Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/2k7DoYw_fUEI-IRw1yMkv6L8kgY.roa
File:                     2k7DoYw_fUEI-IRw1yMkv6L8kgY.roa (raw, json)
Hash identifier:          CzU19QUyTNNv7cv2M1H3GPMiR5txRGI7L/Dpax8ycto=
Subject key identifier:   DA:4E:C3:A1:8C:3F:7D:41:08:F8:84:70:D7:23:24:BF:A2:FC:92:06
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       019423B73E2ED9FC6C1258312E1A06DE5211
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/2k7DoYw_fUEI-IRw1yMkv6L8kgY.roa
Signing time:             Wed 01 Jan 2025 21:13:19 +0000
ROA not before:           Wed 01 Jan 2025 21:13:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400696
IP address blocks:        45.8.26.0/24 maxlen: 24
                          2a10:5e80::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:b7:3e:2e:d9:fc:6c:12:58:31:2e:1a:06:de:52:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jan  1 21:13:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da4ec3a18c3f7d4108f88470d72324bfa2fc9206
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:44:42:8f:8c:c8:56:8e:b3:c8:c6:f1:28:c9:
                    8e:1f:d8:30:f7:6e:83:1f:91:eb:91:22:17:fd:aa:
                    cd:b3:c4:d3:6b:56:80:d4:e8:09:62:a6:d6:fa:15:
                    c9:fe:e1:88:b6:7c:c6:17:97:9a:91:0f:0c:98:48:
                    8f:1b:33:4e:c9:7f:f0:41:51:26:39:c5:8a:d0:07:
                    3a:b4:3f:ad:53:59:57:12:6a:91:14:bc:17:11:b6:
                    8a:24:9d:b6:43:90:cc:a0:f4:5f:ab:4c:0b:b4:54:
                    c8:c6:7d:c4:66:86:ef:dc:f8:5c:cf:4e:cb:c0:6b:
                    b5:10:9d:a9:43:1a:f0:5a:95:c7:aa:4c:9f:e6:2e:
                    13:ed:ac:87:9b:4d:34:8d:5d:0e:5a:14:0d:42:0d:
                    5f:3b:2b:9f:e9:e5:13:28:88:77:71:31:b0:b7:51:
                    e1:39:14:56:4a:97:df:31:e8:b3:e7:f1:82:4f:ea:
                    6c:c8:01:70:f5:dd:98:99:2a:ef:9b:76:3e:f9:bc:
                    8e:fb:17:77:54:10:a4:a2:f9:31:46:e3:40:ef:7d:
                    8e:d6:02:da:2d:45:30:c2:aa:b5:fa:82:e8:e9:d6:
                    af:8e:4c:32:63:6c:3e:a2:f6:74:f3:58:dd:1d:36:
                    4b:f6:71:10:05:da:31:ea:dd:f5:6a:39:ee:97:ab:
                    73:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:4E:C3:A1:8C:3F:7D:41:08:F8:84:70:D7:23:24:BF:A2:FC:92:06
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/2k7DoYw_fUEI-IRw1yMkv6L8kgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.26.0/24
                IPv6:
                  2a10:5e80::/32

    Signature Algorithm: sha256WithRSAEncryption
         0a:13:9b:47:ee:46:e4:9a:41:75:74:24:7d:53:cd:0f:84:51:
         a3:71:83:35:56:d9:0f:98:b4:5b:05:ce:b7:85:2f:3d:d8:bf:
         31:c9:e1:91:2c:7a:3c:8a:71:8d:5e:73:e4:ed:97:3d:3b:82:
         0e:66:39:74:b0:c6:28:a6:70:69:81:a7:5e:43:cb:40:ff:3d:
         41:61:a7:59:75:64:ee:24:0f:b9:11:4c:b0:ed:b3:44:ce:9c:
         96:57:ec:02:2b:72:ba:58:85:cb:06:75:34:bd:78:ff:19:7c:
         a8:4f:e7:df:68:83:6b:c7:42:58:30:02:ed:38:07:2e:51:43:
         9a:ea:b7:c5:d4:2f:f1:14:27:a8:fa:f4:1e:44:b0:7c:35:b6:
         6d:b5:84:e6:8f:59:a6:3b:00:22:c3:dd:f4:cb:f1:bf:a0:eb:
         0b:81:db:ad:71:b2:f2:00:c5:fc:4b:ca:f3:8b:9f:ec:42:e7:
         f9:2e:ce:52:14:95:43:67:e7:a1:7a:9e:ef:16:96:9b:d6:0c:
         e3:51:47:51:d4:ab:ac:46:c2:07:0a:9a:53:ed:23:ff:f1:47:
         21:d1:d9:31:e0:0f:36:e7:82:c4:44:80:35:29:5b:94:10:f8:
         21:cf:cf:95:e3:ae:5f:83:ef:36:4e:fb:1b:d6:d8:b2:e1:32:
         59:cd:15:db
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjtz4u2fxsElgxLhoG3lIRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjUwMTAxMjExMzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTRlYzNhMThjM2Y3ZDQxMDhmODg0NzBkNzIzMjRiZmEyZmM5MjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukRCj4zIVo6zyMbxKMmOH9gw926D
H5HrkSIX/arNs8TTa1aA1OgJYqbW+hXJ/uGItnzGF5eakQ8MmEiPGzNOyX/wQVEm
OcWK0Ac6tD+tU1lXEmqRFLwXEbaKJJ22Q5DMoPRfq0wLtFTIxn3EZobv3Phcz07L
wGu1EJ2pQxrwWpXHqkyf5i4T7ayHm000jV0OWhQNQg1fOyuf6eUTKIh3cTGwt1Hh
ORRWSpffMeiz5/GCT+psyAFw9d2YmSrvm3Y++byO+xd3VBCkovkxRuNA732O1gLa
LUUwwqq1+oLo6davjkwyY2w+ovZ081jdHTZL9nEQBdox6t31ajnul6tzIwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNpOw6GMP31BCPiEcNcjJL+i/JIGMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvMms3RG9Zd19mVUVJLUlSdzF5TWt2Nkw4a2dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALQgaMA0E
AgACMAcDBQAqEF6AMA0GCSqGSIb3DQEBCwUAA4IBAQAKE5tH7kbkmkF1dCR9U80P
hFGjcYM1VtkPmLRbBc63hS892L8xyeGRLHo8inGNXnPk7Zc9O4IOZjl0sMYopnBp
gadeQ8tA/z1BYadZdWTuJA+5EUyw7bNEzpyWV+wCK3K6WIXLBnU0vXj/GXyoT+ff
aINrx0JYMALtOAcuUUOa6rfF1C/xFCeo+vQeRLB8NbZttYTmj1mmOwAiw930y/G/
oOsLgdutcbLyAMX8S8rzi5/sQuf5Ls5SFJVDZ+ehep7vFpab1gzjUUdR1KusRsIH
CppT7SP/8Uch0dkx4A8254LERIA1KVuUEPghz8+V465fg+82Tvsb1tiy4TJZzRXb
-----END CERTIFICATE-----