Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/f800f1-74ae-4c19-a7cf-31b36f579f06/1/bxA8JQu2uTNMxZPugWxy8BA9JuM.roa
File:                     bxA8JQu2uTNMxZPugWxy8BA9JuM.roa (raw, json)
Hash identifier:          Z+hupgw09gxg+qKwTC7uynG2+KfBGjPZ8fjXe4JaS6c=
Subject key identifier:   6F:10:3C:25:0B:B6:B9:33:4C:C5:93:EE:81:6C:72:F0:10:3D:26:E3
Certificate issuer:       /CN=07ea4e88466de4c896094028f1cf0db665360d32
Certificate serial:       019426D87024291FFF79D45E22C584A4D43E
Authority key identifier: 07:EA:4E:88:46:6D:E4:C8:96:09:40:28:F1:CF:0D:B6:65:36:0D:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B-pOiEZt5MiWCUAo8c8NtmU2DTI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/f800f1-74ae-4c19-a7cf-31b36f579f06/1/bxA8JQu2uTNMxZPugWxy8BA9JuM.roa
Signing time:             Thu 02 Jan 2025 11:48:26 +0000
ROA not before:           Thu 02 Jan 2025 11:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29119
IP address blocks:        45.14.196.0/22 maxlen: 22
                          95.178.37.0/24 maxlen: 24
                          212.118.58.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/f800f1-74ae-4c19-a7cf-31b36f579f06/1/B-pOiEZt5MiWCUAo8c8NtmU2DTI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/f800f1-74ae-4c19-a7cf-31b36f579f06/1/B-pOiEZt5MiWCUAo8c8NtmU2DTI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B-pOiEZt5MiWCUAo8c8NtmU2DTI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:70:24:29:1f:ff:79:d4:5e:22:c5:84:a4:d4:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07ea4e88466de4c896094028f1cf0db665360d32
        Validity
            Not Before: Jan  2 11:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f103c250bb6b9334cc593ee816c72f0103d26e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:80:ab:ed:9f:c9:8f:e7:6a:4d:18:16:3a:71:
                    57:9c:15:af:d0:80:4c:98:b0:5b:51:8f:34:14:59:
                    f4:69:0d:9b:cb:1b:dd:88:af:57:df:2f:63:7d:09:
                    ee:4c:96:35:b7:39:c9:30:4e:57:a5:07:60:41:53:
                    95:74:36:05:11:20:97:06:37:a0:fb:1f:e4:d1:4c:
                    87:b2:42:df:b9:1f:e3:5f:6d:57:ef:30:01:d5:e1:
                    02:6c:61:54:43:0f:e6:2c:43:db:44:9b:0a:2e:88:
                    3a:50:b1:84:a0:ca:17:b9:5c:18:5f:99:31:1f:99:
                    aa:1d:9e:d3:f1:7c:9c:3d:5c:bc:5d:5a:06:e8:e6:
                    de:bc:30:1f:8f:2d:b7:1a:6f:4e:f2:92:33:ca:d1:
                    f6:e1:92:48:6a:f4:51:43:8b:76:d8:f7:83:bd:33:
                    af:ad:4b:21:0e:3e:e0:8e:c5:81:9d:63:e1:53:2c:
                    da:e6:d5:3f:d2:8b:e6:3f:b3:1a:ce:f6:96:c4:c6:
                    0f:10:1b:cd:d3:ea:48:e7:31:dd:a5:2b:33:ac:7a:
                    d6:61:39:ef:b8:e7:92:e9:c0:60:31:94:87:11:f4:
                    2b:cc:57:83:09:f6:14:fa:7b:20:65:ee:69:4f:a2:
                    05:ff:15:08:89:84:f4:d4:b0:d2:e5:b0:28:f8:c6:
                    ca:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:10:3C:25:0B:B6:B9:33:4C:C5:93:EE:81:6C:72:F0:10:3D:26:E3
            X509v3 Authority Key Identifier:
