Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/5c8941-5a28-44e1-9395-bd31c5aceb59/1/64bniClUPfUDALDLv0vwIlVjfMA.roa
File:                     64bniClUPfUDALDLv0vwIlVjfMA.roa (raw, json)
Hash identifier:          lL8XeUncI5mQZtyJg5Qencz5SVSK52g5YBySwrx2+kI=
Subject key identifier:   EB:86:E7:88:29:54:3D:F5:03:00:B0:CB:BF:4B:F0:22:55:63:7C:C0
Certificate issuer:       /CN=5791bb1150beac5ea0c724f39d2ce7fccfc1546a
Certificate serial:       019423D727867F473B8215C9049DE2FC415A
Authority key identifier: 57:91:BB:11:50:BE:AC:5E:A0:C7:24:F3:9D:2C:E7:FC:CF:C1:54:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5G7EVC-rF6gxyTznSzn_M_BVGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/5c8941-5a28-44e1-9395-bd31c5aceb59/1/64bniClUPfUDALDLv0vwIlVjfMA.roa
Signing time:             Wed 01 Jan 2025 21:48:10 +0000
ROA not before:           Wed 01 Jan 2025 21:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62199
IP address blocks:        185.45.76.0/22 maxlen: 24
                          2a01:49a0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/5c8941-5a28-44e1-9395-bd31c5aceb59/1/V5G7EVC-rF6gxyTznSzn_M_BVGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/5c8941-5a28-44e1-9395-bd31c5aceb59/1/V5G7EVC-rF6gxyTznSzn_M_BVGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V5G7EVC-rF6gxyTznSzn_M_BVGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:27:86:7f:47:3b:82:15:c9:04:9d:e2:fc:41:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5791bb1150beac5ea0c724f39d2ce7fccfc1546a
        Validity
            Not Before: Jan  1 21:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb86e78829543df50300b0cbbf4bf02255637cc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:49:42:8c:b6:3f:78:ab:8a:c6:c9:25:94:58:
                    1b:f7:76:11:b8:04:cf:6e:c7:9c:38:01:2d:f9:c4:
                    2e:a6:4c:de:a7:ea:96:a9:4e:c5:90:e1:80:c4:a3:
                    37:48:05:5f:53:4d:64:a5:b9:88:1f:84:33:99:99:
                    73:16:53:b1:70:9c:02:1f:9d:c0:3b:15:db:a1:75:
                    f4:b4:30:9a:40:2d:a4:ce:26:98:f3:0a:b0:8b:bf:
                    f2:0f:fc:2c:a4:93:52:ec:8b:02:7d:30:29:f9:f1:
                    31:f6:4f:31:e7:90:17:b5:f1:2b:c0:70:f9:5c:16:
                    ad:5b:67:36:19:44:55:2b:3f:8b:e4:f4:9e:97:14:
                    cf:bb:3f:19:4d:05:77:89:45:62:fb:c6:85:f9:fc:
                    d2:90:6d:92:36:e1:5a:4e:98:cc:d6:05:0a:f7:93:
                    64:4d:a9:a9:a1:1b:fe:05:95:53:c9:a0:4d:06:d8:
                    9b:23:ca:87:85:cb:f1:f1:57:19:3b:13:2c:51:91:
                    35:3a:f5:e4:83:e5:e2:b1:82:8c:00:09:87:bf:d7:
                    d5:1d:22:f2:b0:55:9e:15:bd:fa:c4:5b:50:bf:4c:
                    55:0b:d1:54:de:e7:92:a8:62:ce:9f:6c:7d:97:40:
                    0e:7e:4d:66:f0:3e:11:47:1f:8e:fe:53:91:d5:97:
                    26:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:86:E7:88:29:54:3D:F5:03:00:B0:CB:BF:4B:F0:22:55:63:7C:C0
            X509v3 Authority Key Identifier:
