Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/hR0DvwQrwl3kOSRYW0GLT78ACUE.roa
File:                     hR0DvwQrwl3kOSRYW0GLT78ACUE.roa (raw, json)
Hash identifier:          LL918PZLxK+cUioGojTSaIS6cKfHKe5cqdRpFsmMZAs=
Subject key identifier:   85:1D:03:BF:04:2B:C2:5D:E4:39:24:58:5B:41:8B:4F:BF:00:09:41
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       018CC5DC2F5433C557095FC28598D6BC2573
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/hR0DvwQrwl3kOSRYW0GLT78ACUE.roa
Signing time:             Mon 01 Jan 2024 16:29:50 +0000
ROA not before:           Mon 01 Jan 2024 16:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        45.147.148.0/22 maxlen: 24
                          77.83.152.0/22 maxlen: 24
                          2a0e:9846::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:2f:54:33:c5:57:09:5f:c2:85:98:d6:bc:25:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Jan  1 16:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=851d03bf042bc25de43924585b418b4fbf000941
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f0:1e:be:67:11:14:f7:bc:d6:4a:f6:44:c0:
                    9a:eb:45:04:7f:28:ee:ab:35:62:ba:f2:85:c2:07:
                    b5:e8:f2:a1:09:38:95:45:8e:da:a4:c5:5c:69:e0:
                    a5:c2:2f:1f:e9:48:96:73:45:fa:67:b9:08:85:19:
                    28:a9:d7:c4:8b:16:d8:79:6a:96:ed:a8:63:f3:16:
                    5d:26:77:fd:12:ef:f9:8b:63:20:5b:63:49:07:fd:
                    20:aa:9a:f5:69:ec:ab:5d:98:49:eb:f3:b5:30:fb:
                    0f:6d:76:50:3f:ea:5f:2c:cb:24:9c:9d:72:7b:50:
                    0b:33:30:8a:3a:8c:21:c0:12:5d:f4:7c:4c:12:41:
                    3f:0b:c0:51:dd:b4:8a:b5:52:d0:9f:d5:60:0c:e8:
                    d4:db:02:0e:26:35:8a:cb:69:49:0e:e6:6c:66:1f:
                    8c:c1:e8:9f:ff:3c:2c:f0:d4:0e:84:93:7e:24:86:
                    52:01:d6:bd:f8:4a:4b:41:8d:79:c0:80:53:09:d9:
                    d9:a8:0c:1d:c0:1c:fa:39:71:58:5e:55:e8:68:96:
                    c8:c6:fb:e2:35:a8:85:84:3f:8a:42:38:d0:bc:5b:
                    fb:74:ee:c1:31:92:24:8d:d2:ab:37:29:24:58:ba:
                    a1:fd:7f:39:71:20:b1:f7:f4:46:da:39:75:61:d0:
                    c1:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:1D:03:BF:04:2B:C2:5D:E4:39:24:58:5B:41:8B:4F:BF:00:09:41
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/hR0DvwQrwl3kOSRYW0GLT78ACUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.148.0/22
                  77.83.152.0/22
                IPv6:
                  2a0e:9846::/32

    Signature Algorithm: sha256WithRSAEncryption
         08:9b:e7:4f:07:3a:60:55:83:b9:6e:3f:da:6b:51:66:58:2c:
         d1:ac:0b:7c:df:b2:5f:ef:71:51:b6:29:50:80:09:8b:9c:34:
         19:03:d7:d7:e9:06:56:9c:65:b8:d4:14:a7:1a:97:56:57:d3:
         4b:ba:70:df:2c:c9:9d:f9:43:ce:90:08:5f:96:30:27:b0:89:
         42:af:0f:8f:b2:2d:86:1b:51:6f:e9:71:57:e5:ae:a9:bc:63:
         ad:2e:ad:48:10:0a:dc:05:45:c9:28:9d:aa:66:43:62:23:ee:
         69:27:49:e9:73:67:0c:8e:6d:ad:87:3c:f9:b4:75:5b:3f:3b:
         12:a8:7c:1b:91:62:83:01:dc:a2:24:51:75:da:76:77:46:1e:
         44:18:2f:ee:89:f4:af:30:14:ab:7c:49:37:48:6f:f3:2d:39:
         1d:32:bd:98:23:c8:26:d3:35:31:69:d0:30:97:75:33:31:57:
         59:0f:66:59:af:5d:06:79:cb:f3:ab:4a:c0:f5:18:9e:20:71:
         f2:fb:bb:11:9a:bb:7d:f9:a5:c8:2b:03:4e:79:18:6f:72:6e:
         6e:87:b7:09:f8:a3:10:7f:19:9e:44:c2:b8:95:b9:1f:2a:86:
         7f:38:ae:5d:cf:c9:bf:92:58:e7:f1:80:a4:7c:69:4c:8d:99:
         bd:dc:07:c1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzF3C9UM8VXCV/ChZjWvCVzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjQwMTAxMTYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTFkMDNiZjA0MmJjMjVkZTQzOTI0NTg1YjQxOGI0ZmJmMDAwOTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPAevmcRFPe81kr2RMCa60UEfyju
qzViuvKFwge16PKhCTiVRY7apMVcaeClwi8f6UiWc0X6Z7kIhRkoqdfEixbYeWqW
7ahj8xZdJnf9Eu/5i2MgW2NJB/0gqpr1aeyrXZhJ6/O1MPsPbXZQP+pfLMsknJ1y
e1ALMzCKOowhwBJd9HxMEkE/C8BR3bSKtVLQn9VgDOjU2wIOJjWKy2lJDuZsZh+M
weif/zws8NQOhJN+JIZSAda9+EpLQY15wIBTCdnZqAwdwBz6OXFYXlXoaJbIxvvi
NaiFhD+KQjjQvFv7dO7BMZIkjdKrNykkWLqh/X85cSCx9/RG2jl1YdDBvQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIUdA78EK8Jd5DkkWFtBi0+/AAlBMB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvaFIwRHZ3UXJ3bDNrT1NSWVcwR0xUNzhBQ1VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLZOUAwQC
TVOYMA0EAgACMAcDBQAqDphGMA0GCSqGSIb3DQEBCwUAA4IBAQAIm+dPBzpgVYO5
bj/aa1FmWCzRrAt837Jf73FRtilQgAmLnDQZA9fX6QZWnGW41BSnGpdWV9NLunDf
LMmd+UPOkAhfljAnsIlCrw+Psi2GG1Fv6XFX5a6pvGOtLq1IEArcBUXJKJ2qZkNi
I+5pJ0npc2cMjm2thzz5tHVbPzsSqHwbkWKDAdyiJFF12nZ3Rh5EGC/uifSvMBSr
fEk3SG/zLTkdMr2YI8gm0zUxadAwl3UzMVdZD2ZZr10Gecvzq0rA9RieIHHy+7sR
mrt9+aXIKwNOeRhvcm5uh7cJ+KMQfxmeRMK4lbkfKoZ/OK5dz8m/kljn8YCkfGlM
jZm93AfB
-----END CERTIFICATE-----