Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/7a940b-340a-4d08-afd8-53c5720cfbeb/1/Np4SGefOBCZiVQwVOhlw43OZIsc.roa
File:                     Np4SGefOBCZiVQwVOhlw43OZIsc.roa (raw, json)
Hash identifier:          4LHgzyDtN1tlOUmbwRr7JMfVVPaWldi7uvsqlFbuzcs=
Subject key identifier:   36:9E:12:19:E7:CE:04:26:62:55:0C:15:3A:19:70:E3:73:99:22:C7
Certificate issuer:       /CN=24afeae83d2d5e2ea77ac6147f75837b27f74349
Certificate serial:       019421B20FAB913BC17EC9103B918A19DB48
Authority key identifier: 24:AF:EA:E8:3D:2D:5E:2E:A7:7A:C6:14:7F:75:83:7B:27:F7:43:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JK_q6D0tXi6nesYUf3WDeyf3Q0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/7a940b-340a-4d08-afd8-53c5720cfbeb/1/Np4SGefOBCZiVQwVOhlw43OZIsc.roa
Signing time:             Wed 01 Jan 2025 11:48:25 +0000
ROA not before:           Wed 01 Jan 2025 11:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213373
IP address blocks:        45.141.56.0/24 maxlen: 24
                          45.141.58.0/24 maxlen: 24
                          45.141.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/7a940b-340a-4d08-afd8-53c5720cfbeb/1/JK_q6D0tXi6nesYUf3WDeyf3Q0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/7a940b-340a-4d08-afd8-53c5720cfbeb/1/JK_q6D0tXi6nesYUf3WDeyf3Q0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JK_q6D0tXi6nesYUf3WDeyf3Q0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:0f:ab:91:3b:c1:7e:c9:10:3b:91:8a:19:db:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24afeae83d2d5e2ea77ac6147f75837b27f74349
        Validity
            Not Before: Jan  1 11:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=369e1219e7ce042662550c153a1970e3739922c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3d:4b:f6:17:a9:eb:2c:21:5f:7a:3f:a0:12:
                    36:7e:99:23:17:db:eb:47:b4:f3:3a:c3:1a:68:a8:
                    54:2f:20:76:7a:60:1d:50:80:d7:02:0e:9c:6b:ae:
                    98:47:3c:0c:82:d8:af:54:1d:4b:bd:ec:04:72:c4:
                    be:e2:cf:4e:a1:1c:3b:cf:9b:d6:c0:38:55:ef:fa:
                    9d:1f:b9:44:88:32:e5:57:ff:9a:33:f5:51:d7:3a:
                    18:3f:44:4a:73:98:79:2a:0c:3a:f0:26:4f:fe:57:
                    db:e9:d6:94:cb:f3:a3:11:68:c9:30:c6:c6:ee:00:
                    a1:6d:1c:8c:1c:32:c0:e2:f5:e6:26:69:cb:79:7a:
                    5d:c1:07:7c:cc:eb:81:3d:bb:ce:df:71:ce:a8:ec:
                    4f:89:d9:44:44:c4:eb:7b:8f:3c:ce:09:d7:ef:89:
                    f0:6d:a4:8e:47:79:15:03:84:10:de:2c:61:5e:fc:
                    bc:c1:e7:a5:b9:9e:67:49:3b:bc:d6:d6:19:2a:9e:
                    f1:9a:14:87:0e:d8:5e:7a:10:f0:aa:00:00:e2:6d:
                    5e:29:f5:17:d7:d1:09:e7:00:d4:f1:fc:2c:cc:5e:
                    b1:80:de:4f:e6:29:32:78:22:02:a8:1b:c4:86:33:
                    e4:31:54:31:45:39:cd:c2:7d:c5:16:3b:92:c5:a8:
                    91:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:9E:12:19:E7:CE:04:26:62:55:0C:15:3A:19:70:E3:73:99:22:C7
            X509v3 Authority Key Identifier:
                keyid:24:AF:EA:E8:3D:2D:5E:2E:A7:7A:C6:14:7F:75:83:7B:27:F7:43:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JK_q6D0tXi6nesYUf3WDeyf3Q0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/7a940b-340a-4d08-afd8-53c5720cfbeb/1/Np4SGefOBCZiVQwVOhlw43OZIsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/7a940b-340a-4d08-afd8-53c5720cfbeb/1/JK_q6D0tXi6nesYUf3WDeyf3Q0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.56.0/24
                  45.141.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:64:a8:a7:08:31:9f:d0:7a:56:c8:4e:cf:30:01:08:b6:0a:
         cc:5f:ef:e9:b5:88:1f:ab:49:39:8a:f0:20:06:e2:13:8c:5b:
         76:4d:82:f8:2a:83:db:f4:21:d7:e1:02:4a:b0:e4:5d:b3:02:
         d3:8d:23:02:3c:08:d6:3c:97:9d:f4:3b:65:51:e4:e3:30:7c:
         1d:16:bf:3c:72:70:e9:46:00:ee:1b:99:b0:8b:34:de:a9:a3:
         cc:7d:35:94:7a:da:33:ef:f8:c2:3d:74:6d:2e:63:ee:94:bf:
         42:0f:7a:ec:a9:8d:97:71:2d:a7:4b:9e:f7:90:52:1e:c5:84:
         5d:f6:bd:fd:8c:59:64:7f:a4:ac:df:2b:91:84:f4:eb:b8:af:
         1e:34:d6:1d:28:8a:11:9f:a1:cc:41:ea:7e:c8:51:b2:7a:d4:
         20:9b:80:f7:cc:6b:a6:d7:38:66:66:be:9e:22:4b:a7:d0:6d:
         e9:14:6b:ec:9b:f5:3f:92:1e:74:06:86:9a:58:7a:7a:3f:a1:
         8f:5d:cb:e9:17:fc:ee:8c:2a:6b:ae:53:8a:3c:a7:af:00:cb:
         f7:63:45:48:7f:75:f8:d1:7b:20:0f:b5:e1:74:49:42:38:8c:
         f9:bd:06:9f:b8:7a:5c:5e:f3:22:0f:13:de:40:4e:d9:35:87:
         95:5c:c8:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsg+rkTvBfskQO5GKGdtIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0YWZlYWU4M2QyZDVlMmVhNzdhYzYxNDdmNzU4MzdiMjdm
NzQzNDkwHhcNMjUwMTAxMTE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjllMTIxOWU3Y2UwNDI2NjI1NTBjMTUzYTE5NzBlMzczOTkyMmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj1L9hep6ywhX3o/oBI2fpkjF9vr
R7TzOsMaaKhULyB2emAdUIDXAg6ca66YRzwMgtivVB1LvewEcsS+4s9OoRw7z5vW
wDhV7/qdH7lEiDLlV/+aM/VR1zoYP0RKc5h5Kgw68CZP/lfb6daUy/OjEWjJMMbG
7gChbRyMHDLA4vXmJmnLeXpdwQd8zOuBPbvO33HOqOxPidlERMTre488zgnX74nw
baSOR3kVA4QQ3ixhXvy8weeluZ5nSTu81tYZKp7xmhSHDtheehDwqgAA4m1eKfUX
19EJ5wDU8fwszF6xgN5P5ikyeCICqBvEhjPkMVQxRTnNwn3FFjuSxaiRFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDaeEhnnzgQmYlUMFToZcONzmSLHMB8GA1UdIwQY
MBaAFCSv6ug9LV4up3rGFH91g3sn90NJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSktfcTZEMHRYaTZuZXNZVWYzV0RleWYzUTBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy83YTk0MGItMzQwYS00ZDA4LWFmZDgt
NTNjNTcyMGNmYmViLzEvTnA0U0dlZk9CQ1ppVlF3Vk9obHc0M09aSXNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy83YTk0MGItMzQwYS00ZDA4LWFmZDgtNTNjNTcyMGNmYmVi
LzEvSktfcTZEMHRYaTZuZXNZVWYzV0RleWYzUTBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALY04AwQB
LY06MA0GCSqGSIb3DQEBCwUAA4IBAQAzZKinCDGf0HpWyE7PMAEItgrMX+/ptYgf
q0k5ivAgBuITjFt2TYL4KoPb9CHX4QJKsORdswLTjSMCPAjWPJed9DtlUeTjMHwd
Fr88cnDpRgDuG5mwizTeqaPMfTWUetoz7/jCPXRtLmPulL9CD3rsqY2XcS2nS573
kFIexYRd9r39jFlkf6Ss3yuRhPTruK8eNNYdKIoRn6HMQep+yFGyetQgm4D3zGum
1zhmZr6eIkun0G3pFGvsm/U/kh50BoaaWHp6P6GPXcvpF/zujCprrlOKPKevAMv3
Y0VIf3X40XsgD7XhdElCOIz5vQafuHpcXvMiDxPeQE7ZNYeVXMgH
-----END CERTIFICATE-----