                keyid:07:EA:4E:88:46:6D:E4:C8:96:09:40:28:F1:CF:0D:B6:65:36:0D:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B-pOiEZt5MiWCUAo8c8NtmU2DTI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f800f1-74ae-4c19-a7cf-31b36f579f06/1/bxA8JQu2uTNMxZPugWxy8BA9JuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f800f1-74ae-4c19-a7cf-31b36f579f06/1/B-pOiEZt5MiWCUAo8c8NtmU2DTI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.196.0/22
                  95.178.37.0/24
                  212.118.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:23:93:02:a2:b4:8c:0e:cc:79:41:4b:6e:ea:33:f0:fa:82:
         ca:98:ae:79:09:fe:ae:a1:a7:5d:fe:9d:92:f7:d9:01:1e:98:
         9d:0c:0b:18:75:70:b9:b1:52:83:b2:96:76:23:e5:39:13:46:
         c8:0a:4c:f2:1e:23:91:13:49:00:14:09:42:2e:23:98:41:79:
         83:d7:25:60:5e:60:eb:8c:bf:4b:51:8f:eb:55:a6:d0:b8:84:
         1d:5d:56:0c:43:75:c1:b6:b6:ce:5a:8d:4f:b9:07:e4:69:82:
         a3:fc:da:4a:4b:86:56:4b:97:5f:ae:79:31:8d:0d:9d:49:c6:
         69:d7:d7:4b:36:23:fa:d2:eb:df:98:84:96:10:eb:17:6a:d9:
         6c:74:d3:fc:a0:6c:70:0f:69:22:6d:af:2c:e7:d4:47:d0:e2:
         32:45:26:d5:65:45:62:33:5c:25:56:f2:7b:fe:26:88:c4:3c:
         3c:a2:af:15:95:17:ad:26:88:fc:99:50:ee:ae:ec:f3:28:c9:
         f7:6a:81:5a:c7:cb:12:61:8e:a0:bc:98:d2:74:49:dd:c1:81:
         72:2b:57:56:63:f7:ab:bc:b7:71:3f:46:7c:1f:d2:01:86:2e:
         87:ae:5e:13:bc:cf:eb:55:95:d6:5e:7d:67:32:d6:57:b8:f6:
         e9:a5:0e:69
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQm2HAkKR//edReIsWEpNQ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZWE0ZTg4NDY2ZGU0Yzg5NjA5NDAyOGYxY2YwZGI2NjUz
NjBkMzIwHhcNMjUwMTAyMTE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjEwM2MyNTBiYjZiOTMzNGNjNTkzZWU4MTZjNzJmMDEwM2QyNmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4Cr7Z/Jj+dqTRgWOnFXnBWv0IBM
mLBbUY80FFn0aQ2byxvdiK9X3y9jfQnuTJY1tznJME5XpQdgQVOVdDYFESCXBjeg
+x/k0UyHskLfuR/jX21X7zAB1eECbGFUQw/mLEPbRJsKLog6ULGEoMoXuVwYX5kx
H5mqHZ7T8XycPVy8XVoG6ObevDAfjy23Gm9O8pIzytH24ZJIavRRQ4t22PeDvTOv
rUshDj7gjsWBnWPhUyza5tU/0ovmP7MazvaWxMYPEBvN0+pI5zHdpSszrHrWYTnv
uOeS6cBgMZSHEfQrzFeDCfYU+nsgZe5pT6IF/xUIiYT01LDS5bAo+MbK/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG8QPCULtrkzTMWT7oFscvAQPSbjMB8GA1UdIwQY
MBaAFAfqTohGbeTIlglAKPHPDbZlNg0yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQi1wT2lFWnQ1TWlXQ1VBbzhjOE50bVUyRFRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9mODAwZjEtNzRhZS00YzE5LWE3Y2Yt
MzFiMzZmNTc5ZjA2LzEvYnhBOEpRdTJ1VE5NeFpQdWdXeHk4QkE5SnVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9mODAwZjEtNzRhZS00YzE5LWE3Y2YtMzFiMzZmNTc5ZjA2
LzEvQi1wT2lFWnQ1TWlXQ1VBbzhjOE50bVUyRFRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLQ7EAwQA
X7IlAwQB1HY6MA0GCSqGSIb3DQEBCwUAA4IBAQByI5MCorSMDsx5QUtu6jPw+oLK
mK55Cf6uoadd/p2S99kBHpidDAsYdXC5sVKDspZ2I+U5E0bICkzyHiORE0kAFAlC
LiOYQXmD1yVgXmDrjL9LUY/rVabQuIQdXVYMQ3XBtrbOWo1PuQfkaYKj/NpKS4ZW
S5dfrnkxjQ2dScZp19dLNiP60uvfmISWEOsXatlsdNP8oGxwD2kiba8s59RH0OIy
RSbVZUViM1wlVvJ7/iaIxDw8oq8VlRetJoj8mVDuruzzKMn3aoFax8sSYY6gvJjS
dEndwYFyK1dWY/ervLdxP0Z8H9IBhi6Hrl4TvM/rVZXWXn1nMtZXuPbppQ5p
-----END CERTIFICATE-----