Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/VEvwnr7zocgfYH3wV_WNqSsM3II.roa
File:                     VEvwnr7zocgfYH3wV_WNqSsM3II.roa (raw, json)
Hash identifier:          utSefzU7FfIXzvXtDxxtIi2w/Ef6l85qTvKCGYoI2RY=
Subject key identifier:   54:4B:F0:9E:BE:F3:A1:C8:1F:60:7D:F0:57:F5:8D:A9:2B:0C:DC:82
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0194222058D5CBBD99F0D660AF8B5E0E2472
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/VEvwnr7zocgfYH3wV_WNqSsM3II.roa
Signing time:             Wed 01 Jan 2025 13:48:52 +0000
ROA not before:           Wed 01 Jan 2025 13:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215951
IP address blocks:        45.90.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:58:d5:cb:bd:99:f0:d6:60:af:8b:5e:0e:24:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=544bf09ebef3a1c81f607df057f58da92b0cdc82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:09:6c:3b:91:26:f5:7a:05:2a:d8:1d:ed:a1:
                    ed:d4:8a:37:73:73:f7:3c:fb:1e:31:e4:05:c8:53:
                    8c:b3:27:b2:5d:bd:4c:9b:9f:c6:c2:c6:96:5c:62:
                    5b:69:fb:01:ab:3c:31:4b:5f:f2:d2:91:49:cc:6d:
                    88:16:37:ee:b0:f8:2c:9a:ab:d6:16:a7:fd:4c:52:
                    cb:ba:b1:44:c8:86:d2:92:72:f6:b3:da:b9:8e:35:
                    56:32:a3:13:21:69:64:cc:34:24:c5:df:fc:f8:39:
                    b3:0f:92:ec:a6:05:cf:00:62:52:ad:75:6c:fd:64:
                    65:99:10:64:98:71:6b:a3:23:32:cb:1f:04:40:be:
                    d9:88:4d:d6:a5:df:86:39:dc:db:51:c4:cd:90:32:
                    ab:1f:80:3a:63:5c:60:0f:26:60:d7:9e:fd:31:14:
                    c2:45:76:78:a9:d9:f3:60:b4:10:93:2f:1e:ad:bf:
                    34:0d:cf:e3:a2:7e:ea:3b:1d:81:52:9d:89:be:a6:
                    30:c1:58:9a:36:8d:59:64:08:78:d1:6e:32:a4:82:
                    92:ba:97:ea:0b:5d:b2:ed:9c:ea:9b:7e:50:3b:77:
                    8c:3b:57:16:6f:49:37:e6:9e:00:4e:5b:c2:29:77:
                    18:6e:89:66:a6:d7:73:cf:19:72:8f:3d:43:97:d1:
                    db:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:4B:F0:9E:BE:F3:A1:C8:1F:60:7D:F0:57:F5:8D:A9:2B:0C:DC:82
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/VEvwnr7zocgfYH3wV_WNqSsM3II.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:27:c4:83:99:8f:8a:dd:45:31:3d:ea:31:3b:ed:b4:61:cf:
         37:c3:83:7d:81:66:16:b5:40:78:8e:d4:29:2a:0f:ec:4c:c3:
         8e:61:32:0e:32:17:ab:ca:1b:6c:b1:47:3d:00:e3:98:da:1c:
         70:55:7c:9e:03:d7:1f:79:2a:ac:a4:65:67:12:e0:d6:04:59:
         da:c0:d4:95:bb:83:49:f0:1e:e6:57:ca:0c:9d:15:6b:7a:79:
         f9:a2:89:49:83:6a:2f:78:19:35:9c:cf:4f:0a:0f:ad:1a:f1:
         ff:15:9a:d3:27:82:85:b9:0d:0b:19:5d:52:51:96:14:73:8f:
         68:18:87:01:1d:5b:42:de:88:b0:d9:9c:65:14:0d:66:07:3b:
         9f:b7:37:bd:be:ea:88:61:2c:1f:6a:71:0e:8c:a0:96:89:9d:
         66:4b:a4:46:31:7f:79:ac:ea:23:cd:92:20:29:d1:6f:0b:5a:
         35:69:62:fa:18:96:4f:37:c8:b3:38:2b:6d:36:42:48:8b:f9:
         50:29:36:a0:28:5a:cb:cc:4e:db:cf:bd:bb:b6:21:08:0a:bf:
         0b:cb:26:d4:77:e1:0b:3f:2c:c0:25:0f:75:7c:8b:5e:ae:c4:
         f1:18:a3:6c:46:7e:20:52:86:34:34:ae:9a:ca:f6:e4:4f:3c:
         32:4a:26:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIFjVy72Z8NZgr4teDiRyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDRiZjA5ZWJlZjNhMWM4MWY2MDdkZjA1N2Y1OGRhOTJiMGNkYzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7glsO5Em9XoFKtgd7aHt1Io3c3P3
PPseMeQFyFOMsyeyXb1Mm5/GwsaWXGJbafsBqzwxS1/y0pFJzG2IFjfusPgsmqvW
Fqf9TFLLurFEyIbSknL2s9q5jjVWMqMTIWlkzDQkxd/8+DmzD5LspgXPAGJSrXVs
/WRlmRBkmHFroyMyyx8EQL7ZiE3Wpd+GOdzbUcTNkDKrH4A6Y1xgDyZg1579MRTC
RXZ4qdnzYLQQky8erb80Dc/jon7qOx2BUp2JvqYwwViaNo1ZZAh40W4ypIKSupfq
C12y7Zzqm35QO3eMO1cWb0k35p4ATlvCKXcYbolmptdzzxlyjz1Dl9HbWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFRL8J6+86HIH2B98Ff1jakrDNyCMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvVkV2d25yN3pvY2dmWUgzd1ZfV05xU3NNM0lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVoQMA0G
CSqGSIb3DQEBCwUAA4IBAQBKJ8SDmY+K3UUxPeoxO+20Yc83w4N9gWYWtUB4jtQp
Kg/sTMOOYTIOMheryhtssUc9AOOY2hxwVXyeA9cfeSqspGVnEuDWBFnawNSVu4NJ
8B7mV8oMnRVrenn5oolJg2oveBk1nM9PCg+tGvH/FZrTJ4KFuQ0LGV1SUZYUc49o
GIcBHVtC3oiw2ZxlFA1mBzuftze9vuqIYSwfanEOjKCWiZ1mS6RGMX95rOojzZIg
KdFvC1o1aWL6GJZPN8izOCttNkJIi/lQKTagKFrLzE7bz727tiEICr8LyybUd+EL
PyzAJQ91fItersTxGKNsRn4gUoY0NK6ayvbkTzwySibh
-----END CERTIFICATE-----