                keyid:57:91:BB:11:50:BE:AC:5E:A0:C7:24:F3:9D:2C:E7:FC:CF:C1:54:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5G7EVC-rF6gxyTznSzn_M_BVGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/5c8941-5a28-44e1-9395-bd31c5aceb59/1/64bniClUPfUDALDLv0vwIlVjfMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/5c8941-5a28-44e1-9395-bd31c5aceb59/1/V5G7EVC-rF6gxyTznSzn_M_BVGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.76.0/22
                IPv6:
                  2a01:49a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:0f:fd:d2:fc:76:f3:f4:49:95:2c:43:19:78:85:44:a6:f2:
         1d:ab:ec:f5:f0:28:f5:a8:de:69:69:23:b4:40:b2:1b:ef:59:
         38:0c:77:bb:38:37:7e:c6:e4:6a:b7:34:bf:fa:e2:ef:31:6f:
         4b:da:7f:73:f9:1a:08:bf:ab:d4:86:d6:91:f9:f2:e0:b9:8d:
         6c:f0:80:91:46:6b:0b:00:68:a5:14:be:d5:65:a8:5c:f1:5d:
         45:e6:12:97:05:52:ac:54:47:e6:09:ad:a0:71:01:01:16:6f:
         c6:97:af:7e:26:8e:07:33:e1:5b:3f:c5:8b:8c:b4:af:63:2b:
         bd:12:c8:91:49:ef:8f:6d:a4:cc:bc:ea:b2:70:df:5f:8a:42:
         9f:e6:80:da:f4:99:d9:2b:38:9a:ad:b9:1e:d5:2c:30:4f:d0:
         f8:34:45:e7:77:77:a3:69:f5:e1:65:c5:ff:62:48:bd:f0:9b:
         4e:a9:62:f4:0f:7b:56:e8:1f:3a:8d:00:d6:15:38:da:c1:56:
         ca:8c:91:dc:9c:f9:fa:af:8a:24:df:f3:9a:ad:ef:f4:da:9f:
         1f:51:dd:bd:9f:a2:17:10:78:f1:0c:d7:b0:81:3c:c6:8b:42:
         b2:79:77:52:29:67:15:82:fe:9a:30:fc:99:8d:1d:ad:84:e6:
         c0:44:8d:24
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQj1yeGf0c7ghXJBJ3i/EFaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OTFiYjExNTBiZWFjNWVhMGM3MjRmMzlkMmNlN2ZjY2Zj
MTU0NmEwHhcNMjUwMTAxMjE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjg2ZTc4ODI5NTQzZGY1MDMwMGIwY2JiZjRiZjAyMjU1NjM3Y2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0lCjLY/eKuKxskllFgb93YRuATP
bsecOAEt+cQupkzep+qWqU7FkOGAxKM3SAVfU01kpbmIH4QzmZlzFlOxcJwCH53A
OxXboXX0tDCaQC2kziaY8wqwi7/yD/wspJNS7IsCfTAp+fEx9k8x55AXtfErwHD5
XBatW2c2GURVKz+L5PSelxTPuz8ZTQV3iUVi+8aF+fzSkG2SNuFaTpjM1gUK95Nk
TampoRv+BZVTyaBNBtibI8qHhcvx8VcZOxMsUZE1OvXkg+XisYKMAAmHv9fVHSLy
sFWeFb36xFtQv0xVC9FU3ueSqGLOn2x9l0AOfk1m8D4RRx+O/lOR1Zcm5wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOuG54gpVD31AwCwy79L8CJVY3zAMB8GA1UdIwQY
MBaAFFeRuxFQvqxeoMck850s5/zPwVRqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVHN0VWQy1yRjZneHlUem5Tem5fTV9CVkdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy81Yzg5NDEtNWEyOC00NGUxLTkzOTUt
YmQzMWM1YWNlYjU5LzEvNjRibmlDbFVQZlVEQUxETHYwdndJbFZqZk1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy81Yzg5NDEtNWEyOC00NGUxLTkzOTUtYmQzMWM1YWNlYjU5
LzEvVjVHN0VWQy1yRjZneHlUem5Tem5fTV9CVkdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuS1MMA0E
AgACMAcDBQAqAUmgMA0GCSqGSIb3DQEBCwUAA4IBAQBiD/3S/Hbz9EmVLEMZeIVE
pvIdq+z18Cj1qN5paSO0QLIb71k4DHe7ODd+xuRqtzS/+uLvMW9L2n9z+RoIv6vU
htaR+fLguY1s8ICRRmsLAGilFL7VZahc8V1F5hKXBVKsVEfmCa2gcQEBFm/Gl69+
Jo4HM+FbP8WLjLSvYyu9EsiRSe+PbaTMvOqycN9fikKf5oDa9JnZKziarbke1Sww
T9D4NEXnd3ejafXhZcX/Yki98JtOqWL0D3tW6B86jQDWFTjawVbKjJHcnPn6r4ok
3/Oare/02p8fUd29n6IXEHjxDNewgTzGi0KyeXdSKWcVgv6aMPyZjR2thObARI0k
-----END CERTIFICATE-----