Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/881k6Z9AGsNKmJpB6qBRDMoI5CA.roa
File:                     881k6Z9AGsNKmJpB6qBRDMoI5CA.roa (raw, json)
Hash identifier:          T+h+MOM2xrLeeEk0JPdYNuJ0bYNKkfjCHz2MRRc6zN4=
Subject key identifier:   F3:CD:64:E9:9F:40:1A:C3:4A:98:9A:41:EA:A0:51:0C:CA:08:E4:20
Certificate issuer:       /CN=3a00807698f0b097d69ab3926917d1dcc838a624
Certificate serial:       01970CB63ED342E32D94040E627097827841
Authority key identifier: 3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/881k6Z9AGsNKmJpB6qBRDMoI5CA.roa
Signing time:             Mon 26 May 2025 13:09:19 +0000
ROA not before:           Mon 26 May 2025 13:09:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213220
IP address blocks:        45.81.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0c:b6:3e:d3:42:e3:2d:94:04:0e:62:70:97:82:78:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a00807698f0b097d69ab3926917d1dcc838a624
        Validity
            Not Before: May 26 13:09:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3cd64e99f401ac34a989a41eaa0510cca08e420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ea:16:ae:57:ab:66:16:60:98:d4:04:ed:58:
                    88:9f:b2:80:d0:64:25:3e:0e:ad:8d:4d:b2:6f:fe:
                    e3:62:f3:8f:08:4f:c0:77:e1:a1:2d:47:b1:ba:88:
                    d9:12:99:43:82:0f:c9:83:3c:74:c6:7c:08:e6:0f:
                    98:fe:a2:5a:53:fe:41:e6:86:c5:4e:0c:c3:41:98:
                    34:30:82:ce:c5:39:48:fd:46:86:ac:16:bc:1c:89:
                    ee:d9:18:06:3d:a4:c6:d0:52:46:17:dd:a9:e7:65:
                    85:71:f3:1a:6a:3a:e0:86:e4:dc:f2:8e:1f:81:9c:
                    9a:6b:91:55:7c:62:c7:6d:8e:7b:56:b9:cb:4a:c7:
                    16:73:f3:05:46:ea:13:78:85:ae:0d:f0:5f:77:4e:
                    1f:1b:40:00:45:a9:c2:78:80:d3:11:dc:5b:cf:4f:
                    ed:a9:b1:d4:ba:d4:cb:ca:63:76:10:dd:b2:70:65:
                    5f:1c:26:cf:64:cc:8e:5e:19:17:84:75:28:7a:54:
                    96:1d:41:1f:c3:e6:7a:28:c7:81:48:00:96:a5:3e:
                    16:40:a2:68:4f:12:6e:a6:28:0f:c9:8f:38:cf:3b:
                    14:c6:d0:4a:4f:7b:59:2b:c6:b1:06:fa:5c:34:90:
                    3e:02:2d:5e:f0:61:69:88:26:0f:2e:22:f6:39:a4:
                    6f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:CD:64:E9:9F:40:1A:C3:4A:98:9A:41:EA:A0:51:0C:CA:08:E4:20
            X509v3 Authority Key Identifier:
                keyid:3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/881k6Z9AGsNKmJpB6qBRDMoI5CA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:7a:73:bd:44:25:a3:8c:de:7d:10:50:ce:a7:16:db:f6:e1:
         5e:04:c1:e2:75:90:f0:de:b5:84:b1:9b:f4:f1:13:a2:28:7a:
         8e:30:ce:2a:d1:39:e8:80:92:b6:06:72:97:86:bf:ea:08:b3:
         31:1a:01:21:9a:99:3d:40:0f:2f:66:25:8c:78:9e:e4:2e:51:
         ca:a7:5a:70:f1:4e:bf:b8:a8:ff:5a:81:f0:d6:a7:2c:17:f0:
         c2:5e:e6:f8:6d:4b:88:3f:b4:23:bb:2e:21:da:00:eb:88:59:
         a2:d1:af:1d:3c:be:53:a9:1a:80:3f:06:86:39:c9:b5:65:fd:
         c0:f4:23:f4:de:2b:26:43:66:5f:ac:ad:11:ef:54:e6:bf:3a:
         9b:07:4c:4a:e8:0d:c1:c1:70:37:e9:43:a6:af:99:9c:20:a7:
         95:f6:54:98:50:e9:54:1a:58:d5:c1:89:a1:30:54:65:82:c2:
         d8:da:a9:2a:02:dc:b9:a5:c5:91:ad:a8:87:4a:59:8c:cb:34:
         ab:c4:68:08:3c:82:52:b8:5a:e1:bb:ef:4e:9e:c8:24:1c:aa:
         c0:03:7b:aa:39:95:66:95:0d:81:d4:e5:71:9d:ee:98:4c:cc:
         8d:81:4f:3b:12:92:98:ed:fc:99:80:b3:70:07:1a:8a:e2:c0:
         7e:96:7f:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcMtj7TQuMtlAQOYnCXgnhBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDA4MDc2OThmMGIwOTdkNjlhYjM5MjY5MTdkMWRjYzgz
OGE2MjQwHhcNMjUwNTI2MTMwOTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2NkNjRlOTlmNDAxYWMzNGE5ODlhNDFlYWEwNTEwY2NhMDhlNDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+oWrlerZhZgmNQE7ViIn7KA0GQl
Pg6tjU2yb/7jYvOPCE/Ad+GhLUexuojZEplDgg/Jgzx0xnwI5g+Y/qJaU/5B5obF
TgzDQZg0MILOxTlI/UaGrBa8HInu2RgGPaTG0FJGF92p52WFcfMaajrghuTc8o4f
gZyaa5FVfGLHbY57VrnLSscWc/MFRuoTeIWuDfBfd04fG0AARanCeIDTEdxbz0/t
qbHUutTLymN2EN2ycGVfHCbPZMyOXhkXhHUoelSWHUEfw+Z6KMeBSACWpT4WQKJo
TxJupigPyY84zzsUxtBKT3tZK8axBvpcNJA+Ai1e8GFpiCYPLiL2OaRvywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPNZOmfQBrDSpiaQeqgUQzKCOQgMB8GA1UdIwQY
MBaAFDoAgHaY8LCX1pqzkmkX0dzIOKYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMt
MTZhZmM0ZGZmZGQ0LzEvODgxazZaOUFHc05LbUpwQjZxQlJETW9JNUNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMtMTZhZmM0ZGZmZGQ0
LzEvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVEgMA0G
CSqGSIb3DQEBCwUAA4IBAQCaenO9RCWjjN59EFDOpxbb9uFeBMHidZDw3rWEsZv0
8ROiKHqOMM4q0TnogJK2BnKXhr/qCLMxGgEhmpk9QA8vZiWMeJ7kLlHKp1pw8U6/
uKj/WoHw1qcsF/DCXub4bUuIP7Qjuy4h2gDriFmi0a8dPL5TqRqAPwaGOcm1Zf3A
9CP03ismQ2ZfrK0R71TmvzqbB0xK6A3BwXA36UOmr5mcIKeV9lSYUOlUGljVwYmh
MFRlgsLY2qkqAty5pcWRraiHSlmMyzSrxGgIPIJSuFrhu+9OnsgkHKrAA3uqOZVm
lQ2B1OVxne6YTMyNgU87EpKY7fyZgLNwBxqK4sB+ln9f
-----END CERTIFICATE-----