Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/nId42Q0uPKxNBDzBg-GOcY-a01Q.roa
File:                     nId42Q0uPKxNBDzBg-GOcY-a01Q.roa (raw, json)
Hash identifier:          43G2ltR87FjAzlwjOiHc7NglbtaxLWslqx/bREI6WQw=
Subject key identifier:   9C:87:78:D9:0D:2E:3C:AC:4D:04:3C:C1:83:E1:8E:71:8F:9A:D3:54
Certificate issuer:       /CN=80ad8c520bb9677461ddc4ec09b76d733b7d8370
Certificate serial:       0194221F76343E3645FD81CEFA0228F6A39A
Authority key identifier: 80:AD:8C:52:0B:B9:67:74:61:DD:C4:EC:09:B7:6D:73:3B:7D:83:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/nId42Q0uPKxNBDzBg-GOcY-a01Q.roa
Signing time:             Wed 01 Jan 2025 13:47:54 +0000
ROA not before:           Wed 01 Jan 2025 13:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208124
IP address blocks:        45.142.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 13:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:76:34:3e:36:45:fd:81:ce:fa:02:28:f6:a3:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80ad8c520bb9677461ddc4ec09b76d733b7d8370
        Validity
            Not Before: Jan  1 13:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c8778d90d2e3cac4d043cc183e18e718f9ad354
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:8e:e6:56:d4:96:04:d7:16:43:52:13:56:3f:
                    d5:3f:09:2e:07:9c:73:ea:d2:37:8a:4d:00:36:71:
                    0b:20:cd:75:81:74:9f:71:dc:22:eb:af:49:e3:8d:
                    16:02:14:7c:d7:3c:e3:d8:6d:23:3c:20:61:d8:18:
                    51:0f:f1:eb:48:7a:94:20:2d:a7:93:bb:e0:e8:4a:
                    7a:cf:f4:e5:0b:da:dc:02:d9:a8:7c:f3:94:a9:65:
                    e5:f1:0f:a3:bd:be:36:b8:61:a1:62:8d:96:ac:df:
                    8b:f5:dc:16:4f:18:7d:c9:fc:05:49:fd:cc:99:2b:
                    62:28:c1:03:c4:30:8b:72:03:32:78:05:95:26:be:
                    89:60:17:60:65:bd:a8:5a:2c:24:71:08:80:f0:de:
                    5e:06:43:dc:c0:23:11:ad:c0:44:19:ae:7c:c7:2b:
                    46:21:36:47:3e:b8:8a:28:9f:a8:32:24:e3:c1:87:
                    f5:2a:71:5d:aa:39:64:50:53:0c:bb:39:a8:6e:fb:
                    32:c8:fd:11:fc:de:94:c5:95:4a:e2:06:fe:ba:93:
                    4c:69:29:79:87:1d:5b:48:49:bf:8d:e8:7a:42:3a:
                    11:a7:53:ca:dd:7d:ac:39:af:63:40:c7:92:06:57:
                    69:e1:af:f6:03:a6:71:c7:a9:9b:fb:b4:0e:83:73:
                    c5:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:87:78:D9:0D:2E:3C:AC:4D:04:3C:C1:83:E1:8E:71:8F:9A:D3:54
            X509v3 Authority Key Identifier:
