Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/ijQaYqsX36Iual-crRkacGaVc58.roa
File:                     ijQaYqsX36Iual-crRkacGaVc58.roa (raw, json)
Hash identifier:          ccJw28PP5f/TupBMNwlADhguaBvKtjfCXWHuFYXPLzA=
Subject key identifier:   8A:34:1A:62:AB:17:DF:A2:2E:6A:5F:9C:AD:19:1A:70:66:95:73:9F
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       019422FB65E6B513F6B7EE4B3C5AF38EA9E6
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/ijQaYqsX36Iual-crRkacGaVc58.roa
Signing time:             Wed 01 Jan 2025 17:48:08 +0000
ROA not before:           Wed 01 Jan 2025 17:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208867
IP address blocks:        45.80.96.0/22 maxlen: 22
                          45.85.128.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:65:e6:b5:13:f6:b7:ee:4b:3c:5a:f3:8e:a9:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Jan  1 17:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a341a62ab17dfa22e6a5f9cad191a706695739f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e6:76:65:59:20:d6:48:ef:2a:f0:a2:77:16:
                    63:92:c7:94:b1:0d:b1:be:4e:47:9e:0f:b3:7d:7d:
                    f7:9b:b0:0f:19:9b:60:dc:fa:2b:4b:75:c8:73:f0:
                    a3:9c:fe:55:82:68:d7:73:25:b0:3e:3d:3e:aa:0f:
                    8e:49:71:df:e7:bb:c3:52:3a:2b:8b:07:91:4d:66:
                    42:5a:11:85:2b:60:5e:46:a6:18:f8:8d:c5:28:fc:
                    2b:f2:39:4c:18:cb:28:fc:6e:9c:50:f3:2d:a3:1a:
                    bc:dd:7d:b5:c2:12:c0:be:a0:fb:c9:ff:1c:6c:9e:
                    b2:8e:73:33:64:0c:8d:43:5d:9b:ad:4c:16:58:f0:
                    b1:ba:22:f9:8f:1d:68:05:59:96:6c:c9:93:0a:a2:
                    5c:1d:e6:6f:25:57:24:e7:74:cb:b8:2c:2a:87:4b:
                    e8:93:1d:84:b6:03:16:1d:9b:1b:75:5c:7f:09:3b:
                    42:cb:44:df:ee:76:8a:e4:62:c5:c8:19:ee:7d:a0:
                    c6:e6:59:ad:82:c5:0c:2f:5c:91:32:fe:ef:b7:4d:
                    76:d8:9a:b3:e8:1e:42:de:44:80:2f:0b:86:ba:cb:
                    cf:87:03:aa:35:9f:02:57:8e:ff:a9:d6:99:46:66:
                    93:b3:f3:71:59:38:49:48:9d:2f:21:02:41:ed:4b:
                    87:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:34:1A:62:AB:17:DF:A2:2E:6A:5F:9C:AD:19:1A:70:66:95:73:9F
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/ijQaYqsX36Iual-crRkacGaVc58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.96.0/22
                  45.85.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:7f:43:4a:de:f2:20:a1:27:08:d8:7f:83:75:c8:45:be:72:
         f9:a8:57:40:1b:30:26:2a:cb:d4:63:41:ba:5d:2a:76:b3:13:
         a0:da:32:99:a0:cc:89:59:55:a4:e4:55:65:1e:de:79:2e:fa:
         ae:db:ea:14:28:74:10:d7:de:0b:91:02:6a:79:a8:3f:14:20:
         53:d4:c6:ae:31:23:c3:b3:0a:b6:c4:d7:1f:6d:ee:43:94:2d:
         f8:ac:1c:d6:07:b3:16:80:d9:11:a2:4f:1f:e8:e6:53:73:e4:
         3c:3f:13:67:6d:d2:a8:72:fc:4e:71:be:06:1d:bb:e0:b1:c6:
         ae:dc:89:92:b9:9f:e4:9c:23:03:14:74:92:73:f0:bb:6f:07:
         fb:ec:b7:7c:0b:0a:68:11:0f:57:e6:c7:58:47:21:d3:25:05:
         92:da:9f:64:db:4a:04:0d:b5:57:d6:a3:ae:5c:c8:4b:ef:31:
         c6:db:11:ae:e0:71:5e:02:32:9f:51:86:9f:db:96:88:49:8d:
         66:7b:4c:15:e5:09:89:9f:59:90:55:ce:0a:d2:06:46:c1:f6:
         6a:e2:da:ce:02:a5:b0:73:10:b6:a0:fa:61:53:c4:5a:0e:12:
         82:e9:87:54:99:ec:af:bd:5e:1d:f5:6a:ac:b9:39:99:5d:77:
         cf:f0:36:ab
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+2XmtRP2t+5LPFrzjqnmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MzNlZjQ2MTE2ZmQ5ZDIxYmZiNTMzZTQ0YmRlNTE3ODkw
YzI0ZGMwHhcNMjUwMTAxMTc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTM0MWE2MmFiMTdkZmEyMmU2YTVmOWNhZDE5MWE3MDY2OTU3MzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOZ2ZVkg1kjvKvCidxZjkseUsQ2x
vk5Hng+zfX33m7APGZtg3PorS3XIc/CjnP5VgmjXcyWwPj0+qg+OSXHf57vDUjor
iweRTWZCWhGFK2BeRqYY+I3FKPwr8jlMGMso/G6cUPMtoxq83X21whLAvqD7yf8c
bJ6yjnMzZAyNQ12brUwWWPCxuiL5jx1oBVmWbMmTCqJcHeZvJVck53TLuCwqh0vo
kx2EtgMWHZsbdVx/CTtCy0Tf7naK5GLFyBnufaDG5lmtgsUML1yRMv7vt0122Jqz
6B5C3kSALwuGusvPhwOqNZ8CV47/qdaZRmaTs/NxWThJSJ0vIQJB7UuHYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIo0GmKrF9+iLmpfnK0ZGnBmlXOfMB8GA1UdIwQY
MBaAFIUz70YRb9nSG/tTPkS95ReJDCTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAt
NzM5MjNkYWVmMTE0LzEvaWpRYVlxc1gzNkl1YWwtY3JSa2FjR2FWYzU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAtNzM5MjNkYWVmMTE0
LzEvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVBgAwQB
LVWAMA0GCSqGSIb3DQEBCwUAA4IBAQBUf0NK3vIgoScI2H+DdchFvnL5qFdAGzAm
KsvUY0G6XSp2sxOg2jKZoMyJWVWk5FVlHt55Lvqu2+oUKHQQ194LkQJqeag/FCBT
1MauMSPDswq2xNcfbe5DlC34rBzWB7MWgNkRok8f6OZTc+Q8PxNnbdKocvxOcb4G
Hbvgscau3ImSuZ/knCMDFHSSc/C7bwf77Ld8CwpoEQ9X5sdYRyHTJQWS2p9k20oE
DbVX1qOuXMhL7zHG2xGu4HFeAjKfUYaf25aISY1me0wV5QmJn1mQVc4K0gZGwfZq
4trOAqWwcxC2oPphU8RaDhKC6YdUmeyvvV4d9WqsuTmZXXfP8Dar
-----END CERTIFICATE-----