Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/l1QRPWxD3jMUqUrRSYjgQkqMMjY.roa
File:                     l1QRPWxD3jMUqUrRSYjgQkqMMjY.roa (raw, json)
Hash identifier:          b/Kix0tOAPX6r8HlrRzqQs+UyeGZAUNEIBtd54eVyg0=
Subject key identifier:   97:54:11:3D:6C:43:DE:33:14:A9:4A:D1:49:88:E0:42:4A:8C:32:36
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019422FC21FD9918BDEA00AA209AA9C2C38F
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/l1QRPWxD3jMUqUrRSYjgQkqMMjY.roa
Signing time:             Wed 01 Jan 2025 17:48:56 +0000
ROA not before:           Wed 01 Jan 2025 17:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209896
IP address blocks:        45.86.16.0/21 maxlen: 24
                          45.86.20.0/22 maxlen: 22
                          95.214.152.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:21:fd:99:18:bd:ea:00:aa:20:9a:a9:c2:c3:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 17:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9754113d6c43de3314a94ad14988e0424a8c3236
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:19:c9:27:d5:b4:b5:c0:5d:89:82:2b:f7:21:
                    a8:5c:74:21:80:62:3e:0f:f5:06:1c:d0:74:43:7f:
                    78:55:4e:28:d5:2c:e4:b2:60:ce:13:35:86:fb:a8:
                    ce:d3:ee:f4:4e:03:52:47:7c:ca:21:9e:31:26:d0:
                    39:5f:15:7d:06:8e:e6:4f:4f:ff:91:ce:28:00:d2:
                    63:e9:d2:77:62:32:39:10:65:0e:f5:7f:33:f8:cf:
                    8c:66:7c:a9:4d:90:03:35:bf:d5:fe:51:85:b8:7d:
                    18:ba:05:03:e9:2c:61:43:79:6d:7b:7c:1c:a0:d9:
                    e6:e7:3c:0c:2d:db:db:e4:f7:8d:86:8b:12:07:5d:
                    60:28:51:8d:3e:1f:5b:fd:00:16:b7:c7:c1:60:60:
                    5d:64:35:25:f4:bf:87:18:13:d8:0a:26:1c:a6:2e:
                    28:5f:ed:3b:d0:be:42:bb:9d:fb:a4:bf:7c:82:76:
                    78:d9:3f:2f:0e:cc:a3:d2:53:3b:34:5e:8b:de:a3:
                    ea:1d:87:d5:a4:07:b5:b1:bd:b0:38:1c:e4:58:d1:
                    6d:ae:47:be:ec:cb:44:59:75:a5:fe:c1:1e:80:26:
                    a4:16:60:55:23:9a:43:5d:fc:50:8d:cb:22:df:cd:
                    18:d1:1a:ba:b3:5f:1a:85:ed:09:dd:be:68:1c:02:
                    62:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:54:11:3D:6C:43:DE:33:14:A9:4A:D1:49:88:E0:42:4A:8C:32:36
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/l1QRPWxD3jMUqUrRSYjgQkqMMjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.16.0/21
                  95.214.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:8e:79:2b:f9:0c:ff:48:88:55:ff:bf:fc:14:fb:03:ca:e9:
         c6:8a:b0:88:bb:cf:63:2e:bc:26:0f:f7:25:21:32:8c:21:d1:
         22:b3:f7:4f:5a:22:b3:79:ab:1b:9a:71:04:50:05:0e:5d:53:
         ac:17:e7:41:de:90:b5:73:4f:6f:1c:63:eb:4f:9d:39:51:b3:
         37:6a:ee:b6:82:53:56:d9:0a:77:1f:fa:6f:03:6b:3f:de:66:
         c4:d6:af:e1:ee:71:75:84:51:65:ff:f8:e4:15:be:7f:c2:e9:
         d1:1c:06:81:e3:b1:c4:04:93:f6:98:04:3b:d2:33:a1:28:29:
         01:44:5e:a5:46:13:61:4a:1b:76:8c:d0:df:b2:f0:29:a0:a1:
         77:e4:90:d8:3b:44:13:ef:3f:0e:41:29:6e:0d:b1:29:de:9e:
         1b:e4:87:69:e3:29:ff:3d:78:e8:a9:de:46:03:e4:5f:ce:f6:
         25:17:0b:9d:90:11:1c:f7:d7:ed:39:b2:8c:66:ad:92:f1:40:
         a8:c5:15:49:06:de:7d:76:2a:d8:ab:4c:42:34:b9:a2:3c:0d:
         99:f5:77:14:68:a3:ed:8b:51:ec:03:ad:74:ac:46:4e:8a:54:
         77:36:01:e6:c4:b8:d4:5d:7a:e0:c7:ec:00:ed:46:8a:9d:c8:
         83:3b:fc:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi/CH9mRi96gCqIJqpwsOPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwMTAxMTc0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzU0MTEzZDZjNDNkZTMzMTRhOTRhZDE0OTg4ZTA0MjRhOGMzMjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxnJJ9W0tcBdiYIr9yGoXHQhgGI+
D/UGHNB0Q394VU4o1SzksmDOEzWG+6jO0+70TgNSR3zKIZ4xJtA5XxV9Bo7mT0//
kc4oANJj6dJ3YjI5EGUO9X8z+M+MZnypTZADNb/V/lGFuH0YugUD6SxhQ3lte3wc
oNnm5zwMLdvb5PeNhosSB11gKFGNPh9b/QAWt8fBYGBdZDUl9L+HGBPYCiYcpi4o
X+070L5Cu537pL98gnZ42T8vDsyj0lM7NF6L3qPqHYfVpAe1sb2wOBzkWNFtrke+
7MtEWXWl/sEegCakFmBVI5pDXfxQjcsi380Y0Rq6s18ahe0J3b5oHAJi9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJdUET1sQ94zFKlK0UmI4EJKjDI2MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvbDFRUlBXeEQzak1VcVVyUlNZamdRa3FNTWpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLVYQAwQC
X9aYMA0GCSqGSIb3DQEBCwUAA4IBAQAyjnkr+Qz/SIhV/7/8FPsDyunGirCIu89j
LrwmD/clITKMIdEis/dPWiKzeasbmnEEUAUOXVOsF+dB3pC1c09vHGPrT505UbM3
au62glNW2Qp3H/pvA2s/3mbE1q/h7nF1hFFl//jkFb5/wunRHAaB47HEBJP2mAQ7
0jOhKCkBRF6lRhNhSht2jNDfsvApoKF35JDYO0QT7z8OQSluDbEp3p4b5Idp4yn/
PXjoqd5GA+RfzvYlFwudkBEc99ftObKMZq2S8UCoxRVJBt59dirYq0xCNLmiPA2Z
9XcUaKPti1HsA610rEZOilR3NgHmxLjUXXrgx+wA7UaKnciDO/xL
-----END CERTIFICATE-----