Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/vrZXQ7c7SJqTI-Qy746C6GRBzTE.roa
File:                     vrZXQ7c7SJqTI-Qy746C6GRBzTE.roa (raw, json)
Hash identifier:          9B+Vq1Jvk9CfpjDUR+g8aVrltZw5klYMebxf6UUVTtw=
Subject key identifier:   BE:B6:57:43:B7:3B:48:9A:93:23:E4:32:EF:8E:82:E8:64:41:CD:31
Certificate issuer:       /CN=070483d3d62f19c0835746dcb721c8832c3b7926
Certificate serial:       01965EB51EAC80835936D6F9167829CC9297
Authority key identifier: 07:04:83:D3:D6:2F:19:C0:83:57:46:DC:B7:21:C8:83:2C:3B:79:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/vrZXQ7c7SJqTI-Qy746C6GRBzTE.roa
Signing time:             Tue 22 Apr 2025 18:14:10 +0000
ROA not before:           Tue 22 Apr 2025 18:14:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1239
IP address blocks:        45.85.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 08:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5e:b5:1e:ac:80:83:59:36:d6:f9:16:78:29:cc:92:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=070483d3d62f19c0835746dcb721c8832c3b7926
        Validity
            Not Before: Apr 22 18:14:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=beb65743b73b489a9323e432ef8e82e86441cd31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f2:0e:80:2e:4a:9f:f9:28:31:65:5d:69:6f:
                    84:f0:04:82:22:16:81:15:7d:39:f3:05:75:5d:ca:
                    75:36:8b:73:00:24:69:80:04:8c:36:fd:0e:dc:fc:
                    f7:65:a8:24:97:57:a5:15:87:72:ed:45:a8:97:cc:
                    da:4f:e2:1b:8d:85:a9:d8:2a:7d:c4:71:2b:48:f4:
                    8b:86:74:8d:68:7e:e3:78:80:41:be:74:ad:45:bf:
                    3a:97:d9:b2:c4:59:4f:7e:04:de:dd:b4:70:f3:48:
                    ec:5f:67:99:dc:8b:31:e5:e8:c5:66:5f:b0:18:06:
                    34:ec:04:bd:5a:7c:e8:27:77:46:ff:ab:3a:06:25:
                    98:43:fb:19:6a:f9:85:9f:4e:2e:72:b9:59:0e:76:
                    41:66:a5:2f:e9:78:ce:d9:2e:b7:74:86:0b:47:83:
                    c2:0f:90:4a:f0:1b:d6:a6:ae:b7:92:e4:b6:d0:97:
                    f2:22:8d:1c:a3:87:64:52:9a:00:97:29:db:ab:42:
                    91:63:df:02:f4:98:86:62:95:b2:48:cf:69:11:f1:
                    f1:f1:23:97:b3:18:56:db:d2:16:b7:af:20:59:c7:
                    2c:f4:cc:d2:bc:30:c7:dc:a1:a5:5b:e2:8d:97:7c:
                    63:03:cf:28:3e:15:94:65:76:32:e8:96:c6:ca:34:
                    d3:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:B6:57:43:B7:3B:48:9A:93:23:E4:32:EF:8E:82:E8:64:41:CD:31
            X509v3 Authority Key Identifier:
