Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/yMwlMMuf6AhxELQISsW6Wy_I6Vg.roa
File:                     yMwlMMuf6AhxELQISsW6Wy_I6Vg.roa (raw, json)
Hash identifier:          g4eIZppKVsYn9i4uTmCGcx2yG0hOtyeUq+t1P+63Lok=
Subject key identifier:   C8:CC:25:30:CB:9F:E8:08:71:10:B4:08:4A:C5:BA:5B:2F:C8:E9:58
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       0194221F4F4996211AD088DA6C7DA2014926
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/yMwlMMuf6AhxELQISsW6Wy_I6Vg.roa
Signing time:             Wed 01 Jan 2025 13:47:44 +0000
ROA not before:           Wed 01 Jan 2025 13:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206238
IP address blocks:        45.83.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:4f:49:96:21:1a:d0:88:da:6c:7d:a2:01:49:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jan  1 13:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8cc2530cb9fe8087110b4084ac5ba5b2fc8e958
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:da:81:24:ae:51:75:35:e8:84:dd:e1:72:8a:
                    bc:59:a1:c5:aa:fc:f7:bd:b0:79:ef:0e:25:9e:98:
                    b2:09:24:a1:b1:84:ec:6c:91:0e:f8:d3:cb:c5:81:
                    6c:92:99:b0:c9:6c:4a:a7:20:34:ea:e0:f8:fa:b3:
                    16:fa:cb:79:50:c8:cd:d5:de:eb:ca:b9:90:e4:3b:
                    27:4b:1d:2d:bb:26:2f:98:d0:43:fa:11:3e:9f:14:
                    fe:26:de:66:94:75:40:d7:ab:37:36:f4:11:54:49:
                    b6:2d:6c:4d:47:c1:0f:63:2f:1e:f2:54:5f:9e:ea:
                    a9:a3:09:a4:b5:0b:c8:e0:7f:70:50:de:20:9a:31:
                    0f:3f:e1:d7:28:50:34:36:9f:39:5b:6e:7e:cf:41:
                    ef:63:dd:ab:77:e4:49:00:3f:2b:a6:04:62:9e:2c:
                    9a:4f:7f:26:52:1b:eb:ef:01:f0:41:9d:cf:fa:bc:
                    ab:76:38:b6:e7:cf:df:4a:27:34:71:5e:9e:23:88:
                    98:69:60:ee:68:6b:65:98:c7:35:7d:ab:62:ba:22:
                    c2:8d:a5:9d:cc:1a:21:93:28:81:fc:35:bb:63:73:
                    70:5e:c8:5d:0f:18:09:6c:09:09:22:de:e3:4f:d0:
                    06:62:79:72:3d:20:26:19:ab:df:17:d8:ee:d8:71:
                    53:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:CC:25:30:CB:9F:E8:08:71:10:B4:08:4A:C5:BA:5B:2F:C8:E9:58
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/yMwlMMuf6AhxELQISsW6Wy_I6Vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:0a:45:5e:93:5c:33:da:5d:36:ef:8e:0f:b4:22:fd:a7:ae:
         0d:eb:fd:98:81:15:66:01:bc:d0:60:1a:ac:b7:a2:77:f3:c5:
         6e:0d:67:50:0c:64:00:83:2e:64:1a:c7:fb:00:f4:77:1c:99:
         da:eb:99:c3:b7:51:04:3c:69:41:4a:d9:26:ac:5d:f0:67:c2:
         68:fc:47:65:8c:41:45:1e:c3:41:e1:88:2e:6b:7d:10:77:05:
         6a:4c:13:b5:cf:3f:1d:d1:1e:09:7f:fc:cf:5b:0e:36:10:49:
         0d:4c:0e:f5:e3:ec:7d:e7:0e:e0:f3:cb:9b:5c:74:c4:58:65:
         b0:83:6d:c3:65:a3:3e:14:2f:c6:67:c1:7c:74:0e:92:e8:4d:
         32:28:79:ba:0e:4f:63:39:00:8c:88:22:9e:64:45:d8:4f:a2:
         12:86:e3:cc:68:fe:66:5f:0a:28:72:b7:b5:9d:74:2d:f7:8f:
         ed:16:38:3b:f0:02:3a:4d:78:95:ff:6e:37:c0:6c:24:57:39:
         ba:39:ae:84:98:ff:b7:5b:73:6d:e2:a4:15:6c:4c:43:8c:df:
         52:f5:83:24:b6:5f:47:9d:76:5b:96:ed:26:94:bf:09:4b:8d:
         70:e6:33:99:7d:dd:9d:b8:77:5e:07:13:fd:40:8f:65:6f:f9:
         30:3e:1f:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH09JliEa0IjabH2iAUkmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjUwMTAxMTM0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGNjMjUzMGNiOWZlODA4NzExMGI0MDg0YWM1YmE1YjJmYzhlOTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdqBJK5RdTXohN3hcoq8WaHFqvz3
vbB57w4lnpiyCSShsYTsbJEO+NPLxYFskpmwyWxKpyA06uD4+rMW+st5UMjN1d7r
yrmQ5DsnSx0tuyYvmNBD+hE+nxT+Jt5mlHVA16s3NvQRVEm2LWxNR8EPYy8e8lRf
nuqpowmktQvI4H9wUN4gmjEPP+HXKFA0Np85W25+z0HvY92rd+RJAD8rpgRiniya
T38mUhvr7wHwQZ3P+ryrdji258/fSic0cV6eI4iYaWDuaGtlmMc1fatiuiLCjaWd
zBohkyiB/DW7Y3NwXshdDxgJbAkJIt7jT9AGYnlyPSAmGavfF9ju2HFTgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMjMJTDLn+gIcRC0CErFulsvyOlYMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEveU13bE1NdWY2QWh4RUxRSVNzVzZXeV9JNlZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVPwMA0G
CSqGSIb3DQEBCwUAA4IBAQBdCkVek1wz2l02744PtCL9p64N6/2YgRVmAbzQYBqs
t6J388VuDWdQDGQAgy5kGsf7APR3HJna65nDt1EEPGlBStkmrF3wZ8Jo/EdljEFF
HsNB4Ygua30QdwVqTBO1zz8d0R4Jf/zPWw42EEkNTA714+x95w7g88ubXHTEWGWw
g23DZaM+FC/GZ8F8dA6S6E0yKHm6Dk9jOQCMiCKeZEXYT6IShuPMaP5mXwoocre1
nXQt94/tFjg78AI6TXiV/243wGwkVzm6Oa6EmP+3W3Nt4qQVbExDjN9S9YMktl9H
nXZblu0mlL8JS41w5jOZfd2duHdeBxP9QI9lb/kwPh/d
-----END CERTIFICATE-----