Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/5f0579-0efa-422b-aa68-a434fd088fd0/1/m8b-nSkJNQaQc9Ko3VmUYZ_aR5k.roa
File:                     m8b-nSkJNQaQc9Ko3VmUYZ_aR5k.roa (raw, json)
Hash identifier:          x/jmnJNzCw/+lpmfHMz6HsStw+fWqWLA6QrXjLJpCDA=
Subject key identifier:   9B:C6:FE:9D:29:09:35:06:90:73:D2:A8:DD:59:94:61:9F:DA:47:99
Certificate issuer:       /CN=27e367d8decf7d626e54780f80e57360d2c078cd
Certificate serial:       019422FB5BD84CCC55262ACB68A178BF5F0C
Authority key identifier: 27:E3:67:D8:DE:CF:7D:62:6E:54:78:0F:80:E5:73:60:D2:C0:78:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J-Nn2N7PfWJuVHgPgOVzYNLAeM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/5f0579-0efa-422b-aa68-a434fd088fd0/1/m8b-nSkJNQaQc9Ko3VmUYZ_aR5k.roa
Signing time:             Wed 01 Jan 2025 17:48:05 +0000
ROA not before:           Wed 01 Jan 2025 17:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204616
IP address blocks:        185.245.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/5f0579-0efa-422b-aa68-a434fd088fd0/1/J-Nn2N7PfWJuVHgPgOVzYNLAeM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/5f0579-0efa-422b-aa68-a434fd088fd0/1/J-Nn2N7PfWJuVHgPgOVzYNLAeM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J-Nn2N7PfWJuVHgPgOVzYNLAeM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:5b:d8:4c:cc:55:26:2a:cb:68:a1:78:bf:5f:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27e367d8decf7d626e54780f80e57360d2c078cd
        Validity
            Not Before: Jan  1 17:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9bc6fe9d290935069073d2a8dd5994619fda4799
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:84:40:01:0b:f0:85:4a:c8:9b:a2:d6:c9:a1:
                    09:83:ed:9e:22:01:09:06:10:25:d7:07:ee:77:69:
                    15:4a:94:85:08:da:42:8a:42:50:40:de:7d:10:33:
                    f3:1d:46:fc:de:cf:96:0f:87:e0:5e:16:3f:66:d2:
                    a1:9c:0e:44:98:64:e7:92:5b:9c:87:09:48:65:3c:
                    fd:79:d3:87:58:c5:3c:5d:96:c5:6f:90:5f:a8:6d:
                    0c:c9:2a:33:9f:78:48:85:ae:9d:1f:3f:77:9d:34:
                    b1:d9:a3:3b:43:d3:9b:ab:4b:02:e7:2c:01:1d:ef:
                    34:6f:6d:a6:b7:05:c7:79:06:48:1b:0a:fe:9b:43:
                    2a:56:40:82:b7:75:8f:77:c1:01:c2:85:48:f3:e6:
                    d2:57:1a:cc:54:f5:fe:df:22:6e:50:25:2a:47:68:
                    a7:cf:e0:2e:34:aa:7c:8c:2e:ef:af:8e:0b:ff:1c:
                    2d:48:1d:b4:17:88:29:2a:b0:dd:0f:74:22:d9:eb:
                    76:64:f8:7c:8d:ce:f4:e5:0f:c9:ea:7f:b5:f1:58:
                    0d:be:57:f5:0e:62:de:3e:bd:68:fd:6e:c3:e9:df:
                    22:1a:4f:b0:29:27:b8:e7:41:f1:30:40:9b:77:73:
                    d3:40:ef:43:a6:84:0c:f6:dc:91:a3:56:66:a1:68:
                    3d:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:C6:FE:9D:29:09:35:06:90:73:D2:A8:DD:59:94:61:9F:DA:47:99
            X509v3 Authority Key Identifier:
                keyid:27:E3:67:D8:DE:CF:7D:62:6E:54:78:0F:80:E5:73:60:D2:C0:78:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J-Nn2N7PfWJuVHgPgOVzYNLAeM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/5f0579-0efa-422b-aa68-a434fd088fd0/1/m8b-nSkJNQaQc9Ko3VmUYZ_aR5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/5f0579-0efa-422b-aa68-a434fd088fd0/1/J-Nn2N7PfWJuVHgPgOVzYNLAeM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:06:f8:07:a8:32:fd:df:8c:94:ba:b6:d2:be:eb:a8:5b:dd:
         c9:87:3d:e5:d3:c8:65:1d:cf:43:53:d8:41:8e:a7:bc:8e:9a:
         35:57:45:04:30:d5:00:5a:5d:3b:38:cf:9e:89:94:b9:9d:51:
         25:f6:50:d2:df:26:e8:30:2b:bb:41:f4:dc:a1:51:58:71:6b:
         b2:39:ba:97:f8:4c:f8:45:3d:70:d0:8d:d5:62:5d:2f:78:86:
         f9:7b:f7:96:be:2a:47:c5:14:5f:5a:22:bd:e0:98:75:04:60:
         bf:63:6c:ed:7c:a5:2d:6b:ae:e2:a4:59:6c:a3:b2:23:f8:bc:
         f2:bb:fe:21:4e:b1:84:b2:c0:e3:ec:bb:5a:c7:3a:27:13:04:
         7d:b6:33:a3:b5:9c:3c:87:59:c1:6b:e5:f6:59:4f:c2:d4:98:
         39:31:56:7e:8f:74:b8:af:e2:84:d3:0d:db:ca:81:5c:f9:47:
         0b:ca:51:b5:d3:1e:ef:eb:c1:e3:af:83:09:62:9e:00:87:d2:
         1b:99:c2:c7:71:5b:ea:4e:7a:ec:45:03:20:b5:bc:31:be:ab:
         24:ea:b5:ff:a9:74:d7:d3:6e:23:23:6b:7b:43:ab:0c:c2:a8:
         74:16:ab:c1:cb:f3:57:5c:55:5d:c1:d2:c1:af:82:75:b0:3a:
         4d:1c:a7:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+1vYTMxVJirLaKF4v18MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZTM2N2Q4ZGVjZjdkNjI2ZTU0NzgwZjgwZTU3MzYwZDJj
MDc4Y2QwHhcNMjUwMTAxMTc0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmM2ZmU5ZDI5MDkzNTA2OTA3M2QyYThkZDU5OTQ2MTlmZGE0Nzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4RAAQvwhUrIm6LWyaEJg+2eIgEJ
BhAl1wfud2kVSpSFCNpCikJQQN59EDPzHUb83s+WD4fgXhY/ZtKhnA5EmGTnkluc
hwlIZTz9edOHWMU8XZbFb5BfqG0MySozn3hIha6dHz93nTSx2aM7Q9Obq0sC5ywB
He80b22mtwXHeQZIGwr+m0MqVkCCt3WPd8EBwoVI8+bSVxrMVPX+3yJuUCUqR2in
z+AuNKp8jC7vr44L/xwtSB20F4gpKrDdD3Qi2et2ZPh8jc705Q/J6n+18VgNvlf1
DmLePr1o/W7D6d8iGk+wKSe450HxMECbd3PTQO9DpoQM9tyRo1ZmoWg94wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJvG/p0pCTUGkHPSqN1ZlGGf2keZMB8GA1UdIwQY
MBaAFCfjZ9jez31iblR4D4Dlc2DSwHjNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSi1ObjJON1BmV0p1VkhnUGdPVnpZTkxBZU0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi81ZjA1NzktMGVmYS00MjJiLWFhNjgt
YTQzNGZkMDg4ZmQwLzEvbThiLW5Ta0pOUWFRYzlLbzNWbVVZWl9hUjVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi81ZjA1NzktMGVmYS00MjJiLWFhNjgtYTQzNGZkMDg4ZmQw
LzEvSi1ObjJON1BmV0p1VkhnUGdPVnpZTkxBZU0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufU0MA0G
CSqGSIb3DQEBCwUAA4IBAQCkBvgHqDL934yUurbSvuuoW93Jhz3l08hlHc9DU9hB
jqe8jpo1V0UEMNUAWl07OM+eiZS5nVEl9lDS3yboMCu7QfTcoVFYcWuyObqX+Ez4
RT1w0I3VYl0veIb5e/eWvipHxRRfWiK94Jh1BGC/Y2ztfKUta67ipFlso7Ij+Lzy
u/4hTrGEssDj7LtaxzonEwR9tjOjtZw8h1nBa+X2WU/C1Jg5MVZ+j3S4r+KE0w3b
yoFc+UcLylG10x7v68Hjr4MJYp4Ah9IbmcLHcVvqTnrsRQMgtbwxvqsk6rX/qXTX
024jI2t7Q6sMwqh0FqvBy/NXXFVdwdLBr4J1sDpNHKds
-----END CERTIFICATE-----