Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/8LQo-NmzGy5l2r5NZYIeKNdXs14.roa
File:                     8LQo-NmzGy5l2r5NZYIeKNdXs14.roa (raw, json)
Hash identifier:          ilvAF3/ySzxVBGtuDQdjN+a1IHb253ip3G4kBn3IpkA=
Subject key identifier:   F0:B4:28:F8:D9:B3:1B:2E:65:DA:BE:4D:65:82:1E:28:D7:57:B3:5E
Certificate issuer:       /CN=f3b2805d8776eedeb7aa4cbe5af568cdb2629fc2
Certificate serial:       01970B2FDA75436A87430A023A36F88B64A5
Authority key identifier: F3:B2:80:5D:87:76:EE:DE:B7:AA:4C:BE:5A:F5:68:CD:B2:62:9F:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/8LQo-NmzGy5l2r5NZYIeKNdXs14.roa
Signing time:             Mon 26 May 2025 06:02:54 +0000
ROA not before:           Mon 26 May 2025 06:02:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209043
IP address blocks:        45.9.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 09:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0b:2f:da:75:43:6a:87:43:0a:02:3a:36:f8:8b:64:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3b2805d8776eedeb7aa4cbe5af568cdb2629fc2
        Validity
            Not Before: May 26 06:02:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0b428f8d9b31b2e65dabe4d65821e28d757b35e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:df:10:d7:a9:09:91:65:c5:0b:65:f8:dc:56:
                    eb:f0:a3:74:01:44:ab:5f:e3:b6:33:04:b6:32:33:
                    b1:2b:4c:a1:6c:18:ea:69:e6:f3:91:90:85:20:f3:
                    e8:10:a9:76:b8:66:84:e6:85:cd:18:4b:e3:7b:38:
                    6a:20:12:70:86:bb:19:47:eb:31:e2:5d:ce:7a:83:
                    ae:6e:49:25:9e:8e:08:a4:f4:e8:4c:85:3e:1e:ca:
                    e2:cb:f1:64:f2:4e:c8:c1:51:23:cc:74:d1:e1:84:
                    c3:68:db:02:8c:0b:ec:ca:13:d0:78:e1:be:20:b9:
                    7d:2a:18:20:50:00:1d:05:7a:2f:d1:b5:f1:45:0a:
                    82:52:5b:f7:0a:5c:56:8b:e2:fd:cf:e2:69:a2:88:
                    f8:73:8d:51:75:7c:19:f9:b6:47:05:65:65:c2:64:
                    ef:ab:a0:c8:4b:a6:3a:3a:fd:60:ce:e1:0d:b3:24:
                    3b:f6:e3:b2:67:eb:d0:6c:d1:47:4e:9a:e0:e7:30:
                    47:35:ba:68:20:59:b3:6a:c7:27:e3:03:0c:7a:18:
                    80:31:8a:9c:af:24:e1:f0:31:de:8e:2b:db:87:89:
                    76:0d:9a:f4:22:78:c5:48:96:2a:a1:a1:33:b6:99:
                    75:20:80:0b:8b:77:d4:6f:f5:ef:f6:ab:18:77:0d:
                    f1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:B4:28:F8:D9:B3:1B:2E:65:DA:BE:4D:65:82:1E:28:D7:57:B3:5E
            X509v3 Authority Key Identifier:
                keyid:F3:B2:80:5D:87:76:EE:DE:B7:AA:4C:BE:5A:F5:68:CD:B2:62:9F:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/8LQo-NmzGy5l2r5NZYIeKNdXs14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:e0:57:8c:c2:67:45:79:93:eb:6d:56:da:32:5d:b8:d0:56:
         99:17:b8:a4:33:3e:12:7a:68:40:0e:81:34:a4:02:75:86:5d:
         4a:3b:8b:f1:ea:ab:00:49:21:03:9e:ee:a2:e9:b7:3e:a4:da:
         83:e0:c3:72:4c:d6:ab:8e:23:c5:71:8d:f0:96:34:89:16:34:
         a3:40:f6:a6:41:c4:f0:68:7f:ae:31:0e:5d:8f:4c:c6:c6:93:
         65:bb:78:5c:a7:ac:18:f4:be:0b:7f:53:0b:93:37:fd:5d:ad:
         94:f4:02:d8:66:0c:ad:82:ec:f1:2f:2c:41:a9:16:92:ff:30:
         36:93:57:fd:cf:f9:68:b8:c9:f7:28:85:8e:7b:0d:90:e3:9c:
         6a:c0:5a:63:d7:55:5e:94:51:ec:57:2e:46:8c:63:ca:12:38:
         ee:e0:39:6e:b5:2f:a5:20:29:b4:f9:50:40:88:81:7b:4c:27:
         6b:cc:4e:50:78:d9:da:d1:c2:a8:6d:b7:a6:53:c0:93:58:95:
         99:6f:34:45:8b:17:79:2a:64:9d:7f:48:31:91:90:d3:87:52:
         7f:98:b6:45:fe:81:5b:92:00:be:18:78:5e:be:3e:ff:32:d8:
         e1:a2:f7:85:72:63:88:6a:71:4e:b3:a4:11:f0:e6:8b:30:fd:
         25:84:91:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcLL9p1Q2qHQwoCOjb4i2SlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYjI4MDVkODc3NmVlZGViN2FhNGNiZTVhZjU2OGNkYjI2
MjlmYzIwHhcNMjUwNTI2MDYwMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGI0MjhmOGQ5YjMxYjJlNjVkYWJlNGQ2NTgyMWUyOGQ3NTdiMzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkN8Q16kJkWXFC2X43Fbr8KN0AUSr
X+O2MwS2MjOxK0yhbBjqaebzkZCFIPPoEKl2uGaE5oXNGEvjezhqIBJwhrsZR+sx
4l3OeoOubkklno4IpPToTIU+Hsriy/Fk8k7IwVEjzHTR4YTDaNsCjAvsyhPQeOG+
ILl9KhggUAAdBXov0bXxRQqCUlv3ClxWi+L9z+Jpooj4c41RdXwZ+bZHBWVlwmTv
q6DIS6Y6Ov1gzuENsyQ79uOyZ+vQbNFHTprg5zBHNbpoIFmzascn4wMMehiAMYqc
ryTh8DHejivbh4l2DZr0InjFSJYqoaEztpl1IIALi3fUb/Xv9qsYdw3xxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPC0KPjZsxsuZdq+TWWCHijXV7NeMB8GA1UdIwQY
MBaAFPOygF2Hdu7et6pMvlr1aM2yYp/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODdLQVhZZDI3dDYzcWt5LVd2Vm96YkppbjhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9iODYyZDMtNjg0NC00NmY3LWJkOTgt
ODNiYzc5NzI3OGUyLzEvOExRby1ObXpHeTVsMnI1TlpZSWVLTmRYczE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9iODYyZDMtNjg0NC00NmY3LWJkOTgtODNiYzc5NzI3OGUy
LzEvODdLQVhZZDI3dDYzcWt5LVd2Vm96YkppbjhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQl9MA0G
CSqGSIb3DQEBCwUAA4IBAQBG4FeMwmdFeZPrbVbaMl240FaZF7ikMz4SemhADoE0
pAJ1hl1KO4vx6qsASSEDnu6i6bc+pNqD4MNyTNarjiPFcY3wljSJFjSjQPamQcTw
aH+uMQ5dj0zGxpNlu3hcp6wY9L4Lf1MLkzf9Xa2U9ALYZgytguzxLyxBqRaS/zA2
k1f9z/louMn3KIWOew2Q45xqwFpj11VelFHsVy5GjGPKEjju4DlutS+lICm0+VBA
iIF7TCdrzE5QeNna0cKobbemU8CTWJWZbzRFixd5KmSdf0gxkZDTh1J/mLZF/oFb
kgC+GHhevj7/MtjhoveFcmOIanFOs6QR8OaLMP0lhJGr
-----END CERTIFICATE-----