Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/A45T9JlIkLiT_DE0_6X5S8Fq0t0.roa
File:                     A45T9JlIkLiT_DE0_6X5S8Fq0t0.roa (raw, json)
Hash identifier:          1LNt/xXPBnaerAH+uwhDYJHEIRMdA6RsiiUq2tdop/g=
Subject key identifier:   03:8E:53:F4:99:48:90:B8:93:FC:31:34:FF:A5:F9:4B:C1:6A:D2:DD
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       0194266BC9238B750831DCFC58B8EEAA5C58
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/A45T9JlIkLiT_DE0_6X5S8Fq0t0.roa
Signing time:             Thu 02 Jan 2025 09:49:45 +0000
ROA not before:           Thu 02 Jan 2025 09:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209989
IP address blocks:        185.216.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c9:23:8b:75:08:31:dc:fc:58:b8:ee:aa:5c:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jan  2 09:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=038e53f4994890b893fc3134ffa5f94bc16ad2dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d5:2e:d2:bb:51:ee:8b:ab:49:10:bf:98:5c:
                    e6:f4:55:ea:8b:8b:5e:69:4f:22:95:c4:43:72:26:
                    89:c2:27:c1:d9:07:43:ad:6d:a2:a4:b6:9f:1d:a2:
                    aa:a2:ac:db:53:fb:79:96:8f:5d:80:7f:e6:84:92:
                    dd:5b:67:e9:2c:d5:7a:d9:40:53:ee:67:e2:f8:cf:
                    5f:3b:a8:6b:ab:ce:39:0c:17:45:08:b7:65:f1:39:
                    a2:25:3b:9e:2e:48:86:ee:17:c0:3c:45:51:52:f1:
                    9a:85:5f:21:89:83:ee:e8:dc:60:67:58:31:81:2a:
                    39:9a:47:38:b4:7a:ab:b4:7f:d4:f0:61:72:b2:b9:
                    f7:5a:30:01:c2:cc:9c:f1:ca:4d:28:d6:15:f8:1e:
                    61:69:cf:df:cf:af:e5:55:e2:69:5e:ca:df:56:38:
                    d6:91:5b:a1:a2:99:f6:9a:3d:e5:c9:73:9d:13:b2:
                    9f:fc:58:9e:de:86:7c:9a:39:3a:00:59:6a:e7:ca:
                    5b:da:ad:e1:08:40:b7:a9:81:a3:05:15:fb:6e:e2:
                    3e:cf:64:aa:23:00:77:ad:79:be:98:74:3e:d2:25:
                    a6:fc:94:bd:35:08:b3:97:b3:4b:d1:eb:9e:e9:1d:
                    a2:63:00:8b:60:a5:2a:f3:aa:59:e0:fa:a8:15:b4:
                    6a:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:8E:53:F4:99:48:90:B8:93:FC:31:34:FF:A5:F9:4B:C1:6A:D2:DD
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/A45T9JlIkLiT_DE0_6X5S8Fq0t0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:36:4b:c7:70:dd:ca:79:ae:d9:76:b5:a7:5a:11:c2:3c:a5:
         43:9c:fd:97:ed:ce:2c:ef:a8:97:8e:1b:83:d8:eb:59:8c:ca:
         79:b5:a9:ca:17:3b:86:22:3c:84:4e:73:c3:c4:13:87:bb:2a:
         8c:29:2a:a1:9a:67:c6:fb:76:0f:de:1a:82:a2:00:a7:d6:17:
         5d:cb:ad:6a:a1:b8:f8:15:d3:7a:46:49:d0:54:a9:1f:02:30:
         14:d9:f6:14:12:9e:cc:5a:85:02:23:69:91:3f:ba:b8:b2:99:
         7b:ae:cf:37:2b:1f:7d:48:7b:8d:f0:0c:09:44:9e:8a:94:db:
         1d:98:f5:b7:7d:69:93:5b:8c:f2:9e:91:d6:05:dd:a2:63:3a:
         f6:f5:a5:2e:af:19:1e:7c:de:ab:0c:c0:b5:35:50:8b:b2:d0:
         8a:62:ea:f7:a3:ad:60:8d:1b:99:f2:10:dc:1f:38:dc:a8:65:
         25:c1:59:21:99:d3:3f:27:4f:6d:34:a7:95:39:31:d3:bc:f8:
         c0:8f:bc:09:e5:e0:7a:03:9b:d0:b5:b7:2a:33:7b:42:7a:60:
         4b:41:f7:bd:7e:11:e1:94:94:30:8f:19:d0:b6:aa:b4:7b:1a:
         d2:3a:0a:6b:f5:de:6d:54:f8:87:c1:bb:3f:da:a6:e1:b2:6e:
         a1:3b:37:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma8kji3UIMdz8WLjuqlxYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjUwMTAyMDk0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzhlNTNmNDk5NDg5MGI4OTNmYzMxMzRmZmE1Zjk0YmMxNmFkMmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtUu0rtR7ourSRC/mFzm9FXqi4te
aU8ilcRDciaJwifB2QdDrW2ipLafHaKqoqzbU/t5lo9dgH/mhJLdW2fpLNV62UBT
7mfi+M9fO6hrq845DBdFCLdl8TmiJTueLkiG7hfAPEVRUvGahV8hiYPu6NxgZ1gx
gSo5mkc4tHqrtH/U8GFysrn3WjABwsyc8cpNKNYV+B5hac/fz6/lVeJpXsrfVjjW
kVuhopn2mj3lyXOdE7Kf/Fie3oZ8mjk6AFlq58pb2q3hCEC3qYGjBRX7buI+z2Sq
IwB3rXm+mHQ+0iWm/JS9NQizl7NL0eue6R2iYwCLYKUq86pZ4PqoFbRqRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAOOU/SZSJC4k/wxNP+l+UvBatLdMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvQTQ1VDlKbElrTGlUX0RFMF82WDVTOEZxMHQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudjTMA0G
CSqGSIb3DQEBCwUAA4IBAQAUNkvHcN3Kea7ZdrWnWhHCPKVDnP2X7c4s76iXjhuD
2OtZjMp5tanKFzuGIjyETnPDxBOHuyqMKSqhmmfG+3YP3hqCogCn1hddy61qobj4
FdN6RknQVKkfAjAU2fYUEp7MWoUCI2mRP7q4spl7rs83Kx99SHuN8AwJRJ6KlNsd
mPW3fWmTW4zynpHWBd2iYzr29aUurxkefN6rDMC1NVCLstCKYur3o61gjRuZ8hDc
HzjcqGUlwVkhmdM/J09tNKeVOTHTvPjAj7wJ5eB6A5vQtbcqM3tCemBLQfe9fhHh
lJQwjxnQtqq0exrSOgpr9d5tVPiHwbs/2qbhsm6hOzdk
-----END CERTIFICATE-----