                keyid:80:AD:8C:52:0B:B9:67:74:61:DD:C4:EC:09:B7:6D:73:3B:7D:83:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/nId42Q0uPKxNBDzBg-GOcY-a01Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:eb:20:3e:d0:bc:55:72:41:52:72:09:35:56:ec:79:d1:c2:
         c9:e1:d0:8e:f9:71:91:df:65:26:55:79:67:86:38:92:1a:aa:
         41:a2:59:6f:55:6c:fd:6e:40:ee:64:1b:e7:06:93:76:8a:30:
         3c:89:90:37:bf:ed:3f:e7:5b:aa:cc:c8:c1:05:83:cf:aa:2b:
         3b:63:ae:ce:98:73:55:61:a3:b6:9e:6d:fc:27:8e:42:61:29:
         64:93:fe:aa:47:db:0f:8a:32:91:e3:87:1f:23:24:f4:61:f8:
         21:0f:54:f2:19:9f:5e:80:50:e4:af:ae:1c:b3:70:09:2d:21:
         d3:1c:7a:0d:a8:37:d7:68:6b:45:c9:69:f4:db:9d:e3:dc:8e:
         0e:0a:78:4b:da:22:66:97:bb:33:33:ef:46:ea:06:bd:b0:54:
         fb:0e:02:2f:92:e7:e5:60:19:d2:82:41:b9:52:b4:6f:ad:fd:
         9b:66:f2:31:71:ea:09:3f:40:b7:bf:94:63:29:28:f8:b6:42:
         99:95:b0:86:66:8a:ab:6d:08:aa:83:b8:10:64:fe:71:36:4a:
         80:e7:ee:e4:ee:f9:cb:ce:8f:01:f2:3f:f4:45:50:c9:a3:a3:
         fb:7b:52:d0:f3:2d:57:11:52:bf:08:68:d4:dd:58:7f:71:65:
         d4:b8:43:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH3Y0PjZF/YHO+gIo9qOaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYWQ4YzUyMGJiOTY3NzQ2MWRkYzRlYzA5Yjc2ZDczM2I3
ZDgzNzAwHhcNMjUwMTAxMTM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yzg3NzhkOTBkMmUzY2FjNGQwNDNjYzE4M2UxOGU3MThmOWFkMzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv47mVtSWBNcWQ1ITVj/VPwkuB5xz
6tI3ik0ANnELIM11gXSfcdwi669J440WAhR81zzj2G0jPCBh2BhRD/HrSHqUIC2n
k7vg6Ep6z/TlC9rcAtmofPOUqWXl8Q+jvb42uGGhYo2WrN+L9dwWTxh9yfwFSf3M
mStiKMEDxDCLcgMyeAWVJr6JYBdgZb2oWiwkcQiA8N5eBkPcwCMRrcBEGa58xytG
ITZHPriKKJ+oMiTjwYf1KnFdqjlkUFMMuzmobvsyyP0R/N6UxZVK4gb+upNMaSl5
hx1bSEm/jeh6QjoRp1PK3X2sOa9jQMeSBldp4a/2A6Zxx6mb+7QOg3PF9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJyHeNkNLjysTQQ8wYPhjnGPmtNUMB8GA1UdIwQY
MBaAFICtjFILuWd0Yd3E7Am3bXM7fYNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0syTVVndTVaM1JoM2NUc0NiZHRjenQ5ZzNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8yMjVlYzMtMDM4Ny00YjVkLTg4YzEt
YzYxNzUxYzZiMTk1LzEvbklkNDJRMHVQS3hOQkR6QmctR09jWS1hMDFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8yMjVlYzMtMDM4Ny00YjVkLTg4YzEtYzYxNzUxYzZiMTk1
LzEvZ0syTVVndTVaM1JoM2NUc0NiZHRjenQ5ZzNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY6/MA0G
CSqGSIb3DQEBCwUAA4IBAQCI6yA+0LxVckFScgk1Vux50cLJ4dCO+XGR32UmVXln
hjiSGqpBollvVWz9bkDuZBvnBpN2ijA8iZA3v+0/51uqzMjBBYPPqis7Y67OmHNV
YaO2nm38J45CYSlkk/6qR9sPijKR44cfIyT0YfghD1TyGZ9egFDkr64cs3AJLSHT
HHoNqDfXaGtFyWn0253j3I4OCnhL2iJml7szM+9G6ga9sFT7DgIvkuflYBnSgkG5
UrRvrf2bZvIxceoJP0C3v5RjKSj4tkKZlbCGZoqrbQiqg7gQZP5xNkqA5+7k7vnL
zo8B8j/0RVDJo6P7e1LQ8y1XEVK/CGjU3Vh/cWXUuEMV
-----END CERTIFICATE-----