Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/YTqsp-bDS6isLOGJU0xhg0le6cI.roa
File:                     YTqsp-bDS6isLOGJU0xhg0le6cI.roa (raw, json)
Hash identifier:          a1HM/lPyrTg7mdxix7m4hKucduA445LCuA9MNgxtSd0=
Subject key identifier:   61:3A:AC:A7:E6:C3:4B:A8:AC:2C:E1:89:53:4C:61:83:49:5E:E9:C2
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01976581D905E65198E6B61F341610715F4E
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/YTqsp-bDS6isLOGJU0xhg0le6cI.roa
Signing time:             Thu 12 Jun 2025 18:58:17 +0000
ROA not before:           Thu 12 Jun 2025 18:58:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        45.88.144.0/22 maxlen: 22
                          146.19.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:65:81:d9:05:e6:51:98:e6:b6:1f:34:16:10:71:5f:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun 12 18:58:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=613aaca7e6c34ba8ac2ce189534c6183495ee9c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:e1:47:c3:d8:5b:d1:2a:a0:64:2c:bc:bb:4b:
                    35:57:a9:f6:99:94:30:ef:13:67:8b:e4:c4:0a:b4:
                    ac:99:b5:b2:a4:d7:4e:fe:c9:6d:23:c6:43:d6:50:
                    3c:19:2d:f5:a2:9c:08:ac:f9:8d:ef:34:90:3c:f7:
                    f9:7a:20:5d:82:0a:8f:2f:a4:29:1d:6b:97:0b:25:
                    cb:61:d0:8b:a3:39:5d:8a:f2:c1:f6:01:20:a9:88:
                    5f:4b:bc:9f:e8:ef:6a:b4:27:45:41:ca:c8:2c:c9:
                    02:45:06:c7:4b:e3:d0:a4:c8:74:70:9b:d5:73:89:
                    28:a0:c3:61:e2:02:86:a1:12:f4:3a:f8:2b:57:87:
                    42:8e:4a:aa:b4:24:5c:17:1a:bc:50:1e:62:32:1d:
                    9c:a2:19:d1:82:ca:d0:82:3c:2c:1a:bc:5b:31:5a:
                    53:70:63:d7:37:9e:56:ca:b0:c4:72:b8:f5:f9:7c:
                    9b:21:99:9d:77:8b:cb:40:d5:57:c6:52:5b:f2:e8:
                    5b:dd:9b:91:93:78:a1:5f:eb:ea:f1:c3:47:08:2d:
                    e3:2e:14:ce:6f:36:53:fb:52:28:c6:a6:38:0e:7e:
                    a3:26:4a:ef:eb:43:b9:c7:dd:c0:e7:fb:c1:3a:55:
                    b5:59:36:3c:ba:ab:ff:db:d1:f2:7e:1e:7f:6c:59:
                    0b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:3A:AC:A7:E6:C3:4B:A8:AC:2C:E1:89:53:4C:61:83:49:5E:E9:C2
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/YTqsp-bDS6isLOGJU0xhg0le6cI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.144.0/22
                  146.19.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:4b:dd:ce:99:b5:f8:31:7f:bf:cf:6d:be:0f:0a:fd:fd:99:
         68:59:93:1e:f8:3f:b4:de:ba:be:e8:bb:fe:e6:2a:30:96:06:
         a6:7e:32:62:73:c4:f8:aa:bc:f6:aa:d7:86:55:15:92:4b:54:
         28:0f:f3:bb:7e:61:8e:75:50:9e:a2:e1:cd:90:c0:e5:c9:ae:
         64:81:3e:05:d2:ab:ef:9d:76:78:ae:e8:d5:97:46:68:aa:c3:
         d0:b2:51:aa:f0:5f:96:01:df:57:87:60:1c:93:77:6a:eb:66:
         4a:00:95:c6:2d:c5:fe:51:5e:b0:dc:18:35:c7:d6:a6:21:ac:
         98:c3:d3:dd:75:c7:e6:6a:11:0b:55:01:97:60:4c:c3:a2:9f:
         f5:0d:cc:a3:6c:dc:b0:10:ba:2c:44:4d:e0:ff:39:a4:99:71:
         aa:f4:c0:0e:47:26:d2:47:ec:54:94:4e:a9:09:3a:1a:ac:cf:
         6b:8d:29:a7:ec:24:15:01:fa:43:b3:c2:c1:79:85:b8:f8:94:
         40:6b:12:ba:8f:75:94:3e:8c:79:9b:c8:e4:32:74:4b:60:00:
         f6:d4:c4:a7:89:e2:39:40:c6:06:9b:17:a7:ba:0a:02:7c:d8:
         79:e8:9a:21:01:7c:54:2a:98:55:e1:35:23:fa:59:18:98:35:
         e8:88:b1:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdlgdkF5lGY5rYfNBYQcV9OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNjEyMTg1ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTNhYWNhN2U2YzM0YmE4YWMyY2UxODk1MzRjNjE4MzQ5NWVlOWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OFHw9hb0SqgZCy8u0s1V6n2mZQw
7xNni+TECrSsmbWypNdO/sltI8ZD1lA8GS31opwIrPmN7zSQPPf5eiBdggqPL6Qp
HWuXCyXLYdCLozldivLB9gEgqYhfS7yf6O9qtCdFQcrILMkCRQbHS+PQpMh0cJvV
c4kooMNh4gKGoRL0OvgrV4dCjkqqtCRcFxq8UB5iMh2cohnRgsrQgjwsGrxbMVpT
cGPXN55WyrDEcrj1+XybIZmdd4vLQNVXxlJb8uhb3ZuRk3ihX+vq8cNHCC3jLhTO
bzZT+1IoxqY4Dn6jJkrv60O5x93A5/vBOlW1WTY8uqv/29Hyfh5/bFkLLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGE6rKfmw0uorCzhiVNMYYNJXunCMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvWVRxc3AtYkRTNmlzTE9HSlUweGhnMGxlNmNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLViQAwQA
khMVMA0GCSqGSIb3DQEBCwUAA4IBAQCmS93OmbX4MX+/z22+Dwr9/ZloWZMe+D+0
3rq+6Lv+5iowlgamfjJic8T4qrz2qteGVRWSS1QoD/O7fmGOdVCeouHNkMDlya5k
gT4F0qvvnXZ4rujVl0ZoqsPQslGq8F+WAd9Xh2Ack3dq62ZKAJXGLcX+UV6w3Bg1
x9amIayYw9PddcfmahELVQGXYEzDop/1DcyjbNywELosRE3g/zmkmXGq9MAORybS
R+xUlE6pCToarM9rjSmn7CQVAfpDs8LBeYW4+JRAaxK6j3WUPox5m8jkMnRLYAD2
1MSnieI5QMYGmxenugoCfNh56JohAXxUKphV4TUj+lkYmDXoiLGY
-----END CERTIFICATE-----