Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/q90aS9463wXYf4Sgoia8t4bKeN8.roa
File:                     q90aS9463wXYf4Sgoia8t4bKeN8.roa (raw, json)
Hash identifier:          hvm9v4WmHwSkZ/edm7ru3afucj0r+/esuU2s4VhpOe8=
Subject key identifier:   AB:DD:1A:4B:DE:3A:DF:05:D8:7F:84:A0:A2:26:BC:B7:86:CA:78:DF
Certificate issuer:       /CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
Certificate serial:       019427B57A88A69AEC865C6DEF50B2805427
Authority key identifier: 82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/q90aS9463wXYf4Sgoia8t4bKeN8.roa
Signing time:             Thu 02 Jan 2025 15:49:52 +0000
ROA not before:           Thu 02 Jan 2025 15:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7979
IP address blocks:        45.84.44.0/24 maxlen: 24
                          194.5.0.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:7a:88:a6:9a:ec:86:5c:6d:ef:50:b2:80:54:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
        Validity
            Not Before: Jan  2 15:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abdd1a4bde3adf05d87f84a0a226bcb786ca78df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:ca:98:93:7d:37:71:ec:3f:43:f8:12:cd:84:
                    e6:f8:90:1b:2d:a4:cd:c6:2f:4e:c0:b2:95:25:6a:
                    4e:89:b9:f5:35:1c:8a:c4:28:92:a2:e4:4d:52:b8:
                    f7:8e:ac:8e:83:f8:50:11:c9:ca:1c:30:3b:86:cf:
                    19:37:7a:d1:37:5f:54:ea:aa:35:c8:8d:a6:d7:9f:
                    08:9a:5e:d8:88:cb:04:1d:02:e7:e7:ef:77:ca:10:
                    32:3f:4b:9a:73:cd:ff:6d:ec:31:d3:8a:ff:8c:d4:
                    dd:61:63:8e:aa:3f:cc:af:2e:73:3a:ad:a6:64:0c:
                    c9:c2:64:e4:31:11:cb:80:5c:59:85:9e:6f:31:d8:
                    8f:bd:82:8e:91:68:33:3f:d2:4d:68:a6:26:48:ec:
                    9b:e2:cb:00:e7:e8:46:b1:f0:a8:99:18:02:3e:68:
                    eb:3b:15:01:c5:d0:3a:c3:b7:f4:76:a3:d7:e8:d7:
                    fb:85:9b:66:0d:d8:bc:23:be:c7:ed:8b:2b:25:5a:
                    05:7d:1d:6f:76:34:83:40:a2:9d:22:02:bc:18:46:
                    6d:02:10:f7:2f:c0:7f:fa:f3:50:4c:48:22:06:c8:
                    75:d8:d9:37:0f:fc:d4:88:7c:56:21:a2:36:be:0e:
                    6a:70:fe:7a:48:82:bf:d7:48:80:b7:b7:18:6d:80:
                    49:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:DD:1A:4B:DE:3A:DF:05:D8:7F:84:A0:A2:26:BC:B7:86:CA:78:DF
            X509v3 Authority Key Identifier:
                keyid:82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/q90aS9463wXYf4Sgoia8t4bKeN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.44.0/24
                  194.5.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:50:eb:75:5d:b2:93:bc:cb:df:ab:b6:2d:c2:c0:dd:98:05:
         12:cc:1c:eb:16:5d:a6:2f:d9:3f:ac:99:ca:4d:81:d9:71:ea:
         eb:a3:52:64:05:11:bb:b2:99:2f:22:50:26:9d:33:c1:62:d6:
         01:4b:dc:e9:c2:1f:82:53:21:a5:47:2b:5f:94:73:7b:f1:36:
         4d:0f:76:c2:39:6d:f6:a1:78:7a:10:48:7a:8a:40:ec:e1:3d:
         ce:cc:46:c4:7c:1c:79:d0:19:e9:c1:96:26:d0:6e:66:e0:2c:
         74:ce:6a:41:5d:86:70:b2:1a:20:12:65:97:51:d5:4c:d2:04:
         ef:32:c8:79:30:57:88:61:4c:26:08:3a:a9:ff:ec:f9:6f:3c:
         7e:ab:75:fa:0a:c2:cb:54:ca:40:51:ce:3b:37:bf:41:71:1b:
         f1:6a:da:20:ce:ae:3a:8a:a9:e8:fa:54:76:99:fd:82:52:5f:
         06:81:25:af:fa:18:cb:aa:e5:ae:12:65:06:76:51:af:6f:e9:
         d8:97:b3:5b:05:16:07:0f:2c:0a:7e:fb:59:be:4e:1b:a1:6c:
         21:ca:70:b5:8c:95:ec:a1:ea:dc:70:3d:68:5e:ef:77:aa:ba:
         d7:96:00:10:69:b6:fb:c7:7b:5e:31:1a:fb:ed:16:cb:a1:18:
         cc:96:2d:33
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntXqIpprshlxt71CygFQnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMWEzZjIxZmIwYzI5NGQ2ZDRhNTI5YjJmMWRiZDRiZDEx
MTliZDcwHhcNMjUwMTAyMTU0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmRkMWE0YmRlM2FkZjA1ZDg3Zjg0YTBhMjI2YmNiNzg2Y2E3OGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA68qYk303cew/Q/gSzYTm+JAbLaTN
xi9OwLKVJWpOibn1NRyKxCiSouRNUrj3jqyOg/hQEcnKHDA7hs8ZN3rRN19U6qo1
yI2m158Iml7YiMsEHQLn5+93yhAyP0uac83/bewx04r/jNTdYWOOqj/Mry5zOq2m
ZAzJwmTkMRHLgFxZhZ5vMdiPvYKOkWgzP9JNaKYmSOyb4ssA5+hGsfComRgCPmjr
OxUBxdA6w7f0dqPX6Nf7hZtmDdi8I77H7YsrJVoFfR1vdjSDQKKdIgK8GEZtAhD3
L8B/+vNQTEgiBsh12Nk3D/zUiHxWIaI2vg5qcP56SIK/10iAt7cYbYBJ9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKvdGkveOt8F2H+EoKImvLeGynjfMB8GA1UdIwQY
MBaAFIIaPyH7DClNbUpSmy8dvUvREZvXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMt
YjZmMmFjODZlZjI3LzEvcTkwYVM5NDYzd1hZZjRTZ29pYTh0NGJLZU44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMtYjZmMmFjODZlZjI3
LzEvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVQsAwQC
wgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAQUOt1XbKTvMvfq7YtwsDdmAUSzBzrFl2m
L9k/rJnKTYHZcerro1JkBRG7spkvIlAmnTPBYtYBS9zpwh+CUyGlRytflHN78TZN
D3bCOW32oXh6EEh6ikDs4T3OzEbEfBx50BnpwZYm0G5m4Cx0zmpBXYZwshogEmWX
UdVM0gTvMsh5MFeIYUwmCDqp/+z5bzx+q3X6CsLLVMpAUc47N79BcRvxatogzq46
iqno+lR2mf2CUl8GgSWv+hjLquWuEmUGdlGvb+nYl7NbBRYHDywKfvtZvk4boWwh
ynC1jJXsoerccD1oXu93qrrXlgAQabb7x3teMRr77RbLoRjMli0z
-----END CERTIFICATE-----