Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/93da3a-87d5-4433-9f38-a296092be153/1/tiFC6JqksrztinNgeHjMezLIyQo.roa
File:                     tiFC6JqksrztinNgeHjMezLIyQo.roa (raw, json)
Hash identifier:          AMO7U+NdmFNyNa76WinXG21mQKY3WubeaQslsZeF+HY=
Subject key identifier:   B6:21:42:E8:9A:A4:B2:BC:ED:8A:73:60:78:78:CC:7B:32:C8:C9:0A
Certificate issuer:       /CN=8348da7cbe8ca41865bda1a082e00cb5c25887af
Certificate serial:       019424455A32B3295030CC0FBA2617B0295A
Authority key identifier: 83:48:DA:7C:BE:8C:A4:18:65:BD:A1:A0:82:E0:0C:B5:C2:58:87:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g0jafL6MpBhlvaGgguAMtcJYh68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/93da3a-87d5-4433-9f38-a296092be153/1/tiFC6JqksrztinNgeHjMezLIyQo.roa
Signing time:             Wed 01 Jan 2025 23:48:32 +0000
ROA not before:           Wed 01 Jan 2025 23:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208419
IP address blocks:        45.138.20.0/22 maxlen: 22
                          2a0e:ab40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/93da3a-87d5-4433-9f38-a296092be153/1/g0jafL6MpBhlvaGgguAMtcJYh68.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/93da3a-87d5-4433-9f38-a296092be153/1/g0jafL6MpBhlvaGgguAMtcJYh68.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g0jafL6MpBhlvaGgguAMtcJYh68.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:5a:32:b3:29:50:30:cc:0f:ba:26:17:b0:29:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8348da7cbe8ca41865bda1a082e00cb5c25887af
        Validity
            Not Before: Jan  1 23:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b62142e89aa4b2bced8a73607878cc7b32c8c90a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:1c:14:6c:ee:86:f3:69:fb:80:5f:d5:a4:98:
                    88:47:aa:5b:40:d3:ec:89:c3:43:72:6f:aa:93:52:
                    9f:6a:09:fa:4e:4a:85:a4:40:65:fb:6e:64:6c:86:
                    87:70:64:17:0c:fd:96:ae:78:2c:42:87:a0:fe:07:
                    59:e2:d3:ae:59:5e:bb:3e:e8:b9:aa:18:bd:4a:23:
                    19:81:2e:01:af:7c:37:3b:49:ac:b9:81:9b:5c:41:
                    2b:05:c0:1f:eb:b4:27:a8:94:6c:e6:18:14:86:5e:
                    c7:45:df:23:d5:15:bb:37:c3:1d:83:f6:ce:82:cb:
                    a4:2f:67:92:9e:dd:66:7b:ee:13:ba:8e:90:fc:08:
                    d2:00:db:b9:63:25:a9:76:55:35:36:0a:66:53:74:
                    21:b3:35:d7:ca:2e:1c:5b:78:27:5c:a3:b4:88:e3:
                    45:d2:77:2f:f0:b6:ee:a3:e3:56:23:5b:78:5a:08:
                    00:2c:fb:80:57:b0:f7:c4:0f:9a:f7:da:98:e6:c9:
                    3a:0c:d4:c7:24:d5:8c:89:58:4a:7d:25:53:ed:65:
                    18:6a:fc:c7:ab:20:65:2a:a7:01:bf:4e:72:13:f6:
                    cb:80:6e:ca:95:cf:c6:66:3f:ea:53:9c:d2:f2:0e:
                    11:e4:5e:ef:a0:ba:b7:91:c9:be:6f:fa:01:e7:10:
                    d1:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:21:42:E8:9A:A4:B2:BC:ED:8A:73:60:78:78:CC:7B:32:C8:C9:0A
            X509v3 Authority Key Identifier:
                keyid:83:48:DA:7C:BE:8C:A4:18:65:BD:A1:A0:82:E0:0C:B5:C2:58:87:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g0jafL6MpBhlvaGgguAMtcJYh68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/93da3a-87d5-4433-9f38-a296092be153/1/tiFC6JqksrztinNgeHjMezLIyQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/93da3a-87d5-4433-9f38-a296092be153/1/g0jafL6MpBhlvaGgguAMtcJYh68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.20.0/22
                IPv6:
                  2a0e:ab40::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:3f:6d:82:d4:e5:bd:26:36:96:46:b9:d0:ed:28:ac:96:c8:
         db:fd:73:a5:be:24:01:92:d4:d1:03:11:da:30:45:46:d7:e2:
         aa:b1:3f:c4:fd:82:eb:fb:ea:e0:73:3c:f1:d6:b4:77:d0:b0:
         bb:32:1f:84:a9:ee:7e:70:4e:dc:27:52:e2:2e:39:9d:5b:d3:
         04:44:3c:40:26:4b:e6:8c:3b:d1:8f:e9:05:41:15:a7:f7:53:
         43:a7:f8:30:b2:76:03:c0:f1:a3:fa:19:f2:bf:ce:4f:7d:02:
         09:a6:cf:68:02:08:d0:97:10:d4:02:b2:74:2b:71:6d:08:db:
         b5:38:c0:c7:32:6b:c4:26:cb:1b:6d:30:6c:f4:9d:4a:0e:9c:
         b4:ec:14:d5:67:19:84:bb:fd:09:40:c8:ad:bc:9a:85:36:1b:
         38:e7:fa:81:d2:6c:ec:41:c3:91:4b:95:71:c1:80:33:da:8b:
         a1:fc:de:3d:b3:ca:1a:04:ff:fc:14:48:d6:de:31:93:18:7d:
         0c:81:38:e8:02:73:0f:ea:ae:50:5a:c4:69:eb:24:e7:31:86:
         5a:66:9c:c0:5d:5c:79:fc:64:ec:4f:58:32:ab:8b:1e:c0:60:
         22:f4:41:2a:57:83:9f:75:fc:d0:01:db:9b:5e:30:3c:74:c4:
         c9:a3:d4:af
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRVoysylQMMwPuiYXsClaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNDhkYTdjYmU4Y2E0MTg2NWJkYTFhMDgyZTAwY2I1YzI1
ODg3YWYwHhcNMjUwMTAxMjM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjIxNDJlODlhYTRiMmJjZWQ4YTczNjA3ODc4Y2M3YjMyYzhjOTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxwUbO6G82n7gF/VpJiIR6pbQNPs
icNDcm+qk1Kfagn6TkqFpEBl+25kbIaHcGQXDP2WrngsQoeg/gdZ4tOuWV67Pui5
qhi9SiMZgS4Br3w3O0msuYGbXEErBcAf67QnqJRs5hgUhl7HRd8j1RW7N8Mdg/bO
gsukL2eSnt1me+4Tuo6Q/AjSANu5YyWpdlU1NgpmU3QhszXXyi4cW3gnXKO0iONF
0ncv8Lbuo+NWI1t4WggALPuAV7D3xA+a99qY5sk6DNTHJNWMiVhKfSVT7WUYavzH
qyBlKqcBv05yE/bLgG7Klc/GZj/qU5zS8g4R5F7voLq3kcm+b/oB5xDR+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLYhQuiapLK87YpzYHh4zHsyyMkKMB8GA1UdIwQY
MBaAFINI2ny+jKQYZb2hoILgDLXCWIevMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzBqYWZMNk1wQmhsdmFHZ2d1QU10Y0pZaDY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS85M2RhM2EtODdkNS00NDMzLTlmMzgt
YTI5NjA5MmJlMTUzLzEvdGlGQzZKcWtzcnp0aW5OZ2VIak1lekxJeVFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS85M2RhM2EtODdkNS00NDMzLTlmMzgtYTI5NjA5MmJlMTUz
LzEvZzBqYWZMNk1wQmhsdmFHZ2d1QU10Y0pZaDY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYoUMA0E
AgACMAcDBQMqDqtAMA0GCSqGSIb3DQEBCwUAA4IBAQA8P22C1OW9JjaWRrnQ7Sis
lsjb/XOlviQBktTRAxHaMEVG1+KqsT/E/YLr++rgczzx1rR30LC7Mh+Eqe5+cE7c
J1LiLjmdW9MERDxAJkvmjDvRj+kFQRWn91NDp/gwsnYDwPGj+hnyv85PfQIJps9o
AgjQlxDUArJ0K3FtCNu1OMDHMmvEJssbbTBs9J1KDpy07BTVZxmEu/0JQMitvJqF
Nhs45/qB0mzsQcORS5VxwYAz2ouh/N49s8oaBP/8FEjW3jGTGH0MgTjoAnMP6q5Q
WsRp6yTnMYZaZpzAXVx5/GTsT1gyq4sewGAi9EEqV4OfdfzQAdubXjA8dMTJo9Sv
-----END CERTIFICATE-----