Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/mFTOVg0gctQNNx0jyIBOYgUT6fg.roa
File:                     mFTOVg0gctQNNx0jyIBOYgUT6fg.roa (raw, json)
Hash identifier:          k28x1ZIzqND1Svau80gR07/HyKpYAy94wpGkGRTlP0U=
Subject key identifier:   98:54:CE:56:0D:20:72:D4:0D:37:1D:23:C8:80:4E:62:05:13:E9:F8
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       019425FCE05B428929648F198CC14DCF86BC
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/mFTOVg0gctQNNx0jyIBOYgUT6fg.roa
Signing time:             Thu 02 Jan 2025 07:48:37 +0000
ROA not before:           Thu 02 Jan 2025 07:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32780
IP address blocks:        45.67.141.0/24 maxlen: 24
                          212.60.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:e0:5b:42:89:29:64:8f:19:8c:c1:4d:cf:86:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan  2 07:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9854ce560d2072d40d371d23c8804e620513e9f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:56:59:75:62:d5:ea:fa:3c:4e:80:fd:50:e0:
                    74:2d:b8:7d:bb:29:05:ff:b1:d2:4a:cd:58:df:43:
                    1e:fb:08:7c:07:73:69:9f:ea:e1:34:7c:75:df:0f:
                    0e:94:96:bb:2e:36:58:a1:63:a8:70:96:84:28:1c:
                    c7:65:ed:b9:ef:e0:32:bd:b0:25:a1:16:98:c7:2c:
                    d2:45:81:45:df:2b:4d:4a:b9:d5:27:fd:67:75:1d:
                    ad:57:64:59:1e:fd:88:87:26:87:d1:94:3e:93:74:
                    2a:ac:b7:1e:ed:c6:c0:55:b1:5f:31:49:93:41:0e:
                    87:f7:7c:25:e8:7b:80:18:ae:66:1d:3c:39:e4:35:
                    4c:96:33:4f:2d:3d:84:01:8a:ab:6e:db:ff:39:c0:
                    86:73:72:3b:1b:70:69:42:7d:38:01:89:64:eb:8c:
                    60:17:76:1d:5f:dd:f2:8b:c2:f8:5b:b1:d8:65:7b:
                    89:d3:36:48:12:ac:e1:a0:0b:1d:f9:56:1b:16:f2:
                    2f:34:21:75:2f:65:2e:f6:44:27:d9:97:27:af:8d:
                    65:43:af:a1:fb:93:a6:ed:d7:fc:1c:f3:97:ee:c1:
                    d2:4c:c5:39:5f:cf:d1:32:04:ad:6e:66:30:80:6f:
                    30:a1:ea:74:ca:18:15:d8:8d:dc:b0:db:a2:03:92:
                    e0:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:54:CE:56:0D:20:72:D4:0D:37:1D:23:C8:80:4E:62:05:13:E9:F8
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/mFTOVg0gctQNNx0jyIBOYgUT6fg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.141.0/24
                  212.60.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:cd:33:54:b1:fd:83:81:c4:35:88:87:b9:a7:30:e1:13:81:
         c6:aa:fc:d7:f1:6f:3a:1b:34:06:ac:ca:fb:93:97:f9:35:40:
         f9:04:a8:9a:05:59:4c:6a:05:c7:0b:b0:e7:49:21:35:3f:4d:
         d9:6b:bc:3d:be:c7:51:5c:5d:16:bd:6c:6d:00:1e:c5:b4:64:
         1a:5e:bb:93:fd:73:00:c7:a0:a5:26:aa:cf:5e:0b:c7:87:58:
         62:ba:9e:60:3f:cb:98:cf:ef:a3:a3:c3:12:01:df:58:97:6c:
         be:57:6d:9b:a9:2a:a8:79:ea:02:56:1b:db:59:f9:ca:a7:7e:
         3f:78:1e:38:15:d4:55:9c:51:3c:4f:f8:f0:d6:de:cf:41:ce:
         9a:83:49:12:57:c7:8a:7e:c4:fb:2e:fb:90:12:f6:17:a1:e3:
         c4:c9:9a:12:87:eb:34:49:90:06:85:ee:92:d7:3a:9f:0d:da:
         1d:eb:ca:ac:b9:57:f1:35:ac:69:c7:a6:f5:ff:4d:f3:89:2f:
         33:1f:75:e9:34:fd:9b:13:97:15:1c:85:10:6a:c6:30:44:5e:
         c2:d6:d4:0f:9b:6c:77:e3:a6:88:3d:9b:8a:57:03:91:a2:b6:
         de:95:c2:73:10:a9:68:26:9f:b6:94:52:25:e6:f1:b9:98:7c:
         69:9e:74:69
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/OBbQokpZI8ZjMFNz4a8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUwMTAyMDc0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODU0Y2U1NjBkMjA3MmQ0MGQzNzFkMjNjODgwNGU2MjA1MTNlOWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVZZdWLV6vo8ToD9UOB0Lbh9uykF
/7HSSs1Y30Me+wh8B3Npn+rhNHx13w8OlJa7LjZYoWOocJaEKBzHZe257+AyvbAl
oRaYxyzSRYFF3ytNSrnVJ/1ndR2tV2RZHv2IhyaH0ZQ+k3QqrLce7cbAVbFfMUmT
QQ6H93wl6HuAGK5mHTw55DVMljNPLT2EAYqrbtv/OcCGc3I7G3BpQn04AYlk64xg
F3YdX93yi8L4W7HYZXuJ0zZIEqzhoAsd+VYbFvIvNCF1L2Uu9kQn2Zcnr41lQ6+h
+5Om7df8HPOX7sHSTMU5X8/RMgStbmYwgG8woep0yhgV2I3csNuiA5LgdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJhUzlYNIHLUDTcdI8iATmIFE+n4MB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvbUZUT1ZnMGdjdFFOTngwanlJQk9ZZ1VUNmZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALUONAwQA
1DwMMA0GCSqGSIb3DQEBCwUAA4IBAQA1zTNUsf2DgcQ1iIe5pzDhE4HGqvzX8W86
GzQGrMr7k5f5NUD5BKiaBVlMagXHC7DnSSE1P03Za7w9vsdRXF0WvWxtAB7FtGQa
XruT/XMAx6ClJqrPXgvHh1hiup5gP8uYz++jo8MSAd9Yl2y+V22bqSqoeeoCVhvb
WfnKp34/eB44FdRVnFE8T/jw1t7PQc6ag0kSV8eKfsT7LvuQEvYXoePEyZoSh+s0
SZAGhe6S1zqfDdod68qsuVfxNaxpx6b1/03ziS8zH3XpNP2bE5cVHIUQasYwRF7C
1tQPm2x346aIPZuKVwORorbelcJzEKloJp+2lFIl5vG5mHxpnnRp
-----END CERTIFICATE-----