Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/J7fETgSDFMJ266pRFjN8F5OGkjg.roa
File:                     J7fETgSDFMJ266pRFjN8F5OGkjg.roa (raw, json)
Hash identifier:          GuXVb/UNos2no0i27zypxupgIdk3MYR4OOCNtpwzNLU=
Subject key identifier:   27:B7:C4:4E:04:83:14:C2:76:EB:AA:51:16:33:7C:17:93:86:92:38
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019420685E563E4F64DB5493C8DDC83D2A32
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/J7fETgSDFMJ266pRFjN8F5OGkjg.roa
Signing time:             Wed 01 Jan 2025 05:48:18 +0000
ROA not before:           Wed 01 Jan 2025 05:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216300
IP address blocks:        147.45.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:5e:56:3e:4f:64:db:54:93:c8:dd:c8:3d:2a:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  1 05:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27b7c44e048314c276ebaa5116337c1793869238
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bb:6d:94:56:67:72:2a:03:f0:5c:7c:07:fd:
                    72:79:a3:0b:40:82:ca:bf:a1:cb:51:81:7c:dd:3c:
                    43:4b:99:07:8a:58:f8:ba:94:d1:4a:d6:9b:4b:5a:
                    0f:df:da:20:bf:1d:26:d0:a0:68:35:a3:f0:bf:21:
                    b8:37:20:7a:11:dd:4e:24:93:b0:06:ef:d3:84:ec:
                    27:d6:5e:ef:ef:f6:78:da:1f:80:e2:a7:d7:ac:4a:
                    98:3d:23:89:e7:bc:8c:dd:34:18:f7:93:74:f1:86:
                    72:37:2b:5c:2f:d4:27:fb:0d:5c:75:1e:f7:7b:1d:
                    e2:03:4e:4a:ba:35:0c:5d:aa:a6:9c:ea:7a:5f:c1:
                    2f:14:23:1c:a5:6e:9b:16:a1:c1:97:03:2f:2f:d7:
                    4e:b1:53:8b:11:d3:59:c4:1b:94:b4:8e:3c:8b:02:
                    83:2c:14:a1:78:54:fb:3a:5f:5f:b7:e9:78:5f:2e:
                    06:ff:7c:e6:53:a6:cc:3f:86:2e:1f:40:40:c1:80:
                    f2:03:78:e4:0f:9f:ca:78:c2:c3:1d:6c:51:eb:db:
                    da:d9:43:8a:bd:e0:ae:97:f6:90:36:7c:cf:2c:74:
                    5b:13:74:8b:61:2b:10:94:87:a9:71:44:27:6f:50:
                    27:09:26:dc:b9:83:a3:fd:c2:6a:34:da:e8:2e:82:
                    b9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:B7:C4:4E:04:83:14:C2:76:EB:AA:51:16:33:7C:17:93:86:92:38
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/J7fETgSDFMJ266pRFjN8F5OGkjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:77:08:a2:30:bc:71:74:90:16:f7:50:0a:e9:b6:95:0e:70:
         3e:13:cd:d3:97:49:b9:f1:6a:9b:ee:d4:6b:ed:06:62:fb:f9:
         6d:b8:a9:a6:ab:c2:fe:f6:81:90:0b:1d:9b:e8:00:8e:4f:71:
         5e:43:32:4d:0f:d9:a4:7d:44:70:5a:75:6d:fd:3a:37:18:6a:
         ca:83:46:b9:25:88:73:bd:3f:ba:ce:b3:dd:58:d5:a7:b9:e0:
         30:63:61:cb:4e:37:4c:6d:55:5d:c4:fc:a9:77:8b:a4:80:13:
         c1:49:e2:79:fb:a0:b7:06:88:19:82:9a:46:40:0a:25:f3:52:
         5e:a2:15:1b:43:60:b9:33:3a:95:77:47:98:be:0f:e5:9a:1b:
         d0:b9:b0:56:58:f0:a3:36:ac:fd:5f:01:45:ca:a5:e1:22:a7:
         f0:5e:3b:f5:95:72:49:5b:3f:3b:c4:42:d8:21:23:63:68:17:
         12:68:1e:6b:b2:a1:d8:77:50:85:a6:a4:0a:a7:81:fb:19:d2:
         9f:7f:64:83:7d:b1:06:77:8e:8c:32:4b:71:c4:24:3c:4f:9b:
         2c:7c:40:c3:c7:45:37:0c:cd:ff:0a:ac:ae:e1:4b:ef:01:42:
         a5:e4:b4:69:db:d3:1b:ff:e5:e3:37:b3:1b:0d:5a:80:e6:85:
         19:99:7d:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaF5WPk9k21STyN3IPSoyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMTAxMDU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2I3YzQ0ZTA0ODMxNGMyNzZlYmFhNTExNjMzN2MxNzkzODY5MjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLttlFZncioD8Fx8B/1yeaMLQILK
v6HLUYF83TxDS5kHilj4upTRStabS1oP39ogvx0m0KBoNaPwvyG4NyB6Ed1OJJOw
Bu/ThOwn1l7v7/Z42h+A4qfXrEqYPSOJ57yM3TQY95N08YZyNytcL9Qn+w1cdR73
ex3iA05KujUMXaqmnOp6X8EvFCMcpW6bFqHBlwMvL9dOsVOLEdNZxBuUtI48iwKD
LBSheFT7Ol9ft+l4Xy4G/3zmU6bMP4YuH0BAwYDyA3jkD5/KeMLDHWxR69va2UOK
veCul/aQNnzPLHRbE3SLYSsQlIepcUQnb1AnCSbcuYOj/cJqNNroLoK5CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCe3xE4EgxTCduuqURYzfBeThpI4MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvSjdmRVRnU0RGTUoyNjZwUkZqTjhGNU9Ha2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAky0lMA0G
CSqGSIb3DQEBCwUAA4IBAQANdwiiMLxxdJAW91AK6baVDnA+E83Tl0m58Wqb7tRr
7QZi+/ltuKmmq8L+9oGQCx2b6ACOT3FeQzJND9mkfURwWnVt/To3GGrKg0a5JYhz
vT+6zrPdWNWnueAwY2HLTjdMbVVdxPypd4ukgBPBSeJ5+6C3BogZgppGQAol81Je
ohUbQ2C5MzqVd0eYvg/lmhvQubBWWPCjNqz9XwFFyqXhIqfwXjv1lXJJWz87xELY
ISNjaBcSaB5rsqHYd1CFpqQKp4H7GdKff2SDfbEGd46MMktxxCQ8T5ssfEDDx0U3
DM3/Cqyu4UvvAUKl5LRp29Mb/+XjN7MbDVqA5oUZmX2W
-----END CERTIFICATE-----