Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/805533-dbc5-42c0-bc78-575b03344cb1/1/GwUYPxJQaw648raZgaiMud0BTgo.roa
File:                     GwUYPxJQaw648raZgaiMud0BTgo.roa (raw, json)
Hash identifier:          LGJZt6ikz8yBfuTCs6jZTUAALLEYDfmbRQi7+ExvBNQ=
Subject key identifier:   1B:05:18:3F:12:50:6B:0E:B8:F2:B6:99:81:A8:8C:B9:DD:01:4E:0A
Certificate issuer:       /CN=f8b8da608137f84e4545320b4a3bb04961d2b12b
Certificate serial:       01942522143CE3A8EFC3C080E5C7D5051467
Authority key identifier: F8:B8:DA:60:81:37:F8:4E:45:45:32:0B:4A:3B:B0:49:61:D2:B1:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-LjaYIE3-E5FRTILSjuwSWHSsSs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/805533-dbc5-42c0-bc78-575b03344cb1/1/GwUYPxJQaw648raZgaiMud0BTgo.roa
Signing time:             Thu 02 Jan 2025 03:49:37 +0000
ROA not before:           Thu 02 Jan 2025 03:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204542
IP address blocks:        185.245.208.0/22 maxlen: 22
                          185.245.208.0/24 maxlen: 24
                          185.245.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/805533-dbc5-42c0-bc78-575b03344cb1/1/1-LjaYIE3-E5FRTILSjuwSWHSsSs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/805533-dbc5-42c0-bc78-575b03344cb1/1/1-LjaYIE3-E5FRTILSjuwSWHSsSs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-LjaYIE3-E5FRTILSjuwSWHSsSs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:14:3c:e3:a8:ef:c3:c0:80:e5:c7:d5:05:14:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8b8da608137f84e4545320b4a3bb04961d2b12b
        Validity
            Not Before: Jan  2 03:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b05183f12506b0eb8f2b69981a88cb9dd014e0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d1:15:18:d9:29:f9:6e:61:55:bf:cf:42:be:
                    ac:57:b3:16:23:65:f1:e0:4d:1a:89:92:d5:a3:37:
                    df:79:6a:25:02:5f:84:bb:7e:4b:6d:62:89:05:fc:
                    9f:e4:51:a2:3c:e5:44:77:7a:0e:db:1d:f8:77:c2:
                    5f:03:34:b0:cf:e6:a5:09:ae:43:79:5f:ec:e9:3b:
                    53:e4:9a:55:d2:4e:10:69:87:d1:bf:59:43:ec:b5:
                    5a:de:b2:30:5f:29:dd:9b:dd:e4:72:94:3e:00:9c:
                    ce:4e:53:bc:63:16:b0:38:d6:d9:95:ca:66:a7:88:
                    1d:f1:83:9d:07:ae:99:35:44:4a:93:5c:68:c8:e8:
                    e0:c5:39:b6:a6:9c:da:bc:aa:d4:e5:f2:61:5b:9b:
                    46:01:fb:e6:8c:a8:21:a1:0e:e1:2f:bc:48:81:e8:
                    58:fd:49:ef:8c:e4:ac:23:6a:cf:65:89:42:bf:2a:
                    76:a9:c5:68:4e:8c:b3:4d:fe:67:e7:d0:3c:0f:11:
                    ab:4c:e9:67:90:d2:87:a9:56:25:3f:2b:4d:e1:ec:
                    a2:d0:77:81:10:b6:e8:a1:93:c5:a5:bc:dd:7e:50:
                    9e:61:92:40:87:3b:a7:70:e4:0e:1c:9b:46:a0:b0:
                    99:b2:89:8c:d2:6b:51:b7:50:95:eb:5f:2e:33:2c:
                    56:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:05:18:3F:12:50:6B:0E:B8:F2:B6:99:81:A8:8C:B9:DD:01:4E:0A
            X509v3 Authority Key Identifier:
