Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/4LsGyYiK0sgKkroWjTTFs8_ZHCM.roa
File:                     4LsGyYiK0sgKkroWjTTFs8_ZHCM.roa (raw, json)
Hash identifier:          QauhAAEQPIkKYlb83izgi5pzYOnIDRyMVizxEMXIMVo=
Subject key identifier:   E0:BB:06:C9:88:8A:D2:C8:0A:92:BA:16:8D:34:C5:B3:CF:D9:1C:23
Certificate issuer:       /CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
Certificate serial:       01942748917481AE8EFB7009A9CFED3AB37D
Authority key identifier: 79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/4LsGyYiK0sgKkroWjTTFs8_ZHCM.roa
Signing time:             Thu 02 Jan 2025 13:50:54 +0000
ROA not before:           Thu 02 Jan 2025 13:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211440
IP address blocks:        45.12.12.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:91:74:81:ae:8e:fb:70:09:a9:cf:ed:3a:b3:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
        Validity
            Not Before: Jan  2 13:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0bb06c9888ad2c80a92ba168d34c5b3cfd91c23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:00:73:87:de:f7:7a:96:fa:61:ac:09:04:21:
                    88:76:6f:90:22:05:4e:d1:ae:01:21:58:99:4e:b0:
                    de:dc:f3:3e:ac:3b:3e:31:35:55:ac:03:29:13:17:
                    69:cd:73:1e:25:74:27:4a:f1:54:a7:86:db:46:18:
                    d8:e4:f5:79:a8:2f:a2:ed:68:9f:6c:a1:a7:48:54:
                    9d:9c:e5:74:2b:05:eb:32:58:36:3b:18:2b:aa:9d:
                    ac:b6:9a:a4:35:f7:c4:9d:aa:eb:c2:bb:3a:91:cf:
                    d4:1e:07:64:9c:91:c2:13:a3:b5:83:6d:b5:f1:78:
                    40:92:93:9b:0b:eb:83:43:3e:4d:c5:af:4a:e9:ba:
                    7e:4b:4f:5c:80:5a:bd:fb:fd:12:e1:f8:d6:d5:d6:
                    bd:32:c4:21:93:48:87:13:5b:1c:92:f9:1c:88:58:
                    98:be:f0:cc:cf:b1:96:17:27:59:46:6f:d0:19:48:
                    3e:64:cd:70:3f:29:a8:f5:93:5a:73:3f:cd:7e:4f:
                    6e:72:55:52:62:4b:16:d2:df:b0:23:43:38:e6:7e:
                    1c:50:01:51:14:17:2d:e5:bd:de:e7:95:91:6b:e2:
                    78:b3:3c:62:22:30:0d:2a:3f:88:56:62:03:e3:78:
                    de:92:5f:64:c5:82:d0:bd:1d:cf:d4:03:3a:91:97:
                    ed:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:BB:06:C9:88:8A:D2:C8:0A:92:BA:16:8D:34:C5:B3:CF:D9:1C:23
            X509v3 Authority Key Identifier:
                keyid:79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/4LsGyYiK0sgKkroWjTTFs8_ZHCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:58:9c:5b:c7:f9:72:c1:7a:40:3f:4a:b7:e1:79:d0:0a:14:
         3b:0c:77:2f:0e:99:4a:d4:f5:ee:33:5e:3f:ef:4d:3b:11:7b:
         f3:fd:b2:c8:19:84:e2:12:b6:de:4d:f7:d6:6d:1d:68:95:d5:
         88:93:4b:e7:86:fd:cc:1f:c7:d2:3d:79:d6:dc:ae:b5:cb:5d:
         f8:63:50:86:b7:19:c7:15:0d:89:bf:3b:aa:40:cd:76:92:40:
         58:8d:75:29:81:48:a0:f3:52:6a:b1:d5:75:03:6a:8a:59:54:
         59:db:28:dc:21:dc:f5:a8:94:a6:7d:ba:50:94:b1:bb:8c:35:
         42:2e:6a:13:09:b9:20:76:22:69:0e:39:d1:a3:54:8d:18:12:
         c0:0e:96:bd:dc:84:76:3f:93:74:c3:8e:fc:a6:50:4d:b0:38:
         ec:a3:3b:0e:aa:63:f2:00:b0:80:6c:e0:25:0c:cd:14:2c:70:
         1c:76:24:5c:06:cd:23:53:14:48:88:36:9c:89:db:26:12:93:
         5a:f2:3d:da:92:d1:38:ea:1b:4a:d9:85:5f:1e:24:f2:de:02:
         fe:db:00:fb:a5:0f:6b:6b:e0:7f:91:1f:49:ee:ff:88:29:da:
         e6:6d:b3:be:05:4e:0e:c0:8a:e1:c3:ac:77:60:26:85:4c:15:
         29:0c:a9:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSJF0ga6O+3AJqc/tOrN9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTg0M2QzYTY3YmYyMDJkMGFlMjNkZjk1ZTE0ZWE4NzFk
OGYxNWQwHhcNMjUwMTAyMTM1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGJiMDZjOTg4OGFkMmM4MGE5MmJhMTY4ZDM0YzViM2NmZDkxYzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ABzh973epb6YawJBCGIdm+QIgVO
0a4BIViZTrDe3PM+rDs+MTVVrAMpExdpzXMeJXQnSvFUp4bbRhjY5PV5qC+i7Wif
bKGnSFSdnOV0KwXrMlg2Oxgrqp2stpqkNffEnarrwrs6kc/UHgdknJHCE6O1g221
8XhAkpObC+uDQz5Nxa9K6bp+S09cgFq9+/0S4fjW1da9MsQhk0iHE1sckvkciFiY
vvDMz7GWFydZRm/QGUg+ZM1wPymo9ZNacz/Nfk9uclVSYksW0t+wI0M45n4cUAFR
FBct5b3e55WRa+J4szxiIjANKj+IVmID43jekl9kxYLQvR3P1AM6kZft/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOC7BsmIitLICpK6Fo00xbPP2RwjMB8GA1UdIwQY
MBaAFHmoQ9Ome/IC0K4j35XhTqhx2PFdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEt
YjRkZDIyNzU4OTUxLzEvNExzR3lZaUswc2dLa3JvV2pUVEZzOF9aSENNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEtYjRkZDIyNzU4OTUx
LzEvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQwMMA0G
CSqGSIb3DQEBCwUAA4IBAQAqWJxbx/lywXpAP0q34XnQChQ7DHcvDplK1PXuM14/
7007EXvz/bLIGYTiErbeTffWbR1oldWIk0vnhv3MH8fSPXnW3K61y134Y1CGtxnH
FQ2JvzuqQM12kkBYjXUpgUig81JqsdV1A2qKWVRZ2yjcIdz1qJSmfbpQlLG7jDVC
LmoTCbkgdiJpDjnRo1SNGBLADpa93IR2P5N0w478plBNsDjsozsOqmPyALCAbOAl
DM0ULHAcdiRcBs0jUxRIiDacidsmEpNa8j3aktE46htK2YVfHiTy3gL+2wD7pQ9r
a+B/kR9J7v+IKdrmbbO+BU4OwIrhw6x3YCaFTBUpDKm3
-----END CERTIFICATE-----