Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/dPscEX-Zy8evMbxWuU7vJ2Ixhv8.roa
File:                     dPscEX-Zy8evMbxWuU7vJ2Ixhv8.roa (raw, json)
Hash identifier:          D+72QcpH+TK76A0ijjgkoRMMQ5NsFbRIC95DTaeOIrc=
Subject key identifier:   74:FB:1C:11:7F:99:CB:C7:AF:31:BC:56:B9:4E:EF:27:62:31:86:FF
Certificate issuer:       /CN=f261df44b346823cce8c6643b5fa6919afb23195
Certificate serial:       0194266BB0FDB2E8CDFC24097B057E0F03AB
Authority key identifier: F2:61:DF:44:B3:46:82:3C:CE:8C:66:43:B5:FA:69:19:AF:B2:31:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8mHfRLNGgjzOjGZDtfppGa-yMZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/dPscEX-Zy8evMbxWuU7vJ2Ixhv8.roa
Signing time:             Thu 02 Jan 2025 09:49:39 +0000
ROA not before:           Thu 02 Jan 2025 09:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208337
IP address blocks:        45.143.180.0/24 maxlen: 24
                          45.143.181.0/24 maxlen: 24
                          45.143.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/8mHfRLNGgjzOjGZDtfppGa-yMZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/8mHfRLNGgjzOjGZDtfppGa-yMZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8mHfRLNGgjzOjGZDtfppGa-yMZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:b0:fd:b2:e8:cd:fc:24:09:7b:05:7e:0f:03:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f261df44b346823cce8c6643b5fa6919afb23195
        Validity
            Not Before: Jan  2 09:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74fb1c117f99cbc7af31bc56b94eef27623186ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:ba:7d:d6:f7:18:6c:2e:db:17:5b:17:dd:99:
                    88:40:6b:b3:56:52:89:3f:ec:c8:17:4c:2c:63:ed:
                    3d:e8:b7:90:3b:4d:55:da:64:c6:cc:ee:9f:8b:05:
                    59:c6:67:2d:b0:40:83:7b:b1:de:02:a4:87:07:ec:
                    93:75:fe:ed:4c:49:d0:39:d6:4b:3a:1f:6a:af:dc:
                    04:54:54:55:dc:9b:e3:76:49:f3:d2:fd:0f:9c:5e:
                    ec:ad:8d:81:eb:e9:15:2b:b4:7e:8c:41:ad:65:d5:
                    c0:44:05:01:94:2c:32:77:dd:c4:e7:5d:40:82:09:
                    ea:a7:a9:fb:bb:4c:e7:7c:2a:f2:63:92:e6:b2:62:
                    97:dd:dd:24:58:92:09:50:45:20:1f:67:12:cd:13:
                    b0:c7:f9:5c:18:a3:bd:7a:f7:ac:67:d9:08:02:40:
                    78:b1:92:7d:ed:5e:2c:e2:2f:68:59:ef:d2:1b:47:
                    89:d7:0d:96:2f:28:02:56:f0:3c:be:d7:d1:46:58:
                    07:ec:4e:95:d0:81:20:6f:15:d6:c1:d0:0d:43:0d:
                    a4:ac:6c:55:72:13:86:64:a4:45:65:c2:1b:77:9c:
                    d7:d8:cf:fd:7d:8a:aa:54:bd:d3:e5:14:85:86:6a:
                    bb:b2:25:2a:9b:e3:37:0c:1a:fd:d4:7e:06:a6:6b:
                    9b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:FB:1C:11:7F:99:CB:C7:AF:31:BC:56:B9:4E:EF:27:62:31:86:FF
            X509v3 Authority Key Identifier:
