Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/OfxxmNtzJcdCBkWeVovM4im8aiY.roa
File:                     OfxxmNtzJcdCBkWeVovM4im8aiY.roa (raw, json)
Hash identifier:          WRZK3jUR3eiSqkPuuJOy87KYkFs/X19TJQecAHmPTCA=
Subject key identifier:   39:FC:71:98:DB:73:25:C7:42:06:45:9E:56:8B:CC:E2:29:BC:6A:26
Certificate issuer:       /CN=3aca50858a1856ffa02e91356f14236e7c38b85a
Certificate serial:       019421B25266A2402390CE38943B74382F13
Authority key identifier: 3A:CA:50:85:8A:18:56:FF:A0:2E:91:35:6F:14:23:6E:7C:38:B8:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OspQhYoYVv-gLpE1bxQjbnw4uFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/OfxxmNtzJcdCBkWeVovM4im8aiY.roa
Signing time:             Wed 01 Jan 2025 11:48:42 +0000
ROA not before:           Wed 01 Jan 2025 11:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62142
IP address blocks:        45.9.192.0/24 maxlen: 26
                          2a0e:1106::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/OspQhYoYVv-gLpE1bxQjbnw4uFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/OspQhYoYVv-gLpE1bxQjbnw4uFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OspQhYoYVv-gLpE1bxQjbnw4uFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 07:43:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:52:66:a2:40:23:90:ce:38:94:3b:74:38:2f:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aca50858a1856ffa02e91356f14236e7c38b85a
        Validity
            Not Before: Jan  1 11:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39fc7198db7325c74206459e568bcce229bc6a26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:cb:c6:ff:14:3f:9c:14:c8:7f:07:74:d3:19:
                    3d:a6:85:ae:86:5d:87:82:25:57:0e:dc:1d:48:ba:
                    5c:3a:f1:30:d8:cb:5b:ef:05:74:75:c2:93:a7:04:
                    a1:71:f9:32:47:71:16:e3:cc:ac:98:b4:33:ff:9b:
                    be:0d:04:06:d8:1c:8d:92:d1:04:52:53:65:2f:62:
                    d6:5c:6e:43:c7:16:82:63:59:70:4d:4a:ee:88:ba:
                    ca:4a:1c:fa:38:5b:cc:ba:b7:19:26:31:c1:58:60:
                    8d:14:65:74:e5:b0:e4:90:35:87:03:7c:20:d3:2a:
                    4a:2d:86:90:ed:0f:a0:d0:27:b7:06:4f:d3:61:df:
                    aa:6b:9a:c0:e6:46:53:7b:f2:1d:9e:e2:51:b4:88:
                    f0:b7:ec:c9:92:f8:f2:ea:30:3a:f8:ff:ff:d0:df:
                    2d:83:8f:b2:75:d2:04:9f:31:13:cc:d0:f6:4a:7e:
                    87:ee:e7:55:19:af:80:99:4d:1d:c9:c9:7c:d3:5a:
                    3d:cd:1e:1d:95:24:a8:3e:ac:70:50:42:7d:0e:28:
                    c6:d9:18:12:88:2b:b8:59:1e:3c:64:65:0a:45:dc:
                    a1:f2:98:34:e6:ab:cf:0d:d5:c5:f0:e2:f0:f3:27:
                    7e:67:91:33:32:65:d9:53:74:36:2e:a7:44:f7:a1:
                    a1:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:FC:71:98:DB:73:25:C7:42:06:45:9E:56:8B:CC:E2:29:BC:6A:26
            X509v3 Authority Key Identifier:
