Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/b_Rjl7l5s2ruXfIZC3d6OBIlvjw.roa
File:                     b_Rjl7l5s2ruXfIZC3d6OBIlvjw.roa (raw, json)
Hash identifier:          RN1eBvJ7M9cQIHDZtgB/+TlsTuYLflAWSHeZCPPxyMY=
Subject key identifier:   6F:F4:63:97:B9:79:B3:6A:EE:5D:F2:19:0B:77:7A:38:12:25:BE:3C
Certificate issuer:       /CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Certificate serial:       019424448E03CB9E7FDDDCB9145E7998F017
Authority key identifier: C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/b_Rjl7l5s2ruXfIZC3d6OBIlvjw.roa
Signing time:             Wed 01 Jan 2025 23:47:40 +0000
ROA not before:           Wed 01 Jan 2025 23:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        45.157.158.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:8e:03:cb:9e:7f:dd:dc:b9:14:5e:79:98:f0:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
        Validity
            Not Before: Jan  1 23:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ff46397b979b36aee5df2190b777a381225be3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:95:4f:cd:3b:1a:e9:b8:55:8e:db:01:d1:51:
                    62:1b:79:da:5c:35:cb:e1:ba:11:23:27:37:7a:78:
                    b2:f3:92:fa:4d:b5:49:05:29:e5:9f:76:89:27:c5:
                    ce:07:96:7f:50:6e:80:90:10:5a:79:07:78:9f:ef:
                    96:74:12:4e:3f:02:44:ca:fa:c1:9e:95:81:3f:73:
                    59:ff:1f:94:4c:c4:33:fb:77:d6:f0:ac:74:37:87:
                    38:5d:c0:ab:87:9c:0a:89:75:7a:18:7e:d6:63:eb:
                    30:79:38:3e:ae:1d:12:bc:23:26:43:ef:a6:2a:8b:
                    3c:b6:2e:84:80:8a:d6:5b:06:e6:85:28:e2:df:5a:
                    9b:ab:f0:30:18:f5:5b:12:80:01:9d:2b:5e:d2:b4:
                    0b:03:2e:74:40:5a:6c:32:d4:e1:10:ea:2e:ec:13:
                    01:0d:45:c6:c8:9b:c5:29:06:18:48:0e:58:3e:d1:
                    51:cb:99:c1:7b:f1:b1:5d:18:59:ed:79:5d:86:56:
                    b1:6c:72:a7:e2:37:44:02:19:24:b9:ee:c1:25:7b:
                    6c:5e:0c:f7:5d:2d:08:a2:85:98:b7:b2:9c:70:2f:
                    f2:d9:9c:6c:74:21:4e:fa:3c:c8:e9:ba:6f:87:80:
                    f3:c5:ca:f7:b3:57:75:79:f1:dd:1e:a9:86:25:2a:
                    ec:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:F4:63:97:B9:79:B3:6A:EE:5D:F2:19:0B:77:7A:38:12:25:BE:3C
            X509v3 Authority Key Identifier:
                keyid:C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/b_Rjl7l5s2ruXfIZC3d6OBIlvjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:77:82:c3:68:b2:61:15:d5:61:d0:5e:ac:61:de:8b:33:42:
         86:89:29:b0:7c:24:0c:a9:20:9d:60:b4:f6:b0:47:30:02:8f:
         b8:e9:01:80:0d:46:18:3d:14:f3:1a:d0:9c:dd:32:ed:85:95:
         e6:0c:58:ee:68:f2:8a:16:b3:e1:e3:52:8c:ed:b1:00:e1:61:
         cf:fa:03:47:a9:79:08:53:85:6b:32:37:14:54:ff:30:47:24:
         88:06:8d:25:f5:17:b2:19:75:68:21:71:53:85:e0:94:08:72:
         bf:d8:48:73:ef:d4:58:8c:5d:1b:18:8c:7f:ad:f1:32:06:f2:
         b6:fa:0a:cf:2b:03:54:ed:14:4c:5b:50:55:aa:c6:ec:4b:ab:
         0b:22:ce:0d:f5:ae:bf:5c:93:9d:13:36:c5:2a:78:e7:a5:43:
         fc:dd:0f:75:38:75:ec:8a:66:78:c8:5d:c7:81:1b:15:21:50:
         a4:e3:ca:62:30:37:48:04:d2:87:0e:f9:ab:a1:b3:a5:3c:dd:
         9e:08:d8:3d:6c:7d:c5:52:2b:58:3f:bd:eb:19:9f:0e:52:6c:
         5f:2d:fb:f9:8d:6f:d1:1c:31:53:3e:6a:4b:e1:45:18:a7:c5:
         3f:1f:c0:96:21:5b:62:06:b3:9f:3d:03:0f:25:dd:fb:f3:5c:
         fa:ba:2f:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRI4Dy55/3dy5FF55mPAXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTI0OWEwZWFjZDhhYmNiZWEwZDgyZWY3MTAxNmQzODZl
OGVmOTQwHhcNMjUwMTAxMjM0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmY0NjM5N2I5NzliMzZhZWU1ZGYyMTkwYjc3N2EzODEyMjViZTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZVPzTsa6bhVjtsB0VFiG3naXDXL
4boRIyc3eniy85L6TbVJBSnln3aJJ8XOB5Z/UG6AkBBaeQd4n++WdBJOPwJEyvrB
npWBP3NZ/x+UTMQz+3fW8Kx0N4c4XcCrh5wKiXV6GH7WY+sweTg+rh0SvCMmQ++m
Kos8ti6EgIrWWwbmhSji31qbq/AwGPVbEoABnSte0rQLAy50QFpsMtThEOou7BMB
DUXGyJvFKQYYSA5YPtFRy5nBe/GxXRhZ7XldhlaxbHKn4jdEAhkkue7BJXtsXgz3
XS0IooWYt7KccC/y2ZxsdCFO+jzI6bpvh4Dzxcr3s1d1efHdHqmGJSrskQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/0Y5e5ebNq7l3yGQt3ejgSJb48MB8GA1UdIwQY
MBaAFMaiSaDqzYq8vqDYLvcQFtOG6O+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2Ut
MjEwNTdkMjI4ZDA1LzEvYl9Samw3bDVzMnJ1WGZJWkMzZDZPQklsdmp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2UtMjEwNTdkMjI4ZDA1
LzEveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZ2eMA0G
CSqGSIb3DQEBCwUAA4IBAQB6d4LDaLJhFdVh0F6sYd6LM0KGiSmwfCQMqSCdYLT2
sEcwAo+46QGADUYYPRTzGtCc3TLthZXmDFjuaPKKFrPh41KM7bEA4WHP+gNHqXkI
U4VrMjcUVP8wRySIBo0l9ReyGXVoIXFTheCUCHK/2Ehz79RYjF0bGIx/rfEyBvK2
+grPKwNU7RRMW1BVqsbsS6sLIs4N9a6/XJOdEzbFKnjnpUP83Q91OHXsimZ4yF3H
gRsVIVCk48piMDdIBNKHDvmrobOlPN2eCNg9bH3FUitYP73rGZ8OUmxfLfv5jW/R
HDFTPmpL4UUYp8U/H8CWIVtiBrOfPQMPJd3781z6ui9e
-----END CERTIFICATE-----