Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/8AKtonzRgJb3Ja4IuBBKa0ECij0.roa
File:                     8AKtonzRgJb3Ja4IuBBKa0ECij0.roa (raw, json)
Hash identifier:          Yd5g5WuhuLbI/QlnW73qApQrtDLQd9VfH73OOEYkPcM=
Subject key identifier:   F0:02:AD:A2:7C:D1:80:96:F7:25:AE:08:B8:10:4A:6B:41:02:8A:3D
Certificate issuer:       /CN=7832d060932d4785a10ca47de8002f65c1ef33ae
Certificate serial:       0194258EECAC5158D76B0E2F025054EED8A5
Authority key identifier: 78:32:D0:60:93:2D:47:85:A1:0C:A4:7D:E8:00:2F:65:C1:EF:33:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eDLQYJMtR4WhDKR96AAvZcHvM64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/8AKtonzRgJb3Ja4IuBBKa0ECij0.roa
Signing time:             Thu 02 Jan 2025 05:48:31 +0000
ROA not before:           Thu 02 Jan 2025 05:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50107
IP address blocks:        45.66.24.0/22 maxlen: 22
                          45.66.25.0/24 maxlen: 24
                          2a09:6140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/eDLQYJMtR4WhDKR96AAvZcHvM64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/eDLQYJMtR4WhDKR96AAvZcHvM64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eDLQYJMtR4WhDKR96AAvZcHvM64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:ec:ac:51:58:d7:6b:0e:2f:02:50:54:ee:d8:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7832d060932d4785a10ca47de8002f65c1ef33ae
        Validity
            Not Before: Jan  2 05:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f002ada27cd18096f725ae08b8104a6b41028a3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:82:42:5a:8c:a4:2e:d5:88:1b:ef:03:14:30:
                    91:82:1b:38:a6:25:43:26:64:70:a9:ac:23:90:b5:
                    d2:47:64:35:25:1f:4f:3a:d1:7e:fc:d0:f0:a6:4c:
                    ba:fb:00:03:62:f8:51:98:f5:23:44:4f:93:51:00:
                    e7:48:2d:34:de:03:8d:aa:02:5e:59:86:19:c2:c2:
                    37:f1:ec:ca:75:fc:80:3f:f1:b7:27:eb:2e:da:2f:
                    b1:62:fd:88:dd:20:f9:d3:f1:43:c8:cb:ff:7c:23:
                    50:7f:02:cc:09:51:d8:d7:55:3e:d7:72:30:13:20:
                    0c:9f:9c:e6:af:07:22:c5:a3:da:13:b5:35:2d:65:
                    04:9e:04:54:4f:8d:8f:a1:50:29:c8:4c:c0:f2:1d:
                    8c:24:58:2f:b0:55:00:e4:d0:cf:ea:ec:9a:62:8d:
                    4a:43:06:88:4d:aa:2c:16:4b:56:bb:bf:bb:45:9f:
                    79:10:2f:67:57:ef:8b:7c:2d:ff:7d:63:c5:e4:cb:
                    e5:27:5f:dc:83:24:f2:b0:0e:6e:8d:1a:68:c3:27:
                    64:18:fb:18:d9:f9:76:7b:f0:7b:7a:aa:13:93:6d:
                    8a:bc:be:14:9a:82:8b:b6:1a:92:45:31:a9:27:ef:
                    46:b3:db:49:cc:cc:fb:aa:8b:02:91:a0:05:a4:32:
                    e5:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:02:AD:A2:7C:D1:80:96:F7:25:AE:08:B8:10:4A:6B:41:02:8A:3D
            X509v3 Authority Key Identifier:
