Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/B8jfK0t3MW9G5Eyome7g6mcF2h8.roa
File:                     B8jfK0t3MW9G5Eyome7g6mcF2h8.roa (raw, json)
Hash identifier:          XZoaAhHYzmiTEDCu8boCYE9STqMqeaTtF4k8PkA4OmI=
Subject key identifier:   07:C8:DF:2B:4B:77:31:6F:46:E4:4C:A8:99:EE:E0:EA:67:05:DA:1F
Certificate issuer:       /CN=67ea698abcdee10dca9d6703a56e87a6b359bfcc
Certificate serial:       019427479461C3AA86EEECEFF35F1BFC7168
Authority key identifier: 67:EA:69:8A:BC:DE:E1:0D:CA:9D:67:03:A5:6E:87:A6:B3:59:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z-ppirze4Q3KnWcDpW6HprNZv8w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/B8jfK0t3MW9G5Eyome7g6mcF2h8.roa
Signing time:             Thu 02 Jan 2025 13:49:49 +0000
ROA not before:           Thu 02 Jan 2025 13:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21221
IP address blocks:        45.14.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/Z-ppirze4Q3KnWcDpW6HprNZv8w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/Z-ppirze4Q3KnWcDpW6HprNZv8w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z-ppirze4Q3KnWcDpW6HprNZv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:94:61:c3:aa:86:ee:ec:ef:f3:5f:1b:fc:71:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67ea698abcdee10dca9d6703a56e87a6b359bfcc
        Validity
            Not Before: Jan  2 13:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07c8df2b4b77316f46e44ca899eee0ea6705da1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:7f:29:1b:22:04:ef:99:3f:4a:7f:5a:02:95:
                    09:3f:78:e2:da:85:34:94:f8:ac:2f:69:a9:2e:e2:
                    b9:e6:91:aa:50:ca:c0:2c:73:df:5f:15:b2:29:96:
                    5f:07:0b:77:6c:6e:de:57:83:6a:93:23:74:a1:99:
                    3c:cb:6a:c7:dd:53:17:2e:9f:20:8a:81:d6:3f:34:
                    f3:65:de:58:1d:73:11:9b:fb:4d:3d:d5:eb:89:63:
                    25:1e:c5:ae:6b:cc:47:2d:35:ef:3d:c7:dc:6b:5e:
                    1d:94:d7:bc:a8:56:c8:5b:44:33:ba:35:06:1b:52:
                    1b:bf:fe:5f:7f:43:d4:40:9e:8f:96:27:65:04:54:
                    c9:88:a6:49:81:8b:de:4e:62:41:97:66:6a:86:0c:
                    a7:18:a1:7e:d4:51:20:21:1d:18:e0:be:f5:ba:fd:
                    46:81:34:d1:df:17:bd:22:51:8b:64:8b:64:08:7a:
                    6c:05:5a:74:74:14:ca:a2:97:5d:d5:df:a1:41:fd:
                    d6:38:c4:b7:fa:b1:75:21:6d:21:7f:7b:90:77:40:
                    7d:b9:23:54:fd:f0:66:ae:0d:07:a7:31:74:d4:b4:
                    c3:7f:3b:17:ce:8d:11:87:98:a5:87:75:81:86:9e:
                    a8:5a:7e:67:bc:bd:e9:63:8c:79:91:64:20:83:ec:
                    ac:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:C8:DF:2B:4B:77:31:6F:46:E4:4C:A8:99:EE:E0:EA:67:05:DA:1F
            X509v3 Authority Key Identifier:
                keyid:67:EA:69:8A:BC:DE:E1:0D:CA:9D:67:03:A5:6E:87:A6:B3:59:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z-ppirze4Q3KnWcDpW6HprNZv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/B8jfK0t3MW9G5Eyome7g6mcF2h8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/Z-ppirze4Q3KnWcDpW6HprNZv8w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:3d:82:34:a3:d6:89:94:4a:77:f8:91:51:12:23:2a:f3:95:
         0e:6e:bc:73:b9:b4:12:40:4c:dd:93:16:3d:3b:52:5d:29:18:
         1d:96:63:73:f8:5a:cf:81:45:dd:0c:be:cc:f3:da:84:a0:8b:
         76:f6:cd:90:d6:18:bd:e7:1b:3c:f0:48:a7:01:59:9e:60:f2:
         86:83:18:09:dd:f8:fa:54:45:d5:2d:5b:89:95:60:46:25:3d:
         a6:36:d1:a2:36:b2:78:5f:6f:46:45:ed:d2:56:69:e2:3e:fe:
         01:43:8b:98:7e:3c:0e:fe:c7:52:a6:92:d6:5a:c9:15:70:0d:
         bd:4a:61:13:87:ad:9d:3d:02:83:bd:7d:e3:01:7d:b4:01:15:
         11:9d:79:48:98:3f:79:c0:22:7d:55:a8:41:6d:e2:df:29:46:
         48:87:ba:0f:85:3a:3e:bc:11:d4:25:b7:e9:9e:a4:9d:35:26:
         83:df:da:6f:cb:cf:87:0c:c9:04:20:a3:09:83:bf:27:ac:82:
         77:59:76:3a:a9:13:8e:59:c6:57:5d:8f:16:f0:91:51:f6:00:
         b0:44:37:14:75:43:60:6d:98:1b:e1:15:9a:e3:bb:11:d1:4f:
         cf:c5:a3:59:12:58:30:bb:45:95:8b:28:ce:f4:aa:11:b2:d1:
         53:04:4d:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR5Rhw6qG7uzv818b/HFoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZWE2OThhYmNkZWUxMGRjYTlkNjcwM2E1NmU4N2E2YjM1
OWJmY2MwHhcNMjUwMTAyMTM0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2M4ZGYyYjRiNzczMTZmNDZlNDRjYTg5OWVlZTBlYTY3MDVkYTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8n8pGyIE75k/Sn9aApUJP3ji2oU0
lPisL2mpLuK55pGqUMrALHPfXxWyKZZfBwt3bG7eV4NqkyN0oZk8y2rH3VMXLp8g
ioHWPzTzZd5YHXMRm/tNPdXriWMlHsWua8xHLTXvPcfca14dlNe8qFbIW0QzujUG
G1Ibv/5ff0PUQJ6PlidlBFTJiKZJgYveTmJBl2ZqhgynGKF+1FEgIR0Y4L71uv1G
gTTR3xe9IlGLZItkCHpsBVp0dBTKopdd1d+hQf3WOMS3+rF1IW0hf3uQd0B9uSNU
/fBmrg0HpzF01LTDfzsXzo0Rh5ilh3WBhp6oWn5nvL3pY4x5kWQgg+ysEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfI3ytLdzFvRuRMqJnu4OpnBdofMB8GA1UdIwQY
MBaAFGfqaYq83uENyp1nA6Vuh6azWb/MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWi1wcGlyemU0UTNLbldjRHBXNkhwck5adjh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hMzIyYmEtYzk2NC00NjViLTg5ODkt
YjMyZDk3NGMyMTBlLzEvQjhqZkswdDNNVzlHNUV5b21lN2c2bWNGMmg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hMzIyYmEtYzk2NC00NjViLTg5ODktYjMyZDk3NGMyMTBl
LzEvWi1wcGlyemU0UTNLbldjRHBXNkhwck5adjh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ4DMA0G
CSqGSIb3DQEBCwUAA4IBAQBuPYI0o9aJlEp3+JFREiMq85UObrxzubQSQEzdkxY9
O1JdKRgdlmNz+FrPgUXdDL7M89qEoIt29s2Q1hi95xs88EinAVmeYPKGgxgJ3fj6
VEXVLVuJlWBGJT2mNtGiNrJ4X29GRe3SVmniPv4BQ4uYfjwO/sdSppLWWskVcA29
SmETh62dPQKDvX3jAX20ARURnXlImD95wCJ9VahBbeLfKUZIh7oPhTo+vBHUJbfp
nqSdNSaD39pvy8+HDMkEIKMJg78nrIJ3WXY6qROOWcZXXY8W8JFR9gCwRDcUdUNg
bZgb4RWa47sR0U/PxaNZElgwu0WViyjO9KoRstFTBE3Y
-----END CERTIFICATE-----