Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/gRQ4yCuvseaLE57M9fowKbjZKdc.roa
File:                     gRQ4yCuvseaLE57M9fowKbjZKdc.roa (raw, json)
Hash identifier:          2erIoIyPnSV3Zcfsjq1qAurwTSkvBBBTKvIM2MmgiUw=
Subject key identifier:   81:14:38:C8:2B:AF:B1:E6:8B:13:9E:CC:F5:FA:30:29:B8:D9:29:D7
Certificate issuer:       /CN=843d1afcf13bd2117d47df683e40a63287004cfe
Certificate serial:       01942220280305632CB5EE8FD315E0918FDB
Authority key identifier: 84:3D:1A:FC:F1:3B:D2:11:7D:47:DF:68:3E:40:A6:32:87:00:4C:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hD0a_PE70hF9R99oPkCmMocATP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/gRQ4yCuvseaLE57M9fowKbjZKdc.roa
Signing time:             Wed 01 Jan 2025 13:48:40 +0000
ROA not before:           Wed 01 Jan 2025 13:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215937
IP address blocks:        45.142.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/hD0a_PE70hF9R99oPkCmMocATP4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/hD0a_PE70hF9R99oPkCmMocATP4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hD0a_PE70hF9R99oPkCmMocATP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:28:03:05:63:2c:b5:ee:8f:d3:15:e0:91:8f:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=843d1afcf13bd2117d47df683e40a63287004cfe
        Validity
            Not Before: Jan  1 13:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=811438c82bafb1e68b139eccf5fa3029b8d929d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c0:07:69:5a:88:58:12:4d:ef:44:e4:8b:74:
                    c7:51:83:5c:35:3d:39:57:85:7f:ff:1f:8b:1d:18:
                    05:57:29:e0:16:04:e9:78:03:ec:0d:60:17:0e:a0:
                    d4:5c:4c:8a:f4:81:e3:61:6d:29:5a:1b:dd:c8:45:
                    3f:4f:39:f6:a2:4e:1a:9c:a8:e5:2e:d4:31:a3:24:
                    7e:eb:6d:14:bb:60:c4:3e:21:54:d2:f0:c0:ab:49:
                    78:56:ec:0b:02:22:af:e3:77:6e:e3:0b:53:83:c2:
                    42:6c:e9:6c:d7:33:3b:f9:19:fd:30:65:8e:6b:d8:
                    0c:39:5f:9d:ff:8e:70:7a:61:72:0c:e0:41:96:40:
                    fa:db:7d:ac:a2:7c:c8:b1:7f:91:5b:3a:ed:3c:c0:
                    c9:9e:ff:7b:3d:7a:9c:1f:84:d8:5d:ea:db:23:75:
                    38:ca:cf:04:3c:1b:38:35:c8:7b:7a:09:78:a5:fa:
                    05:60:b7:d2:74:13:15:26:a7:39:80:af:9b:98:21:
                    37:42:a0:e5:7c:ef:64:01:e7:5f:ad:d0:1a:74:5c:
                    24:f1:c5:21:6a:34:3e:97:f6:8c:fa:de:18:5b:f9:
                    09:8e:19:63:9a:61:55:67:ad:ee:23:e7:06:78:6a:
                    b3:a7:15:4b:97:00:a5:dc:c9:71:67:19:2b:cf:0d:
                    5d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:14:38:C8:2B:AF:B1:E6:8B:13:9E:CC:F5:FA:30:29:B8:D9:29:D7
            X509v3 Authority Key Identifier:
                keyid:84:3D:1A:FC:F1:3B:D2:11:7D:47:DF:68:3E:40:A6:32:87:00:4C:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hD0a_PE70hF9R99oPkCmMocATP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/gRQ4yCuvseaLE57M9fowKbjZKdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/hD0a_PE70hF9R99oPkCmMocATP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:ee:de:3a:e7:23:3b:57:77:37:39:2d:20:35:77:59:e9:aa:
         bc:8b:bc:c1:33:b1:48:a0:48:54:7f:6d:40:17:0f:d6:49:fc:
         8a:e9:5d:25:3b:63:6f:78:cc:2b:00:ca:26:ee:0d:65:89:48:
         93:6b:09:51:00:40:62:de:62:e4:70:3a:40:1d:b7:ab:4f:c8:
         35:01:a3:01:88:2f:32:71:cf:4b:c1:bc:1c:70:88:d0:65:19:
         20:64:be:d2:ec:33:10:22:85:85:0f:04:5f:ae:51:19:47:5e:
         bc:b4:29:e6:09:ef:8d:99:ba:e1:95:1f:df:1b:db:36:06:42:
         83:7d:53:f4:88:7d:f5:f1:08:15:9d:57:f9:e7:ec:25:35:83:
         c4:56:54:a2:5e:00:9d:5f:43:98:28:54:0f:38:90:a5:1d:d1:
         67:55:ff:9c:bc:f2:52:b4:92:14:00:32:aa:c9:59:69:44:2c:
         c5:58:fb:21:3b:8a:66:6d:66:99:b4:04:98:bd:37:5b:04:d7:
         d8:28:b4:62:06:da:46:02:7c:5e:86:72:c1:c4:68:da:80:2a:
         66:29:5d:a5:87:44:9f:43:9d:d3:04:4e:0c:49:22:f2:ee:94:
         1d:64:24:48:26:98:02:0a:ac:1c:17:b9:f7:9f:5b:33:c1:df:
         7e:44:ef:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiICgDBWMste6P0xXgkY/bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0M2QxYWZjZjEzYmQyMTE3ZDQ3ZGY2ODNlNDBhNjMyODcw
MDRjZmUwHhcNMjUwMTAxMTM0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTE0MzhjODJiYWZiMWU2OGIxMzllY2NmNWZhMzAyOWI4ZDkyOWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8AHaVqIWBJN70Tki3THUYNcNT05
V4V//x+LHRgFVyngFgTpeAPsDWAXDqDUXEyK9IHjYW0pWhvdyEU/Tzn2ok4anKjl
LtQxoyR+620Uu2DEPiFU0vDAq0l4VuwLAiKv43du4wtTg8JCbOls1zM7+Rn9MGWO
a9gMOV+d/45wemFyDOBBlkD6232sonzIsX+RWzrtPMDJnv97PXqcH4TYXerbI3U4
ys8EPBs4Nch7egl4pfoFYLfSdBMVJqc5gK+bmCE3QqDlfO9kAedfrdAadFwk8cUh
ajQ+l/aM+t4YW/kJjhljmmFVZ63uI+cGeGqzpxVLlwCl3MlxZxkrzw1djQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIEUOMgrr7HmixOezPX6MCm42SnXMB8GA1UdIwQY
MBaAFIQ9GvzxO9IRfUffaD5ApjKHAEz+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEQwYV9QRTcwaEY5Ujk5b1BrQ21Nb2NBVFA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS8xNzMzMDYtMmRiZC00YWQ4LWJkNTEt
YjFmM2JjYzY3YWFlLzEvZ1JRNHlDdXZzZWFMRTU3TTlmb3dLYmpaS2RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS8xNzMzMDYtMmRiZC00YWQ4LWJkNTEtYjFmM2JjYzY3YWFl
LzEvaEQwYV9QRTcwaEY5Ujk5b1BrQ21Nb2NBVFA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY5XMA0G
CSqGSIb3DQEBCwUAA4IBAQBb7t465yM7V3c3OS0gNXdZ6aq8i7zBM7FIoEhUf21A
Fw/WSfyK6V0lO2NveMwrAMom7g1liUiTawlRAEBi3mLkcDpAHberT8g1AaMBiC8y
cc9LwbwccIjQZRkgZL7S7DMQIoWFDwRfrlEZR168tCnmCe+NmbrhlR/fG9s2BkKD
fVP0iH318QgVnVf55+wlNYPEVlSiXgCdX0OYKFQPOJClHdFnVf+cvPJStJIUADKq
yVlpRCzFWPshO4pmbWaZtASYvTdbBNfYKLRiBtpGAnxehnLBxGjagCpmKV2lh0Sf
Q53TBE4MSSLy7pQdZCRIJpgCCqwcF7n3n1szwd9+RO9P
-----END CERTIFICATE-----