Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/1bcef4-131d-4db5-94c7-24c79b1cb4da/1/sXkk9RexS8Df6sg2xdkc7cVwBT0.roa
File:                     sXkk9RexS8Df6sg2xdkc7cVwBT0.roa (raw, json)
Hash identifier:          EPX6TU1BjJqVBea1HkWMPFI7ngY4YBybKK+v3369Nok=
Subject key identifier:   B1:79:24:F5:17:B1:4B:C0:DF:EA:C8:36:C5:D9:1C:ED:C5:70:05:3D
Certificate issuer:       /CN=2e872826fce02bd9485ef276641d2b584f599b37
Certificate serial:       01946A2831474836EEBAE8746A661C502DFB
Authority key identifier: 2E:87:28:26:FC:E0:2B:D9:48:5E:F2:76:64:1D:2B:58:4F:59:9B:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LocoJvzgK9lIXvJ2ZB0rWE9Zmzc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/1bcef4-131d-4db5-94c7-24c79b1cb4da/1/sXkk9RexS8Df6sg2xdkc7cVwBT0.roa
Signing time:             Wed 15 Jan 2025 13:30:06 +0000
ROA not before:           Wed 15 Jan 2025 13:30:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40169
IP address blocks:        45.67.73.0/24 maxlen: 24
                          45.67.74.0/24 maxlen: 24
                          45.67.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/1bcef4-131d-4db5-94c7-24c79b1cb4da/1/LocoJvzgK9lIXvJ2ZB0rWE9Zmzc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/1bcef4-131d-4db5-94c7-24c79b1cb4da/1/LocoJvzgK9lIXvJ2ZB0rWE9Zmzc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LocoJvzgK9lIXvJ2ZB0rWE9Zmzc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6a:28:31:47:48:36:ee:ba:e8:74:6a:66:1c:50:2d:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e872826fce02bd9485ef276641d2b584f599b37
        Validity
            Not Before: Jan 15 13:30:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b17924f517b14bc0dfeac836c5d91cedc570053d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:58:c0:48:2f:be:d3:9c:9f:73:ec:8c:ad:c4:
                    3f:4a:1d:16:e8:ae:fa:6f:41:6d:cd:df:8b:2d:d8:
                    be:53:00:3e:7a:d8:2f:9c:93:e4:b8:1a:a5:d2:45:
                    32:ea:0a:65:77:76:42:8c:54:7d:3f:43:92:a7:77:
                    20:fc:dd:70:89:4c:86:bd:3d:5f:63:44:58:a4:70:
                    13:dc:ed:1d:53:4d:b2:ac:8d:ae:7c:7a:c9:45:4f:
                    0c:8a:64:4e:22:39:2f:e9:f0:db:a5:de:2d:e7:b8:
                    ec:ad:ec:c0:b4:ca:b8:cc:21:19:23:14:ef:f9:2e:
                    cf:a4:77:d2:09:44:58:b0:ae:e1:30:51:19:34:4c:
                    bc:cf:83:51:f8:d0:0d:1d:fc:10:a7:c5:48:65:b5:
                    81:af:b5:1b:ad:ab:01:96:e9:6a:94:6a:cc:6f:c9:
                    d5:6e:2b:69:fd:ab:d3:63:71:b7:53:95:8e:97:a8:
                    bf:0e:be:f5:bf:d5:94:17:bd:f4:e2:f6:25:87:1d:
                    66:72:6d:df:07:c2:c3:35:70:54:1d:4c:32:b6:bf:
                    e0:45:ab:d2:c0:79:d3:63:b6:8d:cc:a8:b2:56:f7:
                    77:de:57:90:b8:71:ac:71:7b:37:e2:64:cd:3c:e9:
                    66:5e:d2:b5:7c:38:71:50:99:dc:8d:77:9e:70:a9:
                    63:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:79:24:F5:17:B1:4B:C0:DF:EA:C8:36:C5:D9:1C:ED:C5:70:05:3D
            X509v3 Authority Key Identifier:
                keyid:2E:87:28:26:FC:E0:2B:D9:48:5E:F2:76:64:1D:2B:58:4F:59:9B:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LocoJvzgK9lIXvJ2ZB0rWE9Zmzc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1bcef4-131d-4db5-94c7-24c79b1cb4da/1/sXkk9RexS8Df6sg2xdkc7cVwBT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1bcef4-131d-4db5-94c7-24c79b1cb4da/1/LocoJvzgK9lIXvJ2ZB0rWE9Zmzc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.73.0-45.67.75.255

    Signature Algorithm: sha256WithRSAEncryption
         31:c4:18:71:22:56:c8:29:79:4f:22:b5:e9:a9:1b:70:8b:3c:
         9c:d1:be:aa:14:22:92:e9:e6:a1:d7:75:57:02:1f:3b:3f:42:
         08:40:2a:c6:7e:58:ba:0f:84:0b:49:9d:bd:5a:01:85:45:8e:
         2b:2b:88:f7:94:81:b1:0e:c1:95:d7:44:54:a9:2c:7f:7d:8a:
         95:47:31:d9:5a:85:d1:23:3c:a6:21:cf:28:a6:ac:ea:e6:8b:
         ba:82:5e:61:92:a1:9b:27:c9:6b:0b:78:5f:2e:e3:2f:93:4c:
         41:6f:6e:14:57:71:18:f1:76:f8:8c:18:e5:d3:ce:53:eb:39:
         34:f0:f6:48:00:aa:ec:61:10:0e:e6:f4:5e:cb:f0:5a:ac:6c:
         db:6c:c9:d5:1e:c6:2c:99:b7:6b:23:7e:f0:5c:45:42:57:62:
         12:99:76:1c:28:cc:ae:66:af:d4:b2:e9:f9:bb:bc:ac:26:41:
         90:de:d7:3c:b7:e6:74:5a:b8:a6:d1:d2:20:53:1b:82:9e:13:
         53:68:1d:e8:f8:59:53:f6:8e:ae:47:ef:d8:5e:97:6a:99:f4:
         3e:0a:22:ad:2d:a2:b7:80:e2:d1:60:89:5d:e1:23:fc:97:52:
         c6:36:f4:35:ca:96:99:14:18:b4:23:88:83:4f:21:e6:b0:91:
         94:44:95:fa
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZRqKDFHSDbuuuh0amYcUC37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODcyODI2ZmNlMDJiZDk0ODVlZjI3NjY0MWQyYjU4NGY1
OTliMzcwHhcNMjUwMTE1MTMzMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTc5MjRmNTE3YjE0YmMwZGZlYWM4MzZjNWQ5MWNlZGM1NzAwNTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFjASC++05yfc+yMrcQ/Sh0W6K76
b0Ftzd+LLdi+UwA+etgvnJPkuBql0kUy6gpld3ZCjFR9P0OSp3cg/N1wiUyGvT1f
Y0RYpHAT3O0dU02yrI2ufHrJRU8MimROIjkv6fDbpd4t57jsrezAtMq4zCEZIxTv
+S7PpHfSCURYsK7hMFEZNEy8z4NR+NANHfwQp8VIZbWBr7UbrasBlulqlGrMb8nV
bitp/avTY3G3U5WOl6i/Dr71v9WUF7304vYlhx1mcm3fB8LDNXBUHUwytr/gRavS
wHnTY7aNzKiyVvd33leQuHGscXs34mTNPOlmXtK1fDhxUJncjXeecKljBQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLF5JPUXsUvA3+rINsXZHO3FcAU9MB8GA1UdIwQY
MBaAFC6HKCb84CvZSF7ydmQdK1hPWZs3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9jb0p2emdLOWxJWHZKMlpCMHJXRTlabXpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xYmNlZjQtMTMxZC00ZGI1LTk0Yzct
MjRjNzliMWNiNGRhLzEvc1hrazlSZXhTOERmNnNnMnhka2M3Y1Z3QlQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xYmNlZjQtMTMxZC00ZGI1LTk0YzctMjRjNzliMWNiNGRh
LzEvTG9jb0p2emdLOWxJWHZKMlpCMHJXRTlabXpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtQ0kD
BAItQ0gwDQYJKoZIhvcNAQELBQADggEBADHEGHEiVsgpeU8itempG3CLPJzRvqoU
IpLp5qHXdVcCHzs/QghAKsZ+WLoPhAtJnb1aAYVFjisriPeUgbEOwZXXRFSpLH99
ipVHMdlahdEjPKYhzyimrOrmi7qCXmGSoZsnyWsLeF8u4y+TTEFvbhRXcRjxdviM
GOXTzlPrOTTw9kgAquxhEA7m9F7L8FqsbNtsydUexiyZt2sjfvBcRUJXYhKZdhwo
zK5mr9Sy6fm7vKwmQZDe1zy35nRauKbR0iBTG4KeE1NoHej4WVP2jq5H79hel2qZ
9D4KIq0toreA4tFgiV3hI/yXUsY29DXKlpkUGLQjiINPIeawkZRElfo=
-----END CERTIFICATE-----