Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/1-qG54akf4ZK4Vn2nJAtq8qKMB-M.roa
File:                     1-qG54akf4ZK4Vn2nJAtq8qKMB-M.roa (raw, json)
Hash identifier:          +KrvgwuNM4eT5l98LWe/CjZjFxSOKRz6fj1mSGz0IgM=
Subject key identifier:   FA:A1:B9:E1:A9:1F:E1:92:B8:56:7D:A7:24:0B:6A:F2:A2:8C:07:E3
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       019422200327BDC150F5DF089E1D3DAFF8BA
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/1-qG54akf4ZK4Vn2nJAtq8qKMB-M.roa
Signing time:             Wed 01 Jan 2025 13:48:30 +0000
ROA not before:           Wed 01 Jan 2025 13:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48336
IP address blocks:        45.86.240.0/24 maxlen: 24
                          45.135.226.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:03:27:bd:c1:50:f5:df:08:9e:1d:3d:af:f8:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan  1 13:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=faa1b9e1a91fe192b8567da7240b6af2a28c07e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:13:f5:95:a8:9f:a2:ae:86:c3:0e:ba:9f:c6:
                    a2:b0:32:88:78:1e:5f:ed:d2:84:f1:95:0b:6b:b3:
                    e9:39:89:51:e3:43:30:ae:6b:48:6b:ba:9c:3c:49:
                    fa:f9:2a:52:c3:cb:d4:f3:b1:74:f7:a2:22:2e:65:
                    91:88:35:9b:95:43:98:64:8e:9b:7f:69:91:42:67:
                    5e:3a:18:38:15:e0:3b:73:c6:c6:e7:ea:23:ac:86:
                    22:23:29:7e:d2:bb:35:75:7c:3f:f0:95:54:28:e1:
                    bf:51:1e:c6:e8:10:44:21:a1:25:8a:a1:31:00:f2:
                    bb:9e:1b:fc:21:75:f4:0f:68:a1:5e:13:8e:0f:ff:
                    a2:cb:bc:34:a6:ab:a8:f8:a2:52:00:e5:1a:22:d9:
                    51:bf:c4:53:2e:82:d1:5e:56:2e:16:05:b9:46:ba:
                    ae:00:14:a5:07:3e:6e:af:47:bd:d4:88:df:20:eb:
                    ed:6e:f1:9d:0b:9f:4a:83:c7:a6:6b:83:c6:30:a0:
                    67:68:7a:b9:4b:33:df:b0:0e:e6:a8:08:4a:7b:46:
                    8a:51:a1:6a:04:b7:7d:cd:f6:d2:fd:17:a7:6b:c9:
                    be:a2:35:fa:37:5b:97:c6:dc:88:8b:c1:97:86:95:
                    92:33:70:94:1b:72:0f:f3:c4:bb:a4:05:62:41:8e:
                    46:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:A1:B9:E1:A9:1F:E1:92:B8:56:7D:A7:24:0B:6A:F2:A2:8C:07:E3
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/1-qG54akf4ZK4Vn2nJAtq8qKMB-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.240.0/24
                  45.135.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b6:23:f7:aa:57:ce:f5:6f:31:98:2f:d5:82:80:e2:f3:a1:89:
         68:1f:0a:45:6a:a0:77:9d:8c:a0:5b:b8:92:25:a1:08:2c:2a:
         49:52:b9:3c:8d:53:ff:a2:c0:3b:b4:6a:89:74:a7:75:c2:2d:
         a5:9c:27:83:69:bc:d3:b0:14:d5:78:8f:1e:f7:a1:e2:27:c9:
         40:a1:95:fb:65:e2:43:6a:16:7c:4f:5f:99:8f:c5:35:81:26:
         64:82:88:9f:6c:16:cf:a7:73:70:bf:41:37:49:21:24:a6:10:
         60:69:be:b2:93:d8:e7:29:8e:2d:ef:b7:75:d0:14:f6:84:fc:
         dd:8b:c0:50:45:06:3c:a9:4a:0b:4e:e4:90:69:70:6c:b4:c6:
         6e:e7:89:b7:5c:87:0a:7b:6c:db:31:7b:02:80:d7:7b:f1:f1:
         58:dc:4b:c3:d2:51:5d:39:73:a8:ee:72:37:cf:63:bc:01:47:
         26:3c:d0:15:31:bf:74:80:3d:80:4e:bc:c9:93:20:2f:b6:9a:
         1f:14:15:30:32:56:87:31:10:e0:7d:6b:cc:5a:65:b5:56:46:
         91:97:af:d0:0f:3e:5b:51:17:8e:95:13:c9:db:c7:a1:ef:ff:
         ea:78:79:24:b4:da:5e:03:34:03:19:41:6d:0c:90:a9:e2:20:
         d8:bc:b1:29
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQiIAMnvcFQ9d8Inh09r/i6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjUwMTAxMTM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWExYjllMWE5MWZlMTkyYjg1NjdkYTcyNDBiNmFmMmEyOGMwN2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxP1laifoq6Gww66n8aisDKIeB5f
7dKE8ZULa7PpOYlR40MwrmtIa7qcPEn6+SpSw8vU87F096IiLmWRiDWblUOYZI6b
f2mRQmdeOhg4FeA7c8bG5+ojrIYiIyl+0rs1dXw/8JVUKOG/UR7G6BBEIaEliqEx
APK7nhv8IXX0D2ihXhOOD/+iy7w0pquo+KJSAOUaItlRv8RTLoLRXlYuFgW5Rrqu
ABSlBz5ur0e91IjfIOvtbvGdC59Kg8ema4PGMKBnaHq5SzPfsA7mqAhKe0aKUaFq
BLd9zfbS/Rena8m+ojX6N1uXxtyIi8GXhpWSM3CUG3IP88S7pAViQY5G1wIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPqhueGpH+GSuFZ9pyQLavKijAfjMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvMS1xRzU0YWtmNFpLNFZuMm5KQXRxOHFLTUItTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTgvOWZhODNkLWIyYTMtNDVlNC04NDk5LWY1MjU4MTY0MDJi
ZC8xL180SXdtbWdVWjRyWExqOHhwUDRDY3ZRTDJZWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAC1W8AME
AS2H4jANBgkqhkiG9w0BAQsFAAOCAQEAtiP3qlfO9W8xmC/VgoDi86GJaB8KRWqg
d52MoFu4kiWhCCwqSVK5PI1T/6LAO7RqiXSndcItpZwng2m807AU1XiPHveh4ifJ
QKGV+2XiQ2oWfE9fmY/FNYEmZIKIn2wWz6dzcL9BN0khJKYQYGm+spPY5ymOLe+3
ddAU9oT83YvAUEUGPKlKC07kkGlwbLTGbueJt1yHCnts2zF7AoDXe/HxWNxLw9JR
XTlzqO5yN89jvAFHJjzQFTG/dIA9gE68yZMgL7aaHxQVMDJWhzEQ4H1rzFpltVZG
kZev0A8+W1EXjpUTydvHoe//6nh5JLTaXgM0AxlBbQyQqeIg2LyxKQ==
-----END CERTIFICATE-----