Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/CTPnkSwaGYtL6imrEx676VqeZC4.roa
File:                     CTPnkSwaGYtL6imrEx676VqeZC4.roa (raw, json)
Hash identifier:          D1Nv8O7aG0N8He1Qo3asb3aVDNKj9swYpH0SQDNKYk8=
Subject key identifier:   09:33:E7:91:2C:1A:19:8B:4B:EA:29:AB:13:1E:BB:E9:5A:9E:64:2E
Certificate issuer:       /CN=c089423af1be03027196d1f81df22992978cda6e
Certificate serial:       019427486CCAC2EA143D2E277FD5DB2E74A1
Authority key identifier: C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/CTPnkSwaGYtL6imrEx676VqeZC4.roa
Signing time:             Thu 02 Jan 2025 13:50:45 +0000
ROA not before:           Thu 02 Jan 2025 13:50:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16262
IP address blocks:        185.245.42.0/23 maxlen: 24
                          185.245.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:6c:ca:c2:ea:14:3d:2e:27:7f:d5:db:2e:74:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c089423af1be03027196d1f81df22992978cda6e
        Validity
            Not Before: Jan  2 13:50:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0933e7912c1a198b4bea29ab131ebbe95a9e642e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:cd:03:aa:ca:dc:94:24:3b:0b:c5:4d:a5:38:
                    4b:ec:9b:4c:ea:55:2c:d3:2a:e4:05:b2:0c:e2:8f:
                    11:4a:98:49:75:67:e0:72:d0:ba:12:61:02:76:d9:
                    fd:63:cb:38:5d:14:12:b4:69:be:0a:43:84:d9:38:
                    7f:98:e2:6a:37:eb:00:fa:be:02:8b:b4:36:ea:7d:
                    c9:f7:e3:e1:af:88:f2:23:f6:1f:a6:b1:53:b2:33:
                    a1:f8:35:f8:22:23:95:ef:35:ad:1a:43:32:f1:09:
                    26:bb:30:66:bf:2e:b9:f6:98:bc:ad:1c:52:54:fa:
                    82:a1:55:54:d6:97:fb:14:d1:f2:27:9f:73:e0:60:
                    77:5a:79:74:c7:e0:21:55:38:65:c2:58:fe:ac:36:
                    b4:78:8c:7f:b1:8a:80:9f:74:f1:98:32:0f:f2:ad:
                    e4:42:10:6b:a0:92:af:e8:8c:52:51:c8:32:28:1d:
                    c6:33:38:3d:19:e9:fb:1b:66:e5:9a:98:8b:21:ca:
                    c7:50:30:43:88:b0:f4:e2:74:b9:dc:26:50:bb:41:
                    3a:bb:b8:3c:f2:91:67:07:d5:87:61:49:d3:99:c1:
                    38:8e:28:f7:c4:e8:e5:d9:d6:f9:1e:ca:32:b8:2a:
                    0e:27:f7:57:69:f4:6d:eb:22:ef:07:8e:3b:c7:ae:
                    eb:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:33:E7:91:2C:1A:19:8B:4B:EA:29:AB:13:1E:BB:E9:5A:9E:64:2E
            X509v3 Authority Key Identifier:
                keyid:C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/CTPnkSwaGYtL6imrEx676VqeZC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:fc:a6:c4:14:fa:78:41:40:f1:c3:2f:54:fa:59:d8:ec:ab:
         d7:b9:ea:ee:a5:37:ad:e7:db:8a:ec:3b:04:5d:08:eb:09:f6:
         76:78:8e:5b:32:6c:24:52:0e:e7:99:ac:a6:e5:7a:57:a7:ed:
         3b:2e:88:bb:83:6e:b3:48:1b:47:b6:a0:b4:93:53:58:c1:76:
         b0:b8:38:8c:65:e3:fc:32:12:fd:50:c3:0d:20:ec:0c:2b:a7:
         8c:a9:15:36:ff:54:e5:c4:76:8b:3d:34:bb:0a:57:84:02:1c:
         ba:da:47:09:a5:bd:92:59:a8:c3:d3:9c:71:25:79:3f:48:64:
         05:84:42:32:79:8b:b8:f7:33:ac:ea:fe:d8:8f:6f:e5:95:f2:
         d4:89:34:e2:69:3a:c8:9b:0d:cf:41:70:00:6a:73:6e:09:8c:
         11:ca:d2:19:bb:b8:5d:3b:78:6d:69:e7:01:79:3b:c0:b7:92:
         9f:81:67:02:fc:f6:ee:2a:cc:4c:96:93:32:c6:bc:f9:00:13:
         75:c6:92:18:44:a2:63:12:8e:0c:42:cf:c4:b9:6f:6a:94:3d:
         7b:c1:63:82:1f:2b:60:f7:d8:59:f1:ae:34:bc:d7:9a:ed:1f:
         0b:c6:a6:24:bf:3d:b3:61:5f:2d:c5:f1:4a:fc:8e:54:c1:71:
         f4:b5:40:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSGzKwuoUPS4nf9XbLnShMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwODk0MjNhZjFiZTAzMDI3MTk2ZDFmODFkZjIyOTkyOTc4
Y2RhNmUwHhcNMjUwMTAyMTM1MDQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTMzZTc5MTJjMWExOThiNGJlYTI5YWIxMzFlYmJlOTVhOWU2NDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAts0DqsrclCQ7C8VNpThL7JtM6lUs
0yrkBbIM4o8RSphJdWfgctC6EmECdtn9Y8s4XRQStGm+CkOE2Th/mOJqN+sA+r4C
i7Q26n3J9+Phr4jyI/YfprFTsjOh+DX4IiOV7zWtGkMy8QkmuzBmvy659pi8rRxS
VPqCoVVU1pf7FNHyJ59z4GB3Wnl0x+AhVThlwlj+rDa0eIx/sYqAn3TxmDIP8q3k
QhBroJKv6IxSUcgyKB3GMzg9Gen7G2blmpiLIcrHUDBDiLD04nS53CZQu0E6u7g8
8pFnB9WHYUnTmcE4jij3xOjl2db5HsoyuCoOJ/dXafRt6yLvB447x67rGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkz55EsGhmLS+opqxMeu+lanmQuMB8GA1UdIwQY
MBaAFMCJQjrxvgMCcZbR+B3yKZKXjNpuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgt
NjUzMzJiNDdmNWViLzEvQ1RQbmtTd2FHWXRMNmltckV4Njc2VnFlWkM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgtNjUzMzJiNDdmNWVi
LzEvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufUqMA0G
CSqGSIb3DQEBCwUAA4IBAQBi/KbEFPp4QUDxwy9U+lnY7KvXuerupTet59uK7DsE
XQjrCfZ2eI5bMmwkUg7nmaym5XpXp+07Loi7g26zSBtHtqC0k1NYwXawuDiMZeP8
MhL9UMMNIOwMK6eMqRU2/1TlxHaLPTS7CleEAhy62kcJpb2SWajD05xxJXk/SGQF
hEIyeYu49zOs6v7Yj2/llfLUiTTiaTrImw3PQXAAanNuCYwRytIZu7hdO3htaecB
eTvAt5KfgWcC/PbuKsxMlpMyxrz5ABN1xpIYRKJjEo4MQs/EuW9qlD17wWOCHytg
99hZ8a40vNea7R8LxqYkvz2zYV8txfFK/I5UwXH0tUDY
-----END CERTIFICATE-----