Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/ypDy4xS2R6Ye6aWBkCNFAdcm0wI.roa
File:                     ypDy4xS2R6Ye6aWBkCNFAdcm0wI.roa (raw, json)
Hash identifier:          hjIAAkji2+ZqYHRNKyPRkJEyLfHtgHEfz/xpi/TOXR8=
Subject key identifier:   CA:90:F2:E3:14:B6:47:A6:1E:E9:A5:81:90:23:45:01:D7:26:D3:02
Certificate issuer:       /CN=b08ace0eb3e2df49fdbb77726716fb65e7777964
Certificate serial:       0194221FD847B0E9AA24E5DD3AE0E63AAB9C
Authority key identifier: B0:8A:CE:0E:B3:E2:DF:49:FD:BB:77:72:67:16:FB:65:E7:77:79:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sIrODrPi30n9u3dyZxb7Zed3eWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/ypDy4xS2R6Ye6aWBkCNFAdcm0wI.roa
Signing time:             Wed 01 Jan 2025 13:48:19 +0000
ROA not before:           Wed 01 Jan 2025 13:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202422
IP address blocks:        45.135.229.0/24 maxlen: 24
                          45.135.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/sIrODrPi30n9u3dyZxb7Zed3eWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/sIrODrPi30n9u3dyZxb7Zed3eWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sIrODrPi30n9u3dyZxb7Zed3eWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:d8:47:b0:e9:aa:24:e5:dd:3a:e0:e6:3a:ab:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b08ace0eb3e2df49fdbb77726716fb65e7777964
        Validity
            Not Before: Jan  1 13:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca90f2e314b647a61ee9a58190234501d726d302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5f:f5:6f:7d:4a:3f:6f:50:cd:c7:93:2c:be:
                    4f:99:67:e8:5a:fc:d3:31:9d:9b:df:48:72:f3:88:
                    c5:78:f1:ac:ae:2c:69:52:3f:04:6a:03:f8:f5:ac:
                    5b:ea:8b:d9:34:e3:6f:7d:ba:66:e0:3e:01:25:57:
                    1d:cc:26:58:6d:a7:2c:b7:c3:b7:1d:d3:51:53:d8:
                    c5:83:dc:24:49:5e:ae:6a:0a:a3:73:d1:7c:d9:80:
                    1c:ca:f5:fa:cd:94:1a:a0:80:f1:86:d9:d6:3d:d5:
                    62:21:33:f3:0f:77:c8:6e:16:34:a6:85:2d:95:86:
                    69:92:39:3b:ec:b7:11:29:e9:bf:df:44:e7:da:09:
                    77:e7:26:9a:58:83:53:81:e2:92:42:b2:2f:13:62:
                    94:01:c7:34:08:e6:39:0b:84:12:85:b1:32:c4:ed:
                    10:ff:23:fc:9c:b0:26:ee:6f:76:f8:60:97:72:57:
                    c9:fa:b6:33:85:a3:5e:2b:61:e9:31:04:8c:ac:4f:
                    84:7b:04:2f:ae:35:33:60:85:55:3e:c8:bf:2a:e5:
                    8b:23:6b:96:ac:84:f0:35:44:ce:dd:dd:e7:10:c5:
                    90:a8:fd:b7:8d:e8:25:e7:2a:83:c0:53:b0:ae:ed:
                    00:4d:62:95:37:97:ae:b6:13:ca:1a:9a:6d:a2:99:
                    cb:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:90:F2:E3:14:B6:47:A6:1E:E9:A5:81:90:23:45:01:D7:26:D3:02
            X509v3 Authority Key Identifier:
                keyid:B0:8A:CE:0E:B3:E2:DF:49:FD:BB:77:72:67:16:FB:65:E7:77:79:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sIrODrPi30n9u3dyZxb7Zed3eWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/ypDy4xS2R6Ye6aWBkCNFAdcm0wI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/sIrODrPi30n9u3dyZxb7Zed3eWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.229.0-45.135.230.255

    Signature Algorithm: sha256WithRSAEncryption
         94:60:2e:3d:2a:b4:f9:e8:69:16:e7:89:ea:31:64:79:82:6a:
         ec:be:48:7f:93:bc:33:cc:60:ab:03:73:ad:a4:8d:5a:7a:cf:
         2f:1c:8a:8e:5f:40:3d:50:14:a9:2d:cf:2f:f1:1c:d2:57:dd:
         82:61:8f:c7:17:b7:c8:43:cb:d3:2c:da:07:eb:17:d3:9b:3d:
         c0:a5:1e:40:e1:70:4d:71:35:b4:4f:b5:23:c3:89:d0:ec:42:
         b7:e5:b3:68:c6:89:d8:3c:d9:89:00:61:b6:c2:3e:ea:5a:6d:
         ce:c4:b3:73:8a:e7:ea:47:19:bf:68:90:3b:f8:e3:96:08:2c:
         f8:f6:84:8c:43:4e:c0:81:ba:6c:49:4c:f6:bd:fd:3d:63:01:
         b0:19:21:23:75:f3:22:d9:1c:d8:c4:85:95:2d:4c:75:60:cf:
         de:7f:9b:58:c8:64:4a:e3:87:8d:c2:fa:65:ba:b4:45:a2:03:
         b8:e2:7a:44:fa:06:35:a7:c8:d8:22:d5:85:f7:fb:72:65:9f:
         77:be:59:90:9b:32:1d:6c:cc:f9:07:8b:f9:19:30:86:ce:47:
         f4:25:67:12:17:db:d4:c3:ba:a2:16:dd:a0:2b:9b:9c:e9:39:
         52:e2:83:8d:36:ee:1d:be:ef:7d:5d:e5:0a:a5:9b:c5:4f:b6:
         6c:c6:a9:d0
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQiH9hHsOmqJOXdOuDmOqucMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwOGFjZTBlYjNlMmRmNDlmZGJiNzc3MjY3MTZmYjY1ZTc3
Nzc5NjQwHhcNMjUwMTAxMTM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTkwZjJlMzE0YjY0N2E2MWVlOWE1ODE5MDIzNDUwMWQ3MjZkMzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtV/1b31KP29QzceTLL5PmWfoWvzT
MZ2b30hy84jFePGsrixpUj8EagP49axb6ovZNONvfbpm4D4BJVcdzCZYbacst8O3
HdNRU9jFg9wkSV6uagqjc9F82YAcyvX6zZQaoIDxhtnWPdViITPzD3fIbhY0poUt
lYZpkjk77LcRKem/30Tn2gl35yaaWINTgeKSQrIvE2KUAcc0COY5C4QShbEyxO0Q
/yP8nLAm7m92+GCXclfJ+rYzhaNeK2HpMQSMrE+EewQvrjUzYIVVPsi/KuWLI2uW
rITwNUTO3d3nEMWQqP23jegl5yqDwFOwru0ATWKVN5euthPKGpptopnLJwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMqQ8uMUtkemHumlgZAjRQHXJtMCMB8GA1UdIwQY
MBaAFLCKzg6z4t9J/bt3cmcW+2Xnd3lkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0lyT0RyUGkzMG45dTNkeVp4YjdaZWQzZVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80NTM3ZGQtNzhiNi00NjdlLTkxNGQt
ODY1YjRjZmJkNGNkLzEveXBEeTR4UzJSNlllNmFXQmtDTkZBZGNtMHdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80NTM3ZGQtNzhiNi00NjdlLTkxNGQtODY1YjRjZmJkNGNk
LzEvc0lyT0RyUGkzMG45dTNkeVp4YjdaZWQzZVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAth+UD
BAAth+YwDQYJKoZIhvcNAQELBQADggEBAJRgLj0qtPnoaRbnieoxZHmCauy+SH+T
vDPMYKsDc62kjVp6zy8cio5fQD1QFKktzy/xHNJX3YJhj8cXt8hDy9Ms2gfrF9Ob
PcClHkDhcE1xNbRPtSPDidDsQrfls2jGidg82YkAYbbCPupabc7Es3OK5+pHGb9o
kDv445YILPj2hIxDTsCBumxJTPa9/T1jAbAZISN18yLZHNjEhZUtTHVgz95/m1jI
ZErjh43C+mW6tEWiA7jiekT6BjWnyNgi1YX3+3Jln3e+WZCbMh1szPkHi/kZMIbO
R/QlZxIX29TDuqIW3aArm5zpOVLig4027h2+731d5Qqlm8VPtmzGqdA=
-----END CERTIFICATE-----