Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/syDl6KVmgOwsscvxTmE3dADj5SU.roa
File:                     syDl6KVmgOwsscvxTmE3dADj5SU.roa (raw, json)
Hash identifier:          cG4uVVemUe2/DT7IYDlCJ/ncex0OUaiZ7Ec8SSBIfmY=
Subject key identifier:   B3:20:E5:E8:A5:66:80:EC:2C:B1:CB:F1:4E:61:37:74:00:E3:E5:25
Certificate issuer:       /CN=e7fed4e778209c3cae93d4b76d350704462c3aab
Certificate serial:       01977D9098F799E6589DCD82760D0895BC95
Authority key identifier: E7:FE:D4:E7:78:20:9C:3C:AE:93:D4:B7:6D:35:07:04:46:2C:3A:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_7U53ggnDyuk9S3bTUHBEYsOqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/syDl6KVmgOwsscvxTmE3dADj5SU.roa
Signing time:             Tue 17 Jun 2025 11:05:17 +0000
ROA not before:           Tue 17 Jun 2025 11:05:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57391
IP address blocks:        45.140.28.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/5_7U53ggnDyuk9S3bTUHBEYsOqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/5_7U53ggnDyuk9S3bTUHBEYsOqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_7U53ggnDyuk9S3bTUHBEYsOqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7d:90:98:f7:99:e6:58:9d:cd:82:76:0d:08:95:bc:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7fed4e778209c3cae93d4b76d350704462c3aab
        Validity
            Not Before: Jun 17 11:05:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b320e5e8a56680ec2cb1cbf14e61377400e3e525
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:00:52:4d:9a:b6:8c:a9:7b:60:ca:23:54:03:
                    2b:d5:f8:aa:06:64:ef:a8:6e:25:22:29:e2:eb:b0:
                    6b:75:41:94:d2:1f:a2:c8:0b:b7:4e:66:71:e9:02:
                    17:95:df:e3:17:9c:17:9b:a6:d6:65:2d:18:0b:29:
                    f4:45:97:ee:cf:6f:1e:79:3b:b7:89:bd:b6:23:59:
                    8d:01:13:30:51:58:a1:2d:3f:07:a2:98:73:3f:37:
                    f7:e0:0e:88:ae:6a:c3:2c:31:73:b0:31:19:be:9f:
                    e1:90:e7:43:c0:4a:84:22:f4:e5:68:1c:d2:b1:80:
                    10:6e:87:44:0b:7a:97:94:9d:3f:1b:ca:e2:d0:af:
                    0d:a1:ba:14:94:a7:99:54:25:ee:64:d9:20:9f:f3:
                    76:33:0c:cb:12:47:1f:8f:f6:54:bd:8a:62:a0:f0:
                    47:7e:9a:59:c5:b9:1e:93:fb:28:43:5a:9b:96:63:
                    53:70:7c:a6:82:fa:8f:de:ca:39:e9:5a:b0:67:07:
                    26:a4:30:52:64:a6:29:2f:be:86:88:d6:58:5d:50:
                    90:2b:a7:a9:ca:7e:12:cf:9d:31:16:13:f0:69:86:
                    bd:67:77:0e:cb:b0:66:b6:c1:d0:8b:19:8b:27:b5:
                    04:3a:49:39:c4:ef:89:a7:41:6d:75:99:bd:7f:31:
                    56:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:20:E5:E8:A5:66:80:EC:2C:B1:CB:F1:4E:61:37:74:00:E3:E5:25
            X509v3 Authority Key Identifier:
                keyid:E7:FE:D4:E7:78:20:9C:3C:AE:93:D4:B7:6D:35:07:04:46:2C:3A:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_7U53ggnDyuk9S3bTUHBEYsOqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/syDl6KVmgOwsscvxTmE3dADj5SU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/5_7U53ggnDyuk9S3bTUHBEYsOqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a7:c4:f9:1d:c2:ff:6e:a2:17:be:6c:b5:be:b0:80:55:bd:5c:
         50:2d:8d:95:d8:a1:37:02:c4:b5:21:1f:5e:d5:0c:34:b2:f8:
         d7:1f:f4:db:b2:49:13:f2:4a:cc:19:f8:92:61:a4:d0:e8:04:
         16:fc:75:4b:55:bc:c5:b5:a0:79:69:63:5b:8e:aa:b2:dd:77:
         3b:e1:08:96:96:b0:3f:30:01:d9:dd:b0:d3:8d:51:10:ad:dc:
         28:1a:28:c1:ed:41:69:db:47:8c:6b:a0:1b:31:ac:7e:dc:bb:
         96:f6:cc:46:4a:c3:75:9d:0b:5e:3d:cc:7f:48:b3:14:ab:1c:
         7d:32:e0:ed:02:5a:e8:97:68:b6:03:ad:0c:24:f4:cd:e4:f8:
         91:91:9a:c1:46:b3:22:7f:1f:15:1e:12:fe:c9:ad:dd:db:f3:
         c3:fc:15:f9:21:31:27:e6:3e:e6:ee:89:89:0b:d2:25:fc:3d:
         eb:00:75:2d:06:d7:14:81:d4:b1:33:a6:99:0c:7f:16:72:2b:
         01:86:3c:e6:ed:d7:61:96:f5:22:24:ec:c4:05:51:d9:9f:c2:
         d9:5d:90:36:8a:9a:d0:19:4e:1a:82:b2:b5:1e:b2:36:bf:88:
         6d:52:ab:21:1d:34:51:7d:ea:a4:72:4e:db:ac:13:82:51:df:
         fc:14:34:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd9kJj3meZYnc2Cdg0IlbyVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZmVkNGU3NzgyMDljM2NhZTkzZDRiNzZkMzUwNzA0NDYy
YzNhYWIwHhcNMjUwNjE3MTEwNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzIwZTVlOGE1NjY4MGVjMmNiMWNiZjE0ZTYxMzc3NDAwZTNlNTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ABSTZq2jKl7YMojVAMr1fiqBmTv
qG4lIini67BrdUGU0h+iyAu3TmZx6QIXld/jF5wXm6bWZS0YCyn0RZfuz28eeTu3
ib22I1mNARMwUVihLT8HophzPzf34A6IrmrDLDFzsDEZvp/hkOdDwEqEIvTlaBzS
sYAQbodEC3qXlJ0/G8ri0K8NoboUlKeZVCXuZNkgn/N2MwzLEkcfj/ZUvYpioPBH
fppZxbkek/soQ1qblmNTcHymgvqP3so56VqwZwcmpDBSZKYpL76GiNZYXVCQK6ep
yn4Sz50xFhPwaYa9Z3cOy7BmtsHQixmLJ7UEOkk5xO+Jp0FtdZm9fzFWfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMg5eilZoDsLLHL8U5hN3QA4+UlMB8GA1UdIwQY
MBaAFOf+1Od4IJw8rpPUt201BwRGLDqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV83VTUzZ2duRHl1azlTM2JUVUhCRVlzT3FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8yMmEzYzctNmZlNS00OWUxLTkzNWQt
OGJiODAxNTJhYjM0LzEvc3lEbDZLVm1nT3dzc2N2eFRtRTNkQURqNVNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8yMmEzYzctNmZlNS00OWUxLTkzNWQtOGJiODAxNTJhYjM0
LzEvNV83VTUzZ2duRHl1azlTM2JUVUhCRVlzT3FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYwcMA0G
CSqGSIb3DQEBCwUAA4IBAQCnxPkdwv9uohe+bLW+sIBVvVxQLY2V2KE3AsS1IR9e
1Qw0svjXH/TbskkT8krMGfiSYaTQ6AQW/HVLVbzFtaB5aWNbjqqy3Xc74QiWlrA/
MAHZ3bDTjVEQrdwoGijB7UFp20eMa6AbMax+3LuW9sxGSsN1nQtePcx/SLMUqxx9
MuDtAlrol2i2A60MJPTN5PiRkZrBRrMifx8VHhL+ya3d2/PD/BX5ITEn5j7m7omJ
C9Il/D3rAHUtBtcUgdSxM6aZDH8WcisBhjzm7ddhlvUiJOzEBVHZn8LZXZA2iprQ
GU4agrK1HrI2v4htUqshHTRRfeqkck7brBOCUd/8FDQK
-----END CERTIFICATE-----