Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/ONA_Wz_R07bArCuTsYRzAnPd6U0.roa
File:                     ONA_Wz_R07bArCuTsYRzAnPd6U0.roa (raw, json)
Hash identifier:          +U7488bA0j2uLRxKNyFESSr3DJDQPDX2jxTrG6zUxMU=
Subject key identifier:   38:D0:3F:5B:3F:D1:D3:B6:C0:AC:2B:93:B1:84:73:02:73:DD:E9:4D
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019422FC1BFC81E025B76917E47EF94022A6
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/ONA_Wz_R07bArCuTsYRzAnPd6U0.roa
Signing time:             Wed 01 Jan 2025 17:48:55 +0000
ROA not before:           Wed 01 Jan 2025 17:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206127
IP address blocks:        45.150.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:1b:fc:81:e0:25:b7:69:17:e4:7e:f9:40:22:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 17:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38d03f5b3fd1d3b6c0ac2b93b184730273dde94d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:df:e9:63:84:db:3a:e2:db:4a:f2:51:a8:0a:
                    7b:8f:29:b7:7a:a3:21:61:f4:17:87:8f:26:53:57:
                    30:47:6d:2e:b9:3f:b1:ed:ee:b2:15:5d:7e:7f:79:
                    bd:d1:f8:5f:4d:ea:08:61:33:07:1f:94:02:e0:57:
                    26:28:d1:fe:8f:1f:04:fd:50:16:c0:68:6e:8d:6a:
                    6c:f3:d6:ba:4d:77:d5:f4:97:c7:f8:4b:1d:81:a6:
                    b0:9b:8c:5b:cb:c4:f2:53:eb:ee:34:ec:49:3f:3b:
                    76:29:04:7a:3d:d2:dc:0d:cb:7c:ac:e1:6f:b4:90:
                    47:9d:7e:2b:ee:5e:f2:a3:6b:db:58:31:d6:f9:2d:
                    45:c3:d6:3f:d5:0a:2b:27:2c:67:88:63:4a:93:ce:
                    b8:a8:4d:3c:a4:6c:98:d0:1d:10:8b:22:fc:f3:ec:
                    99:86:28:e4:b0:4a:8c:17:26:ca:ce:f7:6f:55:63:
                    84:14:a7:c8:ed:0b:3a:d6:19:36:e3:36:c2:a6:c4:
                    d6:50:3c:3f:51:eb:7e:90:f0:94:04:ed:18:f1:c1:
                    8a:28:41:2f:24:47:0f:51:3c:ab:4a:79:60:a7:76:
                    40:f7:37:73:4b:b8:e7:ed:e5:82:b2:4f:e2:72:60:
                    32:47:4b:34:de:4c:42:f8:5b:56:ad:5b:bd:4d:30:
                    af:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:D0:3F:5B:3F:D1:D3:B6:C0:AC:2B:93:B1:84:73:02:73:DD:E9:4D
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/ONA_Wz_R07bArCuTsYRzAnPd6U0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:c8:58:59:e4:37:ba:9e:cb:28:c6:1b:c3:b7:73:90:ff:c2:
         33:cc:c3:fb:ba:5f:ae:b4:96:6e:24:44:f3:a5:81:15:2f:d8:
         3b:e9:18:b4:15:8c:1f:de:03:a2:66:94:06:b0:a0:1c:32:df:
         d4:5f:68:f4:43:66:55:ae:61:dd:66:85:4c:f4:a0:1d:6d:20:
         e2:25:f3:5d:e3:a7:bf:75:44:83:9d:60:bd:30:14:ad:cc:77:
         68:28:a7:75:93:ab:33:ea:9b:5f:65:58:ec:ec:57:8a:46:6c:
         1a:2c:c2:ff:56:ab:46:f6:95:ff:c2:b5:fe:b7:13:e5:f9:90:
         55:36:21:21:c0:08:ec:2e:ce:70:4c:32:c9:e7:ec:42:7c:8e:
         7b:5b:fd:b9:e1:37:41:9f:e4:67:db:9b:ae:2a:37:b9:4d:8f:
         15:8a:f6:c1:41:7a:5b:39:37:24:39:c0:d4:10:81:b4:ac:39:
         40:c5:68:c9:7b:4c:48:5a:cc:a3:ff:96:cc:f1:cd:16:8a:99:
         f7:24:f2:42:8a:e9:86:cd:f6:29:ea:b2:6b:a3:32:86:96:ae:
         b3:32:5a:6b:3e:b5:7f:03:7e:a1:16:f6:60:c9:30:8b:cd:69:
         a4:22:a1:66:4f:4c:26:0d:16:c5:bc:4e:74:96:87:01:4a:c1:
         36:f4:b5:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/Bv8geAlt2kX5H75QCKmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwMTAxMTc0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGQwM2Y1YjNmZDFkM2I2YzBhYzJiOTNiMTg0NzMwMjczZGRlOTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsd/pY4TbOuLbSvJRqAp7jym3eqMh
YfQXh48mU1cwR20uuT+x7e6yFV1+f3m90fhfTeoIYTMHH5QC4FcmKNH+jx8E/VAW
wGhujWps89a6TXfV9JfH+Esdgaawm4xby8TyU+vuNOxJPzt2KQR6PdLcDct8rOFv
tJBHnX4r7l7yo2vbWDHW+S1Fw9Y/1QorJyxniGNKk864qE08pGyY0B0QiyL88+yZ
hijksEqMFybKzvdvVWOEFKfI7Qs61hk24zbCpsTWUDw/Uet+kPCUBO0Y8cGKKEEv
JEcPUTyrSnlgp3ZA9zdzS7jn7eWCsk/icmAyR0s03kxC+FtWrVu9TTCvawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjQP1s/0dO2wKwrk7GEcwJz3elNMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvT05BX1d6X1IwN2JBckN1VHNZUnpBblBkNlUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZaoMA0G
CSqGSIb3DQEBCwUAA4IBAQCnyFhZ5De6nssoxhvDt3OQ/8IzzMP7ul+utJZuJETz
pYEVL9g76Ri0FYwf3gOiZpQGsKAcMt/UX2j0Q2ZVrmHdZoVM9KAdbSDiJfNd46e/
dUSDnWC9MBStzHdoKKd1k6sz6ptfZVjs7FeKRmwaLML/VqtG9pX/wrX+txPl+ZBV
NiEhwAjsLs5wTDLJ5+xCfI57W/254TdBn+Rn25uuKje5TY8VivbBQXpbOTckOcDU
EIG0rDlAxWjJe0xIWsyj/5bM8c0Wipn3JPJCiumGzfYp6rJrozKGlq6zMlprPrV/
A36hFvZgyTCLzWmkIqFmT0wmDRbFvE50locBSsE29LUJ
-----END CERTIFICATE-----