Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/hVFH86LVYnyePIbmaCqfpS5vJKM.roa
File:                     hVFH86LVYnyePIbmaCqfpS5vJKM.roa (raw, json)
Hash identifier:          Jp2Ho2sVrxwbPVnhT98cuAw+l3HPTfx4q1sSUogMvrs=
Subject key identifier:   85:51:47:F3:A2:D5:62:7C:9E:3C:86:E6:68:2A:9F:A5:2E:6F:24:A3
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       019422FBE82691A8F246AEE3F65D78CDA0B9
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/hVFH86LVYnyePIbmaCqfpS5vJKM.roa
Signing time:             Wed 01 Jan 2025 17:48:41 +0000
ROA not before:           Wed 01 Jan 2025 17:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58212
IP address blocks:        45.140.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:e8:26:91:a8:f2:46:ae:e3:f6:5d:78:cd:a0:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: Jan  1 17:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=855147f3a2d5627c9e3c86e6682a9fa52e6f24a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:14:1a:73:54:83:e7:22:25:6c:a5:58:5b:93:
                    a5:a8:30:7a:d4:0f:f5:1c:2c:91:2c:1c:72:89:60:
                    f4:54:e1:53:77:8f:0d:5c:ea:84:02:4e:ba:a9:bf:
                    9b:ef:6f:bc:5c:04:39:2d:19:97:cc:79:49:ed:21:
                    2f:a9:f7:aa:90:0b:70:5e:82:12:f2:73:42:4c:75:
                    71:5b:ea:b8:33:9a:e6:a8:b2:2e:74:90:c5:4e:7b:
                    86:7b:af:5f:20:df:cf:0c:29:25:3d:79:3d:c3:01:
                    dc:f1:80:7a:82:a7:07:10:e7:fb:bc:a0:9e:ad:90:
                    8e:7f:5e:63:0e:cf:2c:d3:ab:37:1a:09:e6:3b:db:
                    e3:41:16:29:22:06:36:25:03:3a:fe:a8:df:a4:c8:
                    d7:9f:10:a6:17:b0:14:80:87:c8:3f:26:06:e9:06:
                    4c:88:c7:a7:90:63:64:8a:34:f4:50:e4:12:9f:4b:
                    fe:ff:49:76:00:56:2a:45:8a:0f:20:a9:10:bb:36:
                    48:b9:93:3c:1f:06:a4:6a:f5:13:9c:52:d4:18:e5:
                    38:cc:63:2e:ff:b7:ea:8a:df:c1:d0:8a:f3:fc:7d:
                    fa:17:f2:37:80:87:03:0e:ec:c8:dc:af:72:7b:66:
                    ec:0f:1a:ed:10:2d:75:06:df:90:6f:2c:db:c4:37:
                    28:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:51:47:F3:A2:D5:62:7C:9E:3C:86:E6:68:2A:9F:A5:2E:6F:24:A3
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/hVFH86LVYnyePIbmaCqfpS5vJKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:0a:de:2d:0d:af:71:bc:e0:97:ba:5e:48:3d:92:6b:e8:cb:
         07:4c:ca:d2:51:99:02:ec:35:ec:97:1f:95:f8:b7:ae:68:9d:
         2b:80:c9:3a:34:a9:05:58:bc:c3:f9:96:c0:46:d0:23:36:44:
         d6:a6:21:4a:a3:fb:11:5b:73:f5:6d:c3:de:6a:b4:a0:06:b9:
         48:39:78:77:75:41:a6:6b:2a:9a:22:4a:21:06:94:92:a7:25:
         8e:7c:f3:91:4a:e3:a2:4d:9b:b6:98:f6:b6:60:5f:36:6f:98:
         6a:1e:42:b1:28:90:4a:f6:fa:3d:34:42:c8:52:f6:a5:a4:5a:
         4f:20:97:df:59:bb:b7:64:57:7c:b4:cc:46:fb:39:95:e1:93:
         85:55:72:7e:c1:96:43:0b:14:25:61:d5:cb:65:f7:2c:50:e0:
         21:6d:9b:a8:03:eb:bb:6d:ff:7d:f0:61:e6:e0:6f:9d:09:1c:
         5e:20:63:a3:00:a6:0d:c0:e7:ec:a9:52:10:c2:46:d5:a0:17:
         dc:89:f4:b2:ec:24:8a:2f:14:f5:1a:ac:e5:8c:43:e7:54:4b:
         d3:e1:29:2f:ea:79:c7:f2:9d:c5:85:d0:f5:cd:38:b0:cc:39:
         a5:0a:de:bb:4f:ea:36:0c:90:0e:53:cd:6e:04:da:5a:6a:ce:
         13:28:1f:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi++gmkajyRq7j9l14zaC5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjUwMTAxMTc0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTUxNDdmM2EyZDU2MjdjOWUzYzg2ZTY2ODJhOWZhNTJlNmYyNGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBQac1SD5yIlbKVYW5OlqDB61A/1
HCyRLBxyiWD0VOFTd48NXOqEAk66qb+b72+8XAQ5LRmXzHlJ7SEvqfeqkAtwXoIS
8nNCTHVxW+q4M5rmqLIudJDFTnuGe69fIN/PDCklPXk9wwHc8YB6gqcHEOf7vKCe
rZCOf15jDs8s06s3GgnmO9vjQRYpIgY2JQM6/qjfpMjXnxCmF7AUgIfIPyYG6QZM
iMenkGNkijT0UOQSn0v+/0l2AFYqRYoPIKkQuzZIuZM8HwakavUTnFLUGOU4zGMu
/7fqit/B0Irz/H36F/I3gIcDDuzI3K9ye2bsDxrtEC11Bt+QbyzbxDcoCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVRR/Oi1WJ8njyG5mgqn6UubySjMB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvaFZGSDg2TFZZbnllUElibWFDcWZwUzV2SktNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYw4MA0G
CSqGSIb3DQEBCwUAA4IBAQCHCt4tDa9xvOCXul5IPZJr6MsHTMrSUZkC7DXslx+V
+LeuaJ0rgMk6NKkFWLzD+ZbARtAjNkTWpiFKo/sRW3P1bcPearSgBrlIOXh3dUGm
ayqaIkohBpSSpyWOfPORSuOiTZu2mPa2YF82b5hqHkKxKJBK9vo9NELIUvalpFpP
IJffWbu3ZFd8tMxG+zmV4ZOFVXJ+wZZDCxQlYdXLZfcsUOAhbZuoA+u7bf998GHm
4G+dCRxeIGOjAKYNwOfsqVIQwkbVoBfcifSy7CSKLxT1GqzljEPnVEvT4Skv6nnH
8p3FhdD1zTiwzDmlCt67T+o2DJAOU81uBNpaas4TKB86
-----END CERTIFICATE-----