW6c6NYkWbLhg7EyEkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:59:b8:ca:6c:fa:42:cb:44:30:a7:9b:bc:ea:c1:93:11:3a:
         eb:42:4c:a4:5b:20:bf:44:4c:76:45:3b:b8:b3:ac:83:3d:2e:
         d8:81:b4:a6:d6:e0:3e:57:38:1a:1f:4f:ba:fc:70:fb:4a:44:
         8f:52:63:bf:17:37:04:41:54:8e:0a:92:f8:85:6e:99:2a:00:
         b3:42:1a:56:f2:93:bd:ab:43:b8:c3:7f:76:04:cb:b3:ac:55:
         de:00:8b:0e:fe:07:21:9a:dd:4b:0a:04:df:00:72:06:fc:59:
         53:5d:a8:5d:df:70:79:06:60:ca:f3:a2:7b:0e:37:40:7c:1a:
         12:07:9a:ac:97:2c:9c:ef:d1:18:9f:99:f4:0b:3c:3e:51:bf:
         e6:ad:70:35:3e:56:e7:86:e6:dc:b9:7e:53:93:90:62:4a:ba:
         83:dc:97:56:f2:bf:da:15:e5:fa:d5:2b:93:7e:41:73:93:81:
         b5:9c:db:24:c7:8a:e6:7f:89:89:8b:37:b5:38:4f:77:31:54:
         81:75:c1:96:f9:ab:06:1a:ee:6d:69:0b:3f:ed:11:42:1e:5c:
         59:1f:72:4b:09:bb:47:7c:0c:50:52:a5:40:04:fe:4a:01:83:
         88:1b:cb:cb:39:ea:4e:4e:20:71:76:81:01:e9:34:9f:7e:d5:
         f7:6a:5a:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1w3BqGMgGeYveez8SpfJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTlkZDExZTk3OWViZDZlOWNlOGQ2MjQ1OWIyZTE4M2IxMzIxMjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpNdb4Zz21T9Xpbl7xFVgK+ypH4d
2irt+roJn0UyR69N6OXJa32/NGklIugq1TNRtGuEUGkTbtaO5e6Y2kOKxNOiODNw
nbOhET+2tt12ekGt6477EusToBymCWwX5/d/YLrEvN/2k242Tml0ivhmXe3IK3lf
px/9GhFCmmij5DyM2rDORMUS1sZXZYmPp0B+zmuFH9qR0v/kciBfBP3nd4G6mDIK
5Doz0X4niPReh0kdXhw40Tu2EGfBDQdjWLdXDlnmbNGiBWhS7HUUMLo2Xb/yK+kP
q3mFx2klPo8TKUXBJE0EmWD943g/0W1ubMGguX8Kw8UmP3LviHUbOc/4sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqd0R6Xnr1unOjWJFmy4YOxMhJMMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEveXAzUkhwZWV2VzZjNk5Za1diTGhnN0V5RWt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYT8MA0G
CSqGSIb3DQEBCwUAA4IBAQA9WbjKbPpCy0Qwp5u86sGTETrrQkykWyC/REx2RTu4
s6yDPS7YgbSm1uA+VzgaH0+6/HD7SkSPUmO/FzcEQVSOCpL4hW6ZKgCzQhpW8pO9
q0O4w392BMuzrFXeAIsO/gchmt1LCgTfAHIG/FlTXahd33B5BmDK86J7DjdAfBoS
B5qslyyc79EYn5n0Czw+Ub/mrXA1PlbnhubcuX5Tk5BiSrqD3JdW8r/aFeX61SuT
fkFzk4G1nNskx4rmf4mJize1OE93MVSBdcGW+asGGu5taQs/7RFCHlxZH3JLCbtH
fAxQUqVABP5KAYOIG8vLOepOTiBxdoEB6TSfftX3alq2
-----END CERTIFICATE-----