Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/nwzUhf9TgBuwLQrQ1UYv26CrJIA.roa
File:                     nwzUhf9TgBuwLQrQ1UYv26CrJIA.roa (raw, json)
Hash identifier:          elr0dQBhD70lY5vUB09Z5pfoDsLtushbNHe4ZzT4VT4=
Subject key identifier:   9F:0C:D4:85:FF:53:80:1B:B0:2D:0A:D0:D5:46:2F:DB:A0:AB:24:80
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       0194221F4DD983C99E72C978AC2FE3CC1B5F
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/nwzUhf9TgBuwLQrQ1UYv26CrJIA.roa
Signing time:             Wed 01 Jan 2025 13:47:44 +0000
ROA not before:           Wed 01 Jan 2025 13:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197731
IP address blocks:        45.91.118.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:4d:d9:83:c9:9e:72:c9:78:ac:2f:e3:cc:1b:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jan  1 13:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f0cd485ff53801bb02d0ad0d5462fdba0ab2480
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:cb:2b:03:52:3d:5d:e0:3c:4d:fc:7b:9c:5e:
                    82:06:83:69:dd:00:8c:34:1e:de:7b:19:16:aa:1a:
                    59:9d:74:38:10:44:dd:53:84:c2:d0:32:c1:27:88:
                    78:69:6b:fc:6d:63:e7:89:01:fd:e6:68:fe:b1:45:
                    65:49:2e:a3:ee:c0:77:e3:0b:dd:44:40:bc:70:78:
                    0d:61:04:92:d9:cb:14:ce:53:5b:04:a2:ba:4e:e5:
                    07:0f:3e:15:5d:08:73:8b:c5:76:ec:c5:f3:2e:1d:
                    4f:66:ef:32:cf:2a:26:b1:c9:de:c9:ab:26:35:9b:
                    4d:34:1e:ea:0d:c0:86:7b:c9:c2:83:28:99:3d:31:
                    4a:76:ad:d9:2d:74:5d:b8:ce:a5:ec:1b:b2:47:57:
                    5e:c0:ef:98:7d:48:73:b2:68:ca:e2:8d:a0:02:ff:
                    6d:66:1d:1d:09:8b:e8:41:ca:15:46:9d:d1:e1:c3:
                    df:1c:a5:97:30:68:06:0c:72:cd:8d:3d:d9:80:5b:
                    c8:8a:ee:77:45:72:69:94:22:19:05:b2:2b:ab:af:
                    02:9d:c9:1b:d5:48:64:d8:89:9c:ee:91:aa:93:35:
                    cb:e8:f8:56:4b:50:55:ec:c5:f4:ca:0d:b6:0f:0b:
                    52:42:1d:e1:61:cb:50:57:d5:ce:e1:a3:c3:59:55:
                    32:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:0C:D4:85:FF:53:80:1B:B0:2D:0A:D0:D5:46:2F:DB:A0:AB:24:80
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/nwzUhf9TgBuwLQrQ1UYv26CrJIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:3a:8f:51:da:b1:1a:45:9a:d6:fb:16:56:9d:02:0c:b5:40:
         3f:69:88:68:ed:5f:1c:8b:ea:b1:c1:fa:65:38:d2:57:a1:9d:
         a1:25:c8:3d:ad:2f:31:29:c0:b9:32:54:d5:24:33:3e:29:c8:
         e8:ef:0c:a5:2e:23:f4:38:a4:29:9c:6a:88:b3:6f:89:c8:a7:
         d4:a3:e6:70:37:7f:54:29:3f:b3:87:f8:19:d5:92:7d:24:cb:
         40:b6:a6:d2:82:d9:98:f8:bf:4e:a1:07:74:00:44:91:4d:44:
         c2:a9:58:ec:0b:4c:4a:8e:28:0b:10:82:0c:21:a8:36:9b:df:
         15:f4:c4:52:74:f0:c2:7e:77:05:04:de:cb:b3:1c:0d:9f:a4:
         4b:9a:ad:ac:1e:97:aa:1b:46:b3:92:f6:03:1b:d3:2e:36:df:
         1c:5a:57:74:bc:21:66:1a:81:fd:95:1b:69:4f:df:d0:4d:cd:
         e2:8b:03:25:18:0f:3b:b3:3a:d7:23:d1:0d:14:86:c9:76:80:
         5b:86:bd:08:ba:71:ab:98:ee:66:95:84:1c:f8:77:16:3a:a8:
         d3:e8:ac:ba:b6:20:c7:76:6a:5b:a2:ca:bf:81:96:fd:fc:87:
         cd:77:bc:a7:62:a3:53:c6:a0:b5:88:df:23:2e:5d:cf:e8:32:
         03:1e:09:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH03Zg8mecsl4rC/jzBtfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjUwMTAxMTM0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjBjZDQ4NWZmNTM4MDFiYjAyZDBhZDBkNTQ2MmZkYmEwYWIyNDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsssrA1I9XeA8Tfx7nF6CBoNp3QCM
NB7eexkWqhpZnXQ4EETdU4TC0DLBJ4h4aWv8bWPniQH95mj+sUVlSS6j7sB34wvd
REC8cHgNYQSS2csUzlNbBKK6TuUHDz4VXQhzi8V27MXzLh1PZu8yzyomscneyasm
NZtNNB7qDcCGe8nCgyiZPTFKdq3ZLXRduM6l7BuyR1dewO+YfUhzsmjK4o2gAv9t
Zh0dCYvoQcoVRp3R4cPfHKWXMGgGDHLNjT3ZgFvIiu53RXJplCIZBbIrq68Cnckb
1Uhk2Imc7pGqkzXL6PhWS1BV7MX0yg22DwtSQh3hYctQV9XO4aPDWVUy1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8M1IX/U4AbsC0K0NVGL9ugqySAMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvbnd6VWhmOVRnQnV3TFFyUTFVWXYyNkNySklBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVt2MA0G
CSqGSIb3DQEBCwUAA4IBAQBJOo9R2rEaRZrW+xZWnQIMtUA/aYho7V8ci+qxwfpl
ONJXoZ2hJcg9rS8xKcC5MlTVJDM+Kcjo7wylLiP0OKQpnGqIs2+JyKfUo+ZwN39U
KT+zh/gZ1ZJ9JMtAtqbSgtmY+L9OoQd0AESRTUTCqVjsC0xKjigLEIIMIag2m98V
9MRSdPDCfncFBN7LsxwNn6RLmq2sHpeqG0azkvYDG9MuNt8cWld0vCFmGoH9lRtp
T9/QTc3iiwMlGA87szrXI9ENFIbJdoBbhr0IunGrmO5mlYQc+HcWOqjT6Ky6tiDH
dmpbosq/gZb9/IfNd7ynYqNTxqC1iN8jLl3P6DIDHgmJ
-----END CERTIFICATE-----