Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/N9s3FIDwlFlxvMDT9ixFzTLpMSY.roa
File:                     N9s3FIDwlFlxvMDT9ixFzTLpMSY.roa (raw, json)
Hash identifier:          R5M8uxtwGmoMOdU+esAVcQD8JcNPdVPdOfq+BsBy2v8=
Subject key identifier:   37:DB:37:14:80:F0:94:59:71:BC:C0:D3:F6:2C:45:CD:32:E9:31:26
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       01966811105583AEE066B1DE4F97EC5D60AE
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/N9s3FIDwlFlxvMDT9ixFzTLpMSY.roa
Signing time:             Thu 24 Apr 2025 13:51:10 +0000
ROA not before:           Thu 24 Apr 2025 13:51:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57844
IP address blocks:        45.141.208.0/22 maxlen: 24
                          45.150.8.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 13:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:68:11:10:55:83:ae:e0:66:b1:de:4f:97:ec:5d:60:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Apr 24 13:51:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37db371480f0945971bcc0d3f62c45cd32e93126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:4d:8d:c2:16:66:b4:63:6a:5c:45:9d:6b:4f:
                    22:69:61:94:57:4d:e8:16:01:45:89:f1:bd:a6:9c:
                    bb:ec:f4:0a:96:d2:d8:35:b4:c6:15:ab:19:0a:d0:
                    b4:9a:07:f0:f4:c2:b1:46:93:c4:e7:ef:cf:d3:dd:
                    ad:ec:7c:55:3e:6e:41:82:72:a6:6d:34:31:8e:ad:
                    7c:86:49:b2:52:75:a4:3a:05:c2:9e:10:0c:58:60:
                    4e:e6:8b:51:32:84:b7:43:0f:c0:48:b6:a3:c3:d0:
                    d3:08:0d:34:f7:76:fb:88:46:dc:66:85:b5:b3:fc:
                    93:6f:a5:c7:84:9e:06:33:a9:ac:59:45:3d:f1:e2:
                    d6:75:bb:a5:33:7a:3e:c5:d6:ad:f6:dc:f9:e6:fc:
                    f5:dc:0d:bf:b8:e1:e2:1e:a7:d2:42:2a:e7:3c:89:
                    8f:a9:a9:6d:e2:1b:6f:05:6c:ce:4c:8d:29:40:c7:
                    f6:2f:82:67:d3:4c:6e:e2:ed:5a:9f:ef:e0:2f:14:
                    81:9e:96:a4:ef:28:4f:77:0c:05:4a:9a:00:2b:7d:
                    73:73:e3:db:b5:5b:d7:39:58:1a:a6:84:c2:51:0c:
                    e3:94:8d:b2:99:92:ae:7d:77:80:81:fb:a7:26:46:
                    a7:3a:fa:0d:1c:27:de:87:c1:59:98:b7:31:e8:95:
                    28:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:DB:37:14:80:F0:94:59:71:BC:C0:D3:F6:2C:45:CD:32:E9:31:26
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/N9s3FIDwlFlxvMDT9ixFzTLpMSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.208.0/22
                  45.150.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:6b:2c:ec:64:f4:f8:60:d3:4a:ce:a3:29:f3:0c:11:9b:2e:
         7d:0e:06:7c:49:1b:d0:1e:66:1a:67:09:c9:b7:4d:83:eb:80:
         f0:a5:72:ca:2a:6a:8f:0d:70:c3:27:92:a3:02:f6:a9:84:f7:
         0e:83:65:eb:74:dd:03:be:e9:3d:af:25:26:78:41:8a:54:3d:
         bf:59:aa:e9:10:7d:a8:e5:59:f9:0a:76:e5:56:c0:e8:97:77:
         7d:ef:84:0b:69:47:0d:0a:fa:c7:c5:78:3d:ac:90:97:a7:42:
         02:ab:96:2e:e1:c9:99:8d:f2:4f:28:8f:4a:ea:ce:6c:1e:42:
         ff:54:93:cb:e3:1b:ec:aa:5a:6d:bb:ae:98:6c:5e:4f:26:eb:
         45:a9:54:5a:95:84:be:f4:66:18:5f:3e:6b:c2:96:26:14:17:
         1c:03:36:71:1a:e7:30:90:9f:e0:6b:c5:0c:6c:a5:5c:81:4d:
         d4:a5:87:f8:92:b9:3e:b9:db:95:3a:f7:d6:70:46:1a:fb:01:
         39:dc:4f:fe:0d:be:28:0d:13:d4:96:df:a1:59:85:ef:5e:8c:
         b9:c9:53:5c:89:da:d2:32:64:bb:3f:86:6f:67:e6:cf:67:dc:
         1a:cc:36:57:0f:e4:5f:93:95:4d:e2:49:07:6b:c7:07:f8:24:
         41:b4:09:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZoERBVg67gZrHeT5fsXWCuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjUwNDI0MTM1MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2RiMzcxNDgwZjA5NDU5NzFiY2MwZDNmNjJjNDVjZDMyZTkzMTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+U2NwhZmtGNqXEWda08iaWGUV03o
FgFFifG9ppy77PQKltLYNbTGFasZCtC0mgfw9MKxRpPE5+/P092t7HxVPm5BgnKm
bTQxjq18hkmyUnWkOgXCnhAMWGBO5otRMoS3Qw/ASLajw9DTCA0093b7iEbcZoW1
s/yTb6XHhJ4GM6msWUU98eLWdbulM3o+xdat9tz55vz13A2/uOHiHqfSQirnPImP
qalt4htvBWzOTI0pQMf2L4Jn00xu4u1an+/gLxSBnpak7yhPdwwFSpoAK31zc+Pb
tVvXOVgapoTCUQzjlI2ymZKufXeAgfunJkanOvoNHCfeh8FZmLcx6JUo+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDfbNxSA8JRZcbzA0/YsRc0y6TEmMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvTjlzM0ZJRHdsRmx4dk1EVDlpeEZ6VExwTVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLY3QAwQC
LZYIMA0GCSqGSIb3DQEBCwUAA4IBAQAlayzsZPT4YNNKzqMp8wwRmy59DgZ8SRvQ
HmYaZwnJt02D64DwpXLKKmqPDXDDJ5KjAvaphPcOg2XrdN0Dvuk9ryUmeEGKVD2/
WarpEH2o5Vn5CnblVsDol3d974QLaUcNCvrHxXg9rJCXp0ICq5Yu4cmZjfJPKI9K
6s5sHkL/VJPL4xvsqlptu66YbF5PJutFqVRalYS+9GYYXz5rwpYmFBccAzZxGucw
kJ/ga8UMbKVcgU3UpYf4krk+uduVOvfWcEYa+wE53E/+Db4oDRPUlt+hWYXvXoy5
yVNcidrSMmS7P4ZvZ+bPZ9wazDZXD+Rfk5VN4kkHa8cH+CRBtAkB
-----END CERTIFICATE-----