Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/8b400d-1e8e-40da-b1d6-a6541ceb1e43/1/MggUNL8VW9yE4LnaTyr5YJxrDwU.roa
File:                     MggUNL8VW9yE4LnaTyr5YJxrDwU.roa (raw, json)
Hash identifier:          GpA5vo0L4EKCpZl/rQZR5bRixQFok1LnqW2Xg8KUiaQ=
Subject key identifier:   32:08:14:34:BF:15:5B:DC:84:E0:B9:DA:4F:2A:F9:60:9C:6B:0F:05
Certificate issuer:       /CN=5232d44d9e08c873db35c02151ca44ae54b4b8af
Certificate serial:       0194252154A36F8D0990BEF753F94975B7B6
Authority key identifier: 52:32:D4:4D:9E:08:C8:73:DB:35:C0:21:51:CA:44:AE:54:B4:B8:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UjLUTZ4IyHPbNcAhUcpErlS0uK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/8b400d-1e8e-40da-b1d6-a6541ceb1e43/1/MggUNL8VW9yE4LnaTyr5YJxrDwU.roa
Signing time:             Thu 02 Jan 2025 03:48:48 +0000
ROA not before:           Thu 02 Jan 2025 03:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208989
IP address blocks:        45.12.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/8b400d-1e8e-40da-b1d6-a6541ceb1e43/1/UjLUTZ4IyHPbNcAhUcpErlS0uK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/8b400d-1e8e-40da-b1d6-a6541ceb1e43/1/UjLUTZ4IyHPbNcAhUcpErlS0uK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UjLUTZ4IyHPbNcAhUcpErlS0uK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:54:a3:6f:8d:09:90:be:f7:53:f9:49:75:b7:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5232d44d9e08c873db35c02151ca44ae54b4b8af
        Validity
            Not Before: Jan  2 03:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32081434bf155bdc84e0b9da4f2af9609c6b0f05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:46:4c:d8:23:03:8a:ff:04:5e:d2:44:2f:39:
                    8f:73:b9:4a:90:9a:ae:de:de:f3:f3:90:22:59:33:
                    78:39:1a:a3:b2:18:30:2a:82:55:54:ab:2a:6c:0e:
                    22:12:b1:74:f0:52:0e:13:a1:74:a3:6f:2e:90:09:
                    ff:fc:c5:94:6b:9f:20:02:d8:84:37:ad:f8:ee:19:
                    29:05:80:08:7d:f0:91:57:82:6f:78:53:6c:53:46:
                    c3:27:15:71:f7:0b:68:75:ed:c4:66:1e:82:a3:70:
                    48:61:7e:ab:3e:c8:1e:99:6c:5b:36:03:67:fd:98:
                    c0:7a:14:79:56:5b:45:02:c5:1f:7c:0a:a4:2a:5d:
                    3e:7f:3e:c8:63:41:d6:3d:bd:f1:1f:17:9a:0b:1e:
                    e5:18:71:7f:09:48:bd:98:06:6a:a4:35:3e:e0:0c:
                    27:63:27:be:d6:01:3e:e4:e1:6b:f5:92:52:fa:9f:
                    ce:03:f5:52:bd:74:4d:4c:0f:12:11:96:6c:c3:ee:
                    12:69:74:38:25:0f:48:b4:63:ce:85:2e:c5:05:88:
                    af:fa:68:ec:30:9c:8b:a5:5d:ed:2d:33:05:08:9e:
                    03:ee:95:53:8e:0f:0e:db:1b:22:ea:b6:2e:84:05:
                    58:5d:8d:62:1d:65:2b:bd:dc:81:f3:2c:f4:f3:db:
                    10:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:08:14:34:BF:15:5B:DC:84:E0:B9:DA:4F:2A:F9:60:9C:6B:0F:05
            X509v3 Authority Key Identifier:
