Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/Lt52pzK2CSA-dvj1-VtS9HRpc6k.roa
File:                     Lt52pzK2CSA-dvj1-VtS9HRpc6k.roa (raw, json)
Hash identifier:          eMb7QwSd6EyQDBqFgvvKvl/blTjAVWfvYROBGxKke7o=
Subject key identifier:   2E:DE:76:A7:32:B6:09:20:3E:76:F8:F5:F9:5B:52:F4:74:69:73:A9
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CABA7FFDA145C575BDEB8414A43BC
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/Lt52pzK2CSA-dvj1-VtS9HRpc6k.roa
Signing time:             Wed 01 Jan 2025 01:48:20 +0000
ROA not before:           Wed 01 Jan 2025 01:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48020
IP address blocks:        45.67.184.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:ab:a7:ff:da:14:5c:57:5b:de:b8:41:4a:43:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ede76a732b609203e76f8f5f95b52f4746973a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:5c:bc:e2:4f:c7:bd:89:ea:20:e8:71:1b:48:
                    65:df:6c:09:f7:5d:7e:78:69:73:05:b3:a3:f8:8c:
                    65:b0:86:be:c4:31:10:9f:c9:70:dc:e7:e4:4e:13:
                    3a:e0:3a:0b:22:50:c1:2d:f2:e6:eb:23:fd:41:17:
                    df:c2:2e:3e:23:be:f7:a2:a6:e9:9e:06:10:a7:6f:
                    20:ce:33:f6:21:9b:ce:03:b8:d2:80:f1:9f:3a:dd:
                    1f:32:a2:2f:79:e4:d1:ed:5b:d5:71:64:c6:19:9a:
                    2f:a2:f7:e4:5d:3b:58:48:97:d2:4e:38:04:66:44:
                    60:2e:29:15:48:f0:6b:85:5a:09:cc:b2:25:6b:6e:
                    e0:81:1b:07:44:44:96:1a:31:a8:96:62:cf:c7:2b:
                    9f:7f:73:ce:6f:07:15:b6:11:1e:8b:78:c8:ba:bc:
                    1a:a3:08:71:54:8e:d5:c4:5d:9f:6b:5a:4e:90:56:
                    73:c9:0e:e9:14:61:be:64:5c:6e:25:b6:09:c2:80:
                    52:c0:f3:68:a3:54:35:cb:53:d5:c5:a5:c9:53:f3:
                    e0:e3:6e:b1:ac:33:cb:85:e1:26:b3:9e:ba:5e:43:
                    f2:ec:67:de:22:01:c0:b9:43:42:33:42:92:6e:33:
                    f8:39:7f:a8:35:e3:42:00:99:c3:39:9f:ec:3b:52:
                    ae:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:DE:76:A7:32:B6:09:20:3E:76:F8:F5:F9:5B:52:F4:74:69:73:A9
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/Lt52pzK2CSA-dvj1-VtS9HRpc6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b4:32:36:3a:72:30:d4:74:31:09:dd:91:91:93:9a:93:c7:0a:
         41:ec:1b:dc:ad:eb:c6:f0:c4:07:2e:c9:2f:10:a4:46:d0:a8:
         fd:ef:e9:c0:f2:7d:0d:d1:50:f0:e0:1f:16:41:4a:4a:e9:6b:
         28:f3:e0:1c:fa:c3:68:a7:fa:94:77:b9:22:64:e1:d5:76:12:
         3c:23:fa:6b:45:79:18:77:73:0f:5c:85:57:2b:cf:53:60:a1:
         08:fc:53:85:9c:15:2f:28:f4:dd:37:5d:62:77:53:cd:98:9d:
         cb:fd:65:2c:61:7f:ab:83:73:54:a1:8e:76:8e:b8:05:87:2f:
         51:a9:40:23:65:80:b0:3b:71:7e:45:a7:f0:f2:4d:6a:42:96:
         8e:b8:3d:4a:02:4f:d4:fc:9a:61:06:a5:5e:8f:f6:bb:0c:d7:
         fd:23:b9:57:47:1b:ad:e8:60:df:9b:83:0d:ed:b0:79:03:47:
         57:f4:83:93:1a:d0:8b:6a:10:25:b3:13:40:5b:d5:d1:7c:95:
         c0:d0:21:07:27:f1:e4:60:68:1f:8a:f8:a9:6c:f4:67:cc:fa:
         fa:4c:94:6a:b4:7e:33:6a:37:f7:3e:2e:21:2b:21:c6:04:e2:
         c3:df:34:b5:52:ba:49:b1:21:81:68:21:2b:57:df:9e:54:b4:
         aa:1b:c9:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjKun/9oUXFdb3rhBSkO8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWRlNzZhNzMyYjYwOTIwM2U3NmY4ZjVmOTViNTJmNDc0Njk3M2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvly84k/HvYnqIOhxG0hl32wJ911+
eGlzBbOj+IxlsIa+xDEQn8lw3OfkThM64DoLIlDBLfLm6yP9QRffwi4+I773oqbp
ngYQp28gzjP2IZvOA7jSgPGfOt0fMqIveeTR7VvVcWTGGZovovfkXTtYSJfSTjgE
ZkRgLikVSPBrhVoJzLIla27ggRsHRESWGjGolmLPxyuff3PObwcVthEei3jIurwa
owhxVI7VxF2fa1pOkFZzyQ7pFGG+ZFxuJbYJwoBSwPNoo1Q1y1PVxaXJU/Pg426x
rDPLheEms566XkPy7GfeIgHAuUNCM0KSbjP4OX+oNeNCAJnDOZ/sO1KukQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7edqcytgkgPnb49flbUvR0aXOpMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvTHQ1MnB6SzJDU0EtZHZqMS1WdFM5SFJwYzZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLUO4MA0G
CSqGSIb3DQEBCwUAA4IBAQC0MjY6cjDUdDEJ3ZGRk5qTxwpB7BvcrevG8MQHLskv
EKRG0Kj97+nA8n0N0VDw4B8WQUpK6Wso8+Ac+sNop/qUd7kiZOHVdhI8I/prRXkY
d3MPXIVXK89TYKEI/FOFnBUvKPTdN11id1PNmJ3L/WUsYX+rg3NUoY52jrgFhy9R
qUAjZYCwO3F+Rafw8k1qQpaOuD1KAk/U/JphBqVej/a7DNf9I7lXRxut6GDfm4MN
7bB5A0dX9IOTGtCLahAlsxNAW9XRfJXA0CEHJ/HkYGgfivipbPRnzPr6TJRqtH4z
ajf3Pi4hKyHGBOLD3zS1UrpJsSGBaCErV9+eVLSqG8ki
-----END CERTIFICATE-----