Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/25e6d8-4e72-4ac2-b6e5-c8201b91aec3/1/cOPYQsOeCFDIc7qGbdrCMUud3Jc.roa
File:                     cOPYQsOeCFDIc7qGbdrCMUud3Jc.roa (raw, json)
Hash identifier:          BKdHxeFxd4fi3NghqoltBHVl5UTtuhA/jAVO3pAU5j8=
Subject key identifier:   70:E3:D8:42:C3:9E:08:50:C8:73:BA:86:6D:DA:C2:31:4B:9D:DC:97
Certificate issuer:       /CN=dac71030fe081e02bab4823d0568ffb2a33265e1
Certificate serial:       019427466A97679A2B128267B2F96AACB616
Authority key identifier: DA:C7:10:30:FE:08:1E:02:BA:B4:82:3D:05:68:FF:B2:A3:32:65:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2scQMP4IHgK6tII9BWj_sqMyZeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/25e6d8-4e72-4ac2-b6e5-c8201b91aec3/1/cOPYQsOeCFDIc7qGbdrCMUud3Jc.roa
Signing time:             Thu 02 Jan 2025 13:48:33 +0000
ROA not before:           Thu 02 Jan 2025 13:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44029
IP address blocks:        45.81.108.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/25e6d8-4e72-4ac2-b6e5-c8201b91aec3/1/2scQMP4IHgK6tII9BWj_sqMyZeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/25e6d8-4e72-4ac2-b6e5-c8201b91aec3/1/2scQMP4IHgK6tII9BWj_sqMyZeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2scQMP4IHgK6tII9BWj_sqMyZeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:6a:97:67:9a:2b:12:82:67:b2:f9:6a:ac:b6:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dac71030fe081e02bab4823d0568ffb2a33265e1
        Validity
            Not Before: Jan  2 13:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70e3d842c39e0850c873ba866ddac2314b9ddc97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a9:55:6c:c6:a4:03:36:f2:e0:35:96:08:a5:
                    5b:ed:be:4b:64:56:2b:fa:6f:df:d8:2a:06:0b:fb:
                    f9:46:93:60:76:70:3e:1d:98:7c:22:2d:aa:dc:79:
                    29:85:9c:01:00:87:a9:72:58:81:ae:29:a3:ab:ab:
                    11:81:af:46:e6:50:2a:07:d0:b1:9e:6d:96:f8:26:
                    68:63:52:0a:7b:24:c5:f3:e5:24:59:20:a5:e2:20:
                    68:1a:46:a0:61:ec:0e:4d:c8:a6:a0:2b:12:be:95:
                    21:12:9c:32:b5:dc:d0:60:5a:1b:01:15:b5:7d:ea:
                    ca:38:e2:b7:a8:78:42:7b:08:5f:de:ab:ea:ef:ce:
                    a5:f7:5a:fb:1d:76:62:6a:44:07:d5:3d:1f:97:5a:
                    10:e6:ad:83:7d:a6:ea:11:77:ef:8b:49:8b:28:df:
                    92:74:8f:db:ca:7c:b3:76:d5:f8:a6:69:f6:5f:f2:
                    2b:83:66:3d:41:40:46:6a:af:bc:70:c4:8c:ee:a7:
                    6e:23:ca:4d:2b:a5:16:f2:b1:98:da:bf:7d:80:e4:
                    0b:a8:1e:14:b3:63:91:ab:88:fc:83:9b:e9:82:c0:
                    bc:65:15:bb:5a:69:e9:60:31:06:eb:63:4d:75:ba:
                    81:78:04:b6:29:2a:eb:1c:25:38:1c:df:ea:b5:7b:
                    7a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:E3:D8:42:C3:9E:08:50:C8:73:BA:86:6D:DA:C2:31:4B:9D:DC:97
            X509v3 Authority Key Identifier:
                keyid:DA:C7:10:30:FE:08:1E:02:BA:B4:82:3D:05:68:FF:B2:A3:32:65:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2scQMP4IHgK6tII9BWj_sqMyZeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/25e6d8-4e72-4ac2-b6e5-c8201b91aec3/1/cOPYQsOeCFDIc7qGbdrCMUud3Jc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/25e6d8-4e72-4ac2-b6e5-c8201b91aec3/1/2scQMP4IHgK6tII9BWj_sqMyZeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:5d:1d:c0:b2:bf:44:9d:9f:cc:cd:e2:22:76:bd:ee:bd:9f:
         aa:91:96:b7:90:b0:45:08:d9:79:53:a0:cc:9c:6d:21:94:a3:
         16:82:3f:21:17:fa:50:68:9a:84:f2:d4:cb:15:09:f3:df:94:
         75:b5:b2:93:86:67:b6:09:9e:4c:4d:43:fd:dc:d9:5a:67:ba:
         1c:2e:49:66:08:b3:da:bc:94:10:e1:1f:ca:88:09:17:c8:7d:
         b0:06:a5:ac:e5:26:aa:90:79:89:cc:31:fa:d7:5a:4c:49:7a:
         1a:15:72:7c:65:05:ad:df:84:17:8c:cd:8d:0f:13:7b:fe:3d:
         02:12:24:d9:0d:cb:59:fb:e8:21:be:ad:3e:cb:a5:b5:8c:23:
         6f:8e:46:ce:26:dc:26:e3:ef:66:d7:bb:a0:36:0d:f0:80:1c:
         3f:93:a7:6c:48:9b:84:d1:c4:bb:4f:c0:a8:af:c5:39:66:10:
         c9:80:b2:b2:17:56:9a:71:e2:e6:7e:52:83:69:88:82:de:4f:
         85:f8:f2:db:d5:7a:c1:77:ca:32:29:f4:0d:bf:01:1b:63:28:
         5c:8e:28:4e:36:76:af:49:ff:27:12:d7:38:c6:15:46:f1:7a:
         ba:8d:d0:b4:b2:84:83:ac:01:2d:15:0e:96:cd:2b:17:14:93:
         93:dd:85:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRmqXZ5orEoJnsvlqrLYWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYzcxMDMwZmUwODFlMDJiYWI0ODIzZDA1NjhmZmIyYTMz
MjY1ZTEwHhcNMjUwMTAyMTM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGUzZDg0MmMzOWUwODUwYzg3M2JhODY2ZGRhYzIzMTRiOWRkYzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6lVbMakAzby4DWWCKVb7b5LZFYr
+m/f2CoGC/v5RpNgdnA+HZh8Ii2q3HkphZwBAIepcliBrimjq6sRga9G5lAqB9Cx
nm2W+CZoY1IKeyTF8+UkWSCl4iBoGkagYewOTcimoCsSvpUhEpwytdzQYFobARW1
ferKOOK3qHhCewhf3qvq786l91r7HXZiakQH1T0fl1oQ5q2DfabqEXfvi0mLKN+S
dI/bynyzdtX4pmn2X/Irg2Y9QUBGaq+8cMSM7qduI8pNK6UW8rGY2r99gOQLqB4U
s2ORq4j8g5vpgsC8ZRW7WmnpYDEG62NNdbqBeAS2KSrrHCU4HN/qtXt6yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDj2ELDnghQyHO6hm3awjFLndyXMB8GA1UdIwQY
MBaAFNrHEDD+CB4CurSCPQVo/7KjMmXhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnNjUU1QNElIZ0s2dElJOUJXal9zcU15WmVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yNWU2ZDgtNGU3Mi00YWMyLWI2ZTUt
YzgyMDFiOTFhZWMzLzEvY09QWVFzT2VDRkRJYzdxR2JkckNNVXVkM0pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yNWU2ZDgtNGU3Mi00YWMyLWI2ZTUtYzgyMDFiOTFhZWMz
LzEvMnNjUU1QNElIZ0s2dElJOUJXal9zcU15WmVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVFsMA0G
CSqGSIb3DQEBCwUAA4IBAQAFXR3Asr9EnZ/MzeIidr3uvZ+qkZa3kLBFCNl5U6DM
nG0hlKMWgj8hF/pQaJqE8tTLFQnz35R1tbKThme2CZ5MTUP93NlaZ7ocLklmCLPa
vJQQ4R/KiAkXyH2wBqWs5SaqkHmJzDH611pMSXoaFXJ8ZQWt34QXjM2NDxN7/j0C
EiTZDctZ++ghvq0+y6W1jCNvjkbOJtwm4+9m17ugNg3wgBw/k6dsSJuE0cS7T8Co
r8U5ZhDJgLKyF1aaceLmflKDaYiC3k+F+PLb1XrBd8oyKfQNvwEbYyhcjihONnav
Sf8nEtc4xhVG8Xq6jdC0soSDrAEtFQ6WzSsXFJOT3YXm
-----END CERTIFICATE-----