Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/db9bc8-4b06-4baf-8ba8-dfc056545be4/1/wfCvw7M0UWwwmqgY4ndwt7Ezdvc.roa
File:                     wfCvw7M0UWwwmqgY4ndwt7Ezdvc.roa (raw, json)
Hash identifier:          nadXDZSO5g66NQALk/0GLGlBJpZj5fLYUofWKpN1pZc=
Subject key identifier:   C1:F0:AF:C3:B3:34:51:6C:30:9A:A8:18:E2:77:70:B7:B1:33:76:F7
Certificate issuer:       /CN=dca082489a4140c0a78e03d50b6bfd5402b044ea
Certificate serial:       019424B2D0A47DA30BCA2D95862754DA5CD0
Authority key identifier: DC:A0:82:48:9A:41:40:C0:A7:8E:03:D5:0B:6B:FD:54:02:B0:44:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3KCCSJpBQMCnjgPVC2v9VAKwROo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/db9bc8-4b06-4baf-8ba8-dfc056545be4/1/wfCvw7M0UWwwmqgY4ndwt7Ezdvc.roa
Signing time:             Thu 02 Jan 2025 01:48:06 +0000
ROA not before:           Thu 02 Jan 2025 01:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208712
IP address blocks:        45.87.236.0/23 maxlen: 23
                          2a06:7a80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/db9bc8-4b06-4baf-8ba8-dfc056545be4/1/3KCCSJpBQMCnjgPVC2v9VAKwROo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/db9bc8-4b06-4baf-8ba8-dfc056545be4/1/3KCCSJpBQMCnjgPVC2v9VAKwROo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3KCCSJpBQMCnjgPVC2v9VAKwROo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 19:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:d0:a4:7d:a3:0b:ca:2d:95:86:27:54:da:5c:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dca082489a4140c0a78e03d50b6bfd5402b044ea
        Validity
            Not Before: Jan  2 01:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1f0afc3b334516c309aa818e27770b7b13376f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:42:8c:7b:27:9d:bc:65:8e:8f:07:9f:bb:3d:
                    56:72:1a:c9:a5:d8:f1:93:8c:ba:73:2e:ac:37:1f:
                    66:04:ce:4a:80:97:db:af:94:c6:bd:cc:47:aa:46:
                    e9:b5:3d:0c:47:2c:6f:23:7b:6f:97:d2:32:d5:8b:
                    da:e5:fe:f2:17:33:3c:38:e8:53:46:ae:a9:8b:fb:
                    ad:36:57:5a:d5:e8:6c:0d:92:08:b2:36:0c:51:01:
                    5c:28:2e:44:cf:41:c6:a6:ad:f2:98:a6:1e:25:82:
                    f3:00:08:8c:ef:3a:de:4f:62:fb:9f:c9:0c:8e:0a:
                    e6:43:76:bc:f3:74:ec:a0:41:27:d1:8e:2f:7a:e1:
                    d7:35:4f:c0:85:c2:ad:f2:b1:5e:54:0a:20:06:ea:
                    60:24:e1:fb:80:f6:0a:f2:c0:cc:6b:55:db:d5:25:
                    95:85:93:05:88:61:33:44:74:29:f4:42:a4:c8:4f:
                    3a:1e:a1:0d:ce:4a:80:4a:22:13:be:2f:d7:44:24:
                    49:8c:88:da:dc:b6:8a:97:4e:39:a5:f6:31:8c:21:
                    d3:d0:e3:19:d9:ff:1a:f5:fe:5d:d1:27:2b:f0:c7:
                    2a:14:21:25:e0:15:78:30:10:f5:3f:b1:6f:b3:db:
                    b5:59:90:33:b6:bc:66:9a:52:f6:23:b2:45:6c:f7:
                    1b:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:F0:AF:C3:B3:34:51:6C:30:9A:A8:18:E2:77:70:B7:B1:33:76:F7
            X509v3 Authority Key Identifier:
                keyid:DC:A0:82:48:9A:41:40:C0:A7:8E:03:D5:0B:6B:FD:54:02:B0:44:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3KCCSJpBQMCnjgPVC2v9VAKwROo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/db9bc8-4b06-4baf-8ba8-dfc056545be4/1/wfCvw7M0UWwwmqgY4ndwt7Ezdvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/db9bc8-4b06-4baf-8ba8-dfc056545be4/1/3KCCSJpBQMCnjgPVC2v9VAKwROo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.236.0/23
                IPv6:
                  2a06:7a80::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:c2:b2:bc:89:7a:92:c5:24:b8:1d:e9:12:59:62:36:03:b9:
         c8:20:08:5b:65:77:48:9b:e1:41:90:43:09:01:54:c2:67:23:
         06:99:3e:3b:19:bc:a3:1e:0f:3e:f5:2c:de:71:a0:56:f5:4e:
         45:89:1e:92:f1:91:39:75:1d:f7:80:6d:dc:ae:9a:42:60:ae:
         bf:9e:09:2c:50:aa:7b:39:3d:06:91:70:b5:8f:70:7a:69:98:
         3a:0a:8c:d3:9c:f5:ed:17:84:95:08:02:bc:a2:fd:37:71:4f:
         5b:dd:6b:d7:59:68:8c:d9:58:50:a2:13:35:08:1a:c3:66:a3:
         be:63:99:c0:2c:0b:0f:d5:36:00:94:d1:9c:59:99:7e:fa:03:
         bc:70:63:dd:ca:33:b8:76:62:93:e7:f3:13:f8:f5:bb:61:f4:
         cb:37:a9:59:b8:7d:c1:12:7a:cf:81:6b:b4:c9:a8:5f:c5:9b:
         17:d9:95:95:f1:3a:34:f8:ae:bb:da:6e:12:b8:cd:36:2b:e7:
         cd:f4:d8:5b:bb:59:a6:fc:ea:ce:77:a8:de:df:94:0d:e5:85:
         6d:d8:c8:bf:60:31:bd:58:dd:cb:1e:5c:1b:ba:f8:64:9b:b5:
         6d:50:42:ca:ce:74:e4:23:f6:06:f7:0c:17:34:63:53:48:e0:
         ce:24:8e:53
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQkstCkfaMLyi2VhidU2lzQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjYTA4MjQ4OWE0MTQwYzBhNzhlMDNkNTBiNmJmZDU0MDJi
MDQ0ZWEwHhcNMjUwMTAyMDE0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWYwYWZjM2IzMzQ1MTZjMzA5YWE4MThlMjc3NzBiN2IxMzM3NmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukKMeyedvGWOjwefuz1WchrJpdjx
k4y6cy6sNx9mBM5KgJfbr5TGvcxHqkbptT0MRyxvI3tvl9Iy1Yva5f7yFzM8OOhT
Rq6pi/utNlda1ehsDZIIsjYMUQFcKC5Ez0HGpq3ymKYeJYLzAAiM7zreT2L7n8kM
jgrmQ3a883TsoEEn0Y4veuHXNU/AhcKt8rFeVAogBupgJOH7gPYK8sDMa1Xb1SWV
hZMFiGEzRHQp9EKkyE86HqENzkqASiITvi/XRCRJjIja3LaKl045pfYxjCHT0OMZ
2f8a9f5d0Scr8McqFCEl4BV4MBD1P7Fvs9u1WZAztrxmmlL2I7JFbPcbcQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMHwr8OzNFFsMJqoGOJ3cLexM3b3MB8GA1UdIwQY
MBaAFNyggkiaQUDAp44D1Qtr/VQCsETqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0tDQ1NKcEJRTUNuamdQVkMydjlWQUt3Uk9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9kYjliYzgtNGIwNi00YmFmLThiYTgt
ZGZjMDU2NTQ1YmU0LzEvd2ZDdnc3TTBVV3d3bXFnWTRuZHd0N0V6ZHZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9kYjliYzgtNGIwNi00YmFmLThiYTgtZGZjMDU2NTQ1YmU0
LzEvM0tDQ1NKcEJRTUNuamdQVkMydjlWQUt3Uk9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBLVfsMA8E
AgACMAkDBwAqBnqAAAAwDQYJKoZIhvcNAQELBQADggEBABzCsryJepLFJLgd6RJZ
YjYDucggCFtld0ib4UGQQwkBVMJnIwaZPjsZvKMeDz71LN5xoFb1TkWJHpLxkTl1
HfeAbdyumkJgrr+eCSxQqns5PQaRcLWPcHppmDoKjNOc9e0XhJUIAryi/TdxT1vd
a9dZaIzZWFCiEzUIGsNmo75jmcAsCw/VNgCU0ZxZmX76A7xwY93KM7h2YpPn8xP4
9bth9Ms3qVm4fcESes+Ba7TJqF/FmxfZlZXxOjT4rrvabhK4zTYr58302Fu7Wab8
6s53qN7flA3lhW3YyL9gMb1Y3cseXBu6+GSbtW1QQsrOdOQj9gb3DBc0Y1NI4M4k
jlM=
-----END CERTIFICATE-----