Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/hWmoLu6TsJ5sWAKgyVxISja8Ghc.roa
File:                     hWmoLu6TsJ5sWAKgyVxISja8Ghc.roa (raw, json)
Hash identifier:          nLniANQ3fpplBxsgOnTA7SyINKB6yWjif3yayPevywI=
Subject key identifier:   85:69:A8:2E:EE:93:B0:9E:6C:58:02:A0:C9:5C:48:4A:36:BC:1A:17
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019421B24010E124208414083F172B0ED4A7
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/hWmoLu6TsJ5sWAKgyVxISja8Ghc.roa
Signing time:             Wed 01 Jan 2025 11:48:37 +0000
ROA not before:           Wed 01 Jan 2025 11:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     138997
IP address blocks:        45.8.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 22:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:40:10:e1:24:20:84:14:08:3f:17:2b:0e:d4:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 11:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8569a82eee93b09e6c5802a0c95c484a36bc1a17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:00:97:35:66:6f:9b:c1:dd:39:b3:8c:d4:60:
                    52:f7:7a:66:24:2f:73:96:e3:80:89:b0:f9:80:39:
                    fd:21:7e:54:95:30:56:fd:6e:0f:11:c6:13:88:96:
                    a9:e9:8b:ef:f1:78:e7:57:b5:36:a1:32:28:b6:01:
                    60:b8:33:53:7d:7c:da:fc:e4:0b:09:5c:f3:81:74:
                    15:30:3e:0a:53:8a:34:9e:cf:14:0e:d8:08:a3:17:
                    d4:42:88:18:46:4e:56:be:bf:55:86:1a:6f:97:2a:
                    99:b5:d5:2f:54:0f:54:30:28:5d:bf:89:a4:fb:99:
                    39:6c:92:a1:c3:11:e7:b6:d4:a1:de:22:bf:11:46:
                    20:2b:f7:81:51:9c:99:0f:37:d8:39:86:2a:aa:b6:
                    3f:15:55:87:8a:fb:3a:e8:2f:1e:44:f5:3f:a9:e9:
                    d5:bb:0b:91:28:48:c9:4f:81:c1:54:94:a0:f5:55:
                    b8:58:46:82:42:34:ae:27:9d:2e:45:3c:ae:d4:9b:
                    29:87:8e:91:2f:f4:a8:39:ee:a8:1e:59:f1:39:05:
                    70:b2:cf:d3:ae:6d:29:58:22:92:f9:6a:27:0d:6a:
                    16:15:ff:1a:33:28:fb:55:73:ed:20:13:fb:25:86:
                    5f:10:5d:d7:02:c9:26:a1:70:de:6d:34:0a:90:56:
                    25:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:69:A8:2E:EE:93:B0:9E:6C:58:02:A0:C9:5C:48:4A:36:BC:1A:17
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/hWmoLu6TsJ5sWAKgyVxISja8Ghc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:0b:bd:de:e0:70:6f:47:03:47:e1:68:11:60:19:07:bd:40:
         d2:4e:80:93:e0:9c:06:ed:d4:3a:4d:e2:95:ea:9b:37:a9:89:
         d8:28:37:f1:9d:64:ae:df:0b:02:cb:e9:f8:db:f8:fe:49:52:
         b4:09:b4:d1:1c:3b:98:13:d9:2a:3c:b4:02:f7:14:d6:69:b6:
         92:31:45:df:8e:f8:4b:b3:d9:51:87:79:1d:8b:64:89:71:ce:
         4a:5b:41:6c:b0:99:c1:2b:d8:b1:a0:53:31:5c:57:ae:0f:b9:
         b2:b9:4e:c9:4d:f6:18:11:e1:20:aa:8f:58:19:bc:40:6a:6b:
         bc:15:1c:95:81:8d:d4:27:be:72:29:0e:ef:f3:b9:06:f0:14:
         61:6b:31:66:35:13:6c:5b:86:22:25:87:0d:ed:64:10:7b:07:
         9f:09:b4:35:45:28:0a:d9:a4:07:ba:03:49:65:fd:f9:b5:8e:
         fa:3d:84:5f:71:59:5b:13:c7:34:bb:ed:b4:9a:f1:90:ad:64:
         65:9b:5e:42:b4:13:c7:a7:d8:03:93:66:b9:70:f6:87:5b:89:
         4e:00:b9:de:b4:f3:16:22:03:18:f8:00:25:6a:1b:17:aa:97:
         17:ed:da:a4:46:1d:0b:df:e1:c9:23:e3:59:bd:3c:9b:ad:a1:
         d9:27:8c:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhskAQ4SQghBQIPxcrDtSnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwMTAxMTE0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTY5YTgyZWVlOTNiMDllNmM1ODAyYTBjOTVjNDg0YTM2YmMxYTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQCXNWZvm8HdObOM1GBS93pmJC9z
luOAibD5gDn9IX5UlTBW/W4PEcYTiJap6Yvv8XjnV7U2oTIotgFguDNTfXza/OQL
CVzzgXQVMD4KU4o0ns8UDtgIoxfUQogYRk5Wvr9VhhpvlyqZtdUvVA9UMChdv4mk
+5k5bJKhwxHnttSh3iK/EUYgK/eBUZyZDzfYOYYqqrY/FVWHivs66C8eRPU/qenV
uwuRKEjJT4HBVJSg9VW4WEaCQjSuJ50uRTyu1Jsph46RL/SoOe6oHlnxOQVwss/T
rm0pWCKS+WonDWoWFf8aMyj7VXPtIBP7JYZfEF3XAskmoXDebTQKkFYlOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVpqC7uk7CebFgCoMlcSEo2vBoXMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvaFdtb0x1NlRzSjVzV0FLZ3lWeElTamE4R2hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQi/MA0G
CSqGSIb3DQEBCwUAA4IBAQAlC73e4HBvRwNH4WgRYBkHvUDSToCT4JwG7dQ6TeKV
6ps3qYnYKDfxnWSu3wsCy+n42/j+SVK0CbTRHDuYE9kqPLQC9xTWabaSMUXfjvhL
s9lRh3kdi2SJcc5KW0FssJnBK9ixoFMxXFeuD7myuU7JTfYYEeEgqo9YGbxAamu8
FRyVgY3UJ75yKQ7v87kG8BRhazFmNRNsW4YiJYcN7WQQewefCbQ1RSgK2aQHugNJ
Zf35tY76PYRfcVlbE8c0u+20mvGQrWRlm15CtBPHp9gDk2a5cPaHW4lOALnetPMW
IgMY+AAlahsXqpcX7dqkRh0L3+HJI+NZvTybraHZJ4zg
-----END CERTIFICATE-----