Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/33CUfDLiP8hMW8-xKnh5gWXZm9w.roa
File:                     33CUfDLiP8hMW8-xKnh5gWXZm9w.roa (raw, json)
Hash identifier:          Bh9+3b8fWDJobwnZ5uEge8oWIc5s9pLu/K/Qpm494l0=
Subject key identifier:   DF:70:94:7C:32:E2:3F:C8:4C:5B:CF:B1:2A:78:79:81:65:D9:9B:DC
Certificate issuer:       /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial:       019420D637F5A6FD38BD4179424EBFFC0DE1
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/33CUfDLiP8hMW8-xKnh5gWXZm9w.roa
Signing time:             Wed 01 Jan 2025 07:48:17 +0000
ROA not before:           Wed 01 Jan 2025 07:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137409
IP address blocks:        45.8.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:37:f5:a6:fd:38:bd:41:79:42:4e:bf:fc:0d:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
        Validity
            Not Before: Jan  1 07:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df70947c32e23fc84c5bcfb12a78798165d99bdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:3e:20:44:5e:f7:0c:ad:03:40:61:7a:d8:28:
                    f4:38:81:5d:e8:27:ca:51:26:35:dc:c6:00:d4:ef:
                    5d:a8:68:12:3d:75:93:fb:05:e9:52:76:50:8d:03:
                    d6:1b:d3:64:9c:80:46:10:42:65:57:aa:d5:2d:0b:
                    10:91:ef:e1:57:8b:62:b4:3b:1a:6c:33:89:39:7b:
                    70:cb:61:46:9b:f4:7b:62:d3:47:f9:f9:7e:53:78:
                    52:d2:cc:d0:ad:14:bc:0b:bf:d2:5c:5d:f8:20:0b:
                    eb:ce:60:7b:85:fd:15:da:7c:84:92:77:ed:e7:6a:
                    6e:cc:a3:99:e5:80:0c:ac:36:7e:ea:b2:45:44:b3:
                    85:7b:e9:8f:de:cd:bc:2b:2e:51:3b:8f:00:98:d1:
                    39:41:b7:19:36:d6:ba:3a:52:52:aa:9b:ef:d3:dd:
                    e1:87:cb:20:df:cf:69:05:56:84:65:11:bd:a2:13:
                    a1:6c:4c:44:ef:7e:08:a4:94:10:89:04:13:95:4e:
                    a5:e8:07:0a:ac:5c:65:e4:6b:e9:83:cf:b1:11:d0:
                    e3:67:82:53:8a:65:c9:2e:6f:e1:4b:6c:f3:df:2c:
                    b3:e7:0b:77:b2:4d:a1:2d:90:59:ba:4c:7a:20:5d:
                    fc:7f:db:93:0e:84:0e:d7:89:47:69:f7:73:19:fa:
                    46:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:70:94:7C:32:E2:3F:C8:4C:5B:CF:B1:2A:78:79:81:65:D9:9B:DC
            X509v3 Authority Key Identifier:
                keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/33CUfDLiP8hMW8-xKnh5gWXZm9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:21:a4:a9:29:0a:1b:2e:22:8e:96:41:e9:04:b8:a1:cf:38:
         46:2f:59:0c:2e:d0:27:ed:0f:60:03:c1:a5:15:49:c8:89:a0:
         d3:8d:77:d2:a8:ee:a9:99:80:b1:64:93:f6:86:8d:35:ab:51:
         79:6a:b9:83:c0:fe:83:b7:4a:37:34:d7:62:b3:27:d8:37:e8:
         c1:64:d9:7e:1f:c7:6c:82:6f:1a:7f:f7:b7:ff:02:30:90:6c:
         f2:9a:b9:65:eb:34:36:fa:85:e6:1b:b4:12:e5:fe:33:9f:77:
         dd:23:9a:c2:a5:12:f7:40:77:0d:01:bd:7e:cd:01:a5:fd:06:
         4d:6b:d6:d5:5b:79:42:06:4e:68:a5:c8:79:be:12:97:b2:8c:
         7d:77:55:b2:38:4d:1d:32:0a:7e:a5:b3:ae:06:eb:e5:05:21:
         a7:d8:bb:fa:82:04:3e:3f:32:04:10:6e:27:98:80:63:d0:e1:
         ce:1a:9b:85:71:25:42:19:e5:53:5d:73:81:f3:1c:fb:aa:55:
         13:16:ec:77:dc:61:65:5a:58:ae:65:11:f5:80:e2:82:3d:ac:
         39:cf:c4:69:2e:48:2f:f9:3e:52:5c:50:76:f0:4f:a6:cd:9c:
         38:ae:e7:d2:49:a5:99:8d:9e:a6:a4:f7:07:9e:ca:55:5d:a0:
         c5:56:fb:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1jf1pv04vUF5Qk6//A3hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjUwMTAxMDc0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjcwOTQ3YzMyZTIzZmM4NGM1YmNmYjEyYTc4Nzk4MTY1ZDk5YmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2z4gRF73DK0DQGF62Cj0OIFd6CfK
USY13MYA1O9dqGgSPXWT+wXpUnZQjQPWG9NknIBGEEJlV6rVLQsQke/hV4titDsa
bDOJOXtwy2FGm/R7YtNH+fl+U3hS0szQrRS8C7/SXF34IAvrzmB7hf0V2nyEknft
52puzKOZ5YAMrDZ+6rJFRLOFe+mP3s28Ky5RO48AmNE5QbcZNta6OlJSqpvv093h
h8sg389pBVaEZRG9ohOhbExE734IpJQQiQQTlU6l6AcKrFxl5Gvpg8+xEdDjZ4JT
imXJLm/hS2zz3yyz5wt3sk2hLZBZukx6IF38f9uTDoQO14lHafdzGfpGKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9wlHwy4j/ITFvPsSp4eYFl2ZvcMB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvMzNDVWZETGlQOGhNVzgteEtuaDVnV1habTl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTktYjBiMzVhMzRlMzg4
LzEvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQgQMA0G
CSqGSIb3DQEBCwUAA4IBAQAAIaSpKQobLiKOlkHpBLihzzhGL1kMLtAn7Q9gA8Gl
FUnIiaDTjXfSqO6pmYCxZJP2ho01q1F5armDwP6Dt0o3NNdisyfYN+jBZNl+H8ds
gm8af/e3/wIwkGzymrll6zQ2+oXmG7QS5f4zn3fdI5rCpRL3QHcNAb1+zQGl/QZN
a9bVW3lCBk5opch5vhKXsox9d1WyOE0dMgp+pbOuBuvlBSGn2Lv6ggQ+PzIEEG4n
mIBj0OHOGpuFcSVCGeVTXXOB8xz7qlUTFux33GFlWliuZRH1gOKCPaw5z8RpLkgv
+T5SXFB28E+mzZw4rufSSaWZjZ6mpPcHnspVXaDFVvsB
-----END CERTIFICATE-----