Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/8iIqri7IvcauWOTMINZhQiLRKvo.roa
File:                     8iIqri7IvcauWOTMINZhQiLRKvo.roa (raw, json)
Hash identifier:          RyqX7TgKsmeFBvLMMu3I/bH8LRWEmU571C2kQM35LYo=
Subject key identifier:   F2:22:2A:AE:2E:C8:BD:C6:AE:58:E4:CC:20:D6:61:42:22:D1:2A:FA
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       0194266BC624B471E03FECFFFB7943B31317
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/8iIqri7IvcauWOTMINZhQiLRKvo.roa
Signing time:             Thu 02 Jan 2025 09:49:44 +0000
ROA not before:           Thu 02 Jan 2025 09:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        45.146.200.0/24 maxlen: 24
                          45.146.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c6:24:b4:71:e0:3f:ec:ff:fb:79:43:b3:13:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jan  2 09:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f2222aae2ec8bdc6ae58e4cc20d6614222d12afa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:66:b9:e3:24:1e:60:59:f5:5c:19:44:50:c8:
                    a3:ad:74:41:6e:9c:6c:58:50:fc:31:7c:13:3d:1a:
                    e0:74:2c:51:a5:17:fa:26:63:16:1c:2c:8f:5c:90:
                    0e:08:06:a3:21:2a:2a:97:7c:58:0b:39:44:7a:73:
                    15:c8:68:4f:75:11:68:4b:80:19:1a:99:86:a3:68:
                    bf:9d:cb:19:11:da:c7:25:45:df:0a:92:01:c4:2a:
                    28:9d:36:8b:7f:a4:1b:94:8c:62:3e:bd:97:75:2c:
                    e0:95:05:1e:4e:ac:27:99:25:44:aa:05:38:6e:64:
                    48:85:3d:03:09:43:b0:55:66:22:bc:80:03:12:32:
                    dd:71:13:8b:c4:50:17:ba:53:48:d5:19:92:d5:5a:
                    39:02:7e:b4:ad:d1:94:b9:ae:3f:cd:14:3e:94:50:
                    c1:aa:96:5b:20:30:22:23:2e:43:70:45:dd:32:30:
                    c8:29:15:da:24:b4:c1:35:45:5b:25:78:71:a0:ae:
                    e5:b1:a5:ec:1c:5f:26:22:51:62:ab:c8:62:fb:25:
                    06:ef:71:0d:ce:43:8b:de:fb:5b:55:70:30:70:52:
                    04:bc:54:13:f7:3d:72:8c:61:10:ce:1b:f1:c2:ec:
                    70:44:23:0c:f9:95:c5:b2:52:c5:35:f6:3d:ee:cf:
                    c8:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:22:2A:AE:2E:C8:BD:C6:AE:58:E4:CC:20:D6:61:42:22:D1:2A:FA
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/8iIqri7IvcauWOTMINZhQiLRKvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:42:62:c4:7e:54:9e:e1:b2:0d:2c:55:22:6b:5e:96:40:2c:
         1f:22:b9:aa:3a:48:70:49:e0:11:d9:f2:4a:83:c1:0b:69:d7:
         66:d0:ba:e9:9d:8a:f6:34:4c:96:02:e9:84:24:38:a5:8c:a3:
         55:53:57:af:da:bb:69:2e:8b:49:ed:92:93:51:bb:1c:be:fa:
         a5:f2:95:0f:18:a3:5c:2c:04:f8:10:9b:3d:94:79:3e:66:54:
         ad:cc:5e:3f:a7:3d:d6:ab:d1:9d:c2:80:98:54:13:2a:6c:3e:
         e2:46:b4:db:f0:a5:42:66:60:6d:e6:c4:59:9b:a4:a1:7e:65:
         40:e4:a9:ba:3f:05:02:17:50:2e:bb:ac:a5:62:13:bb:13:60:
         65:73:b2:60:a7:2e:20:30:c5:bd:45:b3:d8:d5:de:11:d4:ce:
         31:a0:22:ac:ea:43:23:1f:f5:91:a5:84:ca:cb:38:79:76:b4:
         3f:07:2c:63:c7:de:31:ed:d3:18:d8:7a:7c:ec:3f:9f:fa:8f:
         be:80:d6:1b:11:7e:4f:e7:f0:6d:60:9e:c8:be:b9:d1:cf:e6:
         80:bf:c1:ef:0f:64:82:f2:b7:5b:14:91:22:33:07:77:b1:ec:
         55:cc:ba:22:04:96:de:87:59:5f:c7:c7:3a:0c:fa:98:51:4d:
         8d:e1:07:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma8YktHHgP+z/+3lDsxMXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjUwMTAyMDk0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjIyMmFhZTJlYzhiZGM2YWU1OGU0Y2MyMGQ2NjE0MjIyZDEyYWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2a54yQeYFn1XBlEUMijrXRBbpxs
WFD8MXwTPRrgdCxRpRf6JmMWHCyPXJAOCAajISoql3xYCzlEenMVyGhPdRFoS4AZ
GpmGo2i/ncsZEdrHJUXfCpIBxCoonTaLf6QblIxiPr2XdSzglQUeTqwnmSVEqgU4
bmRIhT0DCUOwVWYivIADEjLdcROLxFAXulNI1RmS1Vo5An60rdGUua4/zRQ+lFDB
qpZbIDAiIy5DcEXdMjDIKRXaJLTBNUVbJXhxoK7lsaXsHF8mIlFiq8hi+yUG73EN
zkOL3vtbVXAwcFIEvFQT9z1yjGEQzhvxwuxwRCMM+ZXFslLFNfY97s/IrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPIiKq4uyL3GrljkzCDWYUIi0Sr6MB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvOGlJcXJpN0l2Y2F1V09UTUlOWmhRaUxSS3ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZLIMA0G
CSqGSIb3DQEBCwUAA4IBAQAsQmLEflSe4bINLFUia16WQCwfIrmqOkhwSeAR2fJK
g8ELaddm0LrpnYr2NEyWAumEJDiljKNVU1ev2rtpLotJ7ZKTUbscvvql8pUPGKNc
LAT4EJs9lHk+ZlStzF4/pz3Wq9GdwoCYVBMqbD7iRrTb8KVCZmBt5sRZm6ShfmVA
5Km6PwUCF1Auu6ylYhO7E2Blc7Jgpy4gMMW9RbPY1d4R1M4xoCKs6kMjH/WRpYTK
yzh5drQ/Byxjx94x7dMY2Hp87D+f+o++gNYbEX5P5/BtYJ7IvrnRz+aAv8HvD2SC
8rdbFJEiMwd3sexVzLoiBJbeh1lfx8c6DPqYUU2N4Qe6
-----END CERTIFICATE-----