Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/1MaQ3UERADg_6Qg7JL_rTSZtSHY.roa
File:                     1MaQ3UERADg_6Qg7JL_rTSZtSHY.roa (raw, json)
Hash identifier:          +cHQwaDCYvHww4iP38T2uoBP4/k9EvIeJ4TrlPbtqZk=
Subject key identifier:   D4:C6:90:DD:41:11:00:38:3F:E9:08:3B:24:BF:EB:4D:26:6D:48:76
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       01960130AF73095D58D6C8CC4AD5DE2F72C2
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/1MaQ3UERADg_6Qg7JL_rTSZtSHY.roa
Signing time:             Fri 04 Apr 2025 14:24:49 +0000
ROA not before:           Fri 04 Apr 2025 14:24:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214625
IP address blocks:        45.112.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:01:30:af:73:09:5d:58:d6:c8:cc:4a:d5:de:2f:72:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: Apr  4 14:24:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4c690dd411100383fe9083b24bfeb4d266d4876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b0:d9:35:1a:c8:1e:12:d9:af:ce:76:ee:77:
                    92:83:58:cb:ac:12:f8:61:17:8b:84:68:59:2c:f8:
                    a0:97:cb:37:89:0b:c1:33:3a:a9:cc:17:94:e1:13:
                    dc:e7:8c:10:43:16:17:d4:cc:88:94:89:74:fc:98:
                    2e:98:cc:12:4c:ec:69:db:b6:2d:8b:c6:db:90:71:
                    dc:9c:50:09:6f:52:9c:d1:08:19:f5:2e:90:35:33:
                    50:04:6e:ad:4d:21:2b:45:1b:af:7f:13:06:ac:33:
                    9c:ac:b9:8a:5e:e3:b9:46:ba:84:c8:35:aa:fb:20:
                    fd:0a:01:0d:ba:2a:7a:c0:15:30:4d:d5:00:62:2a:
                    11:f2:5b:a6:be:88:1b:0d:23:89:3c:fd:83:73:39:
                    f5:98:32:5b:d5:21:90:95:3f:48:6c:ef:ac:d9:ee:
                    fe:c8:df:86:e1:5c:10:ba:fd:b1:7d:17:8b:af:67:
                    73:d3:4e:e3:8d:f3:dc:73:20:8e:3a:50:6c:67:e7:
                    18:e8:99:11:72:b3:18:21:d7:2d:8a:d1:25:08:15:
                    45:a9:9a:ae:cb:3f:2f:30:50:96:4e:92:23:e3:1e:
                    26:ba:0b:b7:5b:50:f7:88:0f:fe:93:7c:1e:22:fe:
                    cf:9c:9f:b9:c0:b3:27:b3:50:f6:1c:c0:19:1b:9f:
                    77:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:C6:90:DD:41:11:00:38:3F:E9:08:3B:24:BF:EB:4D:26:6D:48:76
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/1MaQ3UERADg_6Qg7JL_rTSZtSHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.112.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:48:1a:47:a8:2b:d1:e1:c3:05:ca:5d:33:2d:b1:8b:bd:70:
         bf:68:02:1e:2d:1d:e7:37:85:10:55:ee:60:46:ee:37:cd:16:
         04:f6:ea:68:03:3b:c7:d8:c2:2c:f5:af:c8:1a:69:fe:4f:27:
         ab:14:71:9e:ca:f4:81:2e:c0:7d:2e:3f:24:c9:08:18:7e:ed:
         d3:b6:91:01:2f:7d:24:66:5f:13:4a:2f:2a:a9:a9:cf:db:de:
         74:1b:18:c0:52:c0:50:b2:20:90:c8:f7:27:2e:f4:0f:5e:e9:
         89:9c:5a:3c:9c:1d:64:b7:42:80:9b:dc:88:af:f9:2d:78:aa:
         21:92:92:de:8e:06:35:e1:92:29:ab:d8:6d:58:a9:fb:a3:61:
         9a:e9:19:86:14:49:81:52:2f:ce:67:80:f5:5c:3d:de:97:8b:
         ea:6b:c3:bc:35:51:62:3c:1b:35:56:04:0e:27:67:d3:d9:aa:
         3a:69:b0:ff:c9:f2:ca:41:2b:89:ef:fb:3e:01:81:f8:20:65:
         48:8e:40:81:a4:a9:12:d9:f6:18:1d:41:d7:26:d6:cf:24:ff:
         8c:27:c3:c7:9f:19:7d:64:ef:c6:e9:0c:0a:87:1a:cc:52:49:
         5d:4f:56:4f:80:4d:c9:c7:7b:24:71:c3:9e:36:07:08:d9:87:
         be:82:4f:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYBMK9zCV1Y1sjMStXeL3LCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjUwNDA0MTQyNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGM2OTBkZDQxMTEwMDM4M2ZlOTA4M2IyNGJmZWI0ZDI2NmQ0ODc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLDZNRrIHhLZr8527neSg1jLrBL4
YReLhGhZLPigl8s3iQvBMzqpzBeU4RPc54wQQxYX1MyIlIl0/JgumMwSTOxp27Yt
i8bbkHHcnFAJb1Kc0QgZ9S6QNTNQBG6tTSErRRuvfxMGrDOcrLmKXuO5RrqEyDWq
+yD9CgENuip6wBUwTdUAYioR8lumvogbDSOJPP2Dczn1mDJb1SGQlT9IbO+s2e7+
yN+G4VwQuv2xfReLr2dz007jjfPccyCOOlBsZ+cY6JkRcrMYIdctitElCBVFqZqu
yz8vMFCWTpIj4x4mugu3W1D3iA/+k3weIv7PnJ+5wLMns1D2HMAZG593bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNTGkN1BEQA4P+kIOyS/600mbUh2MB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEvMU1hUTNVRVJBRGdfNlFnN0pMX3JUU1p0U0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALXDCMA0G
CSqGSIb3DQEBCwUAA4IBAQAoSBpHqCvR4cMFyl0zLbGLvXC/aAIeLR3nN4UQVe5g
Ru43zRYE9upoAzvH2MIs9a/IGmn+TyerFHGeyvSBLsB9Lj8kyQgYfu3TtpEBL30k
Zl8TSi8qqanP2950GxjAUsBQsiCQyPcnLvQPXumJnFo8nB1kt0KAm9yIr/kteKoh
kpLejgY14ZIpq9htWKn7o2Ga6RmGFEmBUi/OZ4D1XD3el4vqa8O8NVFiPBs1VgQO
J2fT2ao6abD/yfLKQSuJ7/s+AYH4IGVIjkCBpKkS2fYYHUHXJtbPJP+MJ8PHnxl9
ZO/G6QwKhxrMUkldT1ZPgE3Jx3skccOeNgcI2Ye+gk9i
-----END CERTIFICATE-----