Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/64bdef-5b5d-4d13-ae8e-0835e6b1e39a/1/nwRwy-984bbHflwKusiJIVmAkq4.roa
File:                     nwRwy-984bbHflwKusiJIVmAkq4.roa (raw, json)
Hash identifier:          tOQkT5BXAu3wfc5aKZscWA4O4C5nLe2NnLsQNNV6duI=
Subject key identifier:   9F:04:70:CB:EF:7C:E1:B6:C7:7E:5C:0A:BA:C8:89:21:59:80:92:AE
Certificate issuer:       /CN=e84d9482ec68d3577d93048c98fa05517380a2a8
Certificate serial:       0195B437CAF5BC724D351536BDC5B7F49ECE
Authority key identifier: E8:4D:94:82:EC:68:D3:57:7D:93:04:8C:98:FA:05:51:73:80:A2:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6E2Uguxo01d9kwSMmPoFUXOAoqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/64bdef-5b5d-4d13-ae8e-0835e6b1e39a/1/nwRwy-984bbHflwKusiJIVmAkq4.roa
Signing time:             Thu 20 Mar 2025 15:41:50 +0000
ROA not before:           Thu 20 Mar 2025 15:41:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212891
IP address blocks:        45.129.248.0/22 maxlen: 24
                          2001:3c40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/64bdef-5b5d-4d13-ae8e-0835e6b1e39a/1/6E2Uguxo01d9kwSMmPoFUXOAoqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/64bdef-5b5d-4d13-ae8e-0835e6b1e39a/1/6E2Uguxo01d9kwSMmPoFUXOAoqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6E2Uguxo01d9kwSMmPoFUXOAoqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b4:37:ca:f5:bc:72:4d:35:15:36:bd:c5:b7:f4:9e:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e84d9482ec68d3577d93048c98fa05517380a2a8
        Validity
            Not Before: Mar 20 15:41:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f0470cbef7ce1b6c77e5c0abac88921598092ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:53:82:e2:4b:6e:aa:f5:be:13:23:65:b0:aa:
                    c4:1e:fa:f4:e5:83:10:3f:16:91:8b:7e:b4:db:97:
                    ff:1e:32:00:df:b1:7d:74:4d:9d:9a:6f:d5:6a:d3:
                    a5:94:cd:ac:19:03:bc:b5:3c:6a:e5:04:37:54:55:
                    f5:06:41:cd:36:24:c4:84:f9:eb:8e:f2:b4:07:90:
                    f6:3e:4d:3f:27:22:f6:ef:86:c5:26:c3:3d:43:35:
                    3b:01:67:3d:01:fa:50:eb:e3:c2:f2:b6:d5:99:35:
                    dc:4e:3f:29:e9:6d:b0:1a:3f:f8:6d:f0:fa:5e:53:
                    11:08:14:88:43:38:58:ef:e5:c6:c5:ff:8d:bd:83:
                    ce:ef:8d:04:bd:52:e3:a8:5b:28:c5:36:41:a3:27:
                    ad:df:96:11:ee:0f:6b:e6:48:d1:08:95:ab:5c:f0:
                    01:e8:64:9c:b8:c5:f8:69:ed:58:fb:67:15:bf:1f:
                    ec:44:b7:6a:bd:cf:89:af:f9:3f:34:90:df:bb:14:
                    79:14:f9:da:bd:a0:59:96:65:09:7f:8b:0d:30:78:
                    70:2b:05:72:bd:1c:3d:51:f7:bd:94:e5:26:78:33:
                    6f:c7:6b:96:56:9a:35:47:af:6a:4f:6f:8e:ce:0f:
                    df:bd:f7:88:d3:8f:5c:6b:f6:03:b3:d4:dc:91:62:
                    95:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:04:70:CB:EF:7C:E1:B6:C7:7E:5C:0A:BA:C8:89:21:59:80:92:AE
            X509v3 Authority Key Identifier:
                keyid:E8:4D:94:82:EC:68:D3:57:7D:93:04:8C:98:FA:05:51:73:80:A2:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6E2Uguxo01d9kwSMmPoFUXOAoqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/64bdef-5b5d-4d13-ae8e-0835e6b1e39a/1/nwRwy-984bbHflwKusiJIVmAkq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/64bdef-5b5d-4d13-ae8e-0835e6b1e39a/1/6E2Uguxo01d9kwSMmPoFUXOAoqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.248.0/22
                IPv6:
                  2001:3c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:e8:23:08:97:b0:e5:92:a6:5e:ae:dc:17:9a:45:00:91:99:
         71:88:19:82:a6:43:45:ae:2c:11:1b:7a:ba:d6:ce:82:50:58:
         cb:f3:eb:8a:a6:a8:7a:eb:98:9d:cb:5c:f2:62:ba:d5:dc:5b:
         68:e2:7e:06:e8:d8:3a:a0:c2:b1:f0:b3:88:f1:f7:dd:c5:ed:
         f9:aa:40:68:f6:cc:56:62:fb:0b:c0:ca:98:9d:0d:68:a9:db:
         74:a2:d1:d8:c3:3c:ee:c0:98:02:06:78:ec:b9:97:17:6b:ed:
         bc:a5:d4:f5:6c:86:f3:c3:6f:b6:56:18:d1:ad:98:5b:65:b3:
         cc:4f:da:75:5d:ed:e0:84:37:35:99:96:b0:da:4c:7e:42:19:
