Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/KfWHlYFQnzVI2dPuoiLZqsly00A.roa
File:                     KfWHlYFQnzVI2dPuoiLZqsly00A.roa (raw, json)
Hash identifier:          hXW7e+AyYxT2PE5t8wRUT3atz/+WaH8gt4XQgdBp/mU=
Subject key identifier:   29:F5:87:95:81:50:9F:35:48:D9:D3:EE:A2:22:D9:AA:C9:72:D3:40
Certificate issuer:       /CN=234b54b119a7b3eff153085b7315507cd8513a0f
Certificate serial:       0194266BD964A15981E48ABBCAA8A26C00FB
Authority key identifier: 23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/KfWHlYFQnzVI2dPuoiLZqsly00A.roa
Signing time:             Thu 02 Jan 2025 09:49:49 +0000
ROA not before:           Thu 02 Jan 2025 09:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.87.160.0/24 maxlen: 24
                          45.87.161.0/24 maxlen: 24
                          45.87.162.0/24 maxlen: 24
                          45.87.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:d9:64:a1:59:81:e4:8a:bb:ca:a8:a2:6c:00:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=234b54b119a7b3eff153085b7315507cd8513a0f
        Validity
            Not Before: Jan  2 09:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29f5879581509f3548d9d3eea222d9aac972d340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:21:6e:fd:69:33:3b:05:77:4c:6e:ab:a6:33:
                    45:0b:04:41:ca:bd:3c:f6:88:38:88:c7:f0:32:89:
                    9a:b8:5d:12:e1:6b:34:00:4f:72:65:c2:c5:a6:8c:
                    65:9e:17:07:78:7f:7c:bb:0f:e7:f7:26:e0:23:f6:
                    be:4d:37:c2:89:05:c7:38:74:3b:92:0b:71:0f:d2:
                    4d:e2:db:9b:a2:55:24:df:d9:95:3b:b1:ca:38:b0:
                    05:a0:66:48:47:90:fb:70:1b:ef:d1:be:a9:d2:8b:
                    39:a1:d5:09:e4:ef:1d:51:af:20:b6:5e:9e:69:9d:
                    83:4f:22:04:d5:a0:91:5a:37:76:25:89:36:37:1d:
                    86:62:02:b6:96:ff:53:5a:94:5f:88:3e:d2:9c:5d:
                    91:e2:0e:c9:68:f0:fe:fb:2e:28:68:6b:2b:83:e4:
                    d5:c8:fd:cd:f3:82:c6:92:11:ef:c9:25:83:dc:8e:
                    d5:6e:d5:43:11:10:a5:8d:16:43:7e:00:63:60:97:
                    55:ab:60:eb:ff:cc:fa:ce:76:85:12:09:26:70:c4:
                    d0:50:ef:9a:33:c5:1e:3f:e6:a4:40:5b:dc:c7:69:
                    ac:f5:ce:c0:a1:e3:99:ac:a4:98:2f:a6:8e:0a:e1:
                    b6:65:c6:ee:85:21:a5:36:ec:fd:dd:6c:28:87:f7:
                    85:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:F5:87:95:81:50:9F:35:48:D9:D3:EE:A2:22:D9:AA:C9:72:D3:40
            X509v3 Authority Key Identifier:
                keyid:23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/KfWHlYFQnzVI2dPuoiLZqsly00A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:fb:3b:1b:a7:90:15:af:10:56:0a:ea:cb:42:31:76:91:36:
         b7:9d:01:2c:74:71:d3:bd:d6:20:05:a8:43:c0:6c:c6:9a:0f:
         a4:b4:0d:4a:58:94:8a:e3:e4:26:67:42:77:c6:4a:80:8e:cc:
         5d:e1:bb:d1:c0:a6:ac:7f:01:5e:8a:e5:4c:2a:be:8e:2e:bc:
         d3:18:dd:0f:5e:3f:57:b1:21:58:84:91:2b:e5:c0:f5:01:81:
         9d:4a:82:04:a4:65:e9:bc:8c:0b:7d:4c:c4:34:2b:ad:cf:ab:
         0e:7d:2d:a9:ba:b1:38:b7:d6:44:4a:6e:af:79:30:89:f6:44:
         3b:aa:80:62:8d:d2:56:e8:ae:c9:4b:f8:80:ad:1a:a8:8d:e2:
         d9:ee:d1:01:8d:11:85:42:3d:89:35:70:6b:07:cf:b1:6b:91:
         50:1c:1d:c5:f9:3d:84:44:04:87:76:39:43:df:d2:5c:52:05:
         01:fe:21:2e:57:96:d0:55:41:39:e3:f0:46:57:36:90:7b:85:
         ac:4a:4d:b0:cd:30:96:23:42:7c:e8:2f:8a:32:59:17:bd:24:
         b1:cd:d0:e2:1e:0c:f6:1a:5e:43:d5:9f:cc:0b:9b:b2:85:ba:
         8c:47:2c:62:2c:fe:e5:cc:17:33:73:3a:dc:87:16:4c:f4:af:
         17:47:51:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma9lkoVmB5Iq7yqiibAD7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNGI1NGIxMTlhN2IzZWZmMTUzMDg1YjczMTU1MDdjZDg1
MTNhMGYwHhcNMjUwMTAyMDk0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWY1ODc5NTgxNTA5ZjM1NDhkOWQzZWVhMjIyZDlhYWM5NzJkMzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5CFu/WkzOwV3TG6rpjNFCwRByr08
9og4iMfwMomauF0S4Ws0AE9yZcLFpoxlnhcHeH98uw/n9ybgI/a+TTfCiQXHOHQ7
kgtxD9JN4tubolUk39mVO7HKOLAFoGZIR5D7cBvv0b6p0os5odUJ5O8dUa8gtl6e
aZ2DTyIE1aCRWjd2JYk2Nx2GYgK2lv9TWpRfiD7SnF2R4g7JaPD++y4oaGsrg+TV
yP3N84LGkhHvySWD3I7VbtVDERCljRZDfgBjYJdVq2Dr/8z6znaFEgkmcMTQUO+a
M8UeP+akQFvcx2ms9c7AoeOZrKSYL6aOCuG2ZcbuhSGlNuz93Wwoh/eF9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCn1h5WBUJ81SNnT7qIi2arJctNAMB8GA1UdIwQY
MBaAFCNLVLEZp7Pv8VMIW3MVUHzYUToPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQt
MWQyMWQxYmNlM2ZlLzEvS2ZXSGxZRlFuelZJMmRQdW9pTFpxc2x5MDBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQtMWQyMWQxYmNlM2Zl
LzEvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVegMA0G
CSqGSIb3DQEBCwUAA4IBAQCt+zsbp5AVrxBWCurLQjF2kTa3nQEsdHHTvdYgBahD
wGzGmg+ktA1KWJSK4+QmZ0J3xkqAjsxd4bvRwKasfwFeiuVMKr6OLrzTGN0PXj9X
sSFYhJEr5cD1AYGdSoIEpGXpvIwLfUzENCutz6sOfS2purE4t9ZESm6veTCJ9kQ7
qoBijdJW6K7JS/iArRqojeLZ7tEBjRGFQj2JNXBrB8+xa5FQHB3F+T2ERASHdjlD
39JcUgUB/iEuV5bQVUE54/BGVzaQe4WsSk2wzTCWI0J86C+KMlkXvSSxzdDiHgz2
Gl5D1Z/MC5uyhbqMRyxiLP7lzBczczrchxZM9K8XR1Ge
-----END CERTIFICATE-----