                keyid:52:32:D4:4D:9E:08:C8:73:DB:35:C0:21:51:CA:44:AE:54:B4:B8:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UjLUTZ4IyHPbNcAhUcpErlS0uK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/8b400d-1e8e-40da-b1d6-a6541ceb1e43/1/MggUNL8VW9yE4LnaTyr5YJxrDwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/8b400d-1e8e-40da-b1d6-a6541ceb1e43/1/UjLUTZ4IyHPbNcAhUcpErlS0uK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:aa:c3:d8:5c:80:aa:73:39:9a:ca:1d:03:fe:2e:27:27:d1:
         c1:5e:b0:76:da:b6:bc:18:7c:23:f5:3f:93:90:5e:29:0a:70:
         db:7d:c7:c9:80:63:33:44:2b:4a:c8:ab:4a:cb:bc:4a:40:4a:
         61:86:dd:71:15:43:5f:08:2d:d8:b3:63:55:63:b5:a8:ad:2d:
         d8:6f:93:11:b6:e0:13:d8:32:88:1d:db:b8:23:19:fc:75:3d:
         0e:8a:60:e4:fe:fc:4f:f3:50:64:42:ba:41:18:c1:aa:2d:f3:
         fb:b7:74:1b:3f:fe:bd:1e:aa:48:3a:40:22:20:aa:30:54:50:
         24:55:6c:ed:db:5f:7b:67:44:0a:e5:f0:38:93:7d:88:94:57:
         5b:85:2b:dd:18:5c:f5:37:24:ad:7d:ab:96:b7:4f:2a:98:b1:
         a1:65:ef:b5:cc:cf:16:d4:f7:c7:73:72:e2:a6:6c:a4:36:5c:
         81:86:0b:0d:8b:91:f8:cc:71:bd:7d:14:19:12:f1:69:8b:d1:
         c6:8a:2c:02:57:2f:bb:16:70:7f:ea:3b:6b:2a:08:b8:90:d1:
         a6:ae:6b:ea:35:14:9b:79:2e:45:d8:23:bc:5c:f1:49:f6:12:
         5e:ba:b0:3c:ec:28:fb:6a:55:0b:43:e2:bd:68:46:dd:25:10:
         58:af:16:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIVSjb40JkL73U/lJdbe2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMzJkNDRkOWUwOGM4NzNkYjM1YzAyMTUxY2E0NGFlNTRi
NGI4YWYwHhcNMjUwMTAyMDM0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjA4MTQzNGJmMTU1YmRjODRlMGI5ZGE0ZjJhZjk2MDljNmIwZjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUZM2CMDiv8EXtJELzmPc7lKkJqu
3t7z85AiWTN4ORqjshgwKoJVVKsqbA4iErF08FIOE6F0o28ukAn//MWUa58gAtiE
N6347hkpBYAIffCRV4JveFNsU0bDJxVx9wtode3EZh6Co3BIYX6rPsgemWxbNgNn
/ZjAehR5VltFAsUffAqkKl0+fz7IY0HWPb3xHxeaCx7lGHF/CUi9mAZqpDU+4Awn
Yye+1gE+5OFr9ZJS+p/OA/VSvXRNTA8SEZZsw+4SaXQ4JQ9ItGPOhS7FBYiv+mjs
MJyLpV3tLTMFCJ4D7pVTjg8O2xsi6rYuhAVYXY1iHWUrvdyB8yz089sQ9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIIFDS/FVvchOC52k8q+WCcaw8FMB8GA1UdIwQY
MBaAFFIy1E2eCMhz2zXAIVHKRK5UtLivMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWpMVVRaNEl5SFBiTmNBaFVjcEVybFMwdUs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi84YjQwMGQtMWU4ZS00MGRhLWIxZDYt
YTY1NDFjZWIxZTQzLzEvTWdnVU5MOFZXOXlFNExuYVR5cjVZSnhyRHdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi84YjQwMGQtMWU4ZS00MGRhLWIxZDYtYTY1NDFjZWIxZTQz
LzEvVWpMVVRaNEl5SFBiTmNBaFVjcEVybFMwdUs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQwIMA0G
CSqGSIb3DQEBCwUAA4IBAQCBqsPYXICqczmayh0D/i4nJ9HBXrB22ra8GHwj9T+T
kF4pCnDbfcfJgGMzRCtKyKtKy7xKQEphht1xFUNfCC3Ys2NVY7WorS3Yb5MRtuAT
2DKIHdu4Ixn8dT0OimDk/vxP81BkQrpBGMGqLfP7t3QbP/69HqpIOkAiIKowVFAk
VWzt2197Z0QK5fA4k32IlFdbhSvdGFz1NyStfauWt08qmLGhZe+1zM8W1PfHc3Li
pmykNlyBhgsNi5H4zHG9fRQZEvFpi9HGiiwCVy+7FnB/6jtrKgi4kNGmrmvqNRSb
eS5F2CO8XPFJ9hJeurA87Cj7alULQ+K9aEbdJRBYrxaz
-----END CERTIFICATE-----