Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/2UfPzCUEFBT4GTTBD8DpSG8Widw.roa
File:                     2UfPzCUEFBT4GTTBD8DpSG8Widw.roa (raw, json)
Hash identifier:          md40kJMzLhzKxWLu+ssLx8oIw+JPIJwmEoXWCMIsj80=
Subject key identifier:   D9:47:CF:CC:25:04:14:14:F8:19:34:C1:0F:C0:E9:48:6F:16:89:DC
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       01942067C0DD5E2634D447657C756AF2DBFE
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/2UfPzCUEFBT4GTTBD8DpSG8Widw.roa
Signing time:             Wed 01 Jan 2025 05:47:37 +0000
ROA not before:           Wed 01 Jan 2025 05:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136778
IP address blocks:        45.131.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:c0:dd:5e:26:34:d4:47:65:7c:75:6a:f2:db:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Jan  1 05:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d947cfcc25041414f81934c10fc0e9486f1689dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:0a:5c:16:5b:1c:1d:94:ee:af:ed:72:1b:84:
                    a1:fb:04:52:61:57:71:c6:54:b5:58:73:5b:34:04:
                    d8:18:95:34:64:a3:7e:4f:f6:b4:df:22:4b:67:a5:
                    fa:2b:7e:08:b7:37:cc:12:0a:b8:63:5e:8d:63:67:
                    13:87:82:41:04:2b:8b:f3:f3:0e:fb:6b:10:b5:1b:
                    6c:9d:4e:63:f2:ed:90:50:35:38:d1:2c:3b:70:ac:
                    ae:bb:5d:c6:86:e4:03:64:4e:95:6b:51:de:90:09:
                    66:b0:33:db:af:e3:16:3d:b2:65:2a:21:0e:c0:90:
                    e3:d0:4c:a6:54:86:8c:6f:b1:6c:c5:1b:a5:69:27:
                    e0:da:6a:77:ad:66:63:a2:e4:66:ea:ce:15:9d:11:
                    d9:d3:33:33:e5:c3:e6:68:4f:03:69:c9:95:1a:ea:
                    3e:c6:13:9c:c6:07:d9:a1:2d:df:1f:4a:8d:1a:d0:
                    95:34:cc:af:29:f3:e8:35:06:9b:41:b6:d4:1c:47:
                    c9:be:c9:91:6f:2c:b0:25:7a:b0:e2:bd:de:3a:2c:
                    f4:68:ca:7b:c4:c1:8b:e2:8f:ff:9a:09:61:15:64:
                    0b:5e:8f:ff:fb:bc:83:a2:98:22:6c:37:bc:4a:7c:
                    7f:cd:c9:bf:9f:05:9a:78:9e:49:27:bd:d1:72:cb:
                    c7:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:47:CF:CC:25:04:14:14:F8:19:34:C1:0F:C0:E9:48:6F:16:89:DC
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/2UfPzCUEFBT4GTTBD8DpSG8Widw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:0b:76:7b:50:ef:9d:b2:a5:df:1e:9a:87:91:73:04:c5:3b:
         5a:2b:3b:4a:cf:27:5b:0b:32:0d:ec:7b:3b:de:78:a5:27:c5:
         db:61:62:65:1d:e7:9a:f6:d3:56:65:b9:b4:b6:7d:e7:bb:4c:
         f8:2e:c0:29:b5:85:14:4c:6b:7f:58:21:18:e6:4b:74:29:59:
         d9:f2:3c:d2:c9:fa:bc:0d:60:12:e1:cd:1f:9b:a3:60:a5:46:
         a2:73:18:5e:2c:73:7b:56:4b:c3:b5:41:35:b0:d7:d3:ca:ae:
         a5:6b:e7:02:53:5d:ee:74:f3:09:37:fd:6c:12:cf:1a:f1:49:
         6a:73:35:d6:e0:24:cf:a8:91:a8:5c:67:25:aa:22:41:a5:8c:
         9c:0f:44:3b:52:13:d1:37:d8:bd:01:3d:92:70:2e:05:e3:42:
         09:86:3c:f6:c8:12:e5:d0:59:45:73:9d:64:57:75:a8:c9:52:
         6f:2a:7b:2f:65:74:3f:70:6b:31:81:7a:00:96:c9:f5:1b:ce:
         b1:53:30:1e:66:60:0e:59:64:a1:d6:f9:87:52:38:e3:c9:05:
         40:91:99:8b:64:89:9c:75:7b:93:09:a6:19:80:0c:b9:c4:66:
         1f:9f:c5:3c:34:bd:b9:a7:b1:8c:aa:40:de:65:3a:6c:af:9f:
         36:5e:17:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ8DdXiY01EdlfHVq8tv+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjUwMTAxMDU0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTQ3Y2ZjYzI1MDQxNDE0ZjgxOTM0YzEwZmMwZTk0ODZmMTY4OWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ApcFlscHZTur+1yG4Sh+wRSYVdx
xlS1WHNbNATYGJU0ZKN+T/a03yJLZ6X6K34ItzfMEgq4Y16NY2cTh4JBBCuL8/MO
+2sQtRtsnU5j8u2QUDU40Sw7cKyuu13GhuQDZE6Va1HekAlmsDPbr+MWPbJlKiEO
wJDj0EymVIaMb7FsxRulaSfg2mp3rWZjouRm6s4VnRHZ0zMz5cPmaE8DacmVGuo+
xhOcxgfZoS3fH0qNGtCVNMyvKfPoNQabQbbUHEfJvsmRbyywJXqw4r3eOiz0aMp7
xMGL4o//mglhFWQLXo//+7yDopgibDe8Snx/zcm/nwWaeJ5JJ73RcsvHJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlHz8wlBBQU+Bk0wQ/A6UhvFoncMB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvMlVmUHpDVUVGQlQ0R1RUQkQ4RHBTRzhXaWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUtMDg1MmNiMzUzMjkz
LzEvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYOyMA0G
CSqGSIb3DQEBCwUAA4IBAQAaC3Z7UO+dsqXfHpqHkXMExTtaKztKzydbCzIN7Hs7
3nilJ8XbYWJlHeea9tNWZbm0tn3nu0z4LsAptYUUTGt/WCEY5kt0KVnZ8jzSyfq8
DWAS4c0fm6NgpUaicxheLHN7VkvDtUE1sNfTyq6la+cCU13udPMJN/1sEs8a8Ulq
czXW4CTPqJGoXGclqiJBpYycD0Q7UhPRN9i9AT2ScC4F40IJhjz2yBLl0FlFc51k
V3WoyVJvKnsvZXQ/cGsxgXoAlsn1G86xUzAeZmAOWWSh1vmHUjjjyQVAkZmLZImc
dXuTCaYZgAy5xGYfn8U8NL25p7GMqkDeZTpsr582XhfU
-----END CERTIFICATE-----