Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/rMOIK9hHA4gRnIcMX2IHOJjJAsA.roa
File:                     rMOIK9hHA4gRnIcMX2IHOJjJAsA.roa (raw, json)
Hash identifier:          55l2q9riEaa2v9v3BgWA9HYwfZJoykLsADCb+fdFhLg=
Subject key identifier:   AC:C3:88:2B:D8:47:03:88:11:9C:87:0C:5F:62:07:38:98:C9:02:C0
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019422FC0D0FF1EB25EA63814EAFC81E01F7
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/rMOIK9hHA4gRnIcMX2IHOJjJAsA.roa
Signing time:             Wed 01 Jan 2025 17:48:50 +0000
ROA not before:           Wed 01 Jan 2025 17:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43818
IP address blocks:        45.67.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:0d:0f:f1:eb:25:ea:63:81:4e:af:c8:1e:01:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 17:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=acc3882bd8470388119c870c5f62073898c902c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:35:24:d6:2d:43:70:4d:df:70:47:30:f6:b8:
                    2d:49:75:1f:69:ce:e9:a7:e1:3f:e6:a0:9d:67:93:
                    8a:76:43:a2:83:f2:98:f6:00:69:61:aa:8d:01:3b:
                    66:6f:b4:04:61:df:ae:af:b6:15:45:3d:f1:cb:af:
                    47:b8:03:0e:ba:40:f2:58:c5:e9:9f:64:03:97:07:
                    b4:4d:db:b2:14:d7:bc:05:11:29:ea:d7:04:0c:19:
                    27:d8:2d:df:9a:c3:2e:8d:bf:b4:d4:d6:8f:6a:33:
                    3e:7e:1e:f2:f5:8b:fd:3a:85:1e:df:e7:09:36:e9:
                    9e:31:f7:b8:14:70:0c:55:b1:94:25:4c:9a:6e:21:
                    81:61:73:99:cc:0d:28:59:05:4b:49:f5:ab:48:f7:
                    5e:69:35:1e:fa:99:2a:46:13:ed:5e:53:4b:30:f7:
                    6e:eb:ee:3c:86:b5:25:98:d6:63:06:40:0f:a5:d3:
                    af:e2:40:12:d6:65:48:c9:31:09:f1:95:e9:89:46:
                    31:f3:f3:2a:fa:54:50:be:a6:80:b7:69:a6:e7:5b:
                    d9:31:16:f1:37:98:3f:60:11:83:40:bc:cd:0b:71:
                    f6:6b:d4:e2:1c:e1:86:78:bb:4a:15:58:7f:a9:b3:
                    0b:56:74:52:3d:de:f9:7a:7d:7c:56:4f:f8:d1:fe:
                    8e:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:C3:88:2B:D8:47:03:88:11:9C:87:0C:5F:62:07:38:98:C9:02:C0
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/rMOIK9hHA4gRnIcMX2IHOJjJAsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:a6:2b:a6:43:a1:1e:2e:ad:36:48:4d:ea:36:09:3c:d9:1c:
         91:14:3c:97:0f:8a:8e:23:a2:16:8e:0a:5d:45:b7:1a:56:d4:
         ae:f8:84:cd:d4:c9:9b:56:dc:74:04:bc:a4:a0:2f:73:0b:94:
         bd:c6:0b:49:5f:97:9d:72:c0:50:ef:bd:d0:1d:54:13:3d:c6:
         d4:81:23:aa:a5:ec:bd:3f:ac:50:65:5a:11:e6:ba:86:e3:94:
         c7:38:cd:f2:b1:53:17:c0:dd:5c:fa:6d:9e:61:22:39:40:b6:
         e6:90:c8:2e:1a:9f:f1:2a:09:08:29:52:04:cc:c7:ca:55:02:
         04:e5:02:88:75:50:a7:b9:dc:a1:74:51:44:0e:86:e8:8b:d0:
         15:2c:de:b8:25:57:e7:37:d6:4e:fa:5e:71:1d:54:c4:0a:0e:
         a3:77:55:e0:ab:f3:5c:69:0c:81:b1:bf:ad:36:14:c6:42:8c:
         aa:60:4a:3e:b1:08:d7:fe:34:da:6b:be:5a:d4:48:4b:2a:c6:
         73:00:05:59:a6:7b:86:8a:1e:43:62:e8:8e:5f:f9:21:fd:4c:
         5c:dd:34:58:5d:86:bf:6c:c7:58:79:dc:b9:27:b2:7e:cb:58:
         6d:8f:c7:c9:ca:06:76:75:80:fe:8f:40:a0:53:de:e6:87:ec:
         f3:fc:cd:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/A0P8esl6mOBTq/IHgH3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwMTAxMTc0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2MzODgyYmQ4NDcwMzg4MTE5Yzg3MGM1ZjYyMDczODk4YzkwMmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTUk1i1DcE3fcEcw9rgtSXUfac7p
p+E/5qCdZ5OKdkOig/KY9gBpYaqNATtmb7QEYd+ur7YVRT3xy69HuAMOukDyWMXp
n2QDlwe0TduyFNe8BREp6tcEDBkn2C3fmsMujb+01NaPajM+fh7y9Yv9OoUe3+cJ
NumeMfe4FHAMVbGUJUyabiGBYXOZzA0oWQVLSfWrSPdeaTUe+pkqRhPtXlNLMPdu
6+48hrUlmNZjBkAPpdOv4kAS1mVIyTEJ8ZXpiUYx8/Mq+lRQvqaAt2mm51vZMRbx
N5g/YBGDQLzNC3H2a9TiHOGGeLtKFVh/qbMLVnRSPd75en18Vk/40f6OZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKzDiCvYRwOIEZyHDF9iBziYyQLAMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvck1PSUs5aEhBNGdSbkljTVgySUhPSmpKQXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUN0MA0G
CSqGSIb3DQEBCwUAA4IBAQCGpiumQ6EeLq02SE3qNgk82RyRFDyXD4qOI6IWjgpd
RbcaVtSu+ITN1MmbVtx0BLykoC9zC5S9xgtJX5edcsBQ773QHVQTPcbUgSOqpey9
P6xQZVoR5rqG45THOM3ysVMXwN1c+m2eYSI5QLbmkMguGp/xKgkIKVIEzMfKVQIE
5QKIdVCnudyhdFFEDoboi9AVLN64JVfnN9ZO+l5xHVTECg6jd1Xgq/NcaQyBsb+t
NhTGQoyqYEo+sQjX/jTaa75a1EhLKsZzAAVZpnuGih5DYuiOX/kh/Uxc3TRYXYa/
bMdYedy5J7J+y1htj8fJygZ2dYD+j0CgU97mh+zz/M26
-----END CERTIFICATE-----