Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/3db8d3-3404-45ef-8409-86b90f197ede/1/uoOTDO3I8Ju9HNeb_RrUnxiXqMM.roa
File:                     uoOTDO3I8Ju9HNeb_RrUnxiXqMM.roa (raw, json)
Hash identifier:          uWLf97UT0+0lxJvC3noTnvF0IVTFV5k9XbA2AIDmE6M=
Subject key identifier:   BA:83:93:0C:ED:C8:F0:9B:BD:1C:D7:9B:FD:1A:D4:9F:18:97:A8:C3
Certificate issuer:       /CN=66d5e5cd7d0375de252740546412b88ba5bcfa7a
Certificate serial:       019426D9E25E49380F822659FF616AE3901B
Authority key identifier: 66:D5:E5:CD:7D:03:75:DE:25:27:40:54:64:12:B8:8B:A5:BC:FA:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZtXlzX0Ddd4lJ0BUZBK4i6W8-no.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/3db8d3-3404-45ef-8409-86b90f197ede/1/uoOTDO3I8Ju9HNeb_RrUnxiXqMM.roa
Signing time:             Thu 02 Jan 2025 11:50:00 +0000
ROA not before:           Thu 02 Jan 2025 11:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41019
IP address blocks:        45.84.184.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/3db8d3-3404-45ef-8409-86b90f197ede/1/ZtXlzX0Ddd4lJ0BUZBK4i6W8-no.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/3db8d3-3404-45ef-8409-86b90f197ede/1/ZtXlzX0Ddd4lJ0BUZBK4i6W8-no.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZtXlzX0Ddd4lJ0BUZBK4i6W8-no.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e2:5e:49:38:0f:82:26:59:ff:61:6a:e3:90:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66d5e5cd7d0375de252740546412b88ba5bcfa7a
        Validity
            Not Before: Jan  2 11:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba83930cedc8f09bbd1cd79bfd1ad49f1897a8c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d5:c7:40:ee:37:88:76:b2:0b:d3:7c:d1:9c:
                    f2:77:f5:e1:84:b7:c1:1e:7b:ac:69:19:e3:55:a3:
                    9c:31:90:14:7b:69:1a:51:52:94:81:db:96:ce:f2:
                    04:f1:dc:2f:d4:02:5f:8b:61:4b:18:ff:76:9a:83:
                    1c:21:cd:59:36:9f:67:fd:e1:b9:6f:6b:b1:3f:d5:
                    9d:ec:ff:34:1d:f1:04:d3:94:f8:c0:5a:09:75:8e:
                    5a:7f:9f:83:07:f0:a1:e8:1e:2c:6f:2d:aa:9a:6a:
                    61:cd:ed:46:47:e7:69:6a:f7:05:b1:ec:03:30:ec:
                    2a:9d:02:72:92:a6:fb:6d:d7:97:a8:07:08:9f:32:
                    32:15:da:36:a8:b0:78:ef:37:cb:b0:1b:ed:02:63:
                    9b:4b:e5:8c:26:56:a2:62:22:46:37:7c:f5:e7:8d:
                    57:ef:94:2d:91:72:88:53:a0:bf:c7:3d:a2:6a:41:
                    eb:32:9c:ae:72:bc:3b:fd:17:83:66:c3:fa:5d:bf:
                    5c:1b:f4:8d:2b:a3:f4:98:76:8b:c9:5b:77:0a:b6:
                    0a:45:fd:c9:d6:71:a3:e4:8a:a0:3f:ee:15:23:72:
                    21:2d:d5:b0:94:1c:f7:0d:64:a2:2d:4b:ea:e6:5c:
                    86:2b:51:b2:81:58:7d:66:5f:42:ad:44:98:c2:0f:
                    c1:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:83:93:0C:ED:C8:F0:9B:BD:1C:D7:9B:FD:1A:D4:9F:18:97:A8:C3
            X509v3 Authority Key Identifier:
                keyid:66:D5:E5:CD:7D:03:75:DE:25:27:40:54:64:12:B8:8B:A5:BC:FA:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZtXlzX0Ddd4lJ0BUZBK4i6W8-no.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/3db8d3-3404-45ef-8409-86b90f197ede/1/uoOTDO3I8Ju9HNeb_RrUnxiXqMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/3db8d3-3404-45ef-8409-86b90f197ede/1/ZtXlzX0Ddd4lJ0BUZBK4i6W8-no.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c0:4e:2a:d4:b7:f0:3c:04:4c:c9:b3:d9:d0:aa:c3:92:1d:e1:
         79:4d:25:5e:0f:9c:6c:69:b0:ef:08:86:87:86:1c:7d:af:97:
         73:e1:07:9a:aa:2c:42:5a:5f:b3:68:d3:50:f9:a7:60:44:f9:
         7a:f7:dc:25:71:9d:32:10:28:f1:e3:51:b8:d1:45:f2:13:d9:
         5c:da:f7:ed:3d:8b:0b:2e:9f:4e:56:e0:ec:c9:88:08:31:2d:
         62:86:4f:0a:35:a8:f6:24:24:b6:5a:d8:4e:5c:bd:86:87:e8:
         b4:41:c5:d9:4a:3d:b9:40:24:b2:1f:13:d6:04:cf:3b:8d:51:
         33:5c:61:d5:13:fa:1d:ba:84:27:ae:22:96:89:59:4d:b1:26:
         48:99:4d:63:42:0f:d3:f4:75:6c:91:0d:0b:1d:1d:18:ac:c3:
         9f:49:b9:fa:b3:48:cb:e9:9b:20:52:dd:3f:cc:2c:e2:e3:d8:
         94:f7:e5:7b:31:bf:95:42:13:6d:7d:42:c4:f1:6f:7a:8d:b9:
         6a:4b:3e:95:00:a2:2a:d1:cb:5a:0a:a9:f5:6e:03:46:f2:4b:
         9b:48:95:bf:1e:9a:6d:fd:4d:3f:f5:63:be:90:93:c4:02:b3:
         61:8b:1a:91:13:0c:10:ce:e5:71:a2:54:38:56:fe:5a:26:71:
         c7:38:89:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2eJeSTgPgiZZ/2Fq45AbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZDVlNWNkN2QwMzc1ZGUyNTI3NDA1NDY0MTJiODhiYTVi
Y2ZhN2EwHhcNMjUwMTAyMTE1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTgzOTMwY2VkYzhmMDliYmQxY2Q3OWJmZDFhZDQ5ZjE4OTdhOGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdXHQO43iHayC9N80Zzyd/XhhLfB
HnusaRnjVaOcMZAUe2kaUVKUgduWzvIE8dwv1AJfi2FLGP92moMcIc1ZNp9n/eG5
b2uxP9Wd7P80HfEE05T4wFoJdY5af5+DB/Ch6B4sby2qmmphze1GR+dpavcFsewD
MOwqnQJykqb7bdeXqAcInzIyFdo2qLB47zfLsBvtAmObS+WMJlaiYiJGN3z1541X
75QtkXKIU6C/xz2iakHrMpyucrw7/ReDZsP6Xb9cG/SNK6P0mHaLyVt3CrYKRf3J
1nGj5IqgP+4VI3IhLdWwlBz3DWSiLUvq5lyGK1GygVh9Zl9CrUSYwg/BowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLqDkwztyPCbvRzXm/0a1J8Yl6jDMB8GA1UdIwQY
MBaAFGbV5c19A3XeJSdAVGQSuIulvPp6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnRYbHpYMERkZDRsSjBCVVpCSzRpNlc4LW5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8zZGI4ZDMtMzQwNC00NWVmLTg0MDkt
ODZiOTBmMTk3ZWRlLzEvdW9PVERPM0k4SnU5SE5lYl9SclVueGlYcU1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8zZGI4ZDMtMzQwNC00NWVmLTg0MDktODZiOTBmMTk3ZWRl
LzEvWnRYbHpYMERkZDRsSjBCVVpCSzRpNlc4LW5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVS4MA0G
CSqGSIb3DQEBCwUAA4IBAQDATirUt/A8BEzJs9nQqsOSHeF5TSVeD5xsabDvCIaH
hhx9r5dz4QeaqixCWl+zaNNQ+adgRPl699wlcZ0yECjx41G40UXyE9lc2vftPYsL
Lp9OVuDsyYgIMS1ihk8KNaj2JCS2WthOXL2Gh+i0QcXZSj25QCSyHxPWBM87jVEz
XGHVE/oduoQnriKWiVlNsSZImU1jQg/T9HVskQ0LHR0YrMOfSbn6s0jL6ZsgUt0/
zCzi49iU9+V7Mb+VQhNtfULE8W96jblqSz6VAKIq0ctaCqn1bgNG8kubSJW/Hppt
/U0/9WO+kJPEArNhixqREwwQzuVxolQ4Vv5aJnHHOInh
-----END CERTIFICATE-----