Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/M_Vi73CFA0pYsLc_tnhRMlqnyzw.roa
File:                     M_Vi73CFA0pYsLc_tnhRMlqnyzw.roa (raw, json)
Hash identifier:          Sa1IToWhunFsh7PNrbHTSOaXwck3hxZREJV3TqwmoFA=
Subject key identifier:   33:F5:62:EF:70:85:03:4A:58:B0:B7:3F:B6:78:51:32:5A:A7:CB:3C
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       019425214CA489D233941B2C12EFD0247EC1
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/M_Vi73CFA0pYsLc_tnhRMlqnyzw.roa
Signing time:             Thu 02 Jan 2025 03:48:46 +0000
ROA not before:           Thu 02 Jan 2025 03:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7922
IP address blocks:        45.147.159.0/24 maxlen: 24
                          77.111.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:4c:a4:89:d2:33:94:1b:2c:12:ef:d0:24:7e:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: Jan  2 03:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33f562ef7085034a58b0b73fb67851325aa7cb3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0f:83:5c:cb:f3:22:47:06:c6:52:a0:8e:98:
                    27:a3:fd:f9:bc:cc:9d:53:e8:a1:60:cb:84:6f:c6:
                    e5:53:c9:30:c3:b0:80:5e:3c:a0:f1:05:5e:13:0d:
                    9b:c6:21:4f:3d:03:91:a1:ac:b0:b5:39:a0:77:eb:
                    a3:05:0c:57:ef:db:1a:e0:b2:a9:5b:94:9f:9d:18:
                    6e:4f:01:4c:fe:c0:af:b7:1f:99:66:56:95:58:2c:
                    bb:32:7c:e5:79:73:c3:68:cc:b3:52:03:22:2a:63:
                    df:ec:9e:8c:68:ca:3d:19:f3:8b:71:5d:66:4d:58:
                    75:5c:c5:73:32:ba:8b:9b:ae:a1:78:64:39:71:4f:
                    58:e2:db:6b:77:25:48:84:cc:06:50:d9:b6:b0:06:
                    ff:c2:d1:c9:fa:14:3b:26:3c:d9:ac:57:d9:dd:eb:
                    a0:2a:09:00:5e:52:ba:00:ec:71:60:c7:e5:f6:a4:
                    ff:e8:2d:16:af:c0:c6:a7:e7:cd:1c:d2:45:e4:0c:
                    4e:66:71:84:8a:90:74:a0:d1:7a:8d:65:a7:25:71:
                    ef:17:b5:83:11:27:71:8c:85:50:62:65:eb:48:63:
                    60:f5:4e:1b:b5:87:55:dd:a5:93:71:25:fd:ef:33:
                    bb:77:65:24:88:8a:4a:6e:0b:6a:aa:52:12:d9:68:
                    ef:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:F5:62:EF:70:85:03:4A:58:B0:B7:3F:B6:78:51:32:5A:A7:CB:3C
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/M_Vi73CFA0pYsLc_tnhRMlqnyzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.159.0/24
                  77.111.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:d7:f7:43:cf:0a:a2:59:20:83:ce:f1:81:eb:61:db:e5:bb:
         d6:d3:9f:c7:14:a4:2d:a0:c4:98:52:4a:10:92:a1:fb:41:d2:
         f7:af:86:02:28:1d:ae:c8:88:53:2e:c9:66:80:e6:bb:c4:10:
         6c:fa:e4:a3:98:d9:84:41:7c:8b:ab:d2:11:fa:44:ea:4c:6a:
         12:b4:d7:b2:04:7a:ad:de:7e:85:4f:46:e4:21:5d:5c:a3:36:
         4a:77:4d:98:c4:b1:8e:2f:eb:71:2e:dc:77:81:74:d8:33:af:
         c2:ee:f3:76:c6:a8:c3:c8:b5:6d:e5:62:ad:df:60:f0:5b:e2:
         bd:73:5e:cc:3e:c1:6b:b3:50:1a:89:8b:ad:e6:89:9e:9e:cc:
         21:bb:2d:36:a7:a0:4a:0a:6b:f1:5e:17:fe:8c:66:e8:07:63:
         46:59:37:0b:cf:12:09:91:20:b2:6d:16:28:5b:e3:57:84:45:
         a7:fa:9e:24:17:0e:55:26:62:ae:18:67:8b:22:e3:e1:8c:fb:
         0b:22:41:1e:0c:61:7f:fb:47:ef:7b:92:11:42:e8:a6:96:13:
         9e:63:d2:c2:29:79:2d:a4:c7:32:c3:a5:a6:12:7e:4e:60:c4:
         6a:4a:f1:80:83:17:8e:85:01:2e:17:e3:ed:74:d1:13:93:d6:
         49:39:4f:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIUykidIzlBssEu/QJH7BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjUwMTAyMDM0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2Y1NjJlZjcwODUwMzRhNThiMGI3M2ZiNjc4NTEzMjVhYTdjYjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvw+DXMvzIkcGxlKgjpgno/35vMyd
U+ihYMuEb8blU8kww7CAXjyg8QVeEw2bxiFPPQORoaywtTmgd+ujBQxX79sa4LKp
W5SfnRhuTwFM/sCvtx+ZZlaVWCy7MnzleXPDaMyzUgMiKmPf7J6MaMo9GfOLcV1m
TVh1XMVzMrqLm66heGQ5cU9Y4ttrdyVIhMwGUNm2sAb/wtHJ+hQ7JjzZrFfZ3eug
KgkAXlK6AOxxYMfl9qT/6C0Wr8DGp+fNHNJF5AxOZnGEipB0oNF6jWWnJXHvF7WD
ESdxjIVQYmXrSGNg9U4btYdV3aWTcSX97zO7d2UkiIpKbgtqqlIS2Wjv4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDP1Yu9whQNKWLC3P7Z4UTJap8s8MB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvTV9WaTczQ0ZBMHBZc0xjX3RuaFJNbHFueXp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZOfAwQA
TW92MA0GCSqGSIb3DQEBCwUAA4IBAQBI1/dDzwqiWSCDzvGB62Hb5bvW05/HFKQt
oMSYUkoQkqH7QdL3r4YCKB2uyIhTLslmgOa7xBBs+uSjmNmEQXyLq9IR+kTqTGoS
tNeyBHqt3n6FT0bkIV1cozZKd02YxLGOL+txLtx3gXTYM6/C7vN2xqjDyLVt5WKt
32DwW+K9c17MPsFrs1AaiYut5omenswhuy02p6BKCmvxXhf+jGboB2NGWTcLzxIJ
kSCybRYoW+NXhEWn+p4kFw5VJmKuGGeLIuPhjPsLIkEeDGF/+0fve5IRQuimlhOe
Y9LCKXktpMcyw6WmEn5OYMRqSvGAgxeOhQEuF+PtdNETk9ZJOU+i
-----END CERTIFICATE-----