Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/H_bK6izGNzFlHRs_42Wx_uxCOC0.roa
File:                     H_bK6izGNzFlHRs_42Wx_uxCOC0.roa (raw, json)
Hash identifier:          dutKOvFuwHrl8zOMAcq/Kbbfnqj8X/XDxEZ9GtNyZNg=
Subject key identifier:   1F:F6:CA:EA:2C:C6:37:31:65:1D:1B:3F:E3:65:B1:FE:EC:42:38:2D
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019427B3A4433771352824655D885DA6CBE1
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/H_bK6izGNzFlHRs_42Wx_uxCOC0.roa
Signing time:             Thu 02 Jan 2025 15:47:51 +0000
ROA not before:           Thu 02 Jan 2025 15:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61029
IP address blocks:        45.84.218.0/24 maxlen: 24
                          2a0f:e382::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:a4:43:37:71:35:28:24:65:5d:88:5d:a6:cb:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 15:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ff6caea2cc63731651d1b3fe365b1feec42382d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:81:bb:01:be:a3:c7:3e:6f:13:e1:3e:5b:b4:
                    17:a6:4d:f8:a9:53:2c:bb:54:81:24:22:14:89:76:
                    9a:51:42:32:fa:06:6f:3b:aa:1e:5e:9f:d5:b2:a7:
                    b7:ec:e7:50:37:f3:08:3e:f1:06:a2:9f:f5:09:34:
                    c4:31:b2:17:a4:24:36:3f:b9:5a:9d:73:6c:df:f4:
                    50:82:52:6d:c5:11:4a:34:93:45:44:c3:c6:c5:f9:
                    4f:e0:99:cc:36:1a:be:20:e2:e8:dd:a2:d3:c5:2b:
                    fc:81:c9:1f:0a:a7:8e:c1:ed:33:b7:73:a5:1a:53:
                    36:bf:9a:99:1b:7c:b6:97:7e:b9:1d:cd:35:e5:25:
                    89:df:fc:70:71:89:06:24:dd:dd:b0:73:bc:d5:f6:
                    04:b9:38:38:59:95:14:1f:3c:a4:bb:c9:e0:fd:8e:
                    9c:73:a8:f5:0e:d5:21:69:d0:b1:60:9e:08:33:31:
                    64:d2:0a:2b:d8:3d:e6:b5:34:92:4b:ce:c3:79:a0:
                    20:70:3f:44:0d:cd:4a:28:45:06:52:b5:ea:83:c4:
                    4b:82:d0:f2:09:c9:18:50:45:75:d0:85:be:a1:99:
                    de:db:f0:3c:1c:da:60:04:95:4f:6c:20:cc:5b:7e:
                    f9:3c:d8:a7:d4:81:92:c4:bb:39:48:32:8b:32:6a:
                    05:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:F6:CA:EA:2C:C6:37:31:65:1D:1B:3F:E3:65:B1:FE:EC:42:38:2D
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/H_bK6izGNzFlHRs_42Wx_uxCOC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.218.0/24
                IPv6:
                  2a0f:e382::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:e2:ed:e8:59:27:90:0d:b4:1b:b2:29:84:7e:17:40:8d:1f:
         59:58:9f:65:8a:a0:ef:c9:89:d5:1f:45:11:35:91:ca:be:4c:
         9b:05:6c:22:f2:67:f5:6e:1e:15:cf:ef:24:0f:fd:03:13:2b:
         a1:72:a7:89:f7:e4:89:2f:d6:4c:0d:5a:76:64:79:b8:cd:ae:
         80:e9:a6:71:a1:d3:1b:5b:c8:50:8f:9b:ac:66:63:be:e1:c2:
         fb:7d:fd:c3:db:17:17:16:b7:36:21:92:fe:52:a4:8d:47:fd:
         14:d0:34:67:b9:5e:bc:59:1b:66:2c:48:5b:42:4f:0e:a6:60:
         0f:21:23:07:d9:ca:23:c8:77:62:b9:00:54:e1:30:03:82:0a:
         15:0b:ba:88:37:65:07:3a:9c:a9:17:ba:1e:f1:7c:95:e9:c8:
         de:b2:33:85:09:c7:0f:b3:a7:5c:ed:6a:2c:ee:3f:55:48:9c:
         bf:21:f6:21:d9:69:5e:47:44:28:8c:9a:cc:65:60:de:2b:ea:
         25:92:62:58:82:ab:2f:89:15:18:2c:27:6d:64:8d:58:10:b8:
         fb:84:87:ce:a5:7a:7c:c0:fc:20:58:37:21:98:2b:85:4c:36:
         05:f3:24:8f:90:bf:db:ab:25:37:63:f3:4b:bb:19:fc:83:79:
         f2:00:d3:c2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQns6RDN3E1KCRlXYhdpsvhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjUwMTAyMTU0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmY2Y2FlYTJjYzYzNzMxNjUxZDFiM2ZlMzY1YjFmZWVjNDIzODJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14G7Ab6jxz5vE+E+W7QXpk34qVMs
u1SBJCIUiXaaUUIy+gZvO6oeXp/Vsqe37OdQN/MIPvEGop/1CTTEMbIXpCQ2P7la
nXNs3/RQglJtxRFKNJNFRMPGxflP4JnMNhq+IOLo3aLTxSv8gckfCqeOwe0zt3Ol
GlM2v5qZG3y2l365Hc015SWJ3/xwcYkGJN3dsHO81fYEuTg4WZUUHzyku8ng/Y6c
c6j1DtUhadCxYJ4IMzFk0gor2D3mtTSSS87DeaAgcD9EDc1KKEUGUrXqg8RLgtDy
CckYUEV10IW+oZne2/A8HNpgBJVPbCDMW375PNin1IGSxLs5SDKLMmoFIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB/2yuosxjcxZR0bP+Nlsf7sQjgtMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvSF9iSzZpekdOekZsSFJzXzQyV3hfdXhDT0MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALVTaMA0E
AgACMAcDBQAqD+OCMA0GCSqGSIb3DQEBCwUAA4IBAQBM4u3oWSeQDbQbsimEfhdA
jR9ZWJ9liqDvyYnVH0URNZHKvkybBWwi8mf1bh4Vz+8kD/0DEyuhcqeJ9+SJL9ZM
DVp2ZHm4za6A6aZxodMbW8hQj5usZmO+4cL7ff3D2xcXFrc2IZL+UqSNR/0U0DRn
uV68WRtmLEhbQk8OpmAPISMH2cojyHdiuQBU4TADggoVC7qIN2UHOpypF7oe8XyV
6cjesjOFCccPs6dc7Wos7j9VSJy/IfYh2WleR0QojJrMZWDeK+olkmJYgqsviRUY
LCdtZI1YELj7hIfOpXp8wPwgWDchmCuFTDYF8ySPkL/bqyU3Y/NLuxn8g3nyANPC
-----END CERTIFICATE-----