Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/giL3oNLq5LlCGCmVEK_2yExG0oo.roa
File:                     giL3oNLq5LlCGCmVEK_2yExG0oo.roa (raw, json)
Hash identifier:          lL4ksYGuI5q/Exfwp/oEfUHxoqYJdAL1iZkd3OOs+z8=
Subject key identifier:   82:22:F7:A0:D2:EA:E4:B9:42:18:29:95:10:AF:F6:C8:4C:46:D2:8A
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0197597918EBFD517BBA3EC121AA84AD6863
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/giL3oNLq5LlCGCmVEK_2yExG0oo.roa
Signing time:             Tue 10 Jun 2025 10:53:17 +0000
ROA not before:           Tue 10 Jun 2025 10:53:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62103
IP address blocks:        45.11.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:59:79:18:eb:fd:51:7b:ba:3e:c1:21:aa:84:ad:68:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jun 10 10:53:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8222f7a0d2eae4b94218299510aff6c84c46d28a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:17:39:18:9b:d1:14:ad:f2:50:08:86:79:b8:
                    14:9e:6c:b0:57:e8:f0:6b:a8:e4:15:ce:6a:cc:73:
                    d5:02:b6:fc:92:d0:65:30:2e:54:30:10:d1:2b:71:
                    1a:b8:56:d6:95:5a:6a:12:b8:f3:9c:d2:9f:d1:05:
                    e5:22:21:9a:c8:bc:0a:06:d4:7c:6e:2e:1e:c7:bf:
                    3a:95:ca:ea:70:de:da:86:a2:55:d9:54:f5:29:bd:
                    40:6f:95:73:66:ab:de:9d:2a:77:48:70:4c:15:d4:
                    56:ff:28:9e:9f:42:d6:88:95:da:c7:a5:29:d6:ab:
                    3b:6c:c2:f5:a6:fc:19:e9:c4:e9:e4:6f:a4:dd:56:
                    5b:9e:f1:d6:f8:68:26:78:9d:63:ec:c0:dd:4a:34:
                    96:14:a7:ea:17:80:6f:d2:62:fd:41:37:46:bb:2e:
                    b3:1f:4d:81:ab:bb:3e:68:52:42:d7:f1:51:cb:b5:
                    61:d7:b6:a9:69:b3:0f:26:8e:93:5a:ac:5b:bc:73:
                    7f:85:c9:9a:7b:58:07:2c:d9:f8:ce:fe:fd:4a:5f:
                    67:86:dc:00:53:09:ba:1e:b1:0e:28:07:6c:d7:66:
                    85:54:a0:01:67:91:be:15:04:2d:aa:42:78:89:17:
                    8b:6a:70:5a:ed:08:43:ae:29:05:41:3b:f1:d1:e4:
                    f1:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:22:F7:A0:D2:EA:E4:B9:42:18:29:95:10:AF:F6:C8:4C:46:D2:8A
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/giL3oNLq5LlCGCmVEK_2yExG0oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:56:2a:bd:14:1e:8e:ac:26:4f:e0:a7:ca:d3:87:09:3a:22:
         4f:f0:0a:95:a4:ff:5f:3e:46:f7:a9:da:4e:54:89:0f:d2:37:
         3e:52:fa:1a:83:20:f2:12:97:d6:f1:5f:66:6c:c5:dc:15:6a:
         19:55:50:d3:aa:f0:99:4e:0f:4d:68:fc:7b:10:ab:e8:6c:7b:
         23:a7:04:7e:ad:f3:e1:f8:38:a8:a6:eb:9f:46:f7:9d:06:89:
         fe:c0:0a:e1:a4:ce:a3:4c:22:33:1d:72:41:60:3e:13:4d:40:
         31:8a:d6:76:7a:34:4e:4e:59:1c:1e:27:bb:c9:d0:08:e3:09:
         2d:38:b6:06:1f:6c:17:8b:e6:f1:53:a7:45:e4:ac:ad:53:56:
         ff:f5:cd:a5:ba:2e:ba:98:7a:47:e3:f2:85:3a:9f:e1:e5:66:
         a3:fe:2f:76:4d:ee:0f:8a:d0:09:25:77:49:a0:ed:67:a3:45:
         75:86:d5:d5:6e:aa:9e:c7:ba:74:c1:90:cc:45:fb:21:f0:8f:
         93:ad:fa:4a:8c:fd:6c:8b:35:78:57:59:c6:7a:fe:48:13:92:
         dc:2f:bf:23:c6:04:ae:52:1d:6a:39:64:1c:12:0c:2f:02:27:
         ed:8e:69:e5:dd:ad:9d:63:1a:6c:53:90:85:48:18:ad:71:f6:
         8d:c1:31:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdZeRjr/VF7uj7BIaqErWhjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwNjEwMTA1MzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjIyZjdhMGQyZWFlNGI5NDIxODI5OTUxMGFmZjZjODRjNDZkMjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhc5GJvRFK3yUAiGebgUnmywV+jw
a6jkFc5qzHPVArb8ktBlMC5UMBDRK3EauFbWlVpqErjznNKf0QXlIiGayLwKBtR8
bi4ex786lcrqcN7ahqJV2VT1Kb1Ab5VzZqvenSp3SHBMFdRW/yien0LWiJXax6Up
1qs7bML1pvwZ6cTp5G+k3VZbnvHW+GgmeJ1j7MDdSjSWFKfqF4Bv0mL9QTdGuy6z
H02Bq7s+aFJC1/FRy7Vh17apabMPJo6TWqxbvHN/hcmae1gHLNn4zv79Sl9nhtwA
Uwm6HrEOKAds12aFVKABZ5G+FQQtqkJ4iReLanBa7QhDrikFQTvx0eTxCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIIi96DS6uS5QhgplRCv9shMRtKKMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvZ2lMM29OTHE1TGxDR0NtVkVLXzJ5RXhHMG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQsXMA0G
CSqGSIb3DQEBCwUAA4IBAQBpViq9FB6OrCZP4KfK04cJOiJP8AqVpP9fPkb3qdpO
VIkP0jc+UvoagyDyEpfW8V9mbMXcFWoZVVDTqvCZTg9NaPx7EKvobHsjpwR+rfPh
+DiopuufRvedBon+wArhpM6jTCIzHXJBYD4TTUAxitZ2ejROTlkcHie7ydAI4wkt
OLYGH2wXi+bxU6dF5KytU1b/9c2lui66mHpH4/KFOp/h5Waj/i92Te4PitAJJXdJ
oO1no0V1htXVbqqex7p0wZDMRfsh8I+TrfpKjP1sizV4V1nGev5IE5LcL78jxgSu
Uh1qOWQcEgwvAiftjmnl3a2dYxpsU5CFSBitcfaNwTHa
-----END CERTIFICATE-----