Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/dZgYAx_N36qliHArmqX1gaumeGY.roa
File:                     dZgYAx_N36qliHArmqX1gaumeGY.roa (raw, json)
Hash identifier:          f8R8/QcHyuVgs1r9zKBrMS4KaT9iNImM3nX83XfW2bA=
Subject key identifier:   75:98:18:03:1F:CD:DF:AA:A5:88:70:2B:9A:A5:F5:81:AB:A6:78:66
Certificate issuer:       /CN=bea6ca03a8c135ceeae232c937c1ee0bab87e782
Certificate serial:       01941F8C02AE7999B22D1EAF47980762AB8C
Authority key identifier: BE:A6:CA:03:A8:C1:35:CE:EA:E2:32:C9:37:C1:EE:0B:AB:87:E7:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vqbKA6jBNc7q4jLJN8HuC6uH54I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/dZgYAx_N36qliHArmqX1gaumeGY.roa
Signing time:             Wed 01 Jan 2025 01:47:36 +0000
ROA not before:           Wed 01 Jan 2025 01:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209055
IP address blocks:        45.8.40.0/22 maxlen: 22
                          45.8.40.0/24 maxlen: 24
                          45.8.41.0/24 maxlen: 24
                          45.8.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/vqbKA6jBNc7q4jLJN8HuC6uH54I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/vqbKA6jBNc7q4jLJN8HuC6uH54I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vqbKA6jBNc7q4jLJN8HuC6uH54I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:02:ae:79:99:b2:2d:1e:af:47:98:07:62:ab:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bea6ca03a8c135ceeae232c937c1ee0bab87e782
        Validity
            Not Before: Jan  1 01:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=759818031fcddfaaa588702b9aa5f581aba67866
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:bb:91:6c:0a:84:77:b8:0b:45:07:1f:4b:c2:
                    4c:31:7d:cc:2c:5d:90:51:1d:e8:50:fc:4a:ee:4a:
                    46:7e:ca:6b:66:98:e4:55:f3:a9:04:a2:ed:2e:65:
                    22:69:d2:e2:70:8a:6a:00:c7:df:ab:9f:db:ed:35:
                    bb:64:12:69:97:19:62:05:1b:e0:67:fd:db:ef:16:
                    78:74:74:ed:93:a1:89:e6:2b:39:19:cf:b5:a3:c5:
                    e4:c7:76:b0:50:ac:e2:7d:75:2b:dc:b9:e3:7c:a4:
                    85:ca:df:b8:df:49:3d:20:2e:4e:f5:dc:96:54:42:
                    c6:09:df:4a:c6:3c:dc:56:1c:11:36:89:ed:82:d9:
                    50:19:fe:74:f9:c6:6a:0a:21:6f:c3:95:19:38:3f:
                    5c:da:c6:1a:7a:ea:bb:8b:7a:e5:98:e9:f1:a5:f0:
                    91:7f:d2:96:49:d2:16:df:82:25:54:35:16:22:fc:
                    68:35:c2:f5:d4:98:bd:c9:a6:ad:d4:61:0f:e9:b8:
                    65:d1:51:0a:00:0d:52:66:bf:a4:7a:81:8e:d5:c2:
                    d4:f9:87:d5:1a:cb:61:8b:87:60:cf:30:e5:e2:90:
                    c6:7e:20:fe:ce:22:e6:6e:fc:e8:67:c5:d7:b8:21:
                    a7:c3:41:28:ab:a3:8c:a3:1c:a8:79:cb:91:7d:ce:
                    6f:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:98:18:03:1F:CD:DF:AA:A5:88:70:2B:9A:A5:F5:81:AB:A6:78:66
            X509v3 Authority Key Identifier:
