Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/Xh2ApCckcqQ5ZDPdtmFUvU7_AaU.roa
File:                     Xh2ApCckcqQ5ZDPdtmFUvU7_AaU.roa (raw, json)
Hash identifier:          U6qfjiSu8FmKWlUY8cLRLr8aJRrnWO6dX1j58OsLGHs=
Subject key identifier:   5E:1D:80:A4:27:24:72:A4:39:64:33:DD:B6:61:54:BD:4E:FF:01:A5
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       01942143E4D93C3BAB936E310FA27200F397
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/Xh2ApCckcqQ5ZDPdtmFUvU7_AaU.roa
Signing time:             Wed 01 Jan 2025 09:48:05 +0000
ROA not before:           Wed 01 Jan 2025 09:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35372
IP address blocks:        45.11.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e4:d9:3c:3b:ab:93:6e:31:0f:a2:72:00:f3:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Jan  1 09:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e1d80a4272472a4396433ddb66154bd4eff01a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:17:37:cf:f3:bc:ea:3a:a9:54:e1:f7:18:59:
                    85:65:54:ef:e8:7b:d4:db:41:11:23:71:cd:68:c7:
                    f7:ed:6d:de:2e:1e:18:0b:87:91:8d:ff:7a:66:ce:
                    4f:d0:6a:88:04:de:7f:f8:fc:4a:56:a2:a2:c3:60:
                    2a:0a:02:a1:ac:d6:5a:e4:93:c8:a9:b5:b0:1c:6c:
                    71:d5:da:d5:08:ef:e0:43:94:fe:87:58:15:f0:f2:
                    f5:95:94:8c:ef:e1:12:34:bb:b2:2b:75:f8:d9:e7:
                    f5:75:cc:96:cb:58:de:fe:06:6d:87:11:b0:7a:c6:
                    b8:45:8e:f2:d1:c2:5a:d4:7f:8c:68:0b:4b:46:29:
                    c5:5e:cd:49:6c:77:cb:92:2a:f8:e7:2e:fe:7a:76:
                    f1:9e:22:9d:dc:d8:06:80:1a:ef:14:c9:55:05:c4:
                    82:76:65:5a:8c:67:27:44:7b:e3:56:91:67:fa:f7:
                    64:92:0e:d7:94:87:49:a6:07:b4:cf:f1:1a:f7:aa:
                    c9:c0:3a:55:34:c7:71:e2:a6:34:9d:5c:8e:b1:f2:
                    93:cd:8e:da:2e:57:6d:06:66:6b:61:88:ef:43:a2:
                    c6:98:92:00:8c:35:1d:a4:f3:e0:e9:80:25:b2:61:
                    04:92:4c:b5:8e:c9:7e:d6:99:f4:bd:06:76:bd:1e:
                    43:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:1D:80:A4:27:24:72:A4:39:64:33:DD:B6:61:54:BD:4E:FF:01:A5
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/Xh2ApCckcqQ5ZDPdtmFUvU7_AaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:86:18:29:06:7f:ed:9e:b8:3e:ea:f3:9d:e9:6d:25:36:20:
         0a:dc:4e:32:58:5b:16:18:1c:10:66:5f:0f:93:17:bb:22:b2:
         02:50:7a:33:03:78:7b:96:04:b0:be:ac:4d:8f:b4:5a:1d:fc:
         0d:01:33:32:0b:2e:35:32:b3:d3:b4:41:f6:d7:92:7e:a6:34:
         e2:e8:20:18:b5:83:fd:9a:04:04:78:9c:85:4b:2f:3f:5d:cd:
         ad:a8:1e:02:07:66:f7:5c:bc:fb:92:29:f8:87:f4:2f:91:c2:
         64:30:84:54:eb:6a:72:b2:c9:21:19:f1:aa:a0:b7:a6:c3:8c:
         78:45:b9:f4:dc:9b:36:97:70:23:cc:74:1f:93:4e:69:bc:9f:
         bf:4e:c5:d4:dd:c2:29:e8:84:67:f3:7b:55:7e:37:ff:a0:ad:
         b0:a0:f4:ea:d2:ef:8b:e0:0a:11:56:16:9a:c2:25:49:30:db:
         5b:5f:ff:97:c6:52:58:d7:e4:c3:9b:7e:89:a9:67:e1:4b:1f:
         54:da:4c:8c:f7:f6:0f:36:bb:3a:b8:43:07:37:8a:f0:af:4d:
         75:fa:d8:23:c2:ee:9f:a8:de:5f:d1:1e:1f:4b:a3:10:40:f9:
         8b:d7:7b:9b:63:8e:6c:56:ee:5f:8a:8e:f6:04:68:1b:97:97:
         8a:e6:f7:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+TZPDurk24xD6JyAPOXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwMTAxMDk0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTFkODBhNDI3MjQ3MmE0Mzk2NDMzZGRiNjYxNTRiZDRlZmYwMWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBc3z/O86jqpVOH3GFmFZVTv6HvU
20ERI3HNaMf37W3eLh4YC4eRjf96Zs5P0GqIBN5/+PxKVqKiw2AqCgKhrNZa5JPI
qbWwHGxx1drVCO/gQ5T+h1gV8PL1lZSM7+ESNLuyK3X42ef1dcyWy1je/gZthxGw
esa4RY7y0cJa1H+MaAtLRinFXs1JbHfLkir45y7+enbxniKd3NgGgBrvFMlVBcSC
dmVajGcnRHvjVpFn+vdkkg7XlIdJpge0z/Ea96rJwDpVNMdx4qY0nVyOsfKTzY7a
LldtBmZrYYjvQ6LGmJIAjDUdpPPg6YAlsmEEkky1jsl+1pn0vQZ2vR5DvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4dgKQnJHKkOWQz3bZhVL1O/wGlMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvWGgyQXBDY2tjcVE1WkRQZHRtRlV2VTdfQWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQu4MA0G
CSqGSIb3DQEBCwUAA4IBAQA7hhgpBn/tnrg+6vOd6W0lNiAK3E4yWFsWGBwQZl8P
kxe7IrICUHozA3h7lgSwvqxNj7RaHfwNATMyCy41MrPTtEH215J+pjTi6CAYtYP9
mgQEeJyFSy8/Xc2tqB4CB2b3XLz7kin4h/QvkcJkMIRU62pysskhGfGqoLemw4x4
Rbn03Js2l3AjzHQfk05pvJ+/TsXU3cIp6IRn83tVfjf/oK2woPTq0u+L4AoRVhaa
wiVJMNtbX/+XxlJY1+TDm36JqWfhSx9U2kyM9/YPNrs6uEMHN4rwr011+tgjwu6f
qN5f0R4fS6MQQPmL13ubY45sVu5fio72BGgbl5eK5vcb
-----END CERTIFICATE-----