                keyid:78:32:D0:60:93:2D:47:85:A1:0C:A4:7D:E8:00:2F:65:C1:EF:33:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eDLQYJMtR4WhDKR96AAvZcHvM64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/8AKtonzRgJb3Ja4IuBBKa0ECij0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/eDLQYJMtR4WhDKR96AAvZcHvM64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.24.0/22
                IPv6:
                  2a09:6140::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:b7:af:8e:c5:00:9a:1f:d6:80:c4:13:3e:1a:5d:1a:ec:ed:
         9e:aa:9c:26:68:7b:10:3b:8b:f7:d1:53:84:5a:5f:74:6c:19:
         b5:48:75:85:22:cc:3c:3b:27:bd:95:ed:74:23:82:1b:35:c3:
         ed:8e:94:2a:7a:69:c5:9f:14:26:15:12:7b:af:a6:65:bd:88:
         96:a2:83:94:15:ec:7e:f1:42:f3:94:d7:75:a7:43:95:9f:da:
         3a:da:3b:13:d2:52:75:e4:95:2b:1a:19:4a:c1:1a:cb:03:2f:
         2f:96:46:8d:7f:a0:6e:7e:75:11:a7:c3:b2:47:21:8c:ee:e4:
         01:c6:21:db:c7:f8:62:e7:df:f2:02:c5:f9:9a:d7:46:4b:87:
         29:fd:78:99:b9:3a:a3:04:68:b0:b9:21:2e:56:8b:ec:70:f0:
         77:47:1d:2f:42:80:30:00:c8:f5:16:dd:ba:1a:a5:32:27:59:
         7f:54:90:d3:63:43:06:14:08:76:d4:71:af:b9:ec:82:58:09:
         dd:14:7d:66:e8:8e:67:ff:01:ef:07:b1:4f:2c:7d:69:03:5b:
         67:77:df:5f:e1:d4:d0:8c:5c:81:a0:49:e5:61:f6:7b:77:18:
         d2:1b:88:92:13:cd:23:23:56:da:1d:82:66:8d:88:16:37:e4:
         b1:c9:43:c7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQljuysUVjXaw4vAlBU7tilMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MzJkMDYwOTMyZDQ3ODVhMTBjYTQ3ZGU4MDAyZjY1YzFl
ZjMzYWUwHhcNMjUwMTAyMDU0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDAyYWRhMjdjZDE4MDk2ZjcyNWFlMDhiODEwNGE2YjQxMDI4YTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIJCWoykLtWIG+8DFDCRghs4piVD
JmRwqawjkLXSR2Q1JR9POtF+/NDwpky6+wADYvhRmPUjRE+TUQDnSC003gONqgJe
WYYZwsI38ezKdfyAP/G3J+su2i+xYv2I3SD50/FDyMv/fCNQfwLMCVHY11U+13Iw
EyAMn5zmrwcixaPaE7U1LWUEngRUT42PoVApyEzA8h2MJFgvsFUA5NDP6uyaYo1K
QwaITaosFktWu7+7RZ95EC9nV++LfC3/fWPF5MvlJ1/cgyTysA5ujRpowydkGPsY
2fl2e/B7eqoTk22KvL4UmoKLthqSRTGpJ+9Gs9tJzMz7qosCkaAFpDLlEQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPACraJ80YCW9yWuCLgQSmtBAoo9MB8GA1UdIwQY
MBaAFHgy0GCTLUeFoQykfegAL2XB7zOuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZURMUVlKTXRSNFdoREtSOTZBQXZaY0h2TTY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9hYTAzN2MtMzJjZS00NDA2LWIwYmMt
ODk5NDlmY2M3YWZiLzEvOEFLdG9uelJnSmIzSmE0SXVCQkthMEVDaWowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9hYTAzN2MtMzJjZS00NDA2LWIwYmMtODk5NDlmY2M3YWZi
LzEvZURMUVlKTXRSNFdoREtSOTZBQXZaY0h2TTY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLUIYMA0E
AgACMAcDBQMqCWFAMA0GCSqGSIb3DQEBCwUAA4IBAQB4t6+OxQCaH9aAxBM+Gl0a
7O2eqpwmaHsQO4v30VOEWl90bBm1SHWFIsw8Oye9le10I4IbNcPtjpQqemnFnxQm
FRJ7r6ZlvYiWooOUFex+8ULzlNd1p0OVn9o62jsT0lJ15JUrGhlKwRrLAy8vlkaN
f6BufnURp8OyRyGM7uQBxiHbx/hi59/yAsX5mtdGS4cp/XiZuTqjBGiwuSEuVovs
cPB3Rx0vQoAwAMj1Ft26GqUyJ1l/VJDTY0MGFAh21HGvueyCWAndFH1m6I5n/wHv
B7FPLH1pA1tnd99f4dTQjFyBoEnlYfZ7dxjSG4iSE80jI1baHYJmjYgWN+SxyUPH
-----END CERTIFICATE-----