Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1-MM3HL-VAy7SYG1_l_eqEyDYlL0.roa
File:                     1-MM3HL-VAy7SYG1_l_eqEyDYlL0.roa (raw, json)
Hash identifier:          cbPvNw4soqR2mRCk9vRpmZi93Eewj7ZOtuS9TV6RMcU=
Subject key identifier:   F8:C3:37:1C:BF:95:03:2E:D2:60:6D:7F:97:F7:AA:13:20:D8:94:BD
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0194222043339B82303D54FAF45558856237
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1-MM3HL-VAy7SYG1_l_eqEyDYlL0.roa
Signing time:             Wed 01 Jan 2025 13:48:47 +0000
ROA not before:           Wed 01 Jan 2025 13:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399498
IP address blocks:        45.85.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:43:33:9b:82:30:3d:54:fa:f4:55:58:85:62:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8c3371cbf95032ed2606d7f97f7aa1320d894bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:87:8d:bd:04:d8:d2:71:79:02:f8:6a:20:79:
                    cd:77:5e:20:0e:8b:16:e4:cc:b6:03:fc:3e:1b:3d:
                    eb:db:22:16:12:65:47:31:18:0d:26:49:67:b5:62:
                    70:0e:6a:01:eb:1b:8e:da:7b:50:23:b7:d8:e5:9e:
                    f1:f1:b9:7e:0a:8a:ba:33:7c:fd:7b:72:23:80:5f:
                    89:87:3f:58:5c:05:dd:53:bc:9f:b6:0b:fd:3a:da:
                    db:bd:a2:84:21:14:13:1b:eb:92:1d:ab:dc:2b:01:
                    10:dd:41:5d:66:f3:cc:ed:b4:bd:67:b6:8e:89:93:
                    71:23:e9:81:04:09:51:2a:21:e7:64:03:a5:12:e2:
                    09:a7:34:5c:89:1b:75:ac:68:be:7f:cd:41:64:f3:
                    3a:7e:69:b8:b6:0c:f8:c7:dc:f5:88:a2:4d:be:a8:
                    33:0a:cb:eb:bc:e1:ac:10:f3:38:0c:85:8c:79:14:
                    7c:2e:1d:f1:27:e9:76:ac:a2:ee:60:14:19:52:1d:
                    ad:0c:0e:4e:bc:7d:07:62:1b:c1:20:69:a8:35:19:
                    8b:9a:b5:e7:08:c5:c2:c5:3e:03:c6:2a:38:2c:f0:
                    76:30:5b:8c:8f:7a:8c:03:09:3b:5b:ef:77:9f:2a:
                    90:c2:4b:27:ee:23:4b:cf:72:1b:0e:5a:0d:97:65:
                    b2:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:C3:37:1C:BF:95:03:2E:D2:60:6D:7F:97:F7:AA:13:20:D8:94:BD
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1-MM3HL-VAy7SYG1_l_eqEyDYlL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:05:74:99:84:36:b5:b0:a8:02:f1:ab:d1:f0:b0:ae:cb:c3:
         4b:1b:93:be:c9:c5:c1:ff:82:43:f1:49:12:b0:10:12:da:73:
         bf:ba:56:9c:e6:b1:d1:49:23:71:9a:71:14:52:ad:eb:24:74:
         20:e8:fa:5e:ab:01:47:77:67:8b:fb:be:fa:b9:02:0b:a5:2b:
         ed:3b:5d:f9:d3:61:20:e0:67:12:ce:20:98:38:80:6b:4d:30:
         3c:36:63:a3:60:fb:1c:4b:b0:fe:0a:e6:99:a4:1f:59:7f:eb:
         30:d8:6f:a5:0d:5e:6e:72:89:c6:e5:13:70:ad:5d:12:01:c5:
         bd:ff:79:e5:7f:fe:5e:30:b2:9a:e7:bf:4d:de:8b:ed:ee:df:
         10:28:75:38:6d:8a:cf:d5:5e:1b:05:39:38:5f:16:10:11:27:
         bb:78:4f:29:99:17:5c:d4:1f:83:83:0e:09:d5:d7:e3:f9:f7:
         90:1f:bd:93:25:de:49:d7:e1:03:0f:32:4b:2d:01:1b:53:d3:
         c9:a0:40:5a:64:46:d2:f7:49:a8:f5:3e:40:15:5d:41:f9:be:
         ca:df:37:86:55:1a:8a:7c:56:e3:2c:a0:7c:17:46:c7:50:89:
         b0:10:70:ac:4b:8a:7d:e1:cd:ff:72:95:51:55:f3:76:9a:6c:
         70:4b:43:bf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQiIEMzm4IwPVT69FVYhWI3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGMzMzcxY2JmOTUwMzJlZDI2MDZkN2Y5N2Y3YWExMzIwZDg5NGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIeNvQTY0nF5AvhqIHnNd14gDosW
5My2A/w+Gz3r2yIWEmVHMRgNJklntWJwDmoB6xuO2ntQI7fY5Z7x8bl+Coq6M3z9
e3IjgF+Jhz9YXAXdU7yftgv9OtrbvaKEIRQTG+uSHavcKwEQ3UFdZvPM7bS9Z7aO
iZNxI+mBBAlRKiHnZAOlEuIJpzRciRt1rGi+f81BZPM6fmm4tgz4x9z1iKJNvqgz
CsvrvOGsEPM4DIWMeRR8Lh3xJ+l2rKLuYBQZUh2tDA5OvH0HYhvBIGmoNRmLmrXn
CMXCxT4Dxio4LPB2MFuMj3qMAwk7W+93nyqQwksn7iNLz3IbDloNl2WyxwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPjDNxy/lQMu0mBtf5f3qhMg2JS9MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMS1NTTNITC1WQXk3U1lHMV9sX2VxRXlEWWxMMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmMvOGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1
OC8xL05zS2t0OVhYUEZ0WEJHSWp2ekRyWlRBRnNPSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1VaTAN
BgkqhkiG9w0BAQsFAAOCAQEAegV0mYQ2tbCoAvGr0fCwrsvDSxuTvsnFwf+CQ/FJ
ErAQEtpzv7pWnOax0UkjcZpxFFKt6yR0IOj6XqsBR3dni/u++rkCC6Ur7Ttd+dNh
IOBnEs4gmDiAa00wPDZjo2D7HEuw/grmmaQfWX/rMNhvpQ1ebnKJxuUTcK1dEgHF
vf955X/+XjCymue/Td6L7e7fECh1OG2Kz9VeGwU5OF8WEBEnu3hPKZkXXNQfg4MO
CdXX4/n3kB+9kyXeSdfhAw8ySy0BG1PTyaBAWmRG0vdJqPU+QBVdQfm+yt83hlUa
inxW4yygfBdGx1CJsBBwrEuKfeHN/3KVUVXzdppscEtDvw==
-----END CERTIFICATE-----