Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/XtfrcY0xGbaYSlWTXL9nm2Diii0.roa
File:                     XtfrcY0xGbaYSlWTXL9nm2Diii0.roa (raw, json)
Hash identifier:          aEZWDKAQcPeSAXKY4jWlj23Ulwbg4fWY9kpGKgMl9kU=
Subject key identifier:   5E:D7:EB:71:8D:31:19:B6:98:4A:55:93:5C:BF:67:9B:60:E2:8A:2D
Certificate issuer:       /CN=8069d9ffe048a70003f16f06e24d9bf2db85eb52
Certificate serial:       019421B21635478796BF671C8840F195F062
Authority key identifier: 80:69:D9:FF:E0:48:A7:00:03:F1:6F:06:E2:4D:9B:F2:DB:85:EB:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gGnZ_-BIpwAD8W8G4k2b8tuF61I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/XtfrcY0xGbaYSlWTXL9nm2Diii0.roa
Signing time:             Wed 01 Jan 2025 11:48:26 +0000
ROA not before:           Wed 01 Jan 2025 11:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210681
IP address blocks:        45.129.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/gGnZ_-BIpwAD8W8G4k2b8tuF61I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/gGnZ_-BIpwAD8W8G4k2b8tuF61I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gGnZ_-BIpwAD8W8G4k2b8tuF61I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 17:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:16:35:47:87:96:bf:67:1c:88:40:f1:95:f0:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8069d9ffe048a70003f16f06e24d9bf2db85eb52
        Validity
            Not Before: Jan  1 11:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ed7eb718d3119b6984a55935cbf679b60e28a2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:d9:ac:bf:7c:c8:b8:61:bf:06:be:9e:9f:21:
                    b6:8b:76:e8:1a:8c:5c:eb:e4:de:3f:ed:6a:ae:c7:
                    71:63:a5:2e:20:47:b2:73:a9:99:ad:bc:b6:9a:2a:
                    51:e1:ee:b8:a6:4b:b9:14:83:92:ec:05:34:e4:a8:
                    8f:14:7c:61:63:2b:50:3a:49:e2:5f:4f:2a:07:a0:
                    e8:1b:73:07:e5:e2:eb:88:0f:e9:32:ca:48:e8:48:
                    2b:a4:49:00:ca:38:b8:22:6a:ed:53:da:95:d8:2c:
                    3b:59:6c:08:aa:6f:81:95:50:db:fb:b9:0a:fc:9f:
                    29:e4:f2:fc:94:07:49:78:28:1e:14:a6:67:b1:69:
                    6c:59:81:f8:fe:73:a8:bd:7c:83:c2:5b:94:28:16:
                    d6:a5:c1:8a:30:70:1c:e0:49:b1:95:d3:3a:8e:fe:
                    90:cf:b1:87:fd:82:5b:ff:bd:c5:73:de:b2:86:cc:
                    9a:74:9d:9c:0c:75:1b:39:12:99:3a:5f:b6:14:ee:
                    db:86:63:c2:7f:80:4c:d2:aa:ce:0f:31:61:98:0f:
                    0d:cc:da:48:2d:97:e8:b9:96:b8:42:50:96:98:1b:
                    f4:73:2c:8d:92:ea:2d:37:f9:f1:a9:ea:64:21:a4:
                    04:26:81:38:3e:9d:ea:cc:b4:8a:b2:59:c0:ed:6c:
                    0d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:D7:EB:71:8D:31:19:B6:98:4A:55:93:5C:BF:67:9B:60:E2:8A:2D
            X509v3 Authority Key Identifier:
