Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aoDdpJgz3wP4VMyQE7dmkoJEK98.roa
File:                     aoDdpJgz3wP4VMyQE7dmkoJEK98.roa (raw, json)
Hash identifier:          txUCQd8EIopfbnktMbA8EeaRwtzsmiiae3oLTtXrEKA=
Subject key identifier:   6A:80:DD:A4:98:33:DF:03:F8:54:CC:90:13:B7:66:92:82:44:2B:DF
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       01969171B59DBFD5772B3A546BC740F3387B
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aoDdpJgz3wP4VMyQE7dmkoJEK98.roa
Signing time:             Fri 02 May 2025 14:41:10 +0000
ROA not before:           Fri 02 May 2025 14:41:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209290
IP address blocks:        45.89.70.0/24 maxlen: 24
                          92.119.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:91:71:b5:9d:bf:d5:77:2b:3a:54:6b:c7:40:f3:38:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: May  2 14:41:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a80dda49833df03f854cc9013b7669282442bdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:dc:02:a5:e7:f4:45:7a:75:f3:ba:36:2d:35:
                    98:51:d9:fb:f6:fa:be:32:ed:dd:4f:05:c1:51:00:
                    8b:c3:1a:39:4d:14:1a:72:41:8e:36:a7:d1:17:30:
                    60:aa:3b:af:80:41:83:2e:63:80:75:05:6d:00:66:
                    31:55:1d:08:da:fa:ae:be:3e:f0:a0:4f:17:82:d4:
                    05:b1:4a:3c:b9:61:86:a8:6e:a9:cb:e5:c3:e0:32:
                    f9:12:f8:ca:e1:cf:fd:cd:96:bc:80:4b:55:0c:38:
                    b4:62:8e:08:d6:ca:46:99:94:73:5f:77:80:4d:22:
                    85:27:bf:62:a1:40:60:9e:3b:0c:1d:8b:4a:8c:dc:
                    4c:8c:24:82:0f:9a:15:59:26:75:f6:85:ba:c5:05:
                    4f:d1:45:dd:d5:88:a8:34:95:7e:05:93:9b:31:d7:
                    34:61:c7:e4:38:66:a1:94:9f:61:5c:bc:f4:8d:f3:
                    43:2b:00:1a:26:c1:c7:4d:37:0d:aa:5d:ab:19:27:
                    41:55:6f:8e:ac:04:76:eb:90:ec:de:03:2d:33:84:
                    b8:cd:95:a6:74:15:7c:a1:9e:20:2b:4e:6d:0e:d8:
                    4e:48:59:f2:65:96:35:38:74:51:c2:6b:2f:6b:92:
                    77:5e:d0:1c:b4:df:f8:e0:58:30:a9:81:80:f0:6d:
                    b3:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:80:DD:A4:98:33:DF:03:F8:54:CC:90:13:B7:66:92:82:44:2B:DF
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aoDdpJgz3wP4VMyQE7dmkoJEK98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.70.0/24
                  92.119.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:bc:37:f2:f8:a7:f5:e9:9f:17:1a:21:b0:36:4e:0d:75:c4:
         ff:ff:03:33:16:c8:b1:ab:b7:39:8b:4b:18:12:a3:c2:be:36:
         37:b8:b0:a2:fc:3e:16:82:a8:46:3a:58:fb:f1:bc:9c:0b:76:
         cf:e2:88:fa:cd:bc:b2:6e:e2:cc:12:1b:bf:8b:da:06:d8:6f:
         4b:51:dc:ab:ca:4b:af:29:33:a5:aa:86:43:49:9d:e9:23:3e:
         fc:46:61:e5:6c:fd:c9:3f:17:e7:ae:66:61:09:c8:82:c3:33:
         79:88:7d:02:55:f2:4e:65:92:71:d9:35:a1:cf:57:2a:af:9e:
         e9:bc:23:b7:32:bb:dd:6a:fb:98:80:05:f1:f3:cd:09:28:41:
         b9:6f:ee:89:d0:11:6e:20:56:fd:4c:4a:eb:e8:f4:78:be:1a:
         0c:6c:28:94:db:e8:dd:8e:9a:e7:d4:75:ee:5a:79:3d:45:41:
         7e:64:56:d2:80:e7:cf:91:19:9a:5f:64:7d:5a:d8:db:66:b4:
         07:b5:3d:59:2b:df:71:41:d5:15:09:10:c3:59:9e:da:b0:d1:
         62:f1:b1:b7:ae:60:17:b5:13:50:28:8d:05:60:04:71:66:89:
         9d:e8:45:1e:b1:61:c8:e7:34:5a:dd:46:6e:81:6b:d5:20:b8:
         7b:ab:57:eb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaRcbWdv9V3KzpUa8dA8zh7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwNTAyMTQ0MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTgwZGRhNDk4MzNkZjAzZjg1NGNjOTAxM2I3NjY5MjgyNDQyYmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9wCpef0RXp187o2LTWYUdn79vq+
Mu3dTwXBUQCLwxo5TRQackGONqfRFzBgqjuvgEGDLmOAdQVtAGYxVR0I2vquvj7w
oE8XgtQFsUo8uWGGqG6py+XD4DL5EvjK4c/9zZa8gEtVDDi0Yo4I1spGmZRzX3eA
TSKFJ79ioUBgnjsMHYtKjNxMjCSCD5oVWSZ19oW6xQVP0UXd1YioNJV+BZObMdc0
YcfkOGahlJ9hXLz0jfNDKwAaJsHHTTcNql2rGSdBVW+OrAR265Ds3gMtM4S4zZWm
dBV8oZ4gK05tDthOSFnyZZY1OHRRwmsva5J3XtActN/44FgwqYGA8G2z9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGqA3aSYM98D+FTMkBO3ZpKCRCvfMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvYW9EZHBKZ3ozd1A0Vk15UUU3ZG1rb0pFSzk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVlGAwQA
XHeiMA0GCSqGSIb3DQEBCwUAA4IBAQBTvDfy+Kf16Z8XGiGwNk4NdcT//wMzFsix
q7c5i0sYEqPCvjY3uLCi/D4WgqhGOlj78bycC3bP4oj6zbyybuLMEhu/i9oG2G9L
UdyrykuvKTOlqoZDSZ3pIz78RmHlbP3JPxfnrmZhCciCwzN5iH0CVfJOZZJx2TWh
z1cqr57pvCO3MrvdavuYgAXx880JKEG5b+6J0BFuIFb9TErr6PR4vhoMbCiU2+jd
jprn1HXuWnk9RUF+ZFbSgOfPkRmaX2R9WtjbZrQHtT1ZK99xQdUVCRDDWZ7asNFi
8bG3rmAXtRNQKI0FYARxZomd6EUesWHI5zRa3UZugWvVILh7q1fr
-----END CERTIFICATE-----