                keyid:F2:61:DF:44:B3:46:82:3C:CE:8C:66:43:B5:FA:69:19:AF:B2:31:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8mHfRLNGgjzOjGZDtfppGa-yMZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/dPscEX-Zy8evMbxWuU7vJ2Ixhv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/8mHfRLNGgjzOjGZDtfppGa-yMZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.180.0-45.143.182.255

    Signature Algorithm: sha256WithRSAEncryption
         22:ba:27:5c:b1:cc:6a:97:7a:43:73:52:17:16:6c:0a:ef:12:
         15:48:72:cf:ab:60:63:6b:b1:94:96:db:49:3f:3b:7e:e5:ef:
         49:64:88:4c:ad:4d:30:ae:3f:9c:e8:fa:70:ce:11:bd:bb:57:
         12:04:93:b4:9b:92:b2:d7:d5:3e:47:80:1e:41:c2:c2:f1:aa:
         48:18:43:16:8a:0f:f2:8f:d7:5a:58:77:0d:c6:99:5e:43:b5:
         79:a2:1d:2c:9b:06:5e:b9:a8:e3:24:1e:6d:bc:70:ad:b9:10:
         49:bc:e2:83:4b:02:9d:19:7e:8e:c4:23:10:5b:7e:e0:0f:57:
         7b:30:77:8e:a5:41:cd:96:8e:97:65:80:74:7c:5e:9f:24:8f:
         be:6f:f9:dd:66:58:64:04:ec:9d:47:65:3b:88:2a:e0:d9:74:
         fd:4a:21:8d:4f:86:12:2b:38:21:bf:8d:b1:ee:f9:6d:dd:eb:
         dd:bb:40:49:c8:98:79:6c:1d:3e:77:cb:4e:a3:07:53:d0:66:
         c2:06:05:81:37:37:f8:a8:62:80:63:31:85:b3:82:42:93:af:
         66:b2:50:fe:bb:df:d3:3b:4e:84:a4:27:14:ab:60:db:c6:01:
         e9:d6:ba:5e:7f:9e:b0:b9:2e:9e:97:dd:55:19:dd:c2:74:89:
         07:a6:cb:04
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQma7D9sujN/CQJewV+DwOrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyNjFkZjQ0YjM0NjgyM2NjZThjNjY0M2I1ZmE2OTE5YWZi
MjMxOTUwHhcNMjUwMTAyMDk0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGZiMWMxMTdmOTljYmM3YWYzMWJjNTZiOTRlZWYyNzYyMzE4NmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07p91vcYbC7bF1sX3ZmIQGuzVlKJ
P+zIF0wsY+096LeQO01V2mTGzO6fiwVZxmctsECDe7HeAqSHB+yTdf7tTEnQOdZL
Oh9qr9wEVFRV3Jvjdknz0v0PnF7srY2B6+kVK7R+jEGtZdXARAUBlCwyd93E511A
ggnqp6n7u0znfCryY5LmsmKX3d0kWJIJUEUgH2cSzROwx/lcGKO9evesZ9kIAkB4
sZJ97V4s4i9oWe/SG0eJ1w2WLygCVvA8vtfRRlgH7E6V0IEgbxXWwdANQw2krGxV
chOGZKRFZcIbd5zX2M/9fYqqVL3T5RSFhmq7siUqm+M3DBr91H4GpmubFwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHT7HBF/mcvHrzG8VrlO7ydiMYb/MB8GA1UdIwQY
MBaAFPJh30SzRoI8zoxmQ7X6aRmvsjGVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG1IZlJMTkdnanpPakdaRHRmcHBHYS15TVpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny8zY2I5ZDItNzBmZi00NmQ2LTljNzMt
NTc1ODYxNTYzNTRlLzEvZFBzY0VYLVp5OGV2TWJ4V3VVN3ZKMkl4aHY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny8zY2I5ZDItNzBmZi00NmQ2LTljNzMtNTc1ODYxNTYzNTRl
LzEvOG1IZlJMTkdnanpPakdaRHRmcHBHYS15TVpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAItj7QD
BAAtj7YwDQYJKoZIhvcNAQELBQADggEBACK6J1yxzGqXekNzUhcWbArvEhVIcs+r
YGNrsZSW20k/O37l70lkiEytTTCuP5zo+nDOEb27VxIEk7SbkrLX1T5HgB5BwsLx
qkgYQxaKD/KP11pYdw3GmV5DtXmiHSybBl65qOMkHm28cK25EEm84oNLAp0Zfo7E
IxBbfuAPV3swd46lQc2WjpdlgHR8Xp8kj75v+d1mWGQE7J1HZTuIKuDZdP1KIY1P
hhIrOCG/jbHu+W3d6927QEnImHlsHT53y06jB1PQZsIGBYE3N/ioYoBjMYWzgkKT
r2ayUP6739M7ToSkJxSrYNvGAenWul5/nrC5Lp6X3VUZ3cJ0iQemywQ=
-----END CERTIFICATE-----