Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/454412-c062-4b45-a644-a038ef1eff39/1/FdZc5w6NQTxVaX5pVim2SXSRdFw.roa
File:                     FdZc5w6NQTxVaX5pVim2SXSRdFw.roa (raw, json)
Hash identifier:          3yS2WlAT7COs2QdB7b8/iS1aVVb5UF5pqjux+yVKvWo=
Subject key identifier:   15:D6:5C:E7:0E:8D:41:3C:55:69:7E:69:56:29:B6:49:74:91:74:5C
Certificate issuer:       /CN=45ed111630e05297795dddd298ea1fb29e695c53
Certificate serial:       01941F8C3E5DDD183BF2ABCCFC543C24043E
Authority key identifier: 45:ED:11:16:30:E0:52:97:79:5D:DD:D2:98:EA:1F:B2:9E:69:5C:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Re0RFjDgUpd5Xd3SmOofsp5pXFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/454412-c062-4b45-a644-a038ef1eff39/1/FdZc5w6NQTxVaX5pVim2SXSRdFw.roa
Signing time:             Wed 01 Jan 2025 01:47:52 +0000
ROA not before:           Wed 01 Jan 2025 01:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        141.64.0.0/16 maxlen: 16
                          2a12:e140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/454412-c062-4b45-a644-a038ef1eff39/1/Re0RFjDgUpd5Xd3SmOofsp5pXFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/454412-c062-4b45-a644-a038ef1eff39/1/Re0RFjDgUpd5Xd3SmOofsp5pXFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Re0RFjDgUpd5Xd3SmOofsp5pXFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:3e:5d:dd:18:3b:f2:ab:cc:fc:54:3c:24:04:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45ed111630e05297795dddd298ea1fb29e695c53
        Validity
            Not Before: Jan  1 01:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15d65ce70e8d413c55697e695629b6497491745c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ba:c8:df:b9:09:cf:08:c8:e2:46:51:2c:4d:
                    81:94:0d:8c:30:02:90:2b:5c:1a:1a:ea:ef:1d:d7:
                    1d:8a:f6:a5:a2:4f:9f:25:b3:84:12:ff:55:9a:5f:
                    37:bc:8d:e7:3e:2d:a3:8f:ee:ee:db:92:59:e8:c8:
                    2e:49:b0:48:dd:c9:4e:11:6b:ad:4d:83:5d:5f:11:
                    97:49:19:d9:13:3d:fb:1f:2c:91:e3:1d:d3:d9:41:
                    ec:ba:7f:44:7f:3a:81:a8:6b:e1:a2:22:a0:eb:b0:
                    e8:ee:4c:01:b1:8a:fc:04:6d:32:1b:ab:5e:11:7a:
                    05:be:25:49:63:2e:e2:63:2d:e1:b7:ce:52:55:48:
                    f9:05:0b:8b:64:f4:ab:88:09:f0:f8:41:ab:46:7e:
                    ac:60:17:07:3b:5e:f1:6e:ea:13:b5:90:24:7c:0c:
                    f4:4e:08:22:71:e7:e5:15:f5:c3:34:f1:e0:8e:05:
                    81:0f:f8:b2:de:6b:f7:46:61:84:9d:1f:94:7c:41:
                    46:23:54:52:0e:34:72:24:f3:b3:12:40:24:ea:8b:
                    05:25:8b:33:25:e5:d1:ce:10:e8:d8:75:4f:8f:a2:
                    64:65:79:7f:8a:58:7c:c8:1e:6f:ec:8a:3e:cc:1d:
                    59:94:7d:f1:1e:12:27:3a:d6:57:02:0f:67:7b:a3:
                    a1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:D6:5C:E7:0E:8D:41:3C:55:69:7E:69:56:29:B6:49:74:91:74:5C
            X509v3 Authority Key Identifier:
                keyid:45:ED:11:16:30:E0:52:97:79:5D:DD:D2:98:EA:1F:B2:9E:69:5C:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Re0RFjDgUpd5Xd3SmOofsp5pXFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/454412-c062-4b45-a644-a038ef1eff39/1/FdZc5w6NQTxVaX5pVim2SXSRdFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/454412-c062-4b45-a644-a038ef1eff39/1/Re0RFjDgUpd5Xd3SmOofsp5pXFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.64.0.0/16
                IPv6:
                  2a12:e140::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:66:e5:02:8b:f5:71:6b:37:f5:3d:97:fd:5f:88:3b:b1:34:
         3c:54:83:4a:04:93:5b:0a:c1:3e:0c:b3:15:cd:f4:24:ee:be:
         5b:2b:bf:09:dd:7a:65:0b:2e:70:0f:df:2a:89:c2:94:5b:46:
         2f:7b:b0:6f:8b:e3:d1:14:3d:92:b3:33:d9:16:fa:a7:a3:d4:
         93:01:29:5f:5b:97:b3:30:92:c1:f3:fd:be:7f:23:38:2e:62:
         66:1b:61:c1:76:5e:69:d7:cc:49:50:98:90:eb:77:8e:ee:14:
         6f:b5:de:83:ab:c1:d3:21:0f:03:ff:5e:04:f6:33:14:3e:43:
         4a:c7:30:6d:ad:d0:9b:23:23:74:9e:cd:18:8a:36:6b:4b:37:
         a5:04:fe:77:1c:f3:2f:4d:95:4b:b7:8f:dd:a7:fb:4f:22:42:
         47:1e:d7:d0:44:55:d6:07:ca:c6:ab:55:9c:90:db:9c:e6:1d:
         d8:42:b3:67:ee:5c:46:49:ec:82:0a:cf:38:b9:2c:83:0c:06:
         cb:99:67:b8:d1:fb:04:a3:6d:16:3e:0a:8e:f9:10:af:c3:eb:
         85:33:75:87:49:60:86:56:ed:cf:c3:cd:05:61:ef:f4:64:3a:
         ac:ff:75:8d:ea:df:6f:74:7b:cb:95:43:63:c7:7f:b9:c4:cf:
         f5:2c:cc:6e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQfjD5d3Rg78qvM/FQ8JAQ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZWQxMTE2MzBlMDUyOTc3OTVkZGRkMjk4ZWExZmIyOWU2
OTVjNTMwHhcNMjUwMTAxMDE0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWQ2NWNlNzBlOGQ0MTNjNTU2OTdlNjk1NjI5YjY0OTc0OTE3NDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbrI37kJzwjI4kZRLE2BlA2MMAKQ
K1waGurvHdcdivalok+fJbOEEv9Vml83vI3nPi2jj+7u25JZ6MguSbBI3clOEWut
TYNdXxGXSRnZEz37HyyR4x3T2UHsun9EfzqBqGvhoiKg67Do7kwBsYr8BG0yG6te
EXoFviVJYy7iYy3ht85SVUj5BQuLZPSriAnw+EGrRn6sYBcHO17xbuoTtZAkfAz0
TggiceflFfXDNPHgjgWBD/iy3mv3RmGEnR+UfEFGI1RSDjRyJPOzEkAk6osFJYsz
JeXRzhDo2HVPj6JkZXl/ilh8yB5v7Io+zB1ZlH3xHhInOtZXAg9ne6OhLQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBXWXOcOjUE8VWl+aVYptkl0kXRcMB8GA1UdIwQY
MBaAFEXtERYw4FKXeV3d0pjqH7KeaVxTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmUwUkZqRGdVcGQ1WGQzU21Pb2ZzcDVwWEZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi80NTQ0MTItYzA2Mi00YjQ1LWE2NDQt
YTAzOGVmMWVmZjM5LzEvRmRaYzV3Nk5RVHhWYVg1cFZpbTJTWFNSZEZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi80NTQ0MTItYzA2Mi00YjQ1LWE2NDQtYTAzOGVmMWVmZjM5
LzEvUmUwUkZqRGdVcGQ1WGQzU21Pb2ZzcDVwWEZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDALBAIAATAFAwMAjUAwDQQC
AAIwBwMFAyoS4UAwDQYJKoZIhvcNAQELBQADggEBAE5m5QKL9XFrN/U9l/1fiDux
NDxUg0oEk1sKwT4MsxXN9CTuvlsrvwndemULLnAP3yqJwpRbRi97sG+L49EUPZKz
M9kW+qej1JMBKV9bl7MwksHz/b5/IzguYmYbYcF2XmnXzElQmJDrd47uFG+13oOr
wdMhDwP/XgT2MxQ+Q0rHMG2t0JsjI3SezRiKNmtLN6UE/ncc8y9NlUu3j92n+08i
Qkce19BEVdYHysarVZyQ25zmHdhCs2fuXEZJ7IIKzzi5LIMMBsuZZ7jR+wSjbRY+
Co75EK/D64UzdYdJYIZW7c/DzQVh7/RkOqz/dY3q3290e8uVQ2PHf7nEz/UszG4=
-----END CERTIFICATE-----