Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/8BYyiV_FmTFHvbWCMT9MCIE0Jec.roa
File:                     8BYyiV_FmTFHvbWCMT9MCIE0Jec.roa (raw, json)
Hash identifier:          vchZYcV4SDRnLThnALYy/67VTOlcKJqhG1pqy1A7Xrw=
Subject key identifier:   F0:16:32:89:5F:C5:99:31:47:BD:B5:82:31:3F:4C:08:81:34:25:E7
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       019422FB6160A9B81B1B42428B8610068733
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/8BYyiV_FmTFHvbWCMT9MCIE0Jec.roa
Signing time:             Wed 01 Jan 2025 17:48:07 +0000
ROA not before:           Wed 01 Jan 2025 17:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49612
IP address blocks:        45.140.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:61:60:a9:b8:1b:1b:42:42:8b:86:10:06:87:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Jan  1 17:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f01632895fc5993147bdb582313f4c08813425e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:00:05:b0:f4:44:ef:3b:3e:86:07:1c:e8:cf:
                    ac:68:c8:51:ca:81:88:c2:d5:25:65:9d:de:9f:b2:
                    1b:fa:eb:25:2e:dd:96:56:89:7e:fb:72:96:a2:dc:
                    01:ec:11:e4:96:24:68:5d:f7:45:a4:03:76:24:42:
                    4e:a6:d4:c1:9c:c3:1c:63:06:c2:ce:2c:70:b5:6d:
                    0b:9e:b3:c9:b8:aa:e4:b9:0f:13:1c:b5:2b:c5:9d:
                    08:93:16:13:b7:c2:fd:18:24:b4:99:34:c2:5d:00:
                    7b:cf:37:9c:4a:c8:1a:4c:b4:d2:6d:94:df:12:44:
                    d5:b6:ab:73:1d:e1:f6:c3:d4:a8:0d:a8:c4:9d:68:
                    9e:9b:db:6f:12:c8:b8:f1:28:b5:54:54:b2:cb:90:
                    17:22:32:07:8f:be:e9:21:1a:b3:d1:fa:e9:5d:a3:
                    64:2f:51:ef:98:8c:47:7b:f2:6e:73:77:58:78:f2:
                    10:a0:ed:1f:11:7d:66:f6:f7:c2:c0:d0:b8:d4:2a:
                    0d:0c:c1:89:bc:c3:db:3a:ec:12:dc:cf:b7:42:ed:
                    25:2e:5f:ae:12:3c:25:aa:6d:5d:6b:37:db:b1:94:
                    a1:ba:4f:6d:45:00:a7:b1:ea:6a:f8:c8:18:18:5e:
                    d5:ba:66:6b:9c:9a:a1:a4:ab:fa:68:79:01:8c:c0:
                    6c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:16:32:89:5F:C5:99:31:47:BD:B5:82:31:3F:4C:08:81:34:25:E7
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/8BYyiV_FmTFHvbWCMT9MCIE0Jec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:25:5b:82:b4:f5:c1:b3:4b:bb:11:87:21:0a:6c:93:07:ba:
         de:fe:c0:53:f4:b3:c1:f6:62:fd:10:3f:80:57:ea:73:3b:4e:
         78:69:9c:f7:b4:7b:f2:47:e0:c5:fd:0e:11:a9:d5:9f:db:b9:
         da:a4:8f:15:08:04:03:58:52:e2:bf:51:c2:6b:fb:54:a1:70:
         ea:d6:fb:40:25:b0:d0:d9:c2:cd:ac:55:e6:35:20:24:80:eb:
         a5:ab:53:d0:1d:ad:b4:04:06:81:5e:41:17:a5:87:b4:1a:36:
         3f:12:06:92:8d:90:83:54:01:c5:7f:e8:05:c2:7f:1e:7b:b1:
         e3:fa:fb:f3:36:ea:4c:02:a5:0d:69:4f:9c:97:fc:c2:57:e6:
         33:16:2f:9c:38:8c:9a:a7:c5:05:e0:07:42:03:a6:b7:47:9a:
         3f:8c:cf:e9:e4:fd:c3:33:cf:cb:a5:20:81:4b:f0:84:3e:3c:
         3c:63:c7:7d:22:bd:6e:91:7c:7b:b2:40:2f:f2:7c:78:85:37:
         70:55:6b:21:e6:7e:a1:32:86:21:7b:4d:a8:59:dd:5c:23:3d:
         e3:db:0f:ca:6e:72:5b:ca:64:4a:92:74:4f:a0:cd:66:f4:eb:
         f4:9a:1a:92:ed:15:c1:9f:d4:3b:01:fa:93:99:e5:d6:0d:6d:
         ec:31:d7:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+2FgqbgbG0JCi4YQBoczMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjUwMTAxMTc0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDE2MzI4OTVmYzU5OTMxNDdiZGI1ODIzMTNmNGMwODgxMzQyNWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgAFsPRE7zs+hgcc6M+saMhRyoGI
wtUlZZ3en7Ib+uslLt2WVol++3KWotwB7BHkliRoXfdFpAN2JEJOptTBnMMcYwbC
zixwtW0LnrPJuKrkuQ8THLUrxZ0IkxYTt8L9GCS0mTTCXQB7zzecSsgaTLTSbZTf
EkTVtqtzHeH2w9SoDajEnWiem9tvEsi48Si1VFSyy5AXIjIHj77pIRqz0frpXaNk
L1HvmIxHe/Juc3dYePIQoO0fEX1m9vfCwNC41CoNDMGJvMPbOuwS3M+3Qu0lLl+u
Ejwlqm1dazfbsZShuk9tRQCnsepq+MgYGF7VumZrnJqhpKv6aHkBjMBsMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPAWMolfxZkxR721gjE/TAiBNCXnMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvOEJZeWlWX0ZtVEZIdmJXQ01UOU1DSUUwSmVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYyRMA0G
CSqGSIb3DQEBCwUAA4IBAQAqJVuCtPXBs0u7EYchCmyTB7re/sBT9LPB9mL9ED+A
V+pzO054aZz3tHvyR+DF/Q4RqdWf27napI8VCAQDWFLiv1HCa/tUoXDq1vtAJbDQ
2cLNrFXmNSAkgOulq1PQHa20BAaBXkEXpYe0GjY/EgaSjZCDVAHFf+gFwn8ee7Hj
+vvzNupMAqUNaU+cl/zCV+YzFi+cOIyap8UF4AdCA6a3R5o/jM/p5P3DM8/LpSCB
S/CEPjw8Y8d9Ir1ukXx7skAv8nx4hTdwVWsh5n6hMoYhe02oWd1cIz3j2w/KbnJb
ymRKknRPoM1m9Ov0mhqS7RXBn9Q7AfqTmeXWDW3sMddO
-----END CERTIFICATE-----