                keyid:3A:CA:50:85:8A:18:56:FF:A0:2E:91:35:6F:14:23:6E:7C:38:B8:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OspQhYoYVv-gLpE1bxQjbnw4uFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/OfxxmNtzJcdCBkWeVovM4im8aiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/OspQhYoYVv-gLpE1bxQjbnw4uFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.192.0/24
                IPv6:
                  2a0e:1106::/40

    Signature Algorithm: sha256WithRSAEncryption
         ca:c1:b8:b7:5d:d7:6c:9f:ea:24:a1:b6:8c:f2:79:f2:d1:d2:
         95:eb:25:be:c1:3a:0d:ee:40:3c:bd:78:5f:38:66:23:78:fb:
         f4:09:0e:f8:48:0c:26:c6:3c:07:c5:dd:b4:ce:7b:d6:ee:cd:
         02:ab:fc:0c:ca:33:f7:37:7d:9b:3e:b9:bc:f5:d0:44:cd:e6:
         97:82:a1:94:e8:22:14:3b:e9:f6:a6:9d:8b:7a:cb:67:d9:27:
         c8:33:16:ab:8c:7f:26:29:2f:39:9a:3e:51:32:aa:25:a2:8d:
         68:17:78:45:c6:b2:7d:88:a0:b1:ca:af:f0:b9:08:ca:0f:09:
         f1:98:9f:d9:28:d9:7d:d0:b9:73:df:f0:2a:a1:0a:f6:56:ef:
         53:b1:da:ae:6a:78:94:5a:7f:3f:68:a6:7d:5b:f4:cd:b7:04:
         49:4f:ac:47:0e:fe:2c:61:64:ee:e8:49:9d:a5:a3:d3:91:a4:
         3f:56:28:8c:88:33:1f:61:a2:6e:53:54:60:f6:9f:0e:ff:3b:
         30:d0:e6:af:27:2a:c4:00:48:1a:39:09:80:b7:b7:54:2c:1e:
         fe:5b:a6:63:cb:d8:c1:f4:ad:ab:10:b9:85:9d:2b:d5:0c:0e:
         17:eb:bb:b5:9d:5e:cc:e3:c8:46:a5:92:19:59:d6:ba:2b:b4:
         e3:8b:e3:1b
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQhslJmokAjkM44lDt0OC8TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhY2E1MDg1OGExODU2ZmZhMDJlOTEzNTZmMTQyMzZlN2Mz
OGI4NWEwHhcNMjUwMTAxMTE0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWZjNzE5OGRiNzMyNWM3NDIwNjQ1OWU1NjhiY2NlMjI5YmM2YTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcvG/xQ/nBTIfwd00xk9poWuhl2H
giVXDtwdSLpcOvEw2Mtb7wV0dcKTpwShcfkyR3EW48ysmLQz/5u+DQQG2ByNktEE
UlNlL2LWXG5DxxaCY1lwTUruiLrKShz6OFvMurcZJjHBWGCNFGV05bDkkDWHA3wg
0ypKLYaQ7Q+g0Ce3Bk/TYd+qa5rA5kZTe/IdnuJRtIjwt+zJkvjy6jA6+P//0N8t
g4+yddIEnzETzND2Sn6H7udVGa+AmU0dycl801o9zR4dlSSoPqxwUEJ9DijG2RgS
iCu4WR48ZGUKRdyh8pg05qvPDdXF8OLw8yd+Z5EzMmXZU3Q2LqdE96GhXQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFDn8cZjbcyXHQgZFnlaLzOIpvGomMB8GA1UdIwQY
MBaAFDrKUIWKGFb/oC6RNW8UI258OLhaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3NwUWhZb1lWdi1nTHBFMWJ4UWpibnc0dUZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xMmI5MzctODkwZC00N2I1LWEwNDEt
MzMxZDdmYzc3YmQ0LzEvT2Z4eG1OdHpKY2RDQmtXZVZvdk00aW04YWlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xMmI5MzctODkwZC00N2I1LWEwNDEtMzMxZDdmYzc3YmQ0
LzEvT3NwUWhZb1lWdi1nTHBFMWJ4UWpibnc0dUZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQALQnAMA4E
AgACMAgDBgAqDhEGADANBgkqhkiG9w0BAQsFAAOCAQEAysG4t13XbJ/qJKG2jPJ5
8tHSleslvsE6De5APL14XzhmI3j79AkO+EgMJsY8B8XdtM571u7NAqv8DMoz9zd9
mz65vPXQRM3ml4KhlOgiFDvp9qadi3rLZ9knyDMWq4x/JikvOZo+UTKqJaKNaBd4
RcayfYigscqv8LkIyg8J8Zif2SjZfdC5c9/wKqEK9lbvU7Harmp4lFp/P2imfVv0
zbcESU+sRw7+LGFk7uhJnaWj05GkP1YojIgzH2GiblNUYPafDv87MNDmrycqxABI
GjkJgLe3VCwe/lumY8vYwfStqxC5hZ0r1QwOF+u7tZ1ezOPIRqWSGVnWuiu044vj
Gw==
-----END CERTIFICATE-----