Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/rAaiXMvO9i5snovqluPbyo_QCN0.roa
File:                     rAaiXMvO9i5snovqluPbyo_QCN0.roa (raw, json)
Hash identifier:          pt3vDzVbNzSpy4PSZ8+XX3gpZBn6uEG/ZRILx9TbDQc=
Subject key identifier:   AC:06:A2:5C:CB:CE:F6:2E:6C:9E:8B:EA:96:E3:DB:CA:8F:D0:08:DD
Certificate issuer:       /CN=851d4e34d4e48539c170451d4e26138887f6e922
Certificate serial:       01941FFA4CC438D6072A36FED3B29E43E21C
Authority key identifier: 85:1D:4E:34:D4:E4:85:39:C1:70:45:1D:4E:26:13:88:87:F6:E9:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hR1ONNTkhTnBcEUdTiYTiIf26SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/rAaiXMvO9i5snovqluPbyo_QCN0.roa
Signing time:             Wed 01 Jan 2025 03:48:04 +0000
ROA not before:           Wed 01 Jan 2025 03:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41960
IP address blocks:        45.129.144.0/22 maxlen: 24
                          185.249.40.0/22 maxlen: 24
                          2a0e:5b40::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/hR1ONNTkhTnBcEUdTiYTiIf26SI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/hR1ONNTkhTnBcEUdTiYTiIf26SI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hR1ONNTkhTnBcEUdTiYTiIf26SI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:4c:c4:38:d6:07:2a:36:fe:d3:b2:9e:43:e2:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=851d4e34d4e48539c170451d4e26138887f6e922
        Validity
            Not Before: Jan  1 03:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac06a25ccbcef62e6c9e8bea96e3dbca8fd008dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a2:0d:98:c0:59:2e:80:d8:95:23:6d:be:a9:
                    3d:1d:6e:12:7b:c1:68:7c:bf:28:2a:fa:d9:b0:48:
                    08:8e:01:c0:11:e8:bf:9d:6b:f3:c2:ae:48:df:66:
                    ef:d2:da:8f:da:97:7d:13:e7:9f:ee:27:99:fd:55:
                    b2:bb:47:56:29:5d:6c:60:09:fe:e8:4d:f1:df:4f:
                    8d:62:06:85:91:ce:25:68:64:9b:41:ea:0c:7d:b8:
                    82:17:75:8c:65:e6:b2:25:70:8b:46:3c:df:02:b4:
                    ba:8d:b5:1c:a5:39:78:28:b4:6d:91:34:0a:a2:85:
                    80:b1:15:c8:8f:9f:e3:8e:1a:0e:42:6b:c0:5d:0f:
                    b5:b9:61:ee:3f:09:d9:65:a6:dd:fb:d0:8f:13:ac:
                    a1:12:cd:43:db:3f:ac:26:d0:29:95:aa:f4:37:f9:
                    51:6b:a6:1e:ec:75:a3:73:a7:9b:28:d6:49:a1:7b:
                    22:3a:be:f0:1b:52:c8:dc:52:84:db:69:fc:7c:21:
                    67:b5:a6:3b:13:9e:0f:3c:fa:0f:8b:82:f4:07:f0:
                    14:41:ee:9d:b4:69:0f:81:49:16:ed:88:de:38:e2:
                    6b:c2:55:52:24:f9:f4:b3:eb:53:48:39:87:38:80:
                    78:c1:bd:c7:36:e5:5c:ef:36:28:45:24:7c:3f:37:
                    a2:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:06:A2:5C:CB:CE:F6:2E:6C:9E:8B:EA:96:E3:DB:CA:8F:D0:08:DD
            X509v3 Authority Key Identifier:
