Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/MzWduloUFRos3TeNUrMoYcFsUdc.roa
File:                     MzWduloUFRos3TeNUrMoYcFsUdc.roa (raw, json)
Hash identifier:          qBLwIw2jw6VYdFAQnMMlnDfaImkf0xBSbTp3DqiB1qU=
Subject key identifier:   33:35:9D:BA:5A:14:15:1A:2C:DD:37:8D:52:B3:28:61:C1:6C:51:D7
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019427B39D53EE44C3F0A06BB290EE388BDF
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/MzWduloUFRos3TeNUrMoYcFsUdc.roa
Signing time:             Thu 02 Jan 2025 15:47:50 +0000
ROA not before:           Thu 02 Jan 2025 15:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49544
IP address blocks:        45.84.218.0/24 maxlen: 24
                          2a0f:e382::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:9d:53:ee:44:c3:f0:a0:6b:b2:90:ee:38:8b:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 15:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33359dba5a14151a2cdd378d52b32861c16c51d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f4:cb:3c:f6:13:ad:85:a1:48:28:44:34:b8:
                    a1:7f:ac:41:46:26:9e:fd:78:e1:e4:7a:ad:e5:08:
                    26:b1:b2:14:6c:2c:1f:47:a9:77:2e:aa:3d:36:73:
                    73:ec:63:a1:74:b4:83:fa:d0:76:c7:30:99:72:2b:
                    f8:54:15:10:84:ec:13:71:24:e5:0f:f6:f5:c8:a1:
                    08:ad:a8:36:db:8a:f0:7c:53:05:d9:99:3c:70:00:
                    4e:e2:ec:4f:64:f3:3b:21:f1:b4:2a:ea:a5:f5:b0:
                    13:66:ae:f0:09:72:72:4c:d9:a0:30:12:b9:23:01:
                    60:b3:48:af:4b:32:ce:49:78:93:cd:f0:46:48:4d:
                    21:f1:73:eb:21:33:df:ff:2e:ab:56:f6:65:ab:c1:
                    cc:86:bb:8f:65:f0:30:b8:dc:e5:fc:f6:a0:3c:5d:
                    50:b6:72:02:1b:90:02:05:c0:c6:87:c8:cf:b3:62:
                    fc:d0:c9:99:b3:1d:70:d6:71:07:ca:0a:fd:df:a5:
                    a1:be:d5:6f:d3:0a:17:88:c7:d2:43:66:e1:75:c6:
                    ec:28:00:ea:d5:7d:b3:60:57:3c:c1:69:20:36:ed:
                    95:b5:27:49:90:1b:5f:c3:79:56:98:28:5a:0a:52:
                    89:56:4a:e1:e9:39:5f:fb:6a:77:18:d5:54:c3:08:
                    8c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:35:9D:BA:5A:14:15:1A:2C:DD:37:8D:52:B3:28:61:C1:6C:51:D7
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/MzWduloUFRos3TeNUrMoYcFsUdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.218.0/24
                IPv6:
                  2a0f:e382::/32

    Signature Algorithm: sha256WithRSAEncryption
         b9:a7:a3:ba:f4:5c:cc:63:34:e9:d2:e0:45:ea:63:e3:1c:84:
         9d:51:d2:3f:8e:b0:a5:3f:8b:4d:90:5b:bb:96:b7:4e:18:70:
         86:91:79:50:65:e5:23:df:f6:de:61:d1:a2:2a:4d:0f:62:2d:
         ee:3c:ea:e1:c6:e8:5b:9d:51:31:6c:c1:ad:90:27:90:17:68:
         b6:95:a8:a4:65:c4:0a:a3:02:28:56:8f:e7:65:11:43:c1:be:
         f6:45:c2:0e:e6:df:b5:57:f6:00:90:6d:18:88:c5:b6:d7:9f:
         41:24:da:bc:a8:f8:ba:da:b3:06:53:41:38:51:0f:04:51:ba:
         a2:d8:84:87:dc:fd:23:09:3c:81:18:f1:fe:c8:ae:d7:ce:8e:
         c1:3c:ed:95:88:bd:90:9a:f9:6d:7e:47:76:44:fa:c3:9a:64:
         80:fc:dd:25:30:18:76:b6:dc:de:36:9b:e7:88:61:f6:02:73:
         f1:21:5b:b8:12:93:b6:06:7a:16:d4:2a:d6:4c:a5:87:78:4a:
         94:09:0f:ec:50:b3:0a:90:74:bb:1e:e4:46:17:00:30:1c:99:
         2b:ca:48:c4:83:3b:7a:88:d7:eb:55:78:3c:1d:bc:fe:e2:5a:
         10:a9:14:13:f6:6f:1a:b8:59:97:a2:34:88:08:f2:64:7c:6c:
         c9:2b:54:8a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQns51T7kTD8KBrspDuOIvfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjUwMTAyMTU0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzM1OWRiYTVhMTQxNTFhMmNkZDM3OGQ1MmIzMjg2MWMxNmM1MWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/TLPPYTrYWhSChENLihf6xBRiae
/Xjh5Hqt5QgmsbIUbCwfR6l3Lqo9NnNz7GOhdLSD+tB2xzCZciv4VBUQhOwTcSTl
D/b1yKEIrag224rwfFMF2Zk8cABO4uxPZPM7IfG0Kuql9bATZq7wCXJyTNmgMBK5
IwFgs0ivSzLOSXiTzfBGSE0h8XPrITPf/y6rVvZlq8HMhruPZfAwuNzl/PagPF1Q
tnICG5ACBcDGh8jPs2L80MmZsx1w1nEHygr936WhvtVv0woXiMfSQ2bhdcbsKADq
1X2zYFc8wWkgNu2VtSdJkBtfw3lWmChaClKJVkrh6Tlf+2p3GNVUwwiMcwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDM1nbpaFBUaLN03jVKzKGHBbFHXMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvTXpXZHVsb1VGUm9zM1RlTlVyTW9ZY0ZzVWRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALVTaMA0E
AgACMAcDBQAqD+OCMA0GCSqGSIb3DQEBCwUAA4IBAQC5p6O69FzMYzTp0uBF6mPj
HISdUdI/jrClP4tNkFu7lrdOGHCGkXlQZeUj3/beYdGiKk0PYi3uPOrhxuhbnVEx
bMGtkCeQF2i2laikZcQKowIoVo/nZRFDwb72RcIO5t+1V/YAkG0YiMW2159BJNq8
qPi62rMGU0E4UQ8EUbqi2ISH3P0jCTyBGPH+yK7Xzo7BPO2ViL2Qmvltfkd2RPrD
mmSA/N0lMBh2ttzeNpvniGH2AnPxIVu4EpO2BnoW1CrWTKWHeEqUCQ/sULMKkHS7
HuRGFwAwHJkrykjEgzt6iNfrVXg8Hbz+4loQqRQT9m8auFmXojSICPJkfGzJK1SK
-----END CERTIFICATE-----