Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/l2sQI2kIfw7Qk5M-1_S91gHcxwg.roa
File:                     l2sQI2kIfw7Qk5M-1_S91gHcxwg.roa (raw, json)
Hash identifier:          ChOC3F775GRHKD1BnL2UZEcRcy5R5qW/aHDpTQ0+OAg=
Subject key identifier:   97:6B:10:23:69:08:7F:0E:D0:93:93:3E:D7:F4:BD:D6:01:DC:C7:08
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       019607BDEE2E8DD194B22183ACDD4205D10E
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/l2sQI2kIfw7Qk5M-1_S91gHcxwg.roa
Signing time:             Sat 05 Apr 2025 20:56:49 +0000
ROA not before:           Sat 05 Apr 2025 20:56:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.149.94.0/24 maxlen: 24
                          80.246.230.0/24 maxlen: 24
                          80.246.232.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:07:bd:ee:2e:8d:d1:94:b2:21:83:ac:dd:42:05:d1:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Apr  5 20:56:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=976b102369087f0ed093933ed7f4bdd601dcc708
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:1d:98:02:8f:b3:96:66:9d:a1:77:21:de:cf:
                    56:16:ca:13:66:43:0f:27:64:e1:ba:04:0a:a0:d8:
                    8a:37:d9:04:32:d3:81:3b:98:e6:eb:dd:4a:80:87:
                    cc:98:56:7c:e8:2b:a3:ba:b3:3e:21:b9:b1:b5:f6:
                    32:fe:7c:0d:d7:9e:2f:17:81:fd:24:d4:96:ea:60:
                    ef:07:9a:e7:26:48:f0:05:2e:44:9e:84:fb:b0:aa:
                    21:12:bc:fa:27:cd:22:ac:77:8a:0f:df:76:a0:40:
                    de:18:4f:8a:c5:98:58:3b:da:6c:ab:89:eb:a8:fd:
                    61:b3:2a:fc:18:c6:af:74:c1:30:19:be:46:6c:09:
                    25:12:a6:01:5a:04:ea:a6:c4:bf:9b:03:27:11:60:
                    66:04:bb:da:89:06:db:a7:1e:dd:3d:ff:2f:c4:41:
                    9d:9f:8a:f2:38:c3:81:4f:81:60:77:7a:55:0d:ab:
                    65:4d:1f:cf:1c:d0:78:52:d0:d9:18:37:18:ba:74:
                    94:c4:01:df:80:3a:d2:80:90:9e:97:f7:d0:ea:d1:
                    61:32:03:a2:47:fe:eb:dc:68:a5:9c:1f:73:c5:ca:
                    4e:09:cb:dd:d3:e5:fb:eb:23:8d:ff:df:0b:f8:42:
                    52:44:0f:8e:e4:48:86:13:65:c9:3e:c8:72:f4:27:
                    10:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:6B:10:23:69:08:7F:0E:D0:93:93:3E:D7:F4:BD:D6:01:DC:C7:08
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/l2sQI2kIfw7Qk5M-1_S91gHcxwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.94.0/24
                  80.246.230.0/24
                  80.246.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         72:5d:d2:6e:b4:2a:5a:9d:dc:59:08:53:d6:b2:60:9c:c5:42:
         fe:8d:f8:8f:04:55:19:59:3e:69:00:87:10:97:d8:19:a4:73:
         7c:aa:65:db:9c:cf:6c:e0:d6:62:12:91:d7:c8:77:f4:38:3c:
         45:34:bc:9f:61:cc:80:61:7c:b6:bc:fe:0a:3c:84:6d:b1:4f:
         ce:cd:92:f2:a0:68:33:7e:43:34:a4:5b:01:25:ad:78:d0:ea:
         b1:2c:3c:06:b4:14:b4:33:ee:c9:36:e5:3f:84:7a:b3:35:8d:
         e5:b3:78:8c:90:e7:03:3a:83:03:85:f6:ae:c7:30:29:22:d2:
         ab:46:9e:2c:73:f1:33:b9:ce:2d:b2:4c:52:00:33:21:5a:51:
         b1:85:01:5a:86:15:fb:90:e1:53:1f:72:bb:ad:de:b5:05:14:
         ef:24:5c:06:f1:83:37:05:fd:b7:3b:f5:90:e2:6a:74:30:9e:
         bd:d2:b3:c3:e9:1d:99:47:4b:23:7f:6c:10:52:04:24:a8:43:
         68:1b:8c:2f:7c:3f:8c:57:a1:f4:93:72:71:33:5d:e3:e2:a8:
         45:fa:5e:e4:b0:39:73:4a:76:d0:cb:21:c8:b8:72:09:81:3e:
         78:3a:64:89:cc:a4:19:ab:28:6b:b2:90:1c:63:5f:58:2b:6e:
         30:ca:a8:af
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZYHve4ujdGUsiGDrN1CBdEOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjUwNDA1MjA1NjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzZiMTAyMzY5MDg3ZjBlZDA5MzkzM2VkN2Y0YmRkNjAxZGNjNzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1x2YAo+zlmadoXch3s9WFsoTZkMP
J2ThugQKoNiKN9kEMtOBO5jm691KgIfMmFZ86CujurM+IbmxtfYy/nwN154vF4H9
JNSW6mDvB5rnJkjwBS5EnoT7sKohErz6J80irHeKD992oEDeGE+KxZhYO9psq4nr
qP1hsyr8GMavdMEwGb5GbAklEqYBWgTqpsS/mwMnEWBmBLvaiQbbpx7dPf8vxEGd
n4ryOMOBT4Fgd3pVDatlTR/PHNB4UtDZGDcYunSUxAHfgDrSgJCel/fQ6tFhMgOi
R/7r3GilnB9zxcpOCcvd0+X76yON/98L+EJSRA+O5EiGE2XJPshy9CcQWQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJdrECNpCH8O0JOTPtf0vdYB3McIMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvbDJzUUkya0lmdzdRazVNLTFfUzkxZ0hjeHdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALZVeAwQA
UPbmAwQDUPboMA0GCSqGSIb3DQEBCwUAA4IBAQByXdJutCpandxZCFPWsmCcxUL+
jfiPBFUZWT5pAIcQl9gZpHN8qmXbnM9s4NZiEpHXyHf0ODxFNLyfYcyAYXy2vP4K
PIRtsU/OzZLyoGgzfkM0pFsBJa140OqxLDwGtBS0M+7JNuU/hHqzNY3ls3iMkOcD
OoMDhfauxzApItKrRp4sc/Ezuc4tskxSADMhWlGxhQFahhX7kOFTH3K7rd61BRTv
JFwG8YM3Bf23O/WQ4mp0MJ690rPD6R2ZR0sjf2wQUgQkqENoG4wvfD+MV6H0k3Jx
M13j4qhF+l7ksDlzSnbQyyHIuHIJgT54OmSJzKQZqyhrspAcY19YK24wyqiv
-----END CERTIFICATE-----