Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/5ba81e-e274-4ba3-954d-bdf94a3fb32d/1/jdMFheDlAIgKvi6YF6C6Rm8zqwg.roa
File:                     jdMFheDlAIgKvi6YF6C6Rm8zqwg.roa (raw, json)
Hash identifier:          0uopvNrGmCf9iLiAY1t8oTN34NZD3FhGP5c/aZny+2A=
Subject key identifier:   8D:D3:05:85:E0:E5:00:88:0A:BE:2E:98:17:A0:BA:46:6F:33:AB:08
Certificate issuer:       /CN=4dcfd001a667e1645ab40c5bbed89f5927004f85
Certificate serial:       019423D756918D3542FE3382E2DB7034CB1B
Authority key identifier: 4D:CF:D0:01:A6:67:E1:64:5A:B4:0C:5B:BE:D8:9F:59:27:00:4F:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tc_QAaZn4WRatAxbvtifWScAT4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/5ba81e-e274-4ba3-954d-bdf94a3fb32d/1/jdMFheDlAIgKvi6YF6C6Rm8zqwg.roa
Signing time:             Wed 01 Jan 2025 21:48:22 +0000
ROA not before:           Wed 01 Jan 2025 21:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34947
IP address blocks:        45.89.200.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/5ba81e-e274-4ba3-954d-bdf94a3fb32d/1/Tc_QAaZn4WRatAxbvtifWScAT4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/5ba81e-e274-4ba3-954d-bdf94a3fb32d/1/Tc_QAaZn4WRatAxbvtifWScAT4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tc_QAaZn4WRatAxbvtifWScAT4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:56:91:8d:35:42:fe:33:82:e2:db:70:34:cb:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dcfd001a667e1645ab40c5bbed89f5927004f85
        Validity
            Not Before: Jan  1 21:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8dd30585e0e500880abe2e9817a0ba466f33ab08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:61:5e:af:14:71:0f:66:7e:42:0a:eb:22:cb:
                    ed:9b:c0:8a:5c:5c:9b:2d:5e:d9:c3:b1:1d:c7:12:
                    03:6b:38:1c:e7:ea:51:88:9a:2d:d5:37:d6:b9:ba:
                    d8:2b:8e:49:e5:9c:0b:ef:10:c5:49:60:16:31:4a:
                    fd:ea:0d:cb:86:55:1d:24:37:83:ad:5d:aa:66:30:
                    c7:a5:12:76:d5:59:1a:4c:48:7f:5d:bd:d8:8f:92:
                    ef:fd:fd:03:0c:33:a2:05:6b:07:df:0b:90:a0:85:
                    52:4b:fc:56:ae:ec:25:a5:3d:bf:48:a9:6d:06:1c:
                    81:0b:7c:1f:53:f2:a3:3c:01:31:7f:c7:09:59:98:
                    0f:18:63:2e:42:34:7b:ff:8c:1e:7b:a9:fb:21:64:
                    32:f9:0b:5b:3f:35:71:e3:c9:a7:ed:f5:53:f6:a6:
                    b5:c2:b2:32:d1:3f:23:06:5b:17:d8:60:03:3c:f8:
                    48:88:91:b2:05:d2:e4:86:0f:8e:6f:80:54:c6:cb:
                    c5:4b:38:b3:40:2c:ab:18:19:ae:1e:83:ed:65:a0:
                    6a:d5:e9:8c:d3:f7:e7:46:bf:9e:f3:22:65:ff:bf:
                    7f:af:54:ca:e6:89:d8:93:dc:9c:ce:bb:a1:9f:a5:
                    79:de:c7:7d:4d:23:60:ab:64:7c:ed:85:b6:54:d8:
                    e2:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:D3:05:85:E0:E5:00:88:0A:BE:2E:98:17:A0:BA:46:6F:33:AB:08
            X509v3 Authority Key Identifier:
                keyid:4D:CF:D0:01:A6:67:E1:64:5A:B4:0C:5B:BE:D8:9F:59:27:00:4F:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tc_QAaZn4WRatAxbvtifWScAT4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/5ba81e-e274-4ba3-954d-bdf94a3fb32d/1/jdMFheDlAIgKvi6YF6C6Rm8zqwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/5ba81e-e274-4ba3-954d-bdf94a3fb32d/1/Tc_QAaZn4WRatAxbvtifWScAT4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:bb:7f:65:48:1f:55:17:e0:1f:98:fa:2a:cd:d8:ef:ae:d6:
         76:6a:8a:e2:8e:51:96:46:ca:d6:b1:37:2c:18:db:ee:e3:68:
         63:72:07:dc:27:9e:8a:69:18:41:99:c0:0e:bd:9a:55:4b:13:
         d3:d4:8f:0e:8b:d3:b7:bb:e4:48:57:23:0f:da:b0:b2:0c:91:
         8b:d9:83:ba:99:c3:b4:2c:0b:f7:6a:3c:52:a0:ad:52:97:72:
         93:5b:ec:ff:aa:e2:92:e2:ee:73:e2:8c:e1:8d:63:29:1b:37:
         8d:79:1a:90:73:41:55:85:40:3a:2a:9f:90:b9:86:64:c7:a8:
         e9:68:17:75:87:43:82:b1:4b:3c:10:a3:db:8c:12:1c:56:eb:
         56:a9:12:91:db:91:d2:98:a7:f8:0d:fb:87:25:0d:bc:e2:85:
         03:d9:2a:72:d6:48:91:89:79:f2:f5:78:fc:07:3a:eb:c3:26:
         61:16:34:3e:cb:03:08:81:fc:ab:e3:8c:78:6b:7c:ee:4e:b6:
         64:e7:1d:ef:7b:e1:43:82:ef:36:09:32:17:00:5f:9b:81:d9:
         9c:cc:b6:70:8a:c0:46:7f:3c:71:6b:43:06:07:77:ec:46:6b:
         d6:e6:a3:aa:d2:37:28:83:f0:22:0e:a5:ad:b2:a4:a0:4f:79:
         df:c1:39:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj11aRjTVC/jOC4ttwNMsbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkY2ZkMDAxYTY2N2UxNjQ1YWI0MGM1YmJlZDg5ZjU5Mjcw
MDRmODUwHhcNMjUwMTAxMjE0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGQzMDU4NWUwZTUwMDg4MGFiZTJlOTgxN2EwYmE0NjZmMzNhYjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7GFerxRxD2Z+QgrrIsvtm8CKXFyb
LV7Zw7EdxxIDazgc5+pRiJot1TfWubrYK45J5ZwL7xDFSWAWMUr96g3LhlUdJDeD
rV2qZjDHpRJ21VkaTEh/Xb3Yj5Lv/f0DDDOiBWsH3wuQoIVSS/xWruwlpT2/SKlt
BhyBC3wfU/KjPAExf8cJWZgPGGMuQjR7/4wee6n7IWQy+QtbPzVx48mn7fVT9qa1
wrIy0T8jBlsX2GADPPhIiJGyBdLkhg+Ob4BUxsvFSzizQCyrGBmuHoPtZaBq1emM
0/fnRr+e8yJl/79/r1TK5onYk9yczruhn6V53sd9TSNgq2R87YW2VNjiQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3TBYXg5QCICr4umBegukZvM6sIMB8GA1UdIwQY
MBaAFE3P0AGmZ+FkWrQMW77Yn1knAE+FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGNfUUFhWm40V1JhdEF4YnZ0aWZXU2NBVDRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC81YmE4MWUtZTI3NC00YmEzLTk1NGQt
YmRmOTRhM2ZiMzJkLzEvamRNRmhlRGxBSWdLdmk2WUY2QzZSbTh6cXdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC81YmE4MWUtZTI3NC00YmEzLTk1NGQtYmRmOTRhM2ZiMzJk
LzEvVGNfUUFhWm40V1JhdEF4YnZ0aWZXU2NBVDRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVnIMA0G
CSqGSIb3DQEBCwUAA4IBAQA6u39lSB9VF+AfmPoqzdjvrtZ2aorijlGWRsrWsTcs
GNvu42hjcgfcJ56KaRhBmcAOvZpVSxPT1I8Oi9O3u+RIVyMP2rCyDJGL2YO6mcO0
LAv3ajxSoK1Sl3KTW+z/quKS4u5z4ozhjWMpGzeNeRqQc0FVhUA6Kp+QuYZkx6jp
aBd1h0OCsUs8EKPbjBIcVutWqRKR25HSmKf4DfuHJQ284oUD2Spy1kiRiXny9Xj8
BzrrwyZhFjQ+ywMIgfyr44x4a3zuTrZk5x3ve+FDgu82CTIXAF+bgdmczLZwisBG
fzxxa0MGB3fsRmvW5qOq0jcog/AiDqWtsqSgT3nfwTmD
-----END CERTIFICATE-----