Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/1-et3egkL66ACcB8XxsgEBnm6VII.roa
File:                     1-et3egkL66ACcB8XxsgEBnm6VII.roa (raw, json)
Hash identifier:          4ZZwKzLoU0lcA0OohX7bJJeDfSc2RrBHj0/VmzWrgQ8=
Subject key identifier:   F9:EB:77:7A:09:0B:EB:A0:02:70:1F:17:C6:C8:04:06:79:BA:54:82
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       019420D6253FEC3E0352C8EE49D58DCE076D
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/1-et3egkL66ACcB8XxsgEBnm6VII.roa
Signing time:             Wed 01 Jan 2025 07:48:12 +0000
ROA not before:           Wed 01 Jan 2025 07:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34820
IP address blocks:        45.158.82.0/24 maxlen: 24
                          185.225.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:25:3f:ec:3e:03:52:c8:ee:49:d5:8d:ce:07:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  1 07:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9eb777a090beba002701f17c6c8040679ba5482
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ca:13:af:12:68:99:97:99:70:e9:76:cf:aa:
                    a9:f3:2d:d9:f4:9e:11:a8:aa:75:42:8f:2f:85:2e:
                    32:cd:01:ee:92:a9:54:93:4a:f5:64:c6:a4:d7:09:
                    b9:3c:6c:65:b0:11:0a:7c:bb:d3:2b:f8:93:d0:c3:
                    cb:1d:af:b8:39:8d:1e:6b:e4:e2:36:bf:c7:b1:c7:
                    fd:d3:d6:63:a5:c9:ce:d4:f0:0e:ea:7c:4d:85:f1:
                    59:79:00:9f:c0:02:e9:2f:b8:b9:41:b8:6c:19:3c:
                    68:26:24:ec:95:7d:a6:83:fb:d8:e1:71:1d:57:fc:
                    0f:48:89:06:52:d1:2d:59:f6:8e:5d:81:df:92:f8:
                    ee:ea:35:07:2a:4a:b8:37:e4:40:87:ab:4c:66:9f:
                    0b:1a:14:e7:c6:05:5e:7f:9d:13:07:81:ec:4e:d6:
                    ac:c1:68:de:9f:83:ae:08:90:fe:ac:26:f1:2f:b3:
                    db:23:6e:d9:fe:04:99:3a:92:db:66:cd:66:e8:1a:
                    3a:02:69:f9:44:3d:ef:d6:bd:0d:2d:0e:0e:a2:52:
                    91:28:c9:f5:b2:cd:32:78:a8:dd:bf:7c:c5:9c:3d:
                    3e:70:2d:5a:21:4b:be:15:f9:1b:8d:8e:95:c6:45:
                    44:ba:fc:ed:1d:1c:f1:72:a3:93:74:b3:73:2b:e2:
                    ad:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:EB:77:7A:09:0B:EB:A0:02:70:1F:17:C6:C8:04:06:79:BA:54:82
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/1-et3egkL66ACcB8XxsgEBnm6VII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.82.0/24
                  185.225.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:26:af:84:f6:60:ae:c7:b7:55:ce:4b:47:09:0b:7f:58:96:
         71:93:10:18:6c:91:41:46:96:19:b2:98:e2:6c:b6:a2:a0:8f:
         82:4e:81:cb:70:a9:b0:19:a3:b4:e3:e9:5e:91:99:37:70:44:
         6c:25:d7:da:eb:5d:59:68:fc:e3:3d:a6:37:56:aa:5b:2d:11:
         c2:85:21:3d:74:25:23:36:6f:81:1b:34:cd:08:b7:2f:68:df:
         66:78:bb:a7:b5:5c:c3:79:63:bd:a8:9c:d1:4a:6b:42:f6:b5:
         87:f3:6b:a6:7e:d8:b2:ea:8d:7d:47:b5:68:33:52:a4:8e:d6:
         fa:85:1c:11:03:e4:cd:2a:45:c9:d0:44:46:6c:4c:84:93:b3:
         ac:09:a6:8f:34:8a:94:34:d1:2c:50:3c:34:c9:47:21:b8:0d:
         30:02:77:d6:0e:fa:73:2e:f7:a7:ec:b1:15:2b:f0:c2:48:b5:
         10:93:9b:0d:00:06:e2:2e:1a:f0:9b:02:2a:a2:a6:95:04:81:
         c8:78:9e:58:37:d2:11:0c:39:98:c8:7f:d2:9a:09:9a:5b:69:
         d6:b5:4a:b3:01:cf:1c:1b:52:9c:9e:38:87:c9:1a:4e:b9:fc:
         b2:b3:ca:5a:0c:ae:c0:24:ca:15:7f:53:7f:0e:18:61:71:46:
         57:dd:2f:29
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQg1iU/7D4DUsjuSdWNzgdtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjUwMTAxMDc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWViNzc3YTA5MGJlYmEwMDI3MDFmMTdjNmM4MDQwNjc5YmE1NDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcoTrxJomZeZcOl2z6qp8y3Z9J4R
qKp1Qo8vhS4yzQHukqlUk0r1ZMak1wm5PGxlsBEKfLvTK/iT0MPLHa+4OY0ea+Ti
Nr/Hscf909ZjpcnO1PAO6nxNhfFZeQCfwALpL7i5QbhsGTxoJiTslX2mg/vY4XEd
V/wPSIkGUtEtWfaOXYHfkvju6jUHKkq4N+RAh6tMZp8LGhTnxgVef50TB4HsTtas
wWjen4OuCJD+rCbxL7PbI27Z/gSZOpLbZs1m6Bo6Amn5RD3v1r0NLQ4OolKRKMn1
ss0yeKjdv3zFnD0+cC1aIUu+FfkbjY6VxkVEuvztHRzxcqOTdLNzK+KtyQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPnrd3oJC+ugAnAfF8bIBAZ5ulSCMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvMS1ldDNlZ2tMNjZBQ2NCOFh4c2dFQm5tNlZJSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTUvNGJiNzRiLThkNmQtNDUxNC1hMzljLWI3YzU3OGI3NGUz
NS8xL3htMmRVTE80blZISXFpU1Q1LTlIQWRZbEhhMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAC2eUgME
ALnhzDANBgkqhkiG9w0BAQsFAAOCAQEAqiavhPZgrse3Vc5LRwkLf1iWcZMQGGyR
QUaWGbKY4my2oqCPgk6By3CpsBmjtOPpXpGZN3BEbCXX2utdWWj84z2mN1aqWy0R
woUhPXQlIzZvgRs0zQi3L2jfZni7p7Vcw3ljvaic0UprQva1h/Nrpn7YsuqNfUe1
aDNSpI7W+oUcEQPkzSpFydBERmxMhJOzrAmmjzSKlDTRLFA8NMlHIbgNMAJ31g76
cy73p+yxFSvwwki1EJObDQAG4i4a8JsCKqKmlQSByHieWDfSEQw5mMh/0poJmltp
1rVKswHPHBtSnJ44h8kaTrn8srPKWgyuwCTKFX9Tfw4YYXFGV90vKQ==
-----END CERTIFICATE-----