Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/hBZ5Ns-SiN-nG8d-EmzaCaeG4zE.roa
File:                     hBZ5Ns-SiN-nG8d-EmzaCaeG4zE.roa (raw, json)
Hash identifier:          6Xjd02fL93neU+dbIBUaMQgxsX5sztWMPYRaYdkt9oo=
Subject key identifier:   84:16:79:36:CF:92:88:DF:A7:1B:C7:7E:12:6C:DA:09:A7:86:E3:31
Certificate issuer:       /CN=7d5695786f8450d1041dc88ad892cbb570d5972b
Certificate serial:       019663446B34E429E271E19A62480BEE3F93
Authority key identifier: 7D:56:95:78:6F:84:50:D1:04:1D:C8:8A:D8:92:CB:B5:70:D5:97:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/hBZ5Ns-SiN-nG8d-EmzaCaeG4zE.roa
Signing time:             Wed 23 Apr 2025 15:29:10 +0000
ROA not before:           Wed 23 Apr 2025 15:29:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        45.11.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 06:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:63:44:6b:34:e4:29:e2:71:e1:9a:62:48:0b:ee:3f:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d5695786f8450d1041dc88ad892cbb570d5972b
        Validity
            Not Before: Apr 23 15:29:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84167936cf9288dfa71bc77e126cda09a786e331
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:4c:dc:95:32:fb:d2:8b:d2:2d:5f:67:8c:13:
                    ac:c4:6f:c2:86:9d:55:0b:ed:f7:7f:d7:fa:e9:58:
                    58:8a:7a:3e:ed:d6:a3:4f:4a:8b:1c:e7:49:19:39:
                    6c:de:fa:b6:a6:d5:21:57:ae:5c:de:70:f3:93:01:
                    48:22:47:de:91:21:34:c0:97:8e:08:65:07:b4:c3:
                    28:2e:9b:e9:22:94:1d:57:b6:d4:49:1f:6f:49:9a:
                    e3:7d:81:72:24:fe:28:89:63:59:a3:7f:3c:16:36:
                    db:3f:7f:9c:cd:b5:79:37:af:f3:3c:cf:23:c5:9b:
                    15:ba:5c:cb:59:54:41:89:f9:4a:de:aa:09:17:19:
                    7b:0c:4d:9f:96:67:be:d1:33:81:09:32:84:7a:8c:
                    24:4f:f9:0d:5f:1a:af:c9:7a:fb:b4:26:a2:2a:ba:
                    e6:fd:c9:e8:03:3d:e1:0e:fd:b6:4e:42:e9:8b:e7:
                    ba:d9:38:33:42:e5:2c:d9:2e:c1:1a:d9:d5:1b:fb:
                    21:d0:28:6f:af:3e:03:72:cf:56:1f:2e:8f:da:fd:
                    6c:ff:82:3f:86:01:8f:0d:73:30:7b:5a:24:5b:2a:
                    ba:05:40:13:70:0b:7a:d9:ff:ee:27:b7:41:cc:d4:
                    47:15:f1:56:34:02:19:dd:a0:7b:72:5e:31:7f:69:
                    8a:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:16:79:36:CF:92:88:DF:A7:1B:C7:7E:12:6C:DA:09:A7:86:E3:31
            X509v3 Authority Key Identifier:
                keyid:7D:56:95:78:6F:84:50:D1:04:1D:C8:8A:D8:92:CB:B5:70:D5:97:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/hBZ5Ns-SiN-nG8d-EmzaCaeG4zE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:08:84:66:71:17:ce:84:21:46:90:0e:aa:50:4a:52:63:17:
         73:d7:f5:af:18:61:1f:be:2c:59:04:47:4e:0b:61:d6:02:85:
         e2:a5:d1:56:b4:17:4a:cd:7e:4a:55:54:46:36:fe:bc:0a:26:
         3f:61:b6:c8:e6:0b:78:e2:85:a8:ef:62:60:9a:2d:c0:46:4f:
         51:7a:dd:f9:68:94:4c:f3:8d:99:ad:5d:50:3b:98:91:55:53:
         ae:64:f4:b9:e9:18:06:27:32:dc:1b:09:19:d5:31:16:b2:a4:
         e9:90:d6:18:6c:cb:ff:ef:2d:cc:0b:33:cb:b4:92:64:9e:24:
         73:ac:14:c0:5e:f2:de:25:35:15:be:4c:af:57:94:4a:4d:0a:
         04:dc:51:c2:49:2c:97:fa:54:77:f9:03:5a:e6:9a:ae:4f:a3:
         a5:32:05:c8:2a:cc:f7:0e:37:cc:14:a1:8a:45:86:a1:c8:13:
         87:a2:35:57:09:d2:7a:85:b9:47:1c:0f:60:3d:25:de:79:d7:
         ae:87:17:a8:43:43:a4:4f:ec:c5:0a:d7:8b:90:7c:02:58:53:
         86:ad:36:88:c8:b9:3f:79:dd:26:1a:19:fb:fb:97:8e:35:82:
         8c:d7:fb:3e:31:d9:66:b3:20:96:c3:38:34:05:c7:4b:6c:28:
         a4:c2:e4:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZjRGs05CniceGaYkgL7j+TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTY5NTc4NmY4NDUwZDEwNDFkYzg4YWQ4OTJjYmI1NzBk
NTk3MmIwHhcNMjUwNDIzMTUyOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDE2NzkzNmNmOTI4OGRmYTcxYmM3N2UxMjZjZGEwOWE3ODZlMzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUzclTL70ovSLV9njBOsxG/Chp1V
C+33f9f66VhYino+7dajT0qLHOdJGTls3vq2ptUhV65c3nDzkwFIIkfekSE0wJeO
CGUHtMMoLpvpIpQdV7bUSR9vSZrjfYFyJP4oiWNZo388FjbbP3+czbV5N6/zPM8j
xZsVulzLWVRBiflK3qoJFxl7DE2flme+0TOBCTKEeowkT/kNXxqvyXr7tCaiKrrm
/cnoAz3hDv22TkLpi+e62TgzQuUs2S7BGtnVG/sh0Chvrz4Dcs9WHy6P2v1s/4I/
hgGPDXMwe1okWyq6BUATcAt62f/uJ7dBzNRHFfFWNAIZ3aB7cl4xf2mKDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQWeTbPkojfpxvHfhJs2gmnhuMxMB8GA1UdIwQY
MBaAFH1WlXhvhFDRBB3IitiSy7Vw1ZcrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZhVmVHLUVVTkVFSGNpSzJKTEx0WERWbHlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8zMTdhYTctZTJhZC00YTg1LWIzZDIt
NjNiMzM4MDhhNmE4LzEvaEJaNU5zLVNpTi1uRzhkLUVtemFDYWVHNHpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8zMTdhYTctZTJhZC00YTg1LWIzZDItNjNiMzM4MDhhNmE4
LzEvZlZhVmVHLUVVTkVFSGNpSzJKTEx0WERWbHlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQusMA0G
CSqGSIb3DQEBCwUAA4IBAQAPCIRmcRfOhCFGkA6qUEpSYxdz1/WvGGEfvixZBEdO
C2HWAoXipdFWtBdKzX5KVVRGNv68CiY/YbbI5gt44oWo72Jgmi3ARk9Ret35aJRM
842ZrV1QO5iRVVOuZPS56RgGJzLcGwkZ1TEWsqTpkNYYbMv/7y3MCzPLtJJkniRz
rBTAXvLeJTUVvkyvV5RKTQoE3FHCSSyX+lR3+QNa5pquT6OlMgXIKsz3DjfMFKGK
RYahyBOHojVXCdJ6hblHHA9gPSXeedeuhxeoQ0OkT+zFCteLkHwCWFOGrTaIyLk/
ed0mGhn7+5eONYKM1/s+MdlmsyCWwzg0BcdLbCikwuST
-----END CERTIFICATE-----