                keyid:80:69:D9:FF:E0:48:A7:00:03:F1:6F:06:E2:4D:9B:F2:DB:85:EB:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gGnZ_-BIpwAD8W8G4k2b8tuF61I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/XtfrcY0xGbaYSlWTXL9nm2Diii0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/gGnZ_-BIpwAD8W8G4k2b8tuF61I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:81:a2:8c:53:5e:09:a6:36:e3:b8:d6:8b:82:ea:9b:9b:13:
         f5:1d:a0:7f:93:47:95:97:b4:da:91:4a:86:37:d2:c4:c9:14:
         6e:69:d0:88:21:73:b9:9e:98:8a:4e:e0:ff:af:9f:13:41:ec:
         1a:6b:46:71:c7:7e:52:b5:65:84:b2:c0:ba:a4:05:95:fb:ff:
         95:fa:31:af:22:d7:57:6d:b4:0b:6d:c0:e2:2a:25:00:99:f0:
         7d:1b:62:3b:79:7a:db:f8:81:5e:8c:c1:fe:df:5b:32:21:1c:
         b4:ea:a0:0f:5d:24:40:96:8d:0a:90:bb:1b:63:4c:10:05:9b:
         0c:42:ec:a3:1e:af:7f:b1:31:fa:31:0f:68:aa:06:e4:60:4f:
         45:2f:60:a2:48:71:91:c9:3c:ae:49:7f:b6:83:e3:e5:e5:20:
         bb:d0:73:66:5e:71:49:7d:8b:78:c7:92:00:4a:d5:71:d0:a4:
         63:e1:fa:4a:7b:1a:0c:6b:ea:ed:9c:43:46:ad:aa:9d:e9:b6:
         24:9f:33:ad:02:8e:46:d2:f6:6d:70:64:36:fd:1a:e5:5b:39:
         ed:40:6b:7f:96:c0:c7:d2:d3:44:54:47:e7:80:94:19:e6:9b:
         74:01:09:4f:12:b9:21:9d:2e:93:af:53:3b:73:4c:a6:79:23:
         49:b1:82:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhshY1R4eWv2cciEDxlfBiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNjlkOWZmZTA0OGE3MDAwM2YxNmYwNmUyNGQ5YmYyZGI4
NWViNTIwHhcNMjUwMTAxMTE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWQ3ZWI3MThkMzExOWI2OTg0YTU1OTM1Y2JmNjc5YjYwZTI4YTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNmsv3zIuGG/Br6enyG2i3boGoxc
6+TeP+1qrsdxY6UuIEeyc6mZrby2mipR4e64pku5FIOS7AU05KiPFHxhYytQOkni
X08qB6DoG3MH5eLriA/pMspI6EgrpEkAyji4ImrtU9qV2Cw7WWwIqm+BlVDb+7kK
/J8p5PL8lAdJeCgeFKZnsWlsWYH4/nOovXyDwluUKBbWpcGKMHAc4EmxldM6jv6Q
z7GH/YJb/73Fc96yhsyadJ2cDHUbORKZOl+2FO7bhmPCf4BM0qrODzFhmA8NzNpI
LZfouZa4QlCWmBv0cyyNkuotN/nxqepkIaQEJoE4Pp3qzLSKslnA7WwNEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7X63GNMRm2mEpVk1y/Z5tg4ootMB8GA1UdIwQY
MBaAFIBp2f/gSKcAA/FvBuJNm/LbhetSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0duWl8tQklwd0FEOFc4RzRrMmI4dHVGNjFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9lNjQxNDgtNGM4Yy00ZTg0LTkyNWIt
ZTAyMmUzMDA5YTcxLzEvWHRmcmNZMHhHYmFZU2xXVFhMOW5tMkRpaWkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9lNjQxNDgtNGM4Yy00ZTg0LTkyNWItZTAyMmUzMDA5YTcx
LzEvZ0duWl8tQklwd0FEOFc4RzRrMmI4dHVGNjFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYF6MA0G
CSqGSIb3DQEBCwUAA4IBAQBngaKMU14JpjbjuNaLguqbmxP1HaB/k0eVl7TakUqG
N9LEyRRuadCIIXO5npiKTuD/r58TQewaa0Zxx35StWWEssC6pAWV+/+V+jGvItdX
bbQLbcDiKiUAmfB9G2I7eXrb+IFejMH+31syIRy06qAPXSRAlo0KkLsbY0wQBZsM
QuyjHq9/sTH6MQ9oqgbkYE9FL2CiSHGRyTyuSX+2g+Pl5SC70HNmXnFJfYt4x5IA
StVx0KRj4fpKexoMa+rtnENGraqd6bYknzOtAo5G0vZtcGQ2/RrlWzntQGt/lsDH
0tNEVEfngJQZ5pt0AQlPErkhnS6Tr1M7c0ymeSNJsYId
-----END CERTIFICATE-----