Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/00c03c-d207-4ec1-9dd9-32449ce6cf89/1/j-Sy5S5vXUDJt_vT2aOQTCAuNaY.roa
File:                     j-Sy5S5vXUDJt_vT2aOQTCAuNaY.roa (raw, json)
Hash identifier:          ePLSXnEdWrLKO4cO5FU1KgypAmu3CnhtyJ/m7esZ+MQ=
Subject key identifier:   8F:E4:B2:E5:2E:6F:5D:40:C9:B7:FB:D3:D9:A3:90:4C:20:2E:35:A6
Certificate issuer:       /CN=45ad6f1f1b730c7a016b562c12b31becc4b3e1fa
Certificate serial:       018EF4816AC3B92670A3574B488F86F1DFDC
Authority key identifier: 45:AD:6F:1F:1B:73:0C:7A:01:6B:56:2C:12:B3:1B:EC:C4:B3:E1:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ra1vHxtzDHoBa1YsErMb7MSz4fo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/00c03c-d207-4ec1-9dd9-32449ce6cf89/1/j-Sy5S5vXUDJt_vT2aOQTCAuNaY.roa
Signing time:             Fri 19 Apr 2024 03:58:25 +0000
ROA not before:           Fri 19 Apr 2024 03:58:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30981
IP address blocks:        82.205.132.0/24 maxlen: 24
                          82.205.216.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/00c03c-d207-4ec1-9dd9-32449ce6cf89/1/Ra1vHxtzDHoBa1YsErMb7MSz4fo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/00c03c-d207-4ec1-9dd9-32449ce6cf89/1/Ra1vHxtzDHoBa1YsErMb7MSz4fo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ra1vHxtzDHoBa1YsErMb7MSz4fo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f4:81:6a:c3:b9:26:70:a3:57:4b:48:8f:86:f1:df:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45ad6f1f1b730c7a016b562c12b31becc4b3e1fa
        Validity
            Not Before: Apr 19 03:58:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fe4b2e52e6f5d40c9b7fbd3d9a3904c202e35a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:2f:21:11:0d:26:3e:09:3b:fc:0d:ce:d2:c0:
                    60:38:e0:a6:75:b4:1d:0b:d6:8b:ef:a4:41:0f:b4:
                    78:31:d5:5c:a9:2c:7f:0d:4c:64:a9:e7:e1:c4:8b:
                    cb:e5:3f:59:de:10:c3:05:bf:9b:02:92:39:1a:17:
                    78:4e:e3:91:1c:68:61:e9:63:58:8b:23:80:44:d3:
                    46:f2:20:d4:98:35:7b:cc:a5:1f:be:1c:5b:7a:72:
                    3e:51:d9:f2:97:38:19:18:f8:81:22:49:4a:1e:05:
                    4e:35:09:29:f4:3f:bd:7a:a5:b5:a6:c2:2e:3d:38:
                    21:32:70:39:90:74:25:a9:29:da:60:b6:3e:e7:37:
                    17:1c:ef:c6:f2:c4:3c:18:8b:83:ac:4e:c8:b8:78:
                    02:54:2b:1a:44:4e:2f:49:34:07:4b:c4:e6:95:10:
                    80:ad:dd:29:75:21:1c:e5:e9:a9:4f:ef:35:f9:74:
                    74:33:17:14:23:ac:81:33:c0:6e:a7:17:a0:7b:f6:
                    9e:8b:18:bd:0f:e3:86:a3:f5:b7:2c:b8:66:6a:f7:
                    18:41:3f:e7:68:34:3b:d5:49:bd:8d:40:23:a5:31:
                    9a:e2:ce:a6:89:4e:6f:ab:17:e0:7f:63:58:ee:64:
                    04:13:95:82:5c:6a:c6:9a:b6:e6:87:fb:60:89:1d:
                    d7:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:E4:B2:E5:2E:6F:5D:40:C9:B7:FB:D3:D9:A3:90:4C:20:2E:35:A6
            X509v3 Authority Key Identifier:
                keyid:45:AD:6F:1F:1B:73:0C:7A:01:6B:56:2C:12:B3:1B:EC:C4:B3:E1:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ra1vHxtzDHoBa1YsErMb7MSz4fo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/00c03c-d207-4ec1-9dd9-32449ce6cf89/1/j-Sy5S5vXUDJt_vT2aOQTCAuNaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/00c03c-d207-4ec1-9dd9-32449ce6cf89/1/Ra1vHxtzDHoBa1YsErMb7MSz4fo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.205.132.0/24
                  82.205.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         67:a8:a9:a3:f6:49:6f:dc:3c:91:98:22:9d:74:fb:a9:31:f9:
         4c:8e:f4:17:45:3e:0e:ca:9f:a1:4a:22:39:25:02:d5:e9:39:
         69:c1:5c:7f:a4:17:ac:7d:69:83:47:08:72:1f:2e:d5:74:a4:
         b5:43:4c:9a:55:e9:e9:54:18:29:21:ef:98:c7:7e:a5:77:88:
         91:de:55:94:77:91:0b:da:be:24:f9:31:f5:d2:df:57:8b:a9:
         e7:44:e2:50:48:fb:ae:44:44:92:63:82:f3:c1:d7:73:14:ce:
         b2:d8:af:55:88:5a:89:b0:ab:b2:eb:0f:aa:fb:72:e8:30:b3:
         b8:81:f0:cd:38:ea:aa:1a:ce:5d:58:cb:d1:99:d5:07:b7:f0:
         38:23:36:f5:f7:3c:9d:45:59:e6:48:a7:0b:0f:b9:f6:48:99:
         de:e4:ce:2a:49:d8:50:92:0d:66:f1:69:ac:bb:f3:71:46:39:
         e8:77:6d:da:7e:c0:31:f2:ed:60:a4:26:f2:37:83:fc:85:07:
         52:a4:b4:48:b3:1c:1d:44:37:84:a1:14:88:07:78:c1:97:af:
         d2:b6:42:21:57:94:4c:4a:aa:9a:09:ff:fb:ad:11:b3:02:3a:
         cf:67:86:1d:48:e7:61:5e:a3:fb:5e:3d:41:e1:01:f9:1a:24:
         97:a3:cc:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY70gWrDuSZwo1dLSI+G8d/cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1YWQ2ZjFmMWI3MzBjN2EwMTZiNTYyYzEyYjMxYmVjYzRi
M2UxZmEwHhcNMjQwNDE5MDM1ODI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmU0YjJlNTJlNmY1ZDQwYzliN2ZiZDNkOWEzOTA0YzIwMmUzNWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6C8hEQ0mPgk7/A3O0sBgOOCmdbQd
C9aL76RBD7R4MdVcqSx/DUxkqefhxIvL5T9Z3hDDBb+bApI5Ghd4TuORHGhh6WNY
iyOARNNG8iDUmDV7zKUfvhxbenI+UdnylzgZGPiBIklKHgVONQkp9D+9eqW1psIu
PTghMnA5kHQlqSnaYLY+5zcXHO/G8sQ8GIuDrE7IuHgCVCsaRE4vSTQHS8TmlRCA
rd0pdSEc5empT+81+XR0MxcUI6yBM8Bupxege/aeixi9D+OGo/W3LLhmavcYQT/n
aDQ71Um9jUAjpTGa4s6miU5vqxfgf2NY7mQEE5WCXGrGmrbmh/tgiR3XiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI/ksuUub11Aybf709mjkEwgLjWmMB8GA1UdIwQY
MBaAFEWtbx8bcwx6AWtWLBKzG+zEs+H6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmExdkh4dHpESG9CYTFZc0VyTWI3TVN6NGZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8wMGMwM2MtZDIwNy00ZWMxLTlkZDkt
MzI0NDljZTZjZjg5LzEvai1TeTVTNXZYVURKdF92VDJhT1FUQ0F1TmFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8wMGMwM2MtZDIwNy00ZWMxLTlkZDktMzI0NDljZTZjZjg5
LzEvUmExdkh4dHpESG9CYTFZc0VyTWI3TVN6NGZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUs2EAwQD
Us3YMA0GCSqGSIb3DQEBCwUAA4IBAQBnqKmj9klv3DyRmCKddPupMflMjvQXRT4O
yp+hSiI5JQLV6TlpwVx/pBesfWmDRwhyHy7VdKS1Q0yaVenpVBgpIe+Yx36ld4iR
3lWUd5EL2r4k+TH10t9Xi6nnROJQSPuuRESSY4LzwddzFM6y2K9ViFqJsKuy6w+q
+3LoMLO4gfDNOOqqGs5dWMvRmdUHt/A4Izb19zydRVnmSKcLD7n2SJne5M4qSdhQ
kg1m8Wmsu/NxRjnod23afsAx8u1gpCbyN4P8hQdSpLRIsxwdRDeEoRSIB3jBl6/S
tkIhV5RMSqqaCf/7rRGzAjrPZ4YdSOdhXqP7Xj1B4QH5GiSXo8wm
-----END CERTIFICATE-----