Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/uzD7LDa_ysHLYkjpG0qczqgQ-6c.roa
File:                     uzD7LDa_ysHLYkjpG0qczqgQ-6c.roa (raw, json)
Hash identifier:          +sNozyl3Ao7B9hIIAN90NCv3t3owWPu+/nFkj8NAfO0=
Subject key identifier:   BB:30:FB:2C:36:BF:CA:C1:CB:62:48:E9:1B:4A:9C:CE:A8:10:FB:A7
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019422FC05B6FDB211C6054321B0FBF49AAE
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/uzD7LDa_ysHLYkjpG0qczqgQ-6c.roa
Signing time:             Wed 01 Jan 2025 17:48:49 +0000
ROA not before:           Wed 01 Jan 2025 17:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5089
IP address blocks:        45.67.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:05:b6:fd:b2:11:c6:05:43:21:b0:fb:f4:9a:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 17:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb30fb2c36bfcac1cb6248e91b4a9ccea810fba7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:11:fd:7f:9e:2e:8f:86:68:07:d4:8d:c3:2a:
                    da:ff:33:9e:7a:33:5b:cc:91:8c:7a:e9:08:19:b9:
                    d0:e4:4a:6c:2a:93:1d:ce:5d:5a:27:66:52:a5:cf:
                    31:6f:b5:83:55:0d:0d:20:80:74:3e:81:b0:ba:8b:
                    10:67:b2:59:98:17:2e:56:3c:d2:05:8d:f6:6f:23:
                    5a:ef:6e:4f:cd:dc:a3:80:cc:b3:67:11:29:b6:04:
                    da:96:69:b0:1a:74:e3:01:9d:4e:65:5c:38:7a:7e:
                    91:eb:68:56:c0:21:be:be:10:93:09:07:43:bf:21:
                    cb:ad:56:a2:01:e6:db:b5:1f:93:de:23:bc:81:26:
                    a0:4a:a9:c5:53:07:1b:93:85:10:7a:1a:53:81:ee:
                    d1:1c:3f:c6:fe:10:54:09:1e:fa:b5:dc:5c:97:25:
                    7a:b5:6d:cf:b1:db:a8:83:42:2c:56:85:34:66:16:
                    08:57:ac:8a:c2:72:ec:6e:63:f7:4a:ae:a6:4f:c8:
                    da:87:38:21:28:f5:4e:f4:78:a4:6f:60:d5:64:3b:
                    4d:15:dd:05:a8:c6:af:e5:f1:9b:c5:df:74:70:3c:
                    78:a0:62:ed:7d:b6:9d:e9:9a:d6:2b:1c:db:39:b8:
                    4d:d5:0a:e1:cd:ae:17:3a:49:cb:a1:31:c6:64:3a:
                    03:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:30:FB:2C:36:BF:CA:C1:CB:62:48:E9:1B:4A:9C:CE:A8:10:FB:A7
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/uzD7LDa_ysHLYkjpG0qczqgQ-6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:a9:1a:ce:83:d0:08:17:06:c5:fb:aa:69:20:a1:1f:9a:60:
         4d:e7:bc:9d:40:f5:c4:7e:b8:14:09:33:1a:49:8d:eb:81:5b:
         ef:a2:69:3d:bc:e9:50:bd:09:44:52:c3:25:78:1b:be:45:d9:
         d8:12:05:d8:85:38:db:c6:38:8f:1f:bb:54:ae:b1:b8:3c:01:
         cd:ef:de:7f:62:e1:9a:96:28:f2:39:69:6e:5e:f1:c7:67:5d:
         a0:b4:9c:f1:1f:7b:02:65:e4:08:db:97:aa:05:16:b5:1b:19:
         b7:87:38:9b:74:d2:fc:53:c1:48:2d:54:59:5c:6e:e8:b1:ed:
         0f:77:06:3f:06:5e:21:40:12:8e:11:d1:e5:44:bd:35:29:21:
         dc:fa:91:b4:3c:b7:13:2c:ce:8d:d3:78:de:71:3a:9a:98:2b:
         de:bc:58:b7:d2:a9:96:d6:e6:67:79:62:7d:e6:26:e8:22:bc:
         a6:f4:92:5c:ea:1f:b2:98:df:3d:d6:72:0b:38:4c:f1:86:ce:
         af:15:c0:d9:eb:89:63:56:a9:3d:4f:38:be:e0:2e:f6:ea:ab:
         ce:9c:b1:b7:53:b0:3b:0d:d8:a8:a8:ce:f0:55:31:30:93:cc:
         30:a6:88:a1:a4:85:85:e0:0f:b4:5a:78:37:ff:4e:29:73:9b:
         3a:a7:1e:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/AW2/bIRxgVDIbD79JquMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwMTAxMTc0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjMwZmIyYzM2YmZjYWMxY2I2MjQ4ZTkxYjRhOWNjZWE4MTBmYmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxH9f54uj4ZoB9SNwyra/zOeejNb
zJGMeukIGbnQ5EpsKpMdzl1aJ2ZSpc8xb7WDVQ0NIIB0PoGwuosQZ7JZmBcuVjzS
BY32byNa725PzdyjgMyzZxEptgTalmmwGnTjAZ1OZVw4en6R62hWwCG+vhCTCQdD
vyHLrVaiAebbtR+T3iO8gSagSqnFUwcbk4UQehpTge7RHD/G/hBUCR76tdxclyV6
tW3Psduog0IsVoU0ZhYIV6yKwnLsbmP3Sq6mT8jahzghKPVO9Hikb2DVZDtNFd0F
qMav5fGbxd90cDx4oGLtfbad6ZrWKxzbObhN1Qrhza4XOknLoTHGZDoDJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLsw+yw2v8rBy2JI6RtKnM6oEPunMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvdXpEN0xEYV95c0hMWWtqcEcwcWN6cWdRLTZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLUPEMA0G
CSqGSIb3DQEBCwUAA4IBAQBoqRrOg9AIFwbF+6ppIKEfmmBN57ydQPXEfrgUCTMa
SY3rgVvvomk9vOlQvQlEUsMleBu+RdnYEgXYhTjbxjiPH7tUrrG4PAHN795/YuGa
lijyOWluXvHHZ12gtJzxH3sCZeQI25eqBRa1Gxm3hzibdNL8U8FILVRZXG7ose0P
dwY/Bl4hQBKOEdHlRL01KSHc+pG0PLcTLM6N03jecTqamCvevFi30qmW1uZneWJ9
5iboIrym9JJc6h+ymN891nILOEzxhs6vFcDZ64ljVqk9Tzi+4C726qvOnLG3U7A7
DdioqM7wVTEwk8wwpoihpIWF4A+0Wng3/04pc5s6px64
-----END CERTIFICATE-----