                keyid:BE:A6:CA:03:A8:C1:35:CE:EA:E2:32:C9:37:C1:EE:0B:AB:87:E7:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vqbKA6jBNc7q4jLJN8HuC6uH54I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/dZgYAx_N36qliHArmqX1gaumeGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/vqbKA6jBNc7q4jLJN8HuC6uH54I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:2b:b5:ef:e4:2b:2e:d6:87:5c:00:6a:c1:63:1c:1c:9f:32:
         01:af:5f:dd:ca:f6:43:bd:0b:6e:68:16:84:0c:15:5c:ac:04:
         ac:92:25:3e:cd:89:a7:9c:61:44:cc:a6:96:22:44:1b:57:20:
         91:4d:20:5d:5f:85:df:c0:c0:0f:c0:7b:fd:c2:59:1d:18:e1:
         29:ef:02:21:3e:4b:40:94:8c:20:1b:cb:a6:ac:7e:55:8b:97:
         ea:ba:20:64:02:9f:be:81:13:83:41:f5:43:2b:8e:c9:c2:7a:
         95:af:75:a2:37:3c:eb:56:6b:e4:72:c9:dd:17:fa:61:a1:e8:
         12:be:28:c5:3a:c8:27:70:7f:47:a7:f0:05:cd:4d:24:b6:b5:
         36:fa:a8:9e:c6:bc:ce:ce:8e:07:6e:1c:7a:1c:04:91:f8:d2:
         22:da:c0:78:68:de:25:f3:e2:df:61:eb:ed:b1:af:ec:0b:c1:
         21:4d:3d:38:df:7d:d3:f0:c3:92:b2:64:94:e2:06:88:f3:01:
         b8:81:cd:c2:67:d7:3d:73:93:ca:a8:55:84:8d:3c:ae:02:7c:
         cc:a7:4c:1f:c6:59:6a:ef:a6:a1:38:4d:91:71:49:9d:0b:1d:
         11:68:3a:53:20:9a:ff:f7:59:3e:a6:96:76:b4:29:f6:ac:58:
         13:ba:7b:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjAKueZmyLR6vR5gHYquMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYTZjYTAzYThjMTM1Y2VlYWUyMzJjOTM3YzFlZTBiYWI4
N2U3ODIwHhcNMjUwMTAxMDE0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTk4MTgwMzFmY2RkZmFhYTU4ODcwMmI5YWE1ZjU4MWFiYTY3ODY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbuRbAqEd7gLRQcfS8JMMX3MLF2Q
UR3oUPxK7kpGfsprZpjkVfOpBKLtLmUiadLicIpqAMffq5/b7TW7ZBJplxliBRvg
Z/3b7xZ4dHTtk6GJ5is5Gc+1o8Xkx3awUKzifXUr3LnjfKSFyt+430k9IC5O9dyW
VELGCd9KxjzcVhwRNontgtlQGf50+cZqCiFvw5UZOD9c2sYaeuq7i3rlmOnxpfCR
f9KWSdIW34IlVDUWIvxoNcL11Ji9yaat1GEP6bhl0VEKAA1SZr+keoGO1cLU+YfV
Gsthi4dgzzDl4pDGfiD+ziLmbvzoZ8XXuCGnw0Eoq6OMoxyoecuRfc5vKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHWYGAMfzd+qpYhwK5ql9YGrpnhmMB8GA1UdIwQY
MBaAFL6mygOowTXO6uIyyTfB7gurh+eCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnFiS0E2akJOYzdxNGpMSk44SHVDNnVINTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iYzY1ZjYtMGMzYi00MDRlLWJmYWQt
OWZhNDIyOGMwMmVhLzEvZFpnWUF4X04zNnFsaUhBcm1xWDFnYXVtZUdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iYzY1ZjYtMGMzYi00MDRlLWJmYWQtOWZhNDIyOGMwMmVh
LzEvdnFiS0E2akJOYzdxNGpMSk44SHVDNnVINTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQgoMA0G
CSqGSIb3DQEBCwUAA4IBAQCBK7Xv5Csu1odcAGrBYxwcnzIBr1/dyvZDvQtuaBaE
DBVcrASskiU+zYmnnGFEzKaWIkQbVyCRTSBdX4XfwMAPwHv9wlkdGOEp7wIhPktA
lIwgG8umrH5Vi5fquiBkAp++gRODQfVDK47JwnqVr3WiNzzrVmvkcsndF/phoegS
vijFOsgncH9Hp/AFzU0ktrU2+qiexrzOzo4Hbhx6HASR+NIi2sB4aN4l8+LfYevt
sa/sC8EhTT04333T8MOSsmSU4gaI8wG4gc3CZ9c9c5PKqFWEjTyuAnzMp0wfxllq
76ahOE2RcUmdCx0RaDpTIJr/91k+ppZ2tCn2rFgTunvI
-----END CERTIFICATE-----