Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/9L9dE8OSoWGoRjQ2q2lU1Ep6ABI.roa
File:                     9L9dE8OSoWGoRjQ2q2lU1Ep6ABI.roa (raw, json)
Hash identifier:          66QQ/DhztbOQ/xuj2zVtbN8mB6ngSqyQXQkZm9xHX+E=
Subject key identifier:   F4:BF:5D:13:C3:92:A1:61:A8:46:34:36:AB:69:54:D4:4A:7A:00:12
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       0194258F87610A76A7A7749C47FF1D4DB0AC
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/9L9dE8OSoWGoRjQ2q2lU1Ep6ABI.roa
Signing time:             Thu 02 Jan 2025 05:49:10 +0000
ROA not before:           Thu 02 Jan 2025 05:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34642
IP address blocks:        45.136.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 13:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:87:61:0a:76:a7:a7:74:9c:47:ff:1d:4d:b0:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 05:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4bf5d13c392a161a8463436ab6954d44a7a0012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:0c:9d:ae:9d:98:fd:fc:f1:e0:0f:41:13:9f:
                    2b:01:8b:62:5c:6b:ab:67:cf:be:35:9f:0e:12:91:
                    44:07:57:5a:8a:bc:5e:9b:85:4d:7f:c4:22:a1:d7:
                    ec:19:20:98:06:79:c3:78:01:fd:02:5f:c9:09:46:
                    db:7b:4c:ef:3b:a3:6a:eb:94:e1:bb:32:2b:0c:78:
                    bd:a0:54:dd:cd:ca:d5:35:70:b1:af:1c:3f:f8:37:
                    4e:cc:94:91:ee:9f:4e:fe:05:12:3d:ba:c7:e0:a1:
                    ca:be:9b:0b:91:dc:b1:99:31:b1:b9:5e:66:45:21:
                    00:ab:bf:57:f6:c2:24:26:38:d6:f9:21:c8:f3:c6:
                    7d:2e:76:89:60:a0:5b:47:23:6f:c2:1b:ee:03:53:
                    cf:07:e6:6e:eb:19:ac:ca:40:32:4e:9c:9f:56:01:
                    83:56:52:4c:bc:14:6a:3f:c3:90:56:8f:56:8c:e2:
                    f0:89:ed:43:10:38:86:c5:dc:be:28:4d:95:31:a8:
                    58:f6:46:b4:6c:e1:0a:60:ec:32:43:ff:b9:2a:06:
                    00:8a:84:19:a3:7c:2c:85:89:cb:83:0a:0e:7d:3b:
                    4c:95:17:33:63:7a:ac:8c:a2:0a:df:18:88:62:a1:
                    85:8c:e9:c7:91:4d:98:41:5c:b4:d2:0a:6b:84:e8:
                    2d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:BF:5D:13:C3:92:A1:61:A8:46:34:36:AB:69:54:D4:4A:7A:00:12
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/9L9dE8OSoWGoRjQ2q2lU1Ep6ABI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:4b:bd:f0:e1:b2:33:ac:9e:b2:ba:34:b2:e1:42:5f:b2:c4:
         86:dc:4e:ba:35:a2:a9:39:a8:4c:1e:ce:82:69:32:fc:7c:17:
         15:88:34:1d:80:aa:91:b3:22:c3:b5:31:65:6d:40:3b:fd:dd:
         79:1c:b5:87:d5:95:67:81:6b:7b:af:bc:0e:46:d5:a3:59:58:
         1b:46:d4:ea:42:9a:da:5e:9a:ed:c9:5a:92:b0:24:ec:18:7c:
         1b:34:6c:4f:15:b7:53:79:a4:8a:fb:59:2c:89:45:fd:d1:4c:
         10:12:5b:cb:48:d1:00:a3:17:fe:3b:b6:34:ee:5b:0d:03:cc:
         d5:08:37:f3:67:85:f7:2e:9d:a6:73:99:68:93:ce:ad:0c:2d:
         82:f7:f1:9b:37:f1:4e:4a:3e:19:ca:2c:b9:7d:b3:88:df:8a:
         1f:4f:aa:d5:9c:ca:6d:2c:3d:02:6c:d8:80:ea:74:b9:bd:90:
         e8:1d:0f:88:b3:05:65:24:eb:84:21:42:09:d6:5a:97:82:c3:
         0f:00:6f:a4:1f:ad:68:e8:57:ad:7b:5b:81:5c:23:88:46:d7:
         35:28:f5:73:35:1a:3e:52:ac:1a:5d:ed:b6:ad:a3:ef:03:87:
         d2:f0:dc:f2:c6:57:06:d7:96:67:64:49:00:fe:15:ff:73:c1:
         d1:8c:07:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj4dhCnanp3ScR/8dTbCsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMTAyMDU0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGJmNWQxM2MzOTJhMTYxYTg0NjM0MzZhYjY5NTRkNDRhN2EwMDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQydrp2Y/fzx4A9BE58rAYtiXGur
Z8++NZ8OEpFEB1dairxem4VNf8QiodfsGSCYBnnDeAH9Al/JCUbbe0zvO6Nq65Th
uzIrDHi9oFTdzcrVNXCxrxw/+DdOzJSR7p9O/gUSPbrH4KHKvpsLkdyxmTGxuV5m
RSEAq79X9sIkJjjW+SHI88Z9LnaJYKBbRyNvwhvuA1PPB+Zu6xmsykAyTpyfVgGD
VlJMvBRqP8OQVo9WjOLwie1DEDiGxdy+KE2VMahY9ka0bOEKYOwyQ/+5KgYAioQZ
o3wshYnLgwoOfTtMlRczY3qsjKIK3xiIYqGFjOnHkU2YQVy00gprhOgtSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPS/XRPDkqFhqEY0NqtpVNRKegASMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvOUw5ZEU4T1NvV0dvUmpRMnEybFUxRXA2QUJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYj5MA0G
CSqGSIb3DQEBCwUAA4IBAQAhS73w4bIzrJ6yujSy4UJfssSG3E66NaKpOahMHs6C
aTL8fBcViDQdgKqRsyLDtTFlbUA7/d15HLWH1ZVngWt7r7wORtWjWVgbRtTqQpra
XprtyVqSsCTsGHwbNGxPFbdTeaSK+1ksiUX90UwQElvLSNEAoxf+O7Y07lsNA8zV
CDfzZ4X3Lp2mc5lok86tDC2C9/GbN/FOSj4Zyiy5fbOI34ofT6rVnMptLD0CbNiA
6nS5vZDoHQ+IswVlJOuEIUIJ1lqXgsMPAG+kH61o6Fete1uBXCOIRtc1KPVzNRo+
UqwaXe22raPvA4fS8NzyxlcG15ZnZEkA/hX/c8HRjAcE
-----END CERTIFICATE-----