Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/YxnLmhiEAoRIPwqx7D5pI2tVg0E.roa
File:                     YxnLmhiEAoRIPwqx7D5pI2tVg0E.roa (raw, json)
Hash identifier:          Z5VZl3NN5nIeNmBSmYIBYR811mPwFTzRI+uDPXf+8B0=
Subject key identifier:   63:19:CB:9A:18:84:02:84:48:3F:0A:B1:EC:3E:69:23:6B:55:83:41
Certificate issuer:       /CN=e15808f3f921bc8c3eea87c7584c584c1000b051
Certificate serial:       0194266C0D99040727FCEF6E794121A611BC
Authority key identifier: E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/YxnLmhiEAoRIPwqx7D5pI2tVg0E.roa
Signing time:             Thu 02 Jan 2025 09:50:03 +0000
ROA not before:           Thu 02 Jan 2025 09:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62387
IP address blocks:        45.156.44.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:0d:99:04:07:27:fc:ef:6e:79:41:21:a6:11:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15808f3f921bc8c3eea87c7584c584c1000b051
        Validity
            Not Before: Jan  2 09:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6319cb9a18840284483f0ab1ec3e69236b558341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:18:df:b0:c7:ee:a8:22:4a:be:69:67:bc:c3:
                    95:c6:6e:26:09:6f:1c:4c:2e:11:f3:1d:fc:3a:e8:
                    cd:3b:ad:5b:6e:eb:e9:a0:79:ed:cf:78:08:ca:98:
                    37:28:45:0d:91:82:7e:63:ae:05:87:87:ad:84:1d:
                    92:86:25:fc:12:5e:f3:7e:dd:36:19:4b:e6:92:9c:
                    ec:4f:e9:57:5d:fa:b7:29:fa:e5:4b:ac:ed:ee:b6:
                    54:9a:3a:6e:f6:f8:93:36:3b:22:74:60:23:90:02:
                    77:a1:5e:8b:99:40:1b:7d:8d:2c:90:bd:1d:f6:37:
                    47:d3:4b:08:fc:35:f0:c3:f0:5c:01:33:02:06:23:
                    08:2a:f2:28:b4:f9:41:7c:43:59:a8:9e:70:6a:03:
                    89:ed:23:e4:f4:84:f8:90:a6:9d:63:ca:79:1c:26:
                    8f:7f:6e:cf:39:39:8f:21:48:1c:c7:32:3d:be:0b:
                    47:20:72:1e:3c:8c:41:d5:f1:1d:48:7c:c2:b9:85:
                    87:32:e3:02:0a:89:63:a4:48:44:22:65:ce:ad:14:
                    e4:c0:52:1e:a1:a5:1d:28:bf:6b:20:ff:96:39:fa:
                    9c:4f:5f:d9:84:40:41:71:4a:d8:a6:d6:de:48:08:
                    f3:27:31:be:af:c9:19:9f:cb:cf:7c:30:b6:1a:14:
                    6c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:19:CB:9A:18:84:02:84:48:3F:0A:B1:EC:3E:69:23:6B:55:83:41
            X509v3 Authority Key Identifier:
                keyid:E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/YxnLmhiEAoRIPwqx7D5pI2tVg0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:26:8a:6d:df:fa:93:f3:db:a9:79:49:79:df:76:a9:8e:85:
         b4:6b:96:4d:0f:b3:71:61:99:81:5d:2e:dd:e1:55:b6:b3:28:
         dc:6c:94:6d:ce:0a:bb:95:5b:b3:41:54:e0:00:f2:a4:80:05:
         70:ba:ce:c3:ce:fe:3f:27:78:c3:55:58:53:20:fe:53:c6:52:
         a8:d4:b2:d9:5d:e8:c7:5a:30:00:7a:7b:74:24:f0:b7:10:fa:
         1c:64:7b:be:b3:75:9b:2e:26:35:07:41:48:6e:3d:2f:51:76:
         cf:79:b2:91:59:2e:ac:1e:5d:b1:03:e9:ae:c9:ff:ba:a4:5b:
         82:c3:fd:96:9f:cc:b2:96:9e:a4:8d:b2:be:d5:cc:7b:a6:2c:
         7e:9c:d6:04:21:03:d8:fc:11:76:27:70:4e:bd:7c:56:d8:5d:
         a1:e3:57:9e:2d:81:b4:d1:54:bd:f6:84:63:4c:bc:49:ed:27:
         88:c2:20:13:52:e2:8f:76:8d:8d:85:93:34:c4:91:b5:82:e1:
         87:3c:68:95:ee:32:a4:9d:7d:90:9c:b0:66:99:c8:88:8d:eb:
         93:0f:69:c7:ed:54:e0:71:80:24:e7:43:90:19:3a:97:e4:56:
         3e:5c:6c:3b:7a:8b:57:01:b8:e3:7b:a5:ee:6d:84:e2:07:5f:
         7e:9d:52:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbA2ZBAcn/O9ueUEhphG8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTgwOGYzZjkyMWJjOGMzZWVhODdjNzU4NGM1ODRjMTAw
MGIwNTEwHhcNMjUwMTAyMDk1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzE5Y2I5YTE4ODQwMjg0NDgzZjBhYjFlYzNlNjkyMzZiNTU4MzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxjfsMfuqCJKvmlnvMOVxm4mCW8c
TC4R8x38OujNO61bbuvpoHntz3gIypg3KEUNkYJ+Y64Fh4ethB2ShiX8El7zft02
GUvmkpzsT+lXXfq3KfrlS6zt7rZUmjpu9viTNjsidGAjkAJ3oV6LmUAbfY0skL0d
9jdH00sI/DXww/BcATMCBiMIKvIotPlBfENZqJ5wagOJ7SPk9IT4kKadY8p5HCaP
f27POTmPIUgcxzI9vgtHIHIePIxB1fEdSHzCuYWHMuMCColjpEhEImXOrRTkwFIe
oaUdKL9rIP+WOfqcT1/ZhEBBcUrYptbeSAjzJzG+r8kZn8vPfDC2GhRsKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGMZy5oYhAKESD8Ksew+aSNrVYNBMB8GA1UdIwQY
MBaAFOFYCPP5IbyMPuqHx1hMWEwQALBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAt
YWIxOWZjYjBjZTY0LzEvWXhuTG1oaUVBb1JJUHdxeDdENXBJMnRWZzBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAtYWIxOWZjYjBjZTY0
LzEvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZwsMA0G
CSqGSIb3DQEBCwUAA4IBAQBbJopt3/qT89upeUl533apjoW0a5ZND7NxYZmBXS7d
4VW2syjcbJRtzgq7lVuzQVTgAPKkgAVwus7Dzv4/J3jDVVhTIP5TxlKo1LLZXejH
WjAAent0JPC3EPocZHu+s3WbLiY1B0FIbj0vUXbPebKRWS6sHl2xA+muyf+6pFuC
w/2Wn8yylp6kjbK+1cx7pix+nNYEIQPY/BF2J3BOvXxW2F2h41eeLYG00VS99oRj
TLxJ7SeIwiATUuKPdo2NhZM0xJG1guGHPGiV7jKknX2QnLBmmciIjeuTD2nH7VTg
cYAk50OQGTqX5FY+XGw7eotXAbjje6XubYTiB19+nVIK
-----END CERTIFICATE-----