                keyid:85:1D:4E:34:D4:E4:85:39:C1:70:45:1D:4E:26:13:88:87:F6:E9:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hR1ONNTkhTnBcEUdTiYTiIf26SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/rAaiXMvO9i5snovqluPbyo_QCN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/hR1ONNTkhTnBcEUdTiYTiIf26SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.144.0/22
                  185.249.40.0/22
                IPv6:
                  2a0e:5b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         b3:6f:8a:9e:4a:df:c0:e0:88:51:79:51:b5:4c:78:fb:03:6a:
         2d:b2:d2:68:6e:90:26:f3:52:f4:59:6a:6e:fc:e7:6e:06:c0:
         7b:03:8a:cd:1d:c2:19:0f:aa:fb:7c:74:03:ae:01:d3:3e:df:
         67:71:0a:8a:71:eb:5b:81:51:26:3f:b0:ff:b8:da:f4:5d:f9:
         9d:93:64:3f:54:78:e4:98:ec:e6:2d:b6:e8:92:56:d6:52:c9:
         d0:51:ae:c8:12:ad:d7:1a:b5:15:32:64:7b:d6:1d:3c:d9:1a:
         19:21:59:b2:ee:bf:78:ad:60:c7:83:44:8b:35:18:1f:67:51:
         1e:97:af:58:12:f9:f3:ae:47:2c:ec:60:22:db:e6:78:6d:07:
         c9:d5:90:ea:3c:a3:96:10:b7:74:00:8d:ac:d6:4a:7c:32:00:
         4a:0c:df:52:36:6b:30:1a:49:51:98:10:4e:eb:bc:5c:bf:c1:
         31:eb:3a:09:ed:29:24:a2:22:b4:49:b1:92:b5:05:e0:9c:09:
         49:e8:da:97:6c:c7:04:ec:4b:24:08:af:4c:f4:87:d1:7a:bb:
         53:3c:a9:0f:f2:9b:64:32:1c:9d:c0:41:80:1b:45:31:c7:c5:
         1b:db:da:99:51:10:a2:a4:1b:ae:3f:c9:0f:21:d1:f5:97:8e:
         d3:8a:1f:cd
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQf+kzEONYHKjb+07KeQ+IcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MWQ0ZTM0ZDRlNDg1MzljMTcwNDUxZDRlMjYxMzg4ODdm
NmU5MjIwHhcNMjUwMTAxMDM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzA2YTI1Y2NiY2VmNjJlNmM5ZThiZWE5NmUzZGJjYThmZDAwOGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6INmMBZLoDYlSNtvqk9HW4Se8Fo
fL8oKvrZsEgIjgHAEei/nWvzwq5I32bv0tqP2pd9E+ef7ieZ/VWyu0dWKV1sYAn+
6E3x30+NYgaFkc4laGSbQeoMfbiCF3WMZeayJXCLRjzfArS6jbUcpTl4KLRtkTQK
ooWAsRXIj5/jjhoOQmvAXQ+1uWHuPwnZZabd+9CPE6yhEs1D2z+sJtAplar0N/lR
a6Ye7HWjc6ebKNZJoXsiOr7wG1LI3FKE22n8fCFntaY7E54PPPoPi4L0B/AUQe6d
tGkPgUkW7YjeOOJrwlVSJPn0s+tTSDmHOIB4wb3HNuVc7zYoRSR8Pzei3wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKwGolzLzvYubJ6L6pbj28qP0AjdMB8GA1UdIwQY
MBaAFIUdTjTU5IU5wXBFHU4mE4iH9ukiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFIxT05OVGtoVG5CY0VVZFRpWVRpSWYyNlNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9iZjE1ODktNmFkZi00NGIzLTk3NDYt
ODFjNDA1NTE0OGUwLzEvckFhaVhNdk85aTVzbm92cWx1UGJ5b19RQ04wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9iZjE1ODktNmFkZi00NGIzLTk3NDYtODFjNDA1NTE0OGUw
LzEvaFIxT05OVGtoVG5CY0VVZFRpWVRpSWYyNlNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLYGQAwQC
ufkoMA0EAgACMAcDBQMqDltAMA0GCSqGSIb3DQEBCwUAA4IBAQCzb4qeSt/A4IhR
eVG1THj7A2otstJobpAm81L0WWpu/OduBsB7A4rNHcIZD6r7fHQDrgHTPt9ncQqK
cetbgVEmP7D/uNr0Xfmdk2Q/VHjkmOzmLbboklbWUsnQUa7IEq3XGrUVMmR71h08
2RoZIVmy7r94rWDHg0SLNRgfZ1Eel69YEvnzrkcs7GAi2+Z4bQfJ1ZDqPKOWELd0
AI2s1kp8MgBKDN9SNmswGklRmBBO67xcv8Ex6zoJ7SkkoiK0SbGStQXgnAlJ6NqX
bMcE7EskCK9M9IfRertTPKkP8ptkMhydwEGAG0Uxx8Ub29qZURCipBuuP8kPIdH1
l47Tih/N
-----END CERTIFICATE-----