Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b182bc-bc32-4e2f-bad7-ca51fb408901/1/z8gJT3mWJvoCjNtGavez3w-sptI.roa
File:                     z8gJT3mWJvoCjNtGavez3w-sptI.roa (raw, json)
Hash identifier:          rAtA37xRZ8BRiEnR3BviWDsE+vEFga17zSGIolCXdPw=
Subject key identifier:   CF:C8:09:4F:79:96:26:FA:02:8C:DB:46:6A:F7:B3:DF:0F:AC:A6:D2
Certificate issuer:       /CN=2078baee6b6ec5425a16b1fc00c52c30ed95a3f0
Certificate serial:       019426D93A610F43D8FD3011A2EDA06DCF31
Authority key identifier: 20:78:BA:EE:6B:6E:C5:42:5A:16:B1:FC:00:C5:2C:30:ED:95:A3:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IHi67mtuxUJaFrH8AMUsMO2Vo_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/b182bc-bc32-4e2f-bad7-ca51fb408901/1/z8gJT3mWJvoCjNtGavez3w-sptI.roa
Signing time:             Thu 02 Jan 2025 11:49:17 +0000
ROA not before:           Thu 02 Jan 2025 11:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209784
IP address blocks:        45.148.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/b182bc-bc32-4e2f-bad7-ca51fb408901/1/IHi67mtuxUJaFrH8AMUsMO2Vo_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/b182bc-bc32-4e2f-bad7-ca51fb408901/1/IHi67mtuxUJaFrH8AMUsMO2Vo_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IHi67mtuxUJaFrH8AMUsMO2Vo_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:3a:61:0f:43:d8:fd:30:11:a2:ed:a0:6d:cf:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2078baee6b6ec5425a16b1fc00c52c30ed95a3f0
        Validity
            Not Before: Jan  2 11:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cfc8094f799626fa028cdb466af7b3df0faca6d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b8:15:d2:a2:dc:8a:85:9d:d2:18:a7:4a:4f:
                    f3:1d:46:63:20:a1:1b:af:12:dc:11:fd:ce:44:37:
                    0a:77:2a:f6:c3:20:5f:4a:5c:86:84:54:41:bf:bd:
                    d5:c4:c7:4a:ba:99:c0:5e:33:b2:54:b6:32:f5:c4:
                    75:1d:6d:d2:33:d1:b5:8e:f5:71:1e:97:f1:54:7c:
                    82:03:d9:74:de:3f:b7:36:07:85:97:a7:6e:c0:e1:
                    81:f2:cd:b6:4f:c0:c7:e3:d9:1b:e6:ef:7f:d2:da:
                    e1:29:9e:b2:6b:ee:e3:71:f4:6c:e5:ba:9c:89:74:
                    3e:9d:b6:70:e7:47:f5:25:0f:a4:78:d1:05:29:e2:
                    49:e6:84:58:e6:c5:f0:37:7c:9f:d9:35:25:da:2a:
                    ac:09:9c:a3:aa:7b:f1:03:13:4d:7b:fa:c2:16:6a:
                    bd:da:62:be:54:e4:76:c2:f4:2a:9d:4a:0e:d7:03:
                    c5:e2:1a:38:22:fd:94:ee:16:77:2d:3c:ca:a3:6c:
                    f0:75:93:83:d7:e0:e7:6e:d3:53:d5:e5:34:35:05:
                    8c:ed:26:1c:76:9c:06:b3:c1:f5:71:0b:57:f2:91:
                    a4:00:18:bb:28:83:82:66:cf:e9:1a:fb:e0:3b:34:
                    46:0f:19:b6:4e:3f:c9:a2:8a:c8:05:bc:6f:b9:0d:
                    a4:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:C8:09:4F:79:96:26:FA:02:8C:DB:46:6A:F7:B3:DF:0F:AC:A6:D2
            X509v3 Authority Key Identifier:
                keyid:20:78:BA:EE:6B:6E:C5:42:5A:16:B1:FC:00:C5:2C:30:ED:95:A3:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IHi67mtuxUJaFrH8AMUsMO2Vo_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b182bc-bc32-4e2f-bad7-ca51fb408901/1/z8gJT3mWJvoCjNtGavez3w-sptI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b182bc-bc32-4e2f-bad7-ca51fb408901/1/IHi67mtuxUJaFrH8AMUsMO2Vo_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:9f:b9:53:2f:35:7f:33:8a:72:af:15:3b:0d:7c:62:f7:50:
         d0:e3:c2:c9:3b:10:3b:0e:58:d3:83:e7:1c:f7:ed:3d:1d:dd:
         1f:42:f3:09:96:0c:13:f1:d3:c4:d1:dd:9c:9e:c8:19:d8:ba:
         8d:00:0f:1e:d6:a7:d3:08:1f:fd:7d:89:6a:26:25:49:fb:87:
         12:a2:ea:17:bf:f0:37:a4:9d:08:e5:aa:a6:76:a1:8f:55:b3:
         6b:3d:67:c7:42:22:8a:be:c9:df:14:23:50:d9:a2:2e:09:e8:
         0d:2d:4e:3e:10:6a:c3:ae:c0:b4:66:c9:c8:a1:69:48:04:a7:
         d6:ce:c4:8e:a1:48:62:42:76:26:31:cc:2b:36:4e:47:6d:0f:
         53:e7:2a:0f:b9:73:2b:af:9e:e4:8c:9f:99:0b:92:8b:2e:bf:
         19:b9:49:05:7c:30:2b:bc:ca:7c:fd:ba:e3:89:cc:14:81:aa:
         c0:fc:a9:fd:a8:56:f1:c8:1e:06:8d:25:bc:f9:4c:4b:7e:62:
         1d:e6:56:60:e3:18:18:40:ab:ca:37:bd:eb:5c:a2:e6:2d:06:
         07:9f:78:19:09:0a:53:e8:cc:b3:94:02:fe:03:14:c5:10:cd:
         5c:8e:21:6b:53:e8:db:40:6e:9d:6e:d8:e8:68:b9:bf:a1:7f:
         ae:d4:ff:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2TphD0PY/TARou2gbc8xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNzhiYWVlNmI2ZWM1NDI1YTE2YjFmYzAwYzUyYzMwZWQ5
NWEzZjAwHhcNMjUwMTAyMTE0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmM4MDk0Zjc5OTYyNmZhMDI4Y2RiNDY2YWY3YjNkZjBmYWNhNmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rgV0qLcioWd0hinSk/zHUZjIKEb
rxLcEf3ORDcKdyr2wyBfSlyGhFRBv73VxMdKupnAXjOyVLYy9cR1HW3SM9G1jvVx
HpfxVHyCA9l03j+3NgeFl6duwOGB8s22T8DH49kb5u9/0trhKZ6ya+7jcfRs5bqc
iXQ+nbZw50f1JQ+keNEFKeJJ5oRY5sXwN3yf2TUl2iqsCZyjqnvxAxNNe/rCFmq9
2mK+VOR2wvQqnUoO1wPF4ho4Iv2U7hZ3LTzKo2zwdZOD1+DnbtNT1eU0NQWM7SYc
dpwGs8H1cQtX8pGkABi7KIOCZs/pGvvgOzRGDxm2Tj/JoorIBbxvuQ2k/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/ICU95lib6AozbRmr3s98PrKbSMB8GA1UdIwQY
MBaAFCB4uu5rbsVCWhax/ADFLDDtlaPwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUhpNjdtdHV4VUphRnJIOEFNVXNNTzJWb19BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iMTgyYmMtYmMzMi00ZTJmLWJhZDct
Y2E1MWZiNDA4OTAxLzEvejhnSlQzbVdKdm9Dak50R2F2ZXozdy1zcHRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iMTgyYmMtYmMzMi00ZTJmLWJhZDctY2E1MWZiNDA4OTAx
LzEvSUhpNjdtdHV4VUphRnJIOEFNVXNNTzJWb19BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZTTMA0G
CSqGSIb3DQEBCwUAA4IBAQBZn7lTLzV/M4pyrxU7DXxi91DQ48LJOxA7DljTg+cc
9+09Hd0fQvMJlgwT8dPE0d2cnsgZ2LqNAA8e1qfTCB/9fYlqJiVJ+4cSouoXv/A3
pJ0I5aqmdqGPVbNrPWfHQiKKvsnfFCNQ2aIuCegNLU4+EGrDrsC0ZsnIoWlIBKfW
zsSOoUhiQnYmMcwrNk5HbQ9T5yoPuXMrr57kjJ+ZC5KLLr8ZuUkFfDArvMp8/brj
icwUgarA/Kn9qFbxyB4GjSW8+UxLfmId5lZg4xgYQKvKN73rXKLmLQYHn3gZCQpT
6MyzlAL+AxTFEM1cjiFrU+jbQG6dbtjoaLm/oX+u1P+y
-----END CERTIFICATE-----