Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/hsyRrTmHUFy-dvGlMuWHGJoh8Ws.roa
File:                     hsyRrTmHUFy-dvGlMuWHGJoh8Ws.roa (raw, json)
Hash identifier:          uXGOwuMsPP7paFlNgchG8Ort4AQoj239eYXxGZv6OVk=
Subject key identifier:   86:CC:91:AD:39:87:50:5C:BE:76:F1:A5:32:E5:87:18:9A:21:F1:6B
Certificate issuer:       /CN=e7c07db9880133c5cdce005bca111b552cd14c53
Certificate serial:       019426D8FE96C6E6FDC2C8505E410D33B8B6
Authority key identifier: E7:C0:7D:B9:88:01:33:C5:CD:CE:00:5B:CA:11:1B:55:2C:D1:4C:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/hsyRrTmHUFy-dvGlMuWHGJoh8Ws.roa
Signing time:             Thu 02 Jan 2025 11:49:02 +0000
ROA not before:           Thu 02 Jan 2025 11:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        45.12.200.0/22 maxlen: 24
                          2a0e:bf00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 19:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:fe:96:c6:e6:fd:c2:c8:50:5e:41:0d:33:b8:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7c07db9880133c5cdce005bca111b552cd14c53
        Validity
            Not Before: Jan  2 11:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86cc91ad3987505cbe76f1a532e587189a21f16b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:45:65:4e:32:90:70:52:43:20:6d:77:43:07:
                    92:fd:52:04:47:71:9e:39:e2:91:63:2c:50:c4:2e:
                    b6:de:55:11:c3:ca:66:61:39:78:2a:06:88:12:1c:
                    8b:51:69:21:f6:93:4c:ae:85:9d:18:35:a2:9d:e6:
                    06:2b:ca:00:45:84:df:5e:07:80:79:b3:3d:90:e4:
                    62:41:8a:07:a5:81:51:7c:f5:23:45:a7:7e:47:cb:
                    97:38:9e:1b:93:dd:ae:2a:ae:1f:6e:28:fe:60:d2:
                    5b:fa:4f:af:13:91:27:15:22:12:82:dd:5f:b9:4f:
                    f4:03:14:8e:0c:19:44:eb:10:a4:93:4c:b5:a4:20:
                    99:9f:89:7c:3b:22:50:9c:86:1d:b1:ed:4e:8b:d3:
                    b2:7e:ac:91:86:5d:41:02:d6:52:25:38:89:cb:c5:
                    b0:05:63:b8:3b:b5:9e:7e:94:62:5b:26:04:40:de:
                    a8:6a:0b:8c:39:7d:6b:46:fc:2d:3b:54:91:c7:3d:
                    39:3c:81:32:c0:3a:17:da:46:79:ab:b2:85:4a:24:
                    e3:9a:3c:f4:06:01:fb:5f:f8:1d:3a:32:db:6b:c6:
                    12:8b:7d:9c:22:a4:82:26:63:5c:34:ab:cd:8a:1a:
                    49:4f:67:65:24:ad:2a:52:e2:c8:99:bd:18:63:d2:
                    46:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:CC:91:AD:39:87:50:5C:BE:76:F1:A5:32:E5:87:18:9A:21:F1:6B
            X509v3 Authority Key Identifier:
                keyid:E7:C0:7D:B9:88:01:33:C5:CD:CE:00:5B:CA:11:1B:55:2C:D1:4C:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/hsyRrTmHUFy-dvGlMuWHGJoh8Ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.200.0/22
