Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/j__aq3iFBPVxZdDjpGZ65fzJ6Wg.roa
File:                     j__aq3iFBPVxZdDjpGZ65fzJ6Wg.roa (raw, json)
Hash identifier:          RAipwcTF9FXS+bEQE7It7yZOFxgZeTmaKaRu1+QOgPE=
Subject key identifier:   8F:FF:DA:AB:78:85:04:F5:71:65:D0:E3:A4:66:7A:E5:FC:C9:E9:68
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019422FBBE848213E7854D872ED02C4087BA
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/j__aq3iFBPVxZdDjpGZ65fzJ6Wg.roa
Signing time:             Wed 01 Jan 2025 17:48:31 +0000
ROA not before:           Wed 01 Jan 2025 17:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        45.94.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:be:84:82:13:e7:85:4d:87:2e:d0:2c:40:87:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  1 17:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fffdaab788504f57165d0e3a4667ae5fcc9e968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:04:28:f8:4e:b3:6d:f9:bc:5c:c2:19:26:f2:
                    8f:27:dd:07:72:05:e8:6f:91:24:32:01:28:bb:53:
                    94:df:6d:0a:c4:23:42:39:20:f9:0d:31:fb:f4:7e:
                    89:a0:6f:38:a8:8a:4b:cb:7c:58:c1:75:49:98:62:
                    4f:6d:d5:2c:42:53:6c:fd:a0:36:71:4a:85:52:f6:
                    f4:92:39:fa:d7:cc:b2:0c:ce:01:d4:7a:da:76:c8:
                    a7:f0:0a:5e:f3:64:1b:27:48:a6:73:c8:e9:98:59:
                    ef:3c:99:88:eb:d2:e5:6f:d3:2b:3d:23:b5:ab:2c:
                    0a:ac:76:40:d2:66:9b:84:91:2c:b6:ce:6f:82:9d:
                    15:5c:28:c1:c7:7a:b5:20:7f:2b:7a:90:10:2d:3a:
                    ff:f7:d0:e0:8c:7d:e9:b1:45:6d:99:4b:1b:d4:cb:
                    b1:ff:4e:10:12:d3:5d:b5:e8:73:78:ec:09:0f:5a:
                    6c:cc:7c:4a:8b:0a:a9:38:8f:33:38:4d:eb:ed:3f:
                    23:ea:a0:1e:18:1e:e4:78:ba:d1:a1:92:e4:d7:c2:
                    70:08:c8:06:95:5f:1e:ef:8d:82:ef:21:f7:69:b5:
                    85:d8:6f:92:4c:e4:26:b8:ca:26:f7:a0:cd:d3:02:
                    e3:1b:7a:4e:12:d4:d3:d6:f7:63:eb:f2:1a:43:da:
                    3a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:FF:DA:AB:78:85:04:F5:71:65:D0:E3:A4:66:7A:E5:FC:C9:E9:68
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/j__aq3iFBPVxZdDjpGZ65fzJ6Wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:25:87:8f:aa:9e:cd:37:e2:f5:3a:e1:8b:4d:2d:f1:95:df:
         8a:66:e3:b8:90:de:dd:74:32:4d:44:19:fa:7f:f2:76:a6:d5:
         43:96:e3:0a:2a:8f:30:1b:50:33:fb:38:2f:8b:29:80:3a:52:
         82:84:7a:67:89:5a:8d:0b:60:b8:44:05:21:56:7d:d1:5a:7a:
         6c:e0:86:95:bb:5c:dd:c5:fe:96:ce:bf:64:bd:cc:8c:1c:ef:
         e9:0f:bf:fe:af:9c:a0:08:8e:ba:b7:7a:c3:bf:a2:09:aa:e7:
         5e:1d:a5:99:e1:4f:92:91:b8:21:67:ca:59:3e:37:8f:e1:0e:
         75:2f:e9:c2:76:00:21:5f:50:58:8e:e4:26:af:a0:91:dd:36:
         97:21:b5:03:47:89:ee:68:b4:ab:b2:35:c4:58:24:bc:5f:49:
         f5:1a:29:74:ce:1f:0a:15:f7:c3:a0:20:14:ec:b1:f8:3d:fa:
         22:6e:23:2b:dc:4e:49:d7:b6:fd:ab:4d:d7:32:03:e0:6a:b4:
         df:3b:dc:55:be:42:c5:f6:c1:b9:e1:28:f6:2c:67:60:1d:9e:
         7c:b1:f3:67:4e:7d:92:ba:7a:ea:a9:7c:27:50:20:a3:e7:0b:
         7f:96:04:70:b2:88:f3:06:d0:63:3e:aa:b0:16:26:d4:55:11:
         0c:16:30:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+76EghPnhU2HLtAsQIe6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTAxMTc0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmZmZGFhYjc4ODUwNGY1NzE2NWQwZTNhNDY2N2FlNWZjYzllOTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0QQo+E6zbfm8XMIZJvKPJ90HcgXo
b5EkMgEou1OU320KxCNCOSD5DTH79H6JoG84qIpLy3xYwXVJmGJPbdUsQlNs/aA2
cUqFUvb0kjn618yyDM4B1Hradsin8Ape82QbJ0imc8jpmFnvPJmI69Llb9MrPSO1
qywKrHZA0mabhJEsts5vgp0VXCjBx3q1IH8repAQLTr/99DgjH3psUVtmUsb1Mux
/04QEtNdtehzeOwJD1pszHxKiwqpOI8zOE3r7T8j6qAeGB7keLrRoZLk18JwCMgG
lV8e742C7yH3abWF2G+STOQmuMom96DN0wLjG3pOEtTT1vdj6/IaQ9o6CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI//2qt4hQT1cWXQ46RmeuX8yeloMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEval9fYXEzaUZCUFZ4WmREanBHWjY1ZnpKNldnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV6pMA0G
CSqGSIb3DQEBCwUAA4IBAQBeJYePqp7NN+L1OuGLTS3xld+KZuO4kN7ddDJNRBn6
f/J2ptVDluMKKo8wG1Az+zgviymAOlKChHpniVqNC2C4RAUhVn3RWnps4IaVu1zd
xf6Wzr9kvcyMHO/pD7/+r5ygCI66t3rDv6IJqudeHaWZ4U+SkbghZ8pZPjeP4Q51
L+nCdgAhX1BYjuQmr6CR3TaXIbUDR4nuaLSrsjXEWCS8X0n1Gil0zh8KFffDoCAU
7LH4PfoibiMr3E5J17b9q03XMgPgarTfO9xVvkLF9sG54Sj2LGdgHZ58sfNnTn2S
unrqqXwnUCCj5wt/lgRwsojzBtBjPqqwFibUVREMFjCn
-----END CERTIFICATE-----