                keyid:F8:B8:DA:60:81:37:F8:4E:45:45:32:0B:4A:3B:B0:49:61:D2:B1:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-LjaYIE3-E5FRTILSjuwSWHSsSs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/805533-dbc5-42c0-bc78-575b03344cb1/1/GwUYPxJQaw648raZgaiMud0BTgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/805533-dbc5-42c0-bc78-575b03344cb1/1/1-LjaYIE3-E5FRTILSjuwSWHSsSs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:62:00:0d:4f:eb:a0:35:00:24:20:e7:1e:c1:52:78:25:26:
         8b:e1:cb:b9:5e:25:52:6d:81:32:c9:57:80:d4:06:12:77:73:
         43:49:9b:ef:8b:d4:95:64:7c:0b:e7:da:86:bc:21:97:ae:a3:
         ec:b4:d2:c1:7f:1d:bf:5d:de:fe:36:0c:f1:8c:37:59:49:98:
         42:24:28:d4:c4:fb:b1:60:63:a0:2d:98:11:01:d9:a9:d3:d5:
         e2:97:f2:1f:da:e9:91:00:4d:bc:15:14:64:30:57:13:07:75:
         31:e4:00:9b:a9:44:26:f1:c1:04:99:cb:c0:6b:53:c5:0e:bb:
         cb:3d:bc:40:5c:ba:de:a5:22:00:35:a1:56:65:8f:76:31:41:
         4c:e9:27:bf:ca:97:e4:99:b3:83:0a:80:b6:b4:4f:e9:c1:d7:
         ba:9e:35:a4:8a:48:2d:2b:1d:7c:ed:db:f7:3b:c1:8e:17:cb:
         be:51:58:98:31:1a:3d:7f:b9:8b:d5:2a:ed:69:77:e9:c5:62:
         c2:a8:60:91:b3:91:07:2e:73:53:48:25:ba:e0:12:bc:23:e5:
         3f:94:ca:20:c5:1c:d2:5d:52:50:24:e4:89:62:f1:65:93:78:
         ef:99:33:62:76:35:17:fe:34:41:71:0f:ff:10:06:ee:55:df:
         8a:c5:4f:02
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIhQ846jvw8CA5cfVBRRnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YjhkYTYwODEzN2Y4NGU0NTQ1MzIwYjRhM2JiMDQ5NjFk
MmIxMmIwHhcNMjUwMTAyMDM0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjA1MTgzZjEyNTA2YjBlYjhmMmI2OTk4MWE4OGNiOWRkMDE0ZTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9EVGNkp+W5hVb/PQr6sV7MWI2Xx
4E0aiZLVozffeWolAl+Eu35LbWKJBfyf5FGiPOVEd3oO2x34d8JfAzSwz+alCa5D
eV/s6TtT5JpV0k4QaYfRv1lD7LVa3rIwXyndm93kcpQ+AJzOTlO8YxawONbZlcpm
p4gd8YOdB66ZNURKk1xoyOjgxTm2ppzavKrU5fJhW5tGAfvmjKghoQ7hL7xIgehY
/UnvjOSsI2rPZYlCvyp2qcVoToyzTf5n59A8DxGrTOlnkNKHqVYlPytN4eyi0HeB
ELbooZPFpbzdflCeYZJAhzuncOQOHJtGoLCZsomM0mtRt1CV618uMyxWNQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBsFGD8SUGsOuPK2mYGojLndAU4KMB8GA1UdIwQY
MBaAFPi42mCBN/hORUUyC0o7sElh0rErMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1MamFZSUUzLUU1RlJUSUxTanV3U1dIU3NTcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjQvODA1NTMzLWRiYzUtNDJjMC1iYzc4
LTU3NWIwMzM0NGNiMS8xL0d3VVlQeEpRYXc2NDhyYVpnYWlNdWQwQlRnby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjQvODA1NTMzLWRiYzUtNDJjMC1iYzc4LTU3NWIwMzM0NGNi
MS8xLzEtTGphWUlFMy1FNUZSVElMU2p1d1NXSFNzU3MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAK59dAw
DQYJKoZIhvcNAQELBQADggEBACliAA1P66A1ACQg5x7BUnglJovhy7leJVJtgTLJ
V4DUBhJ3c0NJm++L1JVkfAvn2oa8IZeuo+y00sF/Hb9d3v42DPGMN1lJmEIkKNTE
+7FgY6AtmBEB2anT1eKX8h/a6ZEATbwVFGQwVxMHdTHkAJupRCbxwQSZy8BrU8UO
u8s9vEBcut6lIgA1oVZlj3YxQUzpJ7/Kl+SZs4MKgLa0T+nB17qeNaSKSC0rHXzt
2/c7wY4Xy75RWJgxGj1/uYvVKu1pd+nFYsKoYJGzkQcuc1NIJbrgErwj5T+UyiDF
HNJdUlAk5Ili8WWTeO+ZM2J2NRf+NEFxD/8QBu5V34rFTwI=
-----END CERTIFICATE-----