Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/AjIXviqVH3jjU8nx_L7OJg_U83s.roa
File:                     AjIXviqVH3jjU8nx_L7OJg_U83s.roa (raw, json)
Hash identifier:          0CsKhyREb/pMQdzxyVg3OJeuEqLaSH7N9bz2OblFPhw=
Subject key identifier:   02:32:17:BE:2A:95:1F:78:E3:53:C9:F1:FC:BE:CE:26:0F:D4:F3:7B
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       01976360318DAE4188ABA253335C9E9DEC6A
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/AjIXviqVH3jjU8nx_L7OJg_U83s.roa
Signing time:             Thu 12 Jun 2025 09:02:17 +0000
ROA not before:           Thu 12 Jun 2025 09:02:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.140.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:63:60:31:8d:ae:41:88:ab:a2:53:33:5c:9e:9d:ec:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: Jun 12 09:02:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=023217be2a951f78e353c9f1fcbece260fd4f37b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:65:86:2b:d5:86:d7:8c:ca:01:78:40:ae:9b:
                    f9:57:66:89:b8:b7:db:5c:17:ca:25:e6:00:82:d2:
                    f9:e5:83:a9:ef:91:1c:66:81:5e:ac:79:ac:b0:80:
                    57:1c:41:06:d3:27:43:a2:e9:46:05:7a:57:14:c0:
                    a1:d9:80:f8:0b:7c:51:89:98:67:f0:c5:6f:09:a9:
                    87:9a:40:a7:30:bd:21:e7:ce:76:9d:55:ea:96:fe:
                    e7:03:c7:11:ca:e0:cd:22:81:ca:fa:2b:e0:18:54:
                    e2:50:ad:56:a5:f3:67:67:37:e0:fe:b2:3b:1a:e5:
                    2b:5a:39:44:ff:7a:ed:50:4b:50:99:30:46:9f:95:
                    87:0c:d6:56:fa:3e:e9:77:b0:c0:04:9c:0e:3e:19:
                    37:9e:11:96:a5:15:76:33:8d:e1:c8:61:4b:fb:25:
                    e6:fb:99:a8:ce:d6:a5:57:d5:fc:8b:74:70:e7:f6:
                    c5:10:5d:9a:c2:01:b0:7b:be:e7:6f:02:8d:c4:d3:
                    81:de:c1:bb:67:a0:6b:55:76:52:1e:8c:f8:35:90:
                    92:be:23:da:b2:86:f1:69:62:c6:3a:6a:4c:8a:be:
                    69:f9:73:51:66:18:41:db:a1:b3:2d:67:af:ee:f0:
                    9e:c4:84:76:ab:a1:fa:6e:aa:7e:7a:59:eb:95:2e:
                    39:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:32:17:BE:2A:95:1F:78:E3:53:C9:F1:FC:BE:CE:26:0F:D4:F3:7B
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/AjIXviqVH3jjU8nx_L7OJg_U83s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:bc:8e:db:23:3e:dd:e0:8d:47:a3:0a:aa:0d:fb:9f:da:6f:
         01:96:0f:2c:79:27:88:ca:2e:f5:16:3d:f4:d9:aa:cf:ba:57:
         cd:53:0b:55:37:91:9a:11:3f:8b:0d:17:5c:98:6b:eb:fd:5a:
         5a:80:4a:f0:3a:73:02:47:54:fd:3a:a7:91:99:78:81:1c:cb:
         04:4b:77:cb:96:e3:43:63:f7:f8:67:18:86:9b:0f:3a:d7:af:
         f6:bb:b5:27:88:01:d6:6f:70:4c:3e:3a:ad:5f:4d:2c:e2:b0:
         f5:b4:9e:8b:b8:66:04:c6:83:ae:a3:6e:34:a8:4b:c5:7e:25:
         72:f9:8e:a8:73:a7:7b:bd:d7:08:ac:86:ba:93:a8:70:16:5d:
         b2:64:20:b3:42:1d:3d:3b:3e:21:41:8c:16:3e:e7:3d:19:32:
         bb:7a:ce:f5:17:2e:00:3e:71:a9:e4:79:55:c7:c9:0a:3f:57:
         06:08:e4:3c:b5:90:7d:0a:f1:30:f1:51:97:eb:b9:8c:ff:22:
         bc:b2:5d:d3:01:a6:26:d7:38:8d:0a:db:e7:9b:29:25:2e:44:
         8a:5e:92:86:96:4f:56:4d:27:67:3e:75:65:16:f5:5a:05:9d:
         c7:1c:e8:c5:0c:93:eb:c0:7f:21:08:70:ce:6d:49:a8:52:36:
         73:b0:17:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdjYDGNrkGIq6JTM1yenexqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjUwNjEyMDkwMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjMyMTdiZTJhOTUxZjc4ZTM1M2M5ZjFmY2JlY2UyNjBmZDRmMzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9WWGK9WG14zKAXhArpv5V2aJuLfb
XBfKJeYAgtL55YOp75EcZoFerHmssIBXHEEG0ydDoulGBXpXFMCh2YD4C3xRiZhn
8MVvCamHmkCnML0h5852nVXqlv7nA8cRyuDNIoHK+ivgGFTiUK1WpfNnZzfg/rI7
GuUrWjlE/3rtUEtQmTBGn5WHDNZW+j7pd7DABJwOPhk3nhGWpRV2M43hyGFL+yXm
+5moztalV9X8i3Rw5/bFEF2awgGwe77nbwKNxNOB3sG7Z6BrVXZSHoz4NZCSviPa
sobxaWLGOmpMir5p+XNRZhhB26GzLWev7vCexIR2q6H6bqp+elnrlS458QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIyF74qlR9441PJ8fy+ziYP1PN7MB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvQWpJWHZpcVZIM2pqVThueF9MN09KZ19VODNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYw6MA0G
CSqGSIb3DQEBCwUAA4IBAQBTvI7bIz7d4I1HowqqDfuf2m8Blg8seSeIyi71Fj30
2arPulfNUwtVN5GaET+LDRdcmGvr/VpagErwOnMCR1T9OqeRmXiBHMsES3fLluND
Y/f4ZxiGmw8616/2u7UniAHWb3BMPjqtX00s4rD1tJ6LuGYExoOuo240qEvFfiVy
+Y6oc6d7vdcIrIa6k6hwFl2yZCCzQh09Oz4hQYwWPuc9GTK7es71Fy4APnGp5HlV
x8kKP1cGCOQ8tZB9CvEw8VGX67mM/yK8sl3TAaYm1ziNCtvnmyklLkSKXpKGlk9W
TSdnPnVlFvVaBZ3HHOjFDJPrwH8hCHDObUmoUjZzsBeN
-----END CERTIFICATE-----