Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/aKD3hcB9C5yMAcSqmW6f9QOwaHQ.roa
File:                     aKD3hcB9C5yMAcSqmW6f9QOwaHQ.roa (raw, json)
Hash identifier:          sPbLFI4V1a60B2tLmjr7UwTklRBYseXpDwU9aUGzLek=
Subject key identifier:   68:A0:F7:85:C0:7D:0B:9C:8C:01:C4:AA:99:6E:9F:F5:03:B0:68:74
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       019662BA2D67ED27D0B76636E53B77823BE0
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/aKD3hcB9C5yMAcSqmW6f9QOwaHQ.roa
Signing time:             Wed 23 Apr 2025 12:58:10 +0000
ROA not before:           Wed 23 Apr 2025 12:58:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     264617
IP address blocks:        45.123.145.0/24 maxlen: 24
                          103.196.10.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:62:ba:2d:67:ed:27:d0:b7:66:36:e5:3b:77:82:3b:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: Apr 23 12:58:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68a0f785c07d0b9c8c01c4aa996e9ff503b06874
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:09:ed:b9:59:f8:44:40:cb:2d:9b:27:0a:31:
                    34:82:1d:ef:0a:e3:51:77:de:fc:41:6f:39:c9:45:
                    27:31:fa:7f:a8:b3:72:6c:f9:f5:e2:f9:fe:e2:e0:
                    88:4a:32:85:0a:21:1d:c7:ec:9d:af:b9:f9:bb:94:
                    83:7f:ec:40:7b:35:5b:64:c6:d3:b6:68:ee:2d:46:
                    2d:2a:2c:cf:27:97:54:40:82:50:47:c5:4f:af:49:
                    bf:9f:9d:fa:b1:aa:2c:d3:2f:8c:ee:a2:08:68:ea:
                    f1:de:ca:d1:c6:68:c2:33:b6:54:cc:59:9a:09:e0:
                    aa:94:ce:26:a8:99:76:dc:4a:52:a6:4d:09:bb:bd:
                    f2:3d:6b:e6:cc:c7:a6:1e:b9:40:ca:28:bb:24:52:
                    bd:25:ee:db:d4:02:e2:ad:76:d2:57:33:57:41:b3:
                    36:5f:fb:d6:8a:dc:dd:93:bb:b2:f6:c7:33:79:44:
                    ff:6f:d6:14:18:bb:bf:77:af:3c:31:29:07:22:3f:
                    c5:99:a5:08:99:14:bf:58:48:33:e5:c1:e1:df:24:
                    9f:0d:b0:7b:31:35:77:fe:82:55:18:da:1b:f4:ee:
                    ce:67:77:53:03:ed:d0:f5:f1:05:c4:f7:06:62:1e:
                    ca:3b:37:6a:15:90:90:46:0a:8c:c7:5a:b1:db:38:
                    98:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:A0:F7:85:C0:7D:0B:9C:8C:01:C4:AA:99:6E:9F:F5:03:B0:68:74
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/aKD3hcB9C5yMAcSqmW6f9QOwaHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.123.145.0/24
                  103.196.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:72:70:0b:66:bd:2b:1f:c0:8b:fe:b0:87:0a:e8:11:06:d4:
         f7:8b:1e:9e:06:50:a9:48:54:3a:12:c4:2f:dd:73:ea:21:e0:
         c2:3f:d3:bb:96:0e:ce:82:fa:a0:aa:91:28:1b:78:af:13:db:
         42:66:06:e5:e1:9e:39:03:32:95:8e:0c:f7:a1:29:96:60:6d:
         06:76:57:f8:18:d2:36:19:79:d3:f3:a9:4a:b9:90:c2:f8:bf:
         18:55:59:ec:69:0c:7e:74:f1:63:81:91:aa:db:d4:18:63:16:
         44:ec:dc:8d:ce:71:13:97:ff:09:ca:39:19:61:90:68:5e:a1:
         eb:93:77:ff:22:d8:e5:13:93:5f:28:7c:53:89:c3:f9:85:9e:
         f7:a0:86:2b:03:e0:12:4f:81:db:b4:5f:0b:ec:93:86:4e:bb:
         9c:43:61:0b:ff:33:0c:b9:59:e3:7d:43:53:0d:5e:99:16:29:
         db:8b:8c:2d:75:90:14:28:e1:6b:55:a4:c9:17:59:15:05:67:
         f2:30:81:28:78:14:eb:59:b2:66:27:7f:22:20:fd:f5:41:3d:
         31:ac:41:13:0e:ed:60:0b:9b:ec:47:ed:ad:c0:1b:ae:c2:3b:
         57:39:9c:7c:c3:82:ee:63:7d:5f:80:df:af:e4:e7:b0:33:c3:
         5d:36:c0:c9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZiui1n7SfQt2Y25Tt3gjvgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjUwNDIzMTI1ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGEwZjc4NWMwN2QwYjljOGMwMWM0YWE5OTZlOWZmNTAzYjA2ODc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQntuVn4REDLLZsnCjE0gh3vCuNR
d978QW85yUUnMfp/qLNybPn14vn+4uCISjKFCiEdx+ydr7n5u5SDf+xAezVbZMbT
tmjuLUYtKizPJ5dUQIJQR8VPr0m/n536saos0y+M7qIIaOrx3srRxmjCM7ZUzFma
CeCqlM4mqJl23EpSpk0Ju73yPWvmzMemHrlAyii7JFK9Je7b1ALirXbSVzNXQbM2
X/vWitzdk7uy9sczeUT/b9YUGLu/d688MSkHIj/FmaUImRS/WEgz5cHh3ySfDbB7
MTV3/oJVGNob9O7OZ3dTA+3Q9fEFxPcGYh7KOzdqFZCQRgqMx1qx2ziY+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGig94XAfQucjAHEqplun/UDsGh0MB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvYUtEM2hjQjlDNXlNQWNTcW1XNmY5UU93YUhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALXuRAwQB
Z8QKMA0GCSqGSIb3DQEBCwUAA4IBAQCecnALZr0rH8CL/rCHCugRBtT3ix6eBlCp
SFQ6EsQv3XPqIeDCP9O7lg7OgvqgqpEoG3ivE9tCZgbl4Z45AzKVjgz3oSmWYG0G
dlf4GNI2GXnT86lKuZDC+L8YVVnsaQx+dPFjgZGq29QYYxZE7NyNznETl/8JyjkZ
YZBoXqHrk3f/ItjlE5NfKHxTicP5hZ73oIYrA+AST4HbtF8L7JOGTrucQ2EL/zMM
uVnjfUNTDV6ZFinbi4wtdZAUKOFrVaTJF1kVBWfyMIEoeBTrWbJmJ38iIP31QT0x
rEETDu1gC5vsR+2twBuuwjtXOZx8w4LuY31fgN+v5OewM8NdNsDJ
-----END CERTIFICATE-----