Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/3e9d1c-4b08-45c7-a9e8-927526e6f2d9/1/uXecHkITe3bY6-3ektwCD9ek34Q.roa
File:                     uXecHkITe3bY6-3ektwCD9ek34Q.roa (raw, json)
Hash identifier:          5+69NhDXNCJ8JAsANzmdkWv9h8VWfgURSoIbAe4jtSk=
Subject key identifier:   B9:77:9C:1E:42:13:7B:76:D8:EB:ED:DE:92:DC:02:0F:D7:A4:DF:84
Certificate issuer:       /CN=a0272902658e15cb34bd509c3950bade21a796d2
Certificate serial:       0194258F62C4A374B3EC1DB1B393F83F9657
Authority key identifier: A0:27:29:02:65:8E:15:CB:34:BD:50:9C:39:50:BA:DE:21:A7:96:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oCcpAmWOFcs0vVCcOVC63iGnltI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/3e9d1c-4b08-45c7-a9e8-927526e6f2d9/1/uXecHkITe3bY6-3ektwCD9ek34Q.roa
Signing time:             Thu 02 Jan 2025 05:49:01 +0000
ROA not before:           Thu 02 Jan 2025 05:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209382
IP address blocks:        45.67.236.0/22 maxlen: 24
                          2a09:7d40::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/3e9d1c-4b08-45c7-a9e8-927526e6f2d9/1/oCcpAmWOFcs0vVCcOVC63iGnltI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/3e9d1c-4b08-45c7-a9e8-927526e6f2d9/1/oCcpAmWOFcs0vVCcOVC63iGnltI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oCcpAmWOFcs0vVCcOVC63iGnltI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 05:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:62:c4:a3:74:b3:ec:1d:b1:b3:93:f8:3f:96:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0272902658e15cb34bd509c3950bade21a796d2
        Validity
            Not Before: Jan  2 05:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9779c1e42137b76d8ebedde92dc020fd7a4df84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:42:7e:97:f0:1b:2e:98:4a:3f:dd:24:ff:1d:
                    4c:42:28:ed:60:11:ec:59:7a:58:de:d3:2d:0d:46:
                    2e:df:6e:29:3f:62:c7:b7:0c:5c:02:48:cf:52:49:
                    d6:7a:84:51:f9:67:49:92:c0:1f:f4:3c:8a:11:d3:
                    d3:07:eb:4a:d0:5d:d6:86:91:f5:26:06:cc:de:54:
                    6f:c4:b3:92:49:0b:f2:b6:09:2f:93:4e:9b:dd:c1:
                    fa:8b:05:77:28:9a:5a:1c:cf:4e:98:50:74:1d:0d:
                    02:54:fb:2c:4a:0f:ae:08:1f:39:1e:5d:46:2a:2d:
                    4b:c9:81:2a:dd:1b:51:d8:1d:a0:d3:7b:7c:32:aa:
                    81:97:42:83:1d:0a:9e:80:9f:d3:3c:1c:2c:6e:04:
                    79:9a:d3:5c:68:a9:cf:5f:c9:dc:4f:93:fd:da:e3:
                    d4:5b:fb:67:3e:b4:26:8d:f2:83:66:e3:1e:08:1c:
                    45:fe:1a:27:5d:e1:e1:cf:09:77:03:5a:bf:bf:45:
                    f2:52:6e:b4:6e:6c:d9:a5:03:0c:85:b4:15:f8:4f:
                    f4:2b:90:97:23:51:db:eb:02:59:63:62:e2:73:37:
                    6c:80:44:57:0c:65:5f:40:9d:e3:1c:ad:1d:98:22:
                    f7:f7:94:b1:d3:e1:ec:2b:2b:f4:08:bb:df:12:0f:
                    08:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:77:9C:1E:42:13:7B:76:D8:EB:ED:DE:92:DC:02:0F:D7:A4:DF:84
            X509v3 Authority Key Identifier:
                keyid:A0:27:29:02:65:8E:15:CB:34:BD:50:9C:39:50:BA:DE:21:A7:96:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oCcpAmWOFcs0vVCcOVC63iGnltI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/3e9d1c-4b08-45c7-a9e8-927526e6f2d9/1/uXecHkITe3bY6-3ektwCD9ek34Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/3e9d1c-4b08-45c7-a9e8-927526e6f2d9/1/oCcpAmWOFcs0vVCcOVC63iGnltI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.236.0/22
                IPv6:
                  2a09:7d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         00:61:2b:e5:e4:22:b4:fc:07:8d:43:25:8c:1e:54:b9:c6:00:
         ee:a8:79:f9:03:61:e4:0a:d8:55:96:47:82:32:60:63:5b:d9:
         47:bb:5d:4f:1d:26:59:f1:5b:79:73:c5:f1:39:ff:de:db:04:
         b6:55:1f:8a:c9:44:f2:c1:23:8b:df:0a:8c:a2:88:00:4b:42:
         23:cc:65:b8:eb:22:31:fb:c6:f7:d6:7b:6a:fa:08:60:66:33:
         31:cc:71:20:69:af:e6:fb:49:38:7a:1c:6b:9d:af:e1:08:63:
         5d:29:17:21:69:e6:2c:9d:21:a0:0a:4a:f8:f7:d6:b1:58:cd:
         7c:59:58:13:c3:f7:39:31:f5:72:50:2c:e4:be:97:88:e1:9e:
         5d:c0:e0:46:54:e2:42:b7:27:b4:2a:c6:78:d1:f6:49:4e:4b:
         1d:65:89:46:c6:28:f8:e2:82:4d:ad:b8:16:6e:33:a8:40:59:
         10:b7:a3:5c:6d:4e:ae:5e:b7:a0:c5:0b:29:4f:8d:63:d4:1c:
         27:15:49:83:d0:eb:1f:09:13:2e:13:2d:93:76:33:4e:a3:7a:
         e8:58:b3:0b:70:73:fd:21:19:c1:da:4a:08:c5:5b:bc:2b:a0:
         c4:1c:7b:27:9b:1a:40:77:15:f1:39:fe:9f:d4:6c:74:74:fe:
         96:3f:c4:e1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj2LEo3Sz7B2xs5P4P5ZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMjcyOTAyNjU4ZTE1Y2IzNGJkNTA5YzM5NTBiYWRlMjFh
Nzk2ZDIwHhcNMjUwMTAyMDU0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTc3OWMxZTQyMTM3Yjc2ZDhlYmVkZGU5MmRjMDIwZmQ3YTRkZjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEJ+l/AbLphKP90k/x1MQijtYBHs
WXpY3tMtDUYu324pP2LHtwxcAkjPUknWeoRR+WdJksAf9DyKEdPTB+tK0F3WhpH1
JgbM3lRvxLOSSQvytgkvk06b3cH6iwV3KJpaHM9OmFB0HQ0CVPssSg+uCB85Hl1G
Ki1LyYEq3RtR2B2g03t8MqqBl0KDHQqegJ/TPBwsbgR5mtNcaKnPX8ncT5P92uPU
W/tnPrQmjfKDZuMeCBxF/honXeHhzwl3A1q/v0XyUm60bmzZpQMMhbQV+E/0K5CX
I1Hb6wJZY2LiczdsgERXDGVfQJ3jHK0dmCL395Sx0+HsKyv0CLvfEg8IzQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLl3nB5CE3t22Ovt3pLcAg/XpN+EMB8GA1UdIwQY
MBaAFKAnKQJljhXLNL1QnDlQut4hp5bSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0NjcEFtV09GY3MwdlZDY09WQzYzaUdubHRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8zZTlkMWMtNGIwOC00NWM3LWE5ZTgt
OTI3NTI2ZTZmMmQ5LzEvdVhlY0hrSVRlM2JZNi0zZWt0d0NEOWVrMzRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8zZTlkMWMtNGIwOC00NWM3LWE5ZTgtOTI3NTI2ZTZmMmQ5
LzEvb0NjcEFtV09GY3MwdlZDY09WQzYzaUdubHRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLUPsMA0E
AgACMAcDBQAqCX1AMA0GCSqGSIb3DQEBCwUAA4IBAQAAYSvl5CK0/AeNQyWMHlS5
xgDuqHn5A2HkCthVlkeCMmBjW9lHu11PHSZZ8Vt5c8XxOf/e2wS2VR+KyUTywSOL
3wqMoogAS0IjzGW46yIx+8b31ntq+ghgZjMxzHEgaa/m+0k4ehxrna/hCGNdKRch
aeYsnSGgCkr499axWM18WVgTw/c5MfVyUCzkvpeI4Z5dwOBGVOJCtye0KsZ40fZJ
TksdZYlGxij44oJNrbgWbjOoQFkQt6NcbU6uXregxQspT41j1BwnFUmD0OsfCRMu
Ey2TdjNOo3roWLMLcHP9IRnB2koIxVu8K6DEHHsnmxpAdxXxOf6f1Gx0dP6WP8Th
-----END CERTIFICATE-----