Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/0fdf9e-f53f-467d-bc8c-3a563c210a55/1/PYHZmBGQVm6qfdBJdxdjvraE_TE.roa
File:                     PYHZmBGQVm6qfdBJdxdjvraE_TE.roa (raw, json)
Hash identifier:          1636pEj+Ysk8BXs8R24x5ID69mQlJkn8VfyV6uxXy1w=
Subject key identifier:   3D:81:D9:98:11:90:56:6E:AA:7D:D0:49:77:17:63:BE:B6:84:FD:31
Certificate issuer:       /CN=a3a985c39e3e911b980e93a06640157e9e052d23
Certificate serial:       01942143CD0B88F05ED12C2E595198CB9BA8
Authority key identifier: A3:A9:85:C3:9E:3E:91:1B:98:0E:93:A0:66:40:15:7E:9E:05:2D:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o6mFw54-kRuYDpOgZkAVfp4FLSM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/0fdf9e-f53f-467d-bc8c-3a563c210a55/1/PYHZmBGQVm6qfdBJdxdjvraE_TE.roa
Signing time:             Wed 01 Jan 2025 09:47:59 +0000
ROA not before:           Wed 01 Jan 2025 09:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42864
IP address blocks:        45.66.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/0fdf9e-f53f-467d-bc8c-3a563c210a55/1/o6mFw54-kRuYDpOgZkAVfp4FLSM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/0fdf9e-f53f-467d-bc8c-3a563c210a55/1/o6mFw54-kRuYDpOgZkAVfp4FLSM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o6mFw54-kRuYDpOgZkAVfp4FLSM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:cd:0b:88:f0:5e:d1:2c:2e:59:51:98:cb:9b:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3a985c39e3e911b980e93a06640157e9e052d23
        Validity
            Not Before: Jan  1 09:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d81d9981190566eaa7dd049771763beb684fd31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:21:a7:16:12:1d:f3:1f:62:fb:a2:68:57:72:
                    7c:29:d0:b6:1b:9c:a1:70:0e:95:df:59:df:00:5b:
                    0b:77:ff:16:6a:c0:f1:8e:7a:32:c6:f0:1b:9f:e3:
                    6a:67:70:68:a3:86:ec:48:48:81:cf:15:3d:b6:43:
                    14:12:60:5f:7e:02:be:d6:25:ef:5f:e3:37:40:2d:
                    ee:c5:62:2b:db:46:99:1c:de:06:70:c1:4c:79:69:
                    7c:96:47:6a:6c:4e:78:4e:5f:65:92:73:41:6b:b9:
                    53:9d:6c:a4:02:34:c2:2b:3d:40:39:07:13:e2:20:
                    1d:c2:e7:af:2a:96:d4:81:71:f8:74:f6:a9:3b:a7:
                    8d:f4:88:fd:2a:6e:d4:85:ba:c3:f5:7b:b9:ea:0f:
                    bf:94:0f:98:1c:54:4e:ad:61:ce:44:e4:74:3d:36:
                    0a:99:7d:86:f6:e8:f6:89:63:06:b1:23:40:6f:6d:
                    c3:fd:cb:13:47:37:a3:83:02:70:a3:bb:f9:e0:75:
                    ea:fb:cd:0b:03:56:21:d9:8f:6a:8a:70:e1:26:a6:
                    ba:97:be:c1:e9:50:30:d6:e9:35:2a:3a:16:e1:e4:
                    c1:fc:5a:02:06:64:b8:b9:fc:01:51:02:30:b3:96:
                    8b:20:05:6e:ac:e7:39:84:93:7c:78:ec:ab:ab:40:
                    b2:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:81:D9:98:11:90:56:6E:AA:7D:D0:49:77:17:63:BE:B6:84:FD:31
            X509v3 Authority Key Identifier:
                keyid:A3:A9:85:C3:9E:3E:91:1B:98:0E:93:A0:66:40:15:7E:9E:05:2D:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o6mFw54-kRuYDpOgZkAVfp4FLSM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/0fdf9e-f53f-467d-bc8c-3a563c210a55/1/PYHZmBGQVm6qfdBJdxdjvraE_TE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/0fdf9e-f53f-467d-bc8c-3a563c210a55/1/o6mFw54-kRuYDpOgZkAVfp4FLSM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:c8:c3:ce:75:bf:d3:5d:ad:e5:b7:02:96:5b:d3:bb:73:87:
         5c:a7:45:28:eb:e3:27:51:9e:f1:80:cf:ff:20:3c:c0:c3:5d:
         66:02:77:43:b1:18:6a:7c:01:e2:00:34:53:69:39:5b:c7:ad:
         e7:b7:dd:43:9e:56:81:40:ab:c6:5e:2b:d6:5b:a1:4c:21:05:
         79:12:fa:28:06:bb:ea:9a:ad:f4:aa:43:83:19:c1:3d:73:d8:
         e8:ae:78:18:42:5a:da:e8:3b:30:2d:0e:4e:2d:6a:51:fe:45:
         56:0c:54:01:43:a3:cb:82:e0:29:8a:ae:d5:0f:7b:3e:5f:80:
         8f:19:46:2b:65:26:8d:5c:fb:74:e6:18:ea:64:b5:52:ae:08:
         fc:b2:41:5b:0f:b2:96:c0:b3:b8:a4:7f:fa:11:79:3d:13:ba:
         8c:2d:63:f8:13:7f:b6:20:19:11:3d:dd:0f:57:5b:ab:be:00:
         f9:51:9e:99:94:98:a1:a3:1f:30:15:97:11:44:3d:64:1a:d7:
         f9:91:54:b5:be:10:2d:55:41:d1:41:3d:43:87:dc:2e:7e:44:
         a3:b7:66:43:4a:89:0f:9c:b5:05:02:53:bd:e9:f1:58:65:82:
         a3:72:60:06:42:8a:60:d0:78:7e:4f:1c:ed:78:fb:2f:7d:42:
         f1:91:8d:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ80LiPBe0SwuWVGYy5uoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzYTk4NWMzOWUzZTkxMWI5ODBlOTNhMDY2NDAxNTdlOWUw
NTJkMjMwHhcNMjUwMTAxMDk0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDgxZDk5ODExOTA1NjZlYWE3ZGQwNDk3NzE3NjNiZWI2ODRmZDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyGnFhId8x9i+6JoV3J8KdC2G5yh
cA6V31nfAFsLd/8WasDxjnoyxvAbn+NqZ3Boo4bsSEiBzxU9tkMUEmBffgK+1iXv
X+M3QC3uxWIr20aZHN4GcMFMeWl8lkdqbE54Tl9lknNBa7lTnWykAjTCKz1AOQcT
4iAdwuevKpbUgXH4dPapO6eN9Ij9Km7UhbrD9Xu56g+/lA+YHFROrWHOROR0PTYK
mX2G9uj2iWMGsSNAb23D/csTRzejgwJwo7v54HXq+80LA1Yh2Y9qinDhJqa6l77B
6VAw1uk1KjoW4eTB/FoCBmS4ufwBUQIws5aLIAVurOc5hJN8eOyrq0CyuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD2B2ZgRkFZuqn3QSXcXY762hP0xMB8GA1UdIwQY
MBaAFKOphcOePpEbmA6ToGZAFX6eBS0jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzZtRnc1NC1rUnVZRHBPZ1prQVZmcDRGTFNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8wZmRmOWUtZjUzZi00NjdkLWJjOGMt
M2E1NjNjMjEwYTU1LzEvUFlIWm1CR1FWbTZxZmRCSmR4ZGp2cmFFX1RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8wZmRmOWUtZjUzZi00NjdkLWJjOGMtM2E1NjNjMjEwYTU1
LzEvbzZtRnc1NC1rUnVZRHBPZ1prQVZmcDRGTFNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLUJoMA0G
CSqGSIb3DQEBCwUAA4IBAQCHyMPOdb/TXa3ltwKWW9O7c4dcp0Uo6+MnUZ7xgM//
IDzAw11mAndDsRhqfAHiADRTaTlbx63nt91DnlaBQKvGXivWW6FMIQV5EvooBrvq
mq30qkODGcE9c9jorngYQlra6DswLQ5OLWpR/kVWDFQBQ6PLguApiq7VD3s+X4CP
GUYrZSaNXPt05hjqZLVSrgj8skFbD7KWwLO4pH/6EXk9E7qMLWP4E3+2IBkRPd0P
V1urvgD5UZ6ZlJihox8wFZcRRD1kGtf5kVS1vhAtVUHRQT1Dh9wufkSjt2ZDSokP
nLUFAlO96fFYZYKjcmAGQopg0Hh+TxztePsvfULxkY19
-----END CERTIFICATE-----