Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/HgyuQ46QYgDfj6RhR_3x5QAVCl8.roa
File:                     HgyuQ46QYgDfj6RhR_3x5QAVCl8.roa (raw, json)
Hash identifier:          aOKElS2AXEdaOj4V/H+D2tAKGuw7fp/IHLj0ugSdBDI=
Subject key identifier:   1E:0C:AE:43:8E:90:62:00:DF:8F:A4:61:47:FD:F1:E5:00:15:0A:5F
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D72A1EA1D981F147652F2286FD9A8E
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/HgyuQ46QYgDfj6RhR_3x5QAVCl8.roa
Signing time:             Wed 01 Jan 2025 21:48:11 +0000
ROA not before:           Wed 01 Jan 2025 21:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210720
IP address blocks:        45.8.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:2a:1e:a1:d9:81:f1:47:65:2f:22:86:fd:9a:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e0cae438e906200df8fa46147fdf1e500150a5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:98:a0:0c:88:ef:1b:bb:1f:d1:5a:ef:a5:c5:
                    50:be:c2:2a:6d:e5:6c:87:02:b9:2c:b9:ef:5c:1a:
                    6c:38:36:83:18:a7:94:70:fd:ba:b5:24:af:66:8f:
                    fb:20:00:1b:bc:32:fb:44:4f:a1:a9:8d:df:fe:4f:
                    52:45:97:90:80:83:5f:b1:5f:4b:8f:f7:29:d3:22:
                    0c:5f:60:67:1e:74:02:e5:e2:af:3a:eb:20:fe:17:
                    8f:ad:42:5f:ad:b6:73:76:a3:e3:1e:23:1c:21:6e:
                    91:2f:26:c0:ba:dd:e5:5a:9f:83:12:2b:7c:a2:9d:
                    0b:39:e9:c6:9f:6d:4a:1c:e8:77:18:a4:1d:0f:e8:
                    85:4a:4a:dd:2f:6b:7f:1c:cf:88:39:a5:17:51:0b:
                    e9:78:53:e2:d1:3a:36:09:aa:79:79:54:d2:a0:2f:
                    37:17:24:bb:40:14:1f:9e:36:b7:e2:4c:1e:7c:f5:
                    db:df:2c:69:f5:e1:89:c5:a4:f8:14:be:3a:7f:01:
                    c0:e5:5f:da:43:5d:af:d8:60:8f:0a:ce:7f:fc:d5:
                    30:b3:a3:57:c1:b0:b9:b6:6c:a1:b8:21:fd:e2:c1:
                    ed:a6:cf:e0:58:52:e4:3c:8e:17:a6:3f:75:34:b6:
                    69:e0:30:46:09:5c:40:e9:35:7d:7d:27:1c:98:95:
                    7c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:0C:AE:43:8E:90:62:00:DF:8F:A4:61:47:FD:F1:E5:00:15:0A:5F
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/HgyuQ46QYgDfj6RhR_3x5QAVCl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:10:20:82:68:e8:0d:9f:5f:1f:d4:3c:54:88:44:a9:d3:41:
         b6:75:8c:6a:ef:6e:da:3f:88:5a:80:8e:37:44:c8:24:b5:3e:
         26:9b:8b:5a:fe:2b:e7:1b:59:17:84:7f:c8:b9:27:35:9c:38:
         79:6d:b2:f7:cb:7c:5b:ca:98:b1:94:f1:d3:2e:61:03:5f:64:
         ff:1e:8d:a4:2a:43:bd:f0:25:5b:1b:29:0e:8a:b9:50:0b:b7:
         3b:7a:a8:90:45:25:00:34:ec:27:78:2d:03:8c:cc:7c:6a:c9:
         ea:94:9d:c5:ef:66:62:0d:62:05:9d:04:76:23:75:5c:d1:1a:
         c8:10:04:25:9b:e4:25:c1:89:1c:8a:9a:4a:17:93:51:22:8c:
         29:56:93:43:e9:5c:6c:e2:db:93:10:c7:04:af:ed:c9:39:71:
         5b:b1:30:6c:bc:b3:26:b7:45:80:67:de:9a:48:6c:11:fc:da:
         81:3c:67:77:a2:a7:9c:b6:a3:e6:61:f3:29:0a:d5:ad:5a:be:
         64:48:b7:4f:14:e9:8f:89:8b:bd:10:04:46:9a:28:98:e4:cd:
         ac:97:43:7b:ae:0d:21:5b:48:6e:ff:45:88:b9:d8:d0:eb:1a:
         3d:1e:f0:bb:8e:31:63:15:ea:0b:4b:0a:09:94:97:e4:17:7e:
         8e:da:7a:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1yoeodmB8UdlLyKG/ZqOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTBjYWU0MzhlOTA2MjAwZGY4ZmE0NjE0N2ZkZjFlNTAwMTUwYTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpigDIjvG7sf0VrvpcVQvsIqbeVs
hwK5LLnvXBpsODaDGKeUcP26tSSvZo/7IAAbvDL7RE+hqY3f/k9SRZeQgINfsV9L
j/cp0yIMX2BnHnQC5eKvOusg/hePrUJfrbZzdqPjHiMcIW6RLybAut3lWp+DEit8
op0LOenGn21KHOh3GKQdD+iFSkrdL2t/HM+IOaUXUQvpeFPi0To2Cap5eVTSoC83
FyS7QBQfnja34kwefPXb3yxp9eGJxaT4FL46fwHA5V/aQ12v2GCPCs5//NUws6NX
wbC5tmyhuCH94sHtps/gWFLkPI4Xpj91NLZp4DBGCVxA6TV9fSccmJV8zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4MrkOOkGIA34+kYUf98eUAFQpfMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvSGd5dVE0NlFZZ0RmajZSaFJfM3g1UUFWQ2w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQjRMA0G
CSqGSIb3DQEBCwUAA4IBAQBLECCCaOgNn18f1DxUiESp00G2dYxq727aP4hagI43
RMgktT4mm4ta/ivnG1kXhH/IuSc1nDh5bbL3y3xbypixlPHTLmEDX2T/Ho2kKkO9
8CVbGykOirlQC7c7eqiQRSUANOwneC0DjMx8asnqlJ3F72ZiDWIFnQR2I3Vc0RrI
EAQlm+QlwYkcippKF5NRIowpVpND6Vxs4tuTEMcEr+3JOXFbsTBsvLMmt0WAZ96a
SGwR/NqBPGd3oqectqPmYfMpCtWtWr5kSLdPFOmPiYu9EARGmiiY5M2sl0N7rg0h
W0hu/0WIudjQ6xo9HvC7jjFjFeoLSwoJlJfkF36O2nra
-----END CERTIFICATE-----