Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/fTKnFvJYm1yALDcPlDpSnYgxqpY.roa
File:                     fTKnFvJYm1yALDcPlDpSnYgxqpY.roa (raw, json)
Hash identifier:          0r+kS5xUC78h1sECkEiq4BPaUDs0csbTxmZyZ6FQa7I=
Subject key identifier:   7D:32:A7:16:F2:58:9B:5C:80:2C:37:0F:94:3A:52:9D:88:31:AA:96
Certificate issuer:       /CN=b960b14746c5875244ae3b694162ec6d8c63255e
Certificate serial:       019426D91B94EF1DD55515B9BA6674C5644F
Authority key identifier: B9:60:B1:47:46:C5:87:52:44:AE:3B:69:41:62:EC:6D:8C:63:25:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uWCxR0bFh1JErjtpQWLsbYxjJV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/fTKnFvJYm1yALDcPlDpSnYgxqpY.roa
Signing time:             Thu 02 Jan 2025 11:49:09 +0000
ROA not before:           Thu 02 Jan 2025 11:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208390
IP address blocks:        45.135.208.0/22 maxlen: 22
                          45.135.208.0/24 maxlen: 24
                          45.135.209.0/24 maxlen: 24
                          2a0e:8ec0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/uWCxR0bFh1JErjtpQWLsbYxjJV4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/uWCxR0bFh1JErjtpQWLsbYxjJV4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uWCxR0bFh1JErjtpQWLsbYxjJV4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:1b:94:ef:1d:d5:55:15:b9:ba:66:74:c5:64:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b960b14746c5875244ae3b694162ec6d8c63255e
        Validity
            Not Before: Jan  2 11:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d32a716f2589b5c802c370f943a529d8831aa96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:56:9d:67:e4:09:5f:8f:7d:35:7e:d6:c4:51:
                    0f:68:e8:cc:9e:c1:79:49:f2:b5:1e:eb:68:14:f8:
                    fd:21:d6:ef:14:79:28:c6:be:0d:ab:cb:ad:a9:63:
                    8f:b2:75:41:4a:32:b9:ba:03:3c:86:99:e9:de:e4:
                    f1:b0:d2:7d:92:1a:9b:4c:35:1f:e1:07:46:ce:d8:
                    41:40:cd:92:10:01:1f:21:e3:a3:33:52:8a:a5:c2:
                    52:3c:c3:54:fa:db:71:ff:cb:61:24:35:c8:cb:f7:
                    04:4c:6f:79:51:43:92:43:f3:73:98:c1:b0:b3:94:
                    ff:c7:bd:d7:1d:b0:11:69:33:3d:9a:1c:b9:55:32:
                    9a:7a:6b:a8:91:0f:83:39:96:e2:e5:26:e6:06:d1:
                    cd:c9:f3:3a:0a:f8:2e:8b:3a:07:17:a5:62:14:bf:
                    8d:90:e2:8d:ef:f9:60:84:97:55:4f:de:d3:c7:48:
                    a2:68:4a:1d:12:8e:08:a4:ec:01:5d:b1:10:51:93:
                    dc:0e:e9:80:94:3c:c4:6d:6c:30:93:4a:6e:c4:5c:
                    3f:bc:2d:1b:54:e9:cb:8d:9c:35:a9:25:c7:a5:c8:
                    f4:a9:5d:54:15:8d:ac:d1:17:2f:07:ab:e4:88:9b:
                    fe:24:81:d8:66:92:3c:2b:9f:73:83:12:c8:6e:e0:
                    08:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:32:A7:16:F2:58:9B:5C:80:2C:37:0F:94:3A:52:9D:88:31:AA:96
            X509v3 Authority Key Identifier:
                keyid:B9:60:B1:47:46:C5:87:52:44:AE:3B:69:41:62:EC:6D:8C:63:25:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uWCxR0bFh1JErjtpQWLsbYxjJV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/fTKnFvJYm1yALDcPlDpSnYgxqpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/uWCxR0bFh1JErjtpQWLsbYxjJV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.208.0/22
                IPv6:
                  2a0e:8ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:f4:f7:56:22:64:10:bd:10:fa:20:ee:f9:8c:35:f5:a1:de:
         96:26:31:cc:21:35:d4:eb:80:60:6a:89:9d:04:df:2d:e0:42:
         c9:94:7c:5a:f2:a0:58:3c:e2:21:30:ec:26:59:11:ff:46:64:
         54:79:2f:ee:f5:1f:e3:e7:c5:eb:af:97:05:50:16:c4:9e:fb:
         94:21:ba:9b:d8:d4:77:89:93:31:4e:33:0f:ee:33:b9:55:03:
         9f:9f:27:29:ef:02:f5:09:cc:f1:7d:03:76:b3:e5:34:0d:10:
         cf:d1:10:a6:ff:91:01:8f:99:f4:eb:fa:a4:39:7f:22:39:69:
         cc:57:f2:fa:98:cb:f0:8b:fe:d5:cc:1b:26:a1:2f:9a:75:a8:
         86:68:6c:7f:14:2e:66:ef:08:87:ee:1f:27:db:d9:30:82:28:
         58:4b:5b:04:c5:c4:ae:c0:9f:74:36:58:85:4f:f6:be:c8:d6:
         af:f9:25:1e:66:8b:4a:a1:9e:b0:bc:6d:8a:76:42:c8:1b:78:
         12:b3:54:46:cc:91:06:90:f4:60:95:3c:83:55:73:32:59:50:
         1f:b4:d1:79:d2:3b:79:11:53:e0:cb:2b:9e:6a:8c:50:76:99:
         3f:c0:c8:39:7b:89:0d:20:a8:59:e5:4c:4d:d5:13:01:49:7f:
         4f:4e:d8:fe
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2RuU7x3VVRW5umZ0xWRPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NjBiMTQ3NDZjNTg3NTI0NGFlM2I2OTQxNjJlYzZkOGM2
MzI1NWUwHhcNMjUwMTAyMTE0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDMyYTcxNmYyNTg5YjVjODAyYzM3MGY5NDNhNTI5ZDg4MzFhYTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3FadZ+QJX499NX7WxFEPaOjMnsF5
SfK1HutoFPj9IdbvFHkoxr4Nq8utqWOPsnVBSjK5ugM8hpnp3uTxsNJ9khqbTDUf
4QdGzthBQM2SEAEfIeOjM1KKpcJSPMNU+ttx/8thJDXIy/cETG95UUOSQ/NzmMGw
s5T/x73XHbARaTM9mhy5VTKaemuokQ+DOZbi5SbmBtHNyfM6CvguizoHF6ViFL+N
kOKN7/lghJdVT97Tx0iiaEodEo4IpOwBXbEQUZPcDumAlDzEbWwwk0puxFw/vC0b
VOnLjZw1qSXHpcj0qV1UFY2s0RcvB6vkiJv+JIHYZpI8K59zgxLIbuAIMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH0ypxbyWJtcgCw3D5Q6Up2IMaqWMB8GA1UdIwQY
MBaAFLlgsUdGxYdSRK47aUFi7G2MYyVeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVdDeFIwYkZoMUpFcmp0cFFXTHNiWXhqSlY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy80NTgwNzgtNDI2ZS00NDQ5LWEyYTkt
MTg4ODJhMjgwOWIyLzEvZlRLbkZ2SlltMXlBTERjUGxEcFNuWWd4cXBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy80NTgwNzgtNDI2ZS00NDQ5LWEyYTktMTg4ODJhMjgwOWIy
LzEvdVdDeFIwYkZoMUpFcmp0cFFXTHNiWXhqSlY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYfQMA0E
AgACMAcDBQMqDo7AMA0GCSqGSIb3DQEBCwUAA4IBAQBv9PdWImQQvRD6IO75jDX1
od6WJjHMITXU64BgaomdBN8t4ELJlHxa8qBYPOIhMOwmWRH/RmRUeS/u9R/j58Xr
r5cFUBbEnvuUIbqb2NR3iZMxTjMP7jO5VQOfnycp7wL1CczxfQN2s+U0DRDP0RCm
/5EBj5n06/qkOX8iOWnMV/L6mMvwi/7VzBsmoS+adaiGaGx/FC5m7wiH7h8n29kw
gihYS1sExcSuwJ90NliFT/a+yNav+SUeZotKoZ6wvG2KdkLIG3gSs1RGzJEGkPRg
lTyDVXMyWVAftNF50jt5EVPgyyueaoxQdpk/wMg5e4kNIKhZ5UxN1RMBSX9PTtj+
-----END CERTIFICATE-----