Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/o9r3uR2f73He5KEKu4BwYPFzrZs.roa
File:                     o9r3uR2f73He5KEKu4BwYPFzrZs.roa (raw, json)
Hash identifier:          di2c5UqcUyXblOdBvGL8kM199QqPxFbroxHSs6c/vq8=
Subject key identifier:   A3:DA:F7:B9:1D:9F:EF:71:DE:E4:A1:0A:BB:80:70:60:F1:73:AD:9B
Certificate issuer:       /CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
Certificate serial:       019420D64D70A19773FA82E49E4C5727D0E5
Authority key identifier: 28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/o9r3uR2f73He5KEKu4BwYPFzrZs.roa
Signing time:             Wed 01 Jan 2025 07:48:22 +0000
ROA not before:           Wed 01 Jan 2025 07:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207633
IP address blocks:        45.80.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:4d:70:a1:97:73:fa:82:e4:9e:4c:57:27:d0:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
        Validity
            Not Before: Jan  1 07:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3daf7b91d9fef71dee4a10abb807060f173ad9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b9:81:af:86:da:a3:20:2a:7b:94:d0:6b:39:
                    fc:a1:58:0e:f3:1d:70:32:a2:86:68:b3:18:ce:9b:
                    36:cd:56:90:49:9d:ca:11:42:12:a1:b4:a8:08:41:
                    c4:32:bb:65:e8:7f:a6:22:60:d2:ad:c9:8d:7b:b3:
                    09:36:ba:7a:4e:0b:cd:c7:66:00:a7:76:2c:6f:35:
                    0e:e0:be:00:a0:bc:88:4d:e8:b7:0d:fe:4e:0d:5b:
                    ce:b8:22:e3:c1:1e:19:f9:b5:97:5c:cf:72:bd:63:
                    f7:b5:21:ad:6c:6a:d2:39:4d:e2:9f:9f:62:ba:d3:
                    e0:f9:6c:35:da:8a:3d:c8:96:0a:fd:ec:d2:a0:c6:
                    9d:27:45:31:95:15:27:be:96:b9:ce:dd:25:d5:2a:
                    55:1b:48:7d:aa:b4:02:fc:86:8b:3a:ff:0e:6f:f7:
                    9f:51:5f:49:63:f3:f6:2c:91:12:24:ab:55:43:86:
                    40:41:ec:cf:82:29:28:b7:a2:82:94:a1:01:5b:67:
                    86:f5:bb:23:2a:f0:59:37:88:ec:d0:d7:54:ed:48:
                    12:9b:ab:6f:3d:53:76:43:87:f0:4f:a5:7a:a0:10:
                    9c:d9:83:9d:39:a1:22:64:65:3b:c4:ae:fc:36:a3:
                    1f:99:76:87:8f:ef:5c:27:a4:52:c7:26:c7:28:26:
                    b7:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:DA:F7:B9:1D:9F:EF:71:DE:E4:A1:0A:BB:80:70:60:F1:73:AD:9B
            X509v3 Authority Key Identifier:
                keyid:28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/o9r3uR2f73He5KEKu4BwYPFzrZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:04:e6:40:bc:2b:63:84:53:ad:13:f8:81:4f:a8:d5:62:39:
         fe:bf:f3:59:9a:c7:05:16:5d:91:9b:f4:fd:74:3b:f3:c2:1e:
         19:5b:5b:ba:f6:e3:89:d2:6e:9d:2f:5e:f6:a4:71:02:2f:d5:
         e7:46:1e:a7:53:a8:f0:86:2c:79:1a:b6:4d:00:5f:90:6d:2c:
         ef:ed:6b:5a:1d:2c:eb:69:73:64:3d:dc:bc:fa:ed:d3:8c:a4:
         3c:9c:1f:d2:df:16:d5:15:02:10:e9:68:25:a5:a2:98:35:12:
         58:d0:5e:52:24:2a:19:8f:d8:0a:e7:e7:48:ea:0b:c8:27:40:
         3e:c9:d2:e3:df:d8:58:fa:b6:b5:c0:bb:3c:72:da:bd:b0:f3:
         15:0d:37:c5:2c:13:2c:f4:b1:a3:96:c2:87:ec:fe:d3:ca:df:
         66:75:39:5d:a1:da:4e:df:1a:12:c5:4c:8a:2f:e3:85:f8:a9:
         95:56:0c:0d:82:7e:c6:7e:3e:53:54:c9:d8:29:fb:37:89:68:
         41:d5:90:6f:83:8f:38:2a:3b:b0:68:e1:4d:c1:bd:0d:b4:c5:
         b8:b3:4f:9a:82:ca:25:eb:bf:ac:b7:da:97:0a:a8:7c:cf:d6:
         48:d1:1e:93:af:ad:6c:1e:82:92:b8:04:c0:50:2f:01:b8:29:
         25:a4:b4:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1k1woZdz+oLknkxXJ9DlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZmQ2NmU0M2ExMDQ2MzNiMjdiYWM1MzliOThiZGY4ZWJm
YWM5YWUwHhcNMjUwMTAxMDc0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2RhZjdiOTFkOWZlZjcxZGVlNGExMGFiYjgwNzA2MGYxNzNhZDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLmBr4baoyAqe5TQazn8oVgO8x1w
MqKGaLMYzps2zVaQSZ3KEUISobSoCEHEMrtl6H+mImDSrcmNe7MJNrp6TgvNx2YA
p3YsbzUO4L4AoLyITei3Df5ODVvOuCLjwR4Z+bWXXM9yvWP3tSGtbGrSOU3in59i
utPg+Ww12oo9yJYK/ezSoMadJ0UxlRUnvpa5zt0l1SpVG0h9qrQC/IaLOv8Ob/ef
UV9JY/P2LJESJKtVQ4ZAQezPgikot6KClKEBW2eG9bsjKvBZN4js0NdU7UgSm6tv
PVN2Q4fwT6V6oBCc2YOdOaEiZGU7xK78NqMfmXaHj+9cJ6RSxybHKCa3hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPa97kdn+9x3uShCruAcGDxc62bMB8GA1UdIwQY
MBaAFCj9ZuQ6EEYzsnusU5uYvfjr+smuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYt
MjY3NjY5ZjM1NjQ4LzEvbzlyM3VSMmY3M0hlNUtFS3U0QndZUEZ6clpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYtMjY3NjY5ZjM1NjQ4
LzEvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVCuMA0G
CSqGSIb3DQEBCwUAA4IBAQAEBOZAvCtjhFOtE/iBT6jVYjn+v/NZmscFFl2Rm/T9
dDvzwh4ZW1u69uOJ0m6dL172pHECL9XnRh6nU6jwhix5GrZNAF+QbSzv7WtaHSzr
aXNkPdy8+u3TjKQ8nB/S3xbVFQIQ6WglpaKYNRJY0F5SJCoZj9gK5+dI6gvIJ0A+
ydLj39hY+ra1wLs8ctq9sPMVDTfFLBMs9LGjlsKH7P7Tyt9mdTldodpO3xoSxUyK
L+OF+KmVVgwNgn7Gfj5TVMnYKfs3iWhB1ZBvg484KjuwaOFNwb0NtMW4s0+agsol
67+st9qXCqh8z9ZI0R6Tr61sHoKSuATAUC8BuCklpLRj
-----END CERTIFICATE-----