                keyid:07:04:83:D3:D6:2F:19:C0:83:57:46:DC:B7:21:C8:83:2C:3B:79:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/vrZXQ7c7SJqTI-Qy746C6GRBzTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:23:d7:4c:09:a2:5b:72:e4:de:ca:51:ba:d3:00:fb:bd:4b:
         f8:31:da:ea:e7:c8:fe:14:7e:81:ec:07:62:a6:0b:49:c9:64:
         5b:8b:9f:f2:a6:af:5b:00:7c:29:2d:f3:8b:e6:7b:96:b2:36:
         d7:f5:02:d9:41:a3:5b:58:19:70:0b:7a:0c:f2:02:e7:f6:51:
         5e:93:f0:bf:23:9f:09:2c:79:f7:78:fa:5d:f7:52:5b:55:09:
         bf:2c:53:16:54:e6:bd:2c:b0:74:2e:75:a6:60:fa:a1:54:50:
         5b:53:d0:e5:0d:ad:3f:f0:c5:a0:51:26:ef:ac:13:52:28:87:
         df:a0:f8:4e:3f:a5:d9:9a:68:18:e8:1f:9e:f3:23:a3:d1:51:
         b4:5f:93:21:e2:ec:71:66:35:e3:b3:e9:f6:a0:f1:3b:5f:a8:
         70:3a:db:2d:b4:ef:d4:9f:a3:0c:e5:cc:69:7d:3c:52:f7:f2:
         c6:c6:9d:e2:6c:ac:73:df:84:fd:39:2d:a1:23:0f:11:5e:6f:
         3f:5e:57:c2:64:2a:85:a1:ca:5d:ed:38:40:d5:7a:fa:0a:d9:
         a0:fb:dd:25:4d:a0:e2:37:3c:5e:28:10:38:a3:bb:9f:24:df:
         d7:67:a2:ff:8f:5f:5c:cc:0f:89:88:82:6d:1a:74:cf:50:56:
         31:26:70:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZetR6sgINZNtb5FngpzJKXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MDQ4M2QzZDYyZjE5YzA4MzU3NDZkY2I3MjFjODgzMmMz
Yjc5MjYwHhcNMjUwNDIyMTgxNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWI2NTc0M2I3M2I0ODlhOTMyM2U0MzJlZjhlODJlODY0NDFjZDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvIOgC5Kn/koMWVdaW+E8ASCIhaB
FX058wV1Xcp1NotzACRpgASMNv0O3Pz3Zagkl1elFYdy7UWol8zaT+IbjYWp2Cp9
xHErSPSLhnSNaH7jeIBBvnStRb86l9myxFlPfgTe3bRw80jsX2eZ3Isx5ejFZl+w
GAY07AS9WnzoJ3dG/6s6BiWYQ/sZavmFn04ucrlZDnZBZqUv6XjO2S63dIYLR4PC
D5BK8BvWpq63kuS20JfyIo0co4dkUpoAlynbq0KRY98C9JiGYpWySM9pEfHx8SOX
sxhW29IWt68gWccs9MzSvDDH3KGlW+KNl3xjA88oPhWUZXYy6JbGyjTTqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL62V0O3O0iakyPkMu+OguhkQc0xMB8GA1UdIwQY
MBaAFAcEg9PWLxnAg1dG3LchyIMsO3kmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQndTRDA5WXZHY0NEVjBiY3R5SElneXc3ZVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82NDUxYzEtMmJjZC00NDYzLWE3MDAt
ZDQ0MmM0ZjllOWJkLzEvdnJaWFE3YzdTSnFUSS1ReTc0NkM2R1JCelRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS82NDUxYzEtMmJjZC00NDYzLWE3MDAtZDQ0MmM0ZjllOWJk
LzEvQndTRDA5WXZHY0NEVjBiY3R5SElneXc3ZVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVXMMA0G
CSqGSIb3DQEBCwUAA4IBAQAzI9dMCaJbcuTeylG60wD7vUv4Mdrq58j+FH6B7Adi
pgtJyWRbi5/ypq9bAHwpLfOL5nuWsjbX9QLZQaNbWBlwC3oM8gLn9lFek/C/I58J
LHn3ePpd91JbVQm/LFMWVOa9LLB0LnWmYPqhVFBbU9DlDa0/8MWgUSbvrBNSKIff
oPhOP6XZmmgY6B+e8yOj0VG0X5Mh4uxxZjXjs+n2oPE7X6hwOtsttO/Un6MM5cxp
fTxS9/LGxp3ibKxz34T9OS2hIw8RXm8/XlfCZCqFocpd7ThA1Xr6Ctmg+90lTaDi
NzxeKBA4o7ufJN/XZ6L/j19czA+JiIJtGnTPUFYxJnA/
-----END CERTIFICATE-----