Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/98dab8-7b24-49f3-a36f-73a157a2b99f/1/qHEAWZ6N3iBzcK7IIzIjqot58Rk.roa
File:                     qHEAWZ6N3iBzcK7IIzIjqot58Rk.roa (raw, json)
Hash identifier:          n8u6jtIG9RsDk/UjBbBpLB8puiC2i8ky96Vt7ctj0eY=
Subject key identifier:   A8:71:00:59:9E:8D:DE:20:73:70:AE:C8:23:32:23:AA:8B:79:F1:19
Certificate issuer:       /CN=6c73bd24fd830886bfa2d2961416d2185de33772
Certificate serial:       01942368E1D734796F2EFAA62D08647B9DED
Authority key identifier: 6C:73:BD:24:FD:83:08:86:BF:A2:D2:96:14:16:D2:18:5D:E3:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bHO9JP2DCIa_otKWFBbSGF3jN3I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/98dab8-7b24-49f3-a36f-73a157a2b99f/1/qHEAWZ6N3iBzcK7IIzIjqot58Rk.roa
Signing time:             Wed 01 Jan 2025 19:47:43 +0000
ROA not before:           Wed 01 Jan 2025 19:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208654
IP address blocks:        45.85.148.0/22 maxlen: 24
                          2a0e:c680::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/98dab8-7b24-49f3-a36f-73a157a2b99f/1/bHO9JP2DCIa_otKWFBbSGF3jN3I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/98dab8-7b24-49f3-a36f-73a157a2b99f/1/bHO9JP2DCIa_otKWFBbSGF3jN3I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bHO9JP2DCIa_otKWFBbSGF3jN3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 16:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:e1:d7:34:79:6f:2e:fa:a6:2d:08:64:7b:9d:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c73bd24fd830886bfa2d2961416d2185de33772
        Validity
            Not Before: Jan  1 19:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a87100599e8dde207370aec8233223aa8b79f119
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:bb:2b:44:2e:2c:fb:97:62:c3:ad:ac:a2:0b:
                    2a:86:18:a4:4f:1e:e1:32:03:75:4d:e8:84:87:3c:
                    99:d4:c9:be:f5:9c:ed:26:f0:cc:40:b5:a6:72:f5:
                    79:53:1f:58:8e:59:f0:65:63:86:63:72:8d:d8:d7:
                    6e:df:6b:48:59:cb:7a:72:27:51:da:0e:3b:e2:b7:
                    4a:0e:a4:db:7a:c4:2b:97:4b:90:25:cd:c0:f9:03:
                    52:24:13:84:ca:88:a7:8b:a4:82:6c:29:28:17:9f:
                    ea:50:9d:1a:9b:e7:ea:7b:00:0b:a2:17:ae:e5:65:
                    c9:0a:f4:24:6f:f5:06:e3:6f:6d:0b:36:94:8c:99:
                    61:89:32:16:25:bd:8b:d7:21:5f:08:bd:58:07:7c:
                    1e:1f:bc:32:47:ae:43:09:75:da:17:c1:0d:8b:a6:
                    76:67:20:5b:b2:db:f3:67:7b:19:87:ca:8b:e7:8d:
                    06:e1:7e:04:5a:18:9b:42:1c:9a:9d:b8:74:2f:c8:
                    96:6c:da:05:96:ac:df:8e:a1:f4:4e:ee:30:bf:7f:
                    a6:56:88:47:38:96:4e:aa:cd:82:2c:a2:4c:7f:bb:
                    eb:49:8f:b2:a8:90:2d:0a:50:94:08:47:a0:8a:3d:
                    cb:27:5e:f5:81:d7:25:ea:dd:b8:d2:8f:7e:8b:63:
                    48:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:71:00:59:9E:8D:DE:20:73:70:AE:C8:23:32:23:AA:8B:79:F1:19
            X509v3 Authority Key Identifier:
                keyid:6C:73:BD:24:FD:83:08:86:BF:A2:D2:96:14:16:D2:18:5D:E3:37:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bHO9JP2DCIa_otKWFBbSGF3jN3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/98dab8-7b24-49f3-a36f-73a157a2b99f/1/qHEAWZ6N3iBzcK7IIzIjqot58Rk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/98dab8-7b24-49f3-a36f-73a157a2b99f/1/bHO9JP2DCIa_otKWFBbSGF3jN3I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.148.0/22
                IPv6:
                  2a0e:c680::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:5d:5b:6b:ac:1d:0f:61:c8:bd:4b:2e:8e:14:50:dd:49:04:
         a3:94:58:f6:85:c3:24:85:bf:5d:17:e3:bb:bf:97:17:9c:22:
         35:10:be:4f:fe:fe:6b:cb:04:af:f3:62:0d:0b:c2:c6:c7:f8:
         6b:aa:41:d2:33:37:28:4a:8d:ff:bd:8d:66:b2:01:99:b1:8a:
         4c:64:85:03:58:ea:5f:62:00:8f:db:a5:39:05:e7:0e:e1:8c:
         e4:cd:d0:72:18:e4:ed:b4:ca:ff:87:fb:6f:67:8c:6a:a6:2d:
         e1:94:2f:36:e8:45:62:b8:95:a8:03:11:42:bc:30:8d:3b:38:
         69:dc:0e:30:e3:a7:aa:a3:6e:5d:92:7b:0d:be:3e:84:be:22:
         aa:65:e2:dd:f5:ab:30:e9:d2:9f:01:b3:d2:13:c1:e9:94:07:
         10:d9:a3:d1:21:ef:1b:79:63:e9:ae:87:9f:22:24:ce:89:e9:
         46:97:18:08:0c:77:b7:f9:9f:a4:bf:a5:2c:98:9a:5c:63:ec:
         13:ba:60:cf:6e:16:c4:99:fe:8c:d6:8f:46:14:e2:25:f8:60:
         1c:f3:94:5f:6a:be:1c:33:ee:86:67:94:fa:e0:1e:dd:12:53:
         cf:5a:c2:72:5a:70:f9:b6:31:14:c9:7a:a3:7a:c8:41:25:ae:
         6c:55:c9:56
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjaOHXNHlvLvqmLQhke53tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjNzNiZDI0ZmQ4MzA4ODZiZmEyZDI5NjE0MTZkMjE4NWRl
MzM3NzIwHhcNMjUwMTAxMTk0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODcxMDA1OTllOGRkZTIwNzM3MGFlYzgyMzMyMjNhYThiNzlmMTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrsrRC4s+5diw62sogsqhhikTx7h
MgN1TeiEhzyZ1Mm+9ZztJvDMQLWmcvV5Ux9YjlnwZWOGY3KN2Ndu32tIWct6cidR
2g474rdKDqTbesQrl0uQJc3A+QNSJBOEyoini6SCbCkoF5/qUJ0am+fqewALoheu
5WXJCvQkb/UG429tCzaUjJlhiTIWJb2L1yFfCL1YB3weH7wyR65DCXXaF8ENi6Z2
ZyBbstvzZ3sZh8qL540G4X4EWhibQhyanbh0L8iWbNoFlqzfjqH0Tu4wv3+mVohH
OJZOqs2CLKJMf7vrSY+yqJAtClCUCEegij3LJ171gdcl6t240o9+i2NIvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKhxAFmejd4gc3CuyCMyI6qLefEZMB8GA1UdIwQY
MBaAFGxzvST9gwiGv6LSlhQW0hhd4zdyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkhPOUpQMkRDSWFfb3RLV0ZCYlNHRjNqTjNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC85OGRhYjgtN2IyNC00OWYzLWEzNmYt
NzNhMTU3YTJiOTlmLzEvcUhFQVdaNk4zaUJ6Y0s3SUl6SWpxb3Q1OFJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC85OGRhYjgtN2IyNC00OWYzLWEzNmYtNzNhMTU3YTJiOTlm
LzEvYkhPOUpQMkRDSWFfb3RLV0ZCYlNHRjNqTjNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVWUMA0E
AgACMAcDBQAqDsaAMA0GCSqGSIb3DQEBCwUAA4IBAQBcXVtrrB0PYci9Sy6OFFDd
SQSjlFj2hcMkhb9dF+O7v5cXnCI1EL5P/v5rywSv82INC8LGx/hrqkHSMzcoSo3/
vY1msgGZsYpMZIUDWOpfYgCP26U5BecO4YzkzdByGOTttMr/h/tvZ4xqpi3hlC82
6EViuJWoAxFCvDCNOzhp3A4w46eqo25dknsNvj6EviKqZeLd9asw6dKfAbPSE8Hp
lAcQ2aPRIe8beWPproefIiTOielGlxgIDHe3+Z+kv6UsmJpcY+wTumDPbhbEmf6M
1o9GFOIl+GAc85Rfar4cM+6GZ5T64B7dElPPWsJyWnD5tjEUyXqjeshBJa5sVclW
-----END CERTIFICATE-----