Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/8pRtCyCXJt6d4HwpOVM7F0UDshw.roa
File:                     8pRtCyCXJt6d4HwpOVM7F0UDshw.roa (raw, json)
Hash identifier:          i4y/SB2wcYCqvjUo/ETBzIc6v+1rOKiEMkG+US385ys=
Subject key identifier:   F2:94:6D:0B:20:97:26:DE:9D:E0:7C:29:39:53:3B:17:45:03:B2:1C
Certificate issuer:       /CN=a2ca37ded1b70c81b74a430f9b4d7acc62805ed8
Certificate serial:       019026379271294B84369DDE5BFAB26623AD
Authority key identifier: A2:CA:37:DE:D1:B7:0C:81:B7:4A:43:0F:9B:4D:7A:CC:62:80:5E:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oso33tG3DIG3SkMPm016zGKAXtg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/8pRtCyCXJt6d4HwpOVM7F0UDshw.roa
Signing time:             Mon 17 Jun 2024 12:41:34 +0000
ROA not before:           Mon 17 Jun 2024 12:41:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47474
IP address blocks:        185.45.97.0/24 maxlen: 24
                          2a04:a181::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/oso33tG3DIG3SkMPm016zGKAXtg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/oso33tG3DIG3SkMPm016zGKAXtg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oso33tG3DIG3SkMPm016zGKAXtg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:26:37:92:71:29:4b:84:36:9d:de:5b:fa:b2:66:23:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2ca37ded1b70c81b74a430f9b4d7acc62805ed8
        Validity
            Not Before: Jun 17 12:41:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2946d0b209726de9de07c2939533b174503b21c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:61:2d:1b:7a:46:58:c0:13:3d:e4:8b:3a:6c:
                    9b:34:e1:79:fc:5b:29:1d:45:14:d7:3b:41:e9:ad:
                    4f:23:07:3a:10:b7:d8:e7:24:da:e2:4b:41:f3:3f:
                    14:42:21:8d:75:53:90:c7:5e:24:44:be:93:a3:fd:
                    15:0c:2b:5d:65:f9:60:d9:5a:02:47:7a:f0:d1:3f:
                    0d:7b:31:cb:10:65:2b:d3:1b:f1:52:b1:69:c8:e3:
                    6f:9c:f1:13:b7:a4:09:7c:7a:a0:4e:08:5b:2d:cd:
                    d6:2b:e1:ba:6e:ba:1a:10:83:1e:5e:4f:d3:d0:ed:
                    e0:9a:eb:73:08:fb:4b:f8:b5:09:87:9a:87:be:7b:
                    59:25:ba:9b:d1:22:be:ff:44:fe:d8:8f:23:d0:ce:
                    2f:28:bb:ac:66:69:6b:49:2c:75:91:4b:18:5b:c6:
                    a3:9b:0b:1b:1b:8a:69:70:4b:48:bd:38:87:95:21:
                    37:dd:b0:ce:60:b0:c9:a5:45:a6:60:a3:e5:aa:7c:
                    d4:94:10:7f:92:00:75:98:d0:ad:a9:e3:69:51:7f:
                    ab:3e:40:82:e2:de:e9:65:7e:dd:83:f6:6e:66:13:
                    c4:b4:43:6d:0d:5d:03:62:60:de:53:13:ef:55:9d:
                    7e:0e:bd:a4:6a:1e:75:9d:30:63:51:18:7e:96:05:
                    8a:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:94:6D:0B:20:97:26:DE:9D:E0:7C:29:39:53:3B:17:45:03:B2:1C
            X509v3 Authority Key Identifier:
                keyid:A2:CA:37:DE:D1:B7:0C:81:B7:4A:43:0F:9B:4D:7A:CC:62:80:5E:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oso33tG3DIG3SkMPm016zGKAXtg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/8pRtCyCXJt6d4HwpOVM7F0UDshw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/oso33tG3DIG3SkMPm016zGKAXtg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.97.0/24
                IPv6:
                  2a04:a181::/32

    Signature Algorithm: sha256WithRSAEncryption
         a6:52:0c:39:eb:90:60:d3:7e:76:e5:06:9a:a8:8e:3e:23:ad:
         3f:c4:19:75:7f:7e:7d:71:5e:67:21:c5:0c:85:c0:46:cd:70:
         73:1b:b9:87:21:c8:9f:5c:60:ff:e8:be:ae:82:3a:ee:2b:bc:
         03:2e:e3:a8:21:22:96:aa:ef:69:5c:37:86:41:a2:0a:ff:b1:
         56:12:15:6a:d0:1a:74:a2:e7:e4:76:48:8b:0b:df:7e:04:5e:
         1f:b9:b8:e3:61:43:82:e3:a0:a9:a6:06:59:75:75:6c:d6:a7:
         f3:4b:f0:d2:ee:9e:20:72:b8:f2:ed:de:9d:9a:31:6d:d8:b4:
         6e:7a:33:4f:cd:2f:02:da:08:64:5a:d0:c2:a4:3b:42:77:51:
         dc:65:39:e7:5f:65:63:22:e7:35:02:a7:62:4c:4d:a6:45:3e:
         e2:0d:4a:13:79:6c:cf:4a:59:f4:83:2e:45:14:b5:8e:dc:f0:
         41:6c:10:e4:56:ad:b0:7f:51:49:13:ce:04:a8:7e:f0:b7:61:
         1b:36:44:e3:41:eb:1f:b1:b7:d3:d2:be:8c:19:40:29:43:be:
         07:52:b3:7f:97:43:c5:5e:05:05:c2:c2:ae:e3:42:2c:5b:f2:
         d6:da:d1:6e:55:31:ef:a6:56:d2:9f:89:8c:4b:a6:ac:bd:a1:
         b0:01:96:f3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZAmN5JxKUuENp3eW/qyZiOtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyY2EzN2RlZDFiNzBjODFiNzRhNDMwZjliNGQ3YWNjNjI4
MDVlZDgwHhcNMjQwNjE3MTI0MTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjk0NmQwYjIwOTcyNmRlOWRlMDdjMjkzOTUzM2IxNzQ1MDNiMjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGEtG3pGWMATPeSLOmybNOF5/Fsp
HUUU1ztB6a1PIwc6ELfY5yTa4ktB8z8UQiGNdVOQx14kRL6To/0VDCtdZflg2VoC
R3rw0T8NezHLEGUr0xvxUrFpyONvnPETt6QJfHqgTghbLc3WK+G6broaEIMeXk/T
0O3gmutzCPtL+LUJh5qHvntZJbqb0SK+/0T+2I8j0M4vKLusZmlrSSx1kUsYW8aj
mwsbG4ppcEtIvTiHlSE33bDOYLDJpUWmYKPlqnzUlBB/kgB1mNCtqeNpUX+rPkCC
4t7pZX7dg/ZuZhPEtENtDV0DYmDeUxPvVZ1+Dr2kah51nTBjURh+lgWKUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPKUbQsglybeneB8KTlTOxdFA7IcMB8GA1UdIwQY
MBaAFKLKN97RtwyBt0pDD5tNesxigF7YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3NvMzN0RzNESUczU2tNUG0wMTZ6R0tBWHRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9iMmFjZTctNDhkYi00ZjdkLTkxN2Yt
MzA2MTg5ZDVjMDQ5LzEvOHBSdEN5Q1hKdDZkNEh3cE9WTTdGMFVEc2h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9iMmFjZTctNDhkYi00ZjdkLTkxN2YtMzA2MTg5ZDVjMDQ5
LzEvb3NvMzN0RzNESUczU2tNUG0wMTZ6R0tBWHRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuS1hMA0E
AgACMAcDBQAqBKGBMA0GCSqGSIb3DQEBCwUAA4IBAQCmUgw565Bg03525QaaqI4+
I60/xBl1f359cV5nIcUMhcBGzXBzG7mHIcifXGD/6L6ugjruK7wDLuOoISKWqu9p
XDeGQaIK/7FWEhVq0Bp0oufkdkiLC99+BF4fubjjYUOC46CppgZZdXVs1qfzS/DS
7p4gcrjy7d6dmjFt2LRuejNPzS8C2ghkWtDCpDtCd1HcZTnnX2VjIuc1AqdiTE2m
RT7iDUoTeWzPSln0gy5FFLWO3PBBbBDkVq2wf1FJE84EqH7wt2EbNkTjQesfsbfT
0r6MGUApQ74HUrN/l0PFXgUFwsKu40IsW/LW2tFuVTHvplbSn4mMS6asvaGwAZbz
-----END CERTIFICATE-----