Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/rHTykAFRMMhCD9nS_bBwMQq3wlg.roa
File:                     rHTykAFRMMhCD9nS_bBwMQq3wlg.roa (raw, json)
Hash identifier:          N6ZZ7BxbwbLPSHJvcUQzzld1J542SpEPgWc0QrEIaRo=
Subject key identifier:   AC:74:F2:90:01:51:30:C8:42:0F:D9:D2:FD:B0:70:31:0A:B7:C2:58
Certificate issuer:       /CN=4986c73994d02d91fc97d916e9809a6d981e6b17
Certificate serial:       019681B90D8D5008C2DFE04D5B41A113D111
Authority key identifier: 49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/rHTykAFRMMhCD9nS_bBwMQq3wlg.roa
Signing time:             Tue 29 Apr 2025 13:25:10 +0000
ROA not before:           Tue 29 Apr 2025 13:25:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137409
IP address blocks:        45.138.12.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 00:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:81:b9:0d:8d:50:08:c2:df:e0:4d:5b:41:a1:13:d1:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4986c73994d02d91fc97d916e9809a6d981e6b17
        Validity
            Not Before: Apr 29 13:25:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac74f290015130c8420fd9d2fdb070310ab7c258
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c0:b9:a6:b1:3c:f6:7e:d6:3b:f1:7a:75:12:
                    ab:54:af:d3:24:20:d7:07:a8:f0:b1:4b:88:2a:16:
                    25:10:5a:79:be:1a:d5:8d:a6:10:02:2c:3c:2f:b5:
                    4b:e8:3f:b0:46:10:67:9a:1f:44:7d:3a:ef:37:84:
                    b1:b3:03:29:bf:de:c8:39:40:2d:1c:8b:00:39:b8:
                    d0:ec:a8:f6:29:7b:3e:b9:ac:d6:36:bd:2a:fc:a6:
                    8f:6d:ab:94:8f:92:db:0a:78:14:49:ae:c1:6b:9c:
                    75:12:ef:42:3b:1e:26:9c:61:a4:5f:86:a0:fe:ca:
                    f0:37:cb:e0:5d:52:84:b9:36:7f:c3:85:15:10:96:
                    ec:62:2f:fe:a3:d7:2d:d9:bd:46:25:18:46:ed:43:
                    20:9d:6f:eb:cf:d8:b0:1d:b1:ab:75:a8:5b:bd:ff:
                    fd:31:01:ae:a9:7e:7a:ce:2b:74:e6:0e:9d:03:a5:
                    96:ef:a2:f3:2b:f7:3d:9d:9b:b7:12:d7:fa:9e:e7:
                    0b:66:e6:74:e1:d0:8e:97:a0:04:da:3a:36:9f:9b:
                    bb:56:14:40:3d:b4:fa:cf:60:2c:d5:21:54:0e:52:
                    d1:f3:84:4b:ca:4d:41:84:54:c9:55:43:ae:a5:65:
                    b9:f8:99:21:9b:dc:6c:0d:74:ba:0e:90:7d:ee:a1:
                    5b:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:74:F2:90:01:51:30:C8:42:0F:D9:D2:FD:B0:70:31:0A:B7:C2:58
            X509v3 Authority Key Identifier:
                keyid:49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/rHTykAFRMMhCD9nS_bBwMQq3wlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:5d:55:3d:57:20:42:33:6a:33:0c:cd:a9:a0:25:a9:31:71:
         15:e2:fe:db:41:12:64:96:d4:ca:36:d3:38:e6:fc:a8:12:c3:
         7d:d8:ef:96:64:9b:21:3a:cd:f6:58:04:78:21:11:09:d0:3e:
         f9:5d:0b:0b:57:01:0e:3d:f0:01:50:d9:07:d8:30:80:1e:f9:
         6a:cf:07:d1:59:c6:78:c5:9d:44:1f:0e:8f:2f:0e:1e:aa:2d:
         77:ce:f1:6a:ed:83:f5:b8:4d:9a:57:61:cd:47:fd:3a:db:03:
         aa:fb:9e:29:d9:d6:06:47:a1:e2:1e:5f:24:e3:d9:61:b0:b4:
         6a:3b:1b:31:61:88:d6:1a:92:f4:d0:a1:e0:e0:f5:7d:2e:3f:
         17:ba:c1:0f:55:e4:20:c5:83:87:2d:10:ea:aa:d6:c0:b9:cd:
         e5:de:39:bf:4e:80:06:d6:b0:d4:37:ef:84:25:35:2a:82:03:
         36:90:0c:59:3e:0f:35:2a:be:1c:a5:60:73:d5:c0:4b:ef:41:
         09:3e:d5:df:00:cb:ba:09:c3:5d:08:6b:58:8f:e5:d9:72:d0:
         b3:92:90:29:4f:1c:7e:ba:11:5d:2d:6d:14:dd:83:7a:cb:ad:
         49:70:90:6b:90:9e:05:26:29:61:ca:f9:99:7c:83:81:93:b6:
         2d:48:35:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaBuQ2NUAjC3+BNW0GhE9ERMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODZjNzM5OTRkMDJkOTFmYzk3ZDkxNmU5ODA5YTZkOTgx
ZTZiMTcwHhcNMjUwNDI5MTMyNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzc0ZjI5MDAxNTEzMGM4NDIwZmQ5ZDJmZGIwNzAzMTBhYjdjMjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMC5prE89n7WO/F6dRKrVK/TJCDX
B6jwsUuIKhYlEFp5vhrVjaYQAiw8L7VL6D+wRhBnmh9EfTrvN4SxswMpv97IOUAt
HIsAObjQ7Kj2KXs+uazWNr0q/KaPbauUj5LbCngUSa7Ba5x1Eu9COx4mnGGkX4ag
/srwN8vgXVKEuTZ/w4UVEJbsYi/+o9ct2b1GJRhG7UMgnW/rz9iwHbGrdahbvf/9
MQGuqX56zit05g6dA6WW76LzK/c9nZu3Etf6nucLZuZ04dCOl6AE2jo2n5u7VhRA
PbT6z2As1SFUDlLR84RLyk1BhFTJVUOupWW5+Jkhm9xsDXS6DpB97qFbIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKx08pABUTDIQg/Z0v2wcDEKt8JYMB8GA1UdIwQY
MBaAFEmGxzmU0C2R/JfZFumAmm2YHmsXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzIt
OWU4OTVkMGVmOGQyLzEvckhUeWtBRlJNTWhDRDluU19iQndNUXEzd2xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzItOWU4OTVkMGVmOGQy
LzEvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYoMMA0G
CSqGSIb3DQEBCwUAA4IBAQAQXVU9VyBCM2ozDM2poCWpMXEV4v7bQRJkltTKNtM4
5vyoEsN92O+WZJshOs32WAR4IREJ0D75XQsLVwEOPfABUNkH2DCAHvlqzwfRWcZ4
xZ1EHw6PLw4eqi13zvFq7YP1uE2aV2HNR/062wOq+54p2dYGR6HiHl8k49lhsLRq
OxsxYYjWGpL00KHg4PV9Lj8XusEPVeQgxYOHLRDqqtbAuc3l3jm/ToAG1rDUN++E
JTUqggM2kAxZPg81Kr4cpWBz1cBL70EJPtXfAMu6CcNdCGtYj+XZctCzkpApTxx+
uhFdLW0U3YN6y61JcJBrkJ4FJilhyvmZfIOBk7YtSDUh
-----END CERTIFICATE-----