Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/0e55d0-fafd-49c2-9c08-12c058bfacc1/1/U-j6AH3Jk894ib2lGr8hU_3DRF8.roa
File:                     U-j6AH3Jk894ib2lGr8hU_3DRF8.roa (raw, json)
Hash identifier:          w5lxC2CItXuabeADCVx84G8ZOzDwpOBIylCCN5VOoy4=
Subject key identifier:   53:E8:FA:00:7D:C9:93:CF:78:89:BD:A5:1A:BF:21:53:FD:C3:44:5F
Certificate issuer:       /CN=4a45472b550b34fdb01adcd510a9dcd821c9d991
Certificate serial:       019421B2560B4229515A9A4EC8F50CE69E60
Authority key identifier: 4A:45:47:2B:55:0B:34:FD:B0:1A:DC:D5:10:A9:DC:D8:21:C9:D9:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SkVHK1ULNP2wGtzVEKnc2CHJ2ZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/0e55d0-fafd-49c2-9c08-12c058bfacc1/1/U-j6AH3Jk894ib2lGr8hU_3DRF8.roa
Signing time:             Wed 01 Jan 2025 11:48:43 +0000
ROA not before:           Wed 01 Jan 2025 11:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        45.150.56.0/24 maxlen: 28
                          109.95.124.0/22 maxlen: 28
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/0e55d0-fafd-49c2-9c08-12c058bfacc1/1/SkVHK1ULNP2wGtzVEKnc2CHJ2ZE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/0e55d0-fafd-49c2-9c08-12c058bfacc1/1/SkVHK1ULNP2wGtzVEKnc2CHJ2ZE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SkVHK1ULNP2wGtzVEKnc2CHJ2ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 12:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:56:0b:42:29:51:5a:9a:4e:c8:f5:0c:e6:9e:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a45472b550b34fdb01adcd510a9dcd821c9d991
        Validity
            Not Before: Jan  1 11:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53e8fa007dc993cf7889bda51abf2153fdc3445f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ae:dd:cc:cb:56:ad:37:47:b3:6d:e0:f2:6e:
                    c0:ad:96:f4:eb:a5:53:df:0a:90:cc:8f:b8:15:4c:
                    f7:16:65:2e:21:94:a7:d8:ff:e9:63:a4:b4:9b:08:
                    8b:37:d2:ca:45:f0:1f:40:c2:e5:4b:02:a3:04:de:
                    85:36:c4:94:51:da:37:da:87:c0:e1:10:cb:9d:6f:
                    d2:3b:a8:34:cf:dd:96:d6:54:b5:5d:13:db:45:65:
                    e7:9c:0b:3c:35:ca:d9:c9:a6:77:ae:e5:66:2b:5f:
                    b9:8a:8d:e7:8a:3a:e4:b2:77:5b:51:6b:c9:44:f9:
                    8e:65:b3:a7:63:91:8d:01:6c:8b:22:db:e4:35:ce:
                    4c:f2:14:cb:2e:ee:2f:f2:30:77:97:16:b7:cd:3f:
                    5a:8b:0a:2d:15:ad:6b:1c:be:ba:2e:02:9c:cb:cb:
                    2d:7f:1b:97:cb:80:c6:64:ec:55:a9:ab:c9:99:cc:
                    89:09:4d:0a:5f:c7:6c:59:1e:b6:4c:3f:a9:59:26:
                    9f:bd:e0:10:7c:4e:7f:e5:b8:da:86:bd:da:7b:5b:
                    9a:e3:0d:53:cf:03:4f:fa:6a:6a:05:d0:bd:82:a7:
                    0f:d4:b7:1a:05:be:1b:a6:12:5a:23:2c:ef:3d:62:
                    dd:16:9c:b1:40:d4:21:3a:a6:b2:8c:0f:df:77:02:
                    5f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:E8:FA:00:7D:C9:93:CF:78:89:BD:A5:1A:BF:21:53:FD:C3:44:5F
            X509v3 Authority Key Identifier:
                keyid:4A:45:47:2B:55:0B:34:FD:B0:1A:DC:D5:10:A9:DC:D8:21:C9:D9:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SkVHK1ULNP2wGtzVEKnc2CHJ2ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/0e55d0-fafd-49c2-9c08-12c058bfacc1/1/U-j6AH3Jk894ib2lGr8hU_3DRF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/0e55d0-fafd-49c2-9c08-12c058bfacc1/1/SkVHK1ULNP2wGtzVEKnc2CHJ2ZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.56.0/24
                  109.95.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:2f:ec:a2:fd:9e:61:a8:b4:10:72:17:d6:50:2a:af:99:30:
         99:3d:98:86:8d:bb:b2:0c:fa:24:0c:90:c4:f8:66:07:6b:7e:
         43:80:ad:ca:e1:d7:4a:43:9c:2e:05:43:11:8e:97:b9:61:4c:
         53:36:a8:7f:a6:a5:39:30:2b:cc:ec:eb:37:f7:ab:7f:53:84:
         75:72:c7:7c:d4:2e:fd:95:32:f7:1b:db:73:69:a1:58:4a:89:
         7d:af:ba:ea:c8:40:f2:00:6c:4e:73:58:8d:0c:e2:d1:b8:69:
         e1:19:88:0c:93:cb:07:ba:16:5a:37:1f:88:a7:a6:23:17:b9:
         a8:21:fe:12:9a:4c:4d:08:ae:be:ef:14:70:41:12:57:0f:b1:
         f7:49:33:2f:f9:10:55:bf:35:d3:3d:e0:16:be:05:d0:cf:96:
         f9:47:11:1d:f4:31:e4:4e:e4:ca:b0:f0:82:fa:a0:08:89:a6:
         bd:a8:bb:e8:8a:c2:17:ff:3b:05:0f:05:fc:af:34:b1:8e:32:
         55:31:6a:e1:6f:b9:4a:bb:7a:22:1e:00:d7:2c:8c:6c:af:1f:
         f0:6c:75:14:c3:44:d5:3c:97:6f:a4:89:80:ff:bc:31:c8:48:
         bf:4e:21:06:15:1f:0b:5e:5e:e7:02:d6:88:52:75:15:e3:d1:
         64:3c:52:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhslYLQilRWppOyPUM5p5gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDU0NzJiNTUwYjM0ZmRiMDFhZGNkNTEwYTlkY2Q4MjFj
OWQ5OTEwHhcNMjUwMTAxMTE0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2U4ZmEwMDdkYzk5M2NmNzg4OWJkYTUxYWJmMjE1M2ZkYzM0NDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsq7dzMtWrTdHs23g8m7ArZb066VT
3wqQzI+4FUz3FmUuIZSn2P/pY6S0mwiLN9LKRfAfQMLlSwKjBN6FNsSUUdo32ofA
4RDLnW/SO6g0z92W1lS1XRPbRWXnnAs8NcrZyaZ3ruVmK1+5io3nijrksndbUWvJ
RPmOZbOnY5GNAWyLItvkNc5M8hTLLu4v8jB3lxa3zT9aiwotFa1rHL66LgKcy8st
fxuXy4DGZOxVqavJmcyJCU0KX8dsWR62TD+pWSafveAQfE5/5bjahr3ae1ua4w1T
zwNP+mpqBdC9gqcP1LcaBb4bphJaIyzvPWLdFpyxQNQhOqayjA/fdwJfpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFPo+gB9yZPPeIm9pRq/IVP9w0RfMB8GA1UdIwQY
MBaAFEpFRytVCzT9sBrc1RCp3NghydmRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tWSEsxVUxOUDJ3R3R6VkVLbmMyQ0hKMlpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8wZTU1ZDAtZmFmZC00OWMyLTljMDgt
MTJjMDU4YmZhY2MxLzEvVS1qNkFIM0prODk0aWIybEdyOGhVXzNEUkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8wZTU1ZDAtZmFmZC00OWMyLTljMDgtMTJjMDU4YmZhY2Mx
LzEvU2tWSEsxVUxOUDJ3R3R6VkVLbmMyQ0hKMlpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZY4AwQC
bV98MA0GCSqGSIb3DQEBCwUAA4IBAQBrL+yi/Z5hqLQQchfWUCqvmTCZPZiGjbuy
DPokDJDE+GYHa35DgK3K4ddKQ5wuBUMRjpe5YUxTNqh/pqU5MCvM7Os396t/U4R1
csd81C79lTL3G9tzaaFYSol9r7rqyEDyAGxOc1iNDOLRuGnhGYgMk8sHuhZaNx+I
p6YjF7moIf4SmkxNCK6+7xRwQRJXD7H3STMv+RBVvzXTPeAWvgXQz5b5RxEd9DHk
TuTKsPCC+qAIiaa9qLvoisIX/zsFDwX8rzSxjjJVMWrhb7lKu3oiHgDXLIxsrx/w
bHUUw0TVPJdvpImA/7wxyEi/TiEGFR8LXl7nAtaIUnUV49FkPFLd
-----END CERTIFICATE-----