                IPv6:
                  2a0e:bf00::/29

    Signature Algorithm: sha256WithRSAEncryption
         cc:d9:7c:08:f4:e6:27:a4:56:b0:7e:3d:05:49:a1:5e:6f:00:
         f0:5e:6f:80:88:f8:fe:19:f1:8e:01:af:ec:bb:3c:4d:15:57:
         3c:8a:72:b1:ed:16:c2:5e:1e:e2:f8:15:a8:ea:1c:f2:c8:74:
         f5:00:ca:8c:b1:9c:42:8f:87:55:70:b2:b6:3c:97:2c:03:87:
         31:e6:6c:81:b4:52:24:77:91:1b:81:b4:c7:a9:b6:45:5e:12:
         60:67:5f:13:b7:2f:bc:46:c0:c0:d8:12:9d:cf:a8:fc:4a:7b:
         23:1c:29:6b:ae:65:2a:f0:32:0c:fb:74:a7:2c:09:74:50:80:
         e5:32:89:9a:07:14:a2:58:4c:4a:ef:c6:be:5d:f8:61:1a:73:
         04:fb:ca:59:70:58:93:0d:b9:f3:e5:08:c4:93:59:5c:c1:a4:
         da:40:99:a2:b6:49:71:ae:e9:72:0d:3b:2e:81:f5:f2:b7:e3:
         67:ef:3e:8b:bc:83:d3:8a:31:cb:8e:cc:f7:d1:ab:29:ea:2f:
         76:67:4e:63:49:12:7a:ac:f7:73:e8:74:db:83:12:9d:26:0c:
         c1:15:93:d1:57:45:fb:e0:93:f8:e1:bd:74:12:a2:a0:19:6a:
         76:02:65:a4:ea:61:87:f7:88:c7:df:09:50:ec:db:40:d4:ba:
         5a:e4:5a:0a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2P6Wxub9wshQXkENM7i2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3YzA3ZGI5ODgwMTMzYzVjZGNlMDA1YmNhMTExYjU1MmNk
MTRjNTMwHhcNMjUwMTAyMTE0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmNjOTFhZDM5ODc1MDVjYmU3NmYxYTUzMmU1ODcxODlhMjFmMTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUVlTjKQcFJDIG13QweS/VIER3Ge
OeKRYyxQxC623lURw8pmYTl4KgaIEhyLUWkh9pNMroWdGDWineYGK8oARYTfXgeA
ebM9kORiQYoHpYFRfPUjRad+R8uXOJ4bk92uKq4fbij+YNJb+k+vE5EnFSISgt1f
uU/0AxSODBlE6xCkk0y1pCCZn4l8OyJQnIYdse1Oi9OyfqyRhl1BAtZSJTiJy8Ww
BWO4O7WefpRiWyYEQN6oaguMOX1rRvwtO1SRxz05PIEywDoX2kZ5q7KFSiTjmjz0
BgH7X/gdOjLba8YSi32cIqSCJmNcNKvNihpJT2dlJK0qUuLImb0YY9JGaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIbMka05h1BcvnbxpTLlhxiaIfFrMB8GA1UdIwQY
MBaAFOfAfbmIATPFzc4AW8oRG1Us0UxTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNThCOXVZZ0JNOFhOemdCYnloRWJWU3pSVEZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi84Y2RkNDktYzA5NC00YzZhLTkxOGMt
MGFhNDYzY2RmY2EwLzEvaHN5UnJUbUhVRnktZHZHbE11V0hHSm9oOFdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi84Y2RkNDktYzA5NC00YzZhLTkxOGMtMGFhNDYzY2RmY2Ew
LzEvNThCOXVZZ0JNOFhOemdCYnloRWJWU3pSVEZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLQzIMA0E
AgACMAcDBQMqDr8AMA0GCSqGSIb3DQEBCwUAA4IBAQDM2XwI9OYnpFawfj0FSaFe
bwDwXm+AiPj+GfGOAa/suzxNFVc8inKx7RbCXh7i+BWo6hzyyHT1AMqMsZxCj4dV
cLK2PJcsA4cx5myBtFIkd5EbgbTHqbZFXhJgZ18Tty+8RsDA2BKdz6j8SnsjHClr
rmUq8DIM+3SnLAl0UIDlMomaBxSiWExK78a+XfhhGnME+8pZcFiTDbnz5QjEk1lc
waTaQJmitklxrulyDTsugfXyt+Nn7z6LvIPTijHLjsz30asp6i92Z05jSRJ6rPdz
6HTbgxKdJgzBFZPRV0X74JP44b10EqKgGWp2AmWk6mGH94jH3wlQ7NtA1Lpa5FoK
-----END CERTIFICATE-----