Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4DdR0i99Fsc_5O_Na5NeWkEvNZ0.roa
File:                     4DdR0i99Fsc_5O_Na5NeWkEvNZ0.roa (raw, json)
Hash identifier:          QCPpmD+hl+KYJPyOFMGXV+0yyLMaHSc+5HJkm88youU=
Subject key identifier:   E0:37:51:D2:2F:7D:16:C7:3F:E4:EF:CD:6B:93:5E:5A:41:2F:35:9D
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422202AB7674B4DB987E13177C9E104DE
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4DdR0i99Fsc_5O_Na5NeWkEvNZ0.roa
Signing time:             Wed 01 Jan 2025 13:48:40 +0000
ROA not before:           Wed 01 Jan 2025 13:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60318
IP address blocks:        45.90.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:2a:b7:67:4b:4d:b9:87:e1:31:77:c9:e1:04:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e03751d22f7d16c73fe4efcd6b935e5a412f359d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:cd:b9:00:b5:29:c0:f0:49:c3:d5:06:a3:cb:
                    a1:93:ed:2d:bd:89:40:5a:05:48:b9:f0:58:21:66:
                    fa:9d:5c:fe:67:d2:88:95:36:65:dd:6d:41:e6:ca:
                    38:d6:2c:64:2c:72:9a:66:27:98:27:72:e4:f8:61:
                    48:09:02:07:36:75:3e:20:60:fc:65:84:0c:a9:b7:
                    5e:06:5b:13:0e:e8:30:d0:6e:fc:ef:86:1b:0a:62:
                    78:24:55:c5:19:f3:fe:32:f0:b6:89:4d:8d:4a:81:
                    9f:f9:03:3f:12:9b:9a:87:70:c2:40:7e:b3:1c:fe:
                    c8:29:3d:e7:80:5e:4b:b9:1f:5e:9e:48:a1:25:8a:
                    c5:0e:91:8e:70:9e:fd:6f:0b:c6:38:9c:7a:fb:fc:
                    66:9d:71:63:1f:82:98:6b:60:89:aa:2e:82:5d:e0:
                    7b:b0:59:2f:7c:f3:74:a4:94:6c:6c:1b:50:f9:15:
                    63:15:8d:4f:9c:3b:60:90:54:4d:cb:68:91:99:ef:
                    d8:12:1e:e6:4f:9c:1b:d1:6b:3c:36:5b:ca:7a:98:
                    fa:40:4d:a2:37:ad:6b:27:9c:e5:72:a3:dc:96:2a:
                    70:a0:18:1c:4e:d9:c6:2e:cf:a1:da:26:b6:58:9f:
                    8d:c6:d0:47:33:65:14:33:0a:4d:dd:8c:cb:d8:4d:
                    ba:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:37:51:D2:2F:7D:16:C7:3F:E4:EF:CD:6B:93:5E:5A:41:2F:35:9D
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4DdR0i99Fsc_5O_Na5NeWkEvNZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:ac:4c:91:b7:55:0e:8d:c4:6a:cb:50:03:d4:4f:6c:97:11:
         62:18:75:18:c0:84:9d:53:2b:35:a3:42:d3:60:16:11:71:8a:
         10:00:34:64:fa:3a:03:12:3a:f6:e9:c6:13:79:3e:40:6a:26:
         cb:7d:3c:03:7e:b7:a9:a7:dc:21:e8:9c:24:ff:f3:3d:4e:e6:
         eb:a7:e8:93:2f:9e:81:de:b9:ec:7c:ec:50:26:cc:fe:5a:5b:
         75:64:86:61:bd:fa:b7:8c:54:c7:7c:f3:51:af:db:f0:b9:00:
         0c:89:fa:78:86:51:c0:0a:9f:df:38:b7:4d:5f:1a:33:b9:e9:
         72:5f:16:0e:82:d3:3f:4a:06:5e:01:4f:a7:1b:e7:95:55:d6:
         a1:a3:0e:c7:44:02:85:9d:06:e3:a6:62:bc:ef:56:1e:eb:3d:
         a2:d9:39:51:86:06:37:43:d8:ef:cc:43:cb:02:84:c2:ec:b9:
         67:7c:7b:9c:99:00:54:18:42:67:0d:a2:09:f0:92:10:6e:db:
         a7:13:ac:b4:1c:7d:8c:1a:77:c7:04:69:57:af:ab:5b:0b:d3:
         f6:63:82:5f:4b:2d:6b:ad:2e:f1:f0:78:d8:cd:2a:a3:04:2c:
         71:48:10:c3:dd:b3:91:f6:f0:08:7b:35:6b:63:46:56:7b:ef:
         4f:a5:f4:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiICq3Z0tNuYfhMXfJ4QTeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDM3NTFkMjJmN2QxNmM3M2ZlNGVmY2Q2YjkzNWU1YTQxMmYzNTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqc25ALUpwPBJw9UGo8uhk+0tvYlA
WgVIufBYIWb6nVz+Z9KIlTZl3W1B5so41ixkLHKaZieYJ3Lk+GFICQIHNnU+IGD8
ZYQMqbdeBlsTDugw0G7874YbCmJ4JFXFGfP+MvC2iU2NSoGf+QM/Epuah3DCQH6z
HP7IKT3ngF5LuR9enkihJYrFDpGOcJ79bwvGOJx6+/xmnXFjH4KYa2CJqi6CXeB7
sFkvfPN0pJRsbBtQ+RVjFY1PnDtgkFRNy2iRme/YEh7mT5wb0Ws8NlvKepj6QE2i
N61rJ5zlcqPclipwoBgcTtnGLs+h2ia2WJ+NxtBHM2UUMwpN3YzL2E26AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOA3UdIvfRbHP+TvzWuTXlpBLzWdMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvNERkUjBpOTlGc2NfNU9fTmE1TmVXa0V2TlowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVoRMA0G
CSqGSIb3DQEBCwUAA4IBAQCQrEyRt1UOjcRqy1AD1E9slxFiGHUYwISdUys1o0LT
YBYRcYoQADRk+joDEjr26cYTeT5AaibLfTwDfrepp9wh6Jwk//M9Tubrp+iTL56B
3rnsfOxQJsz+Wlt1ZIZhvfq3jFTHfPNRr9vwuQAMifp4hlHACp/fOLdNXxozuely
XxYOgtM/SgZeAU+nG+eVVdahow7HRAKFnQbjpmK871Ye6z2i2TlRhgY3Q9jvzEPL
AoTC7LlnfHucmQBUGEJnDaIJ8JIQbtunE6y0HH2MGnfHBGlXr6tbC9P2Y4JfSy1r
rS7x8HjYzSqjBCxxSBDD3bOR9vAIezVrY0ZWe+9PpfT3
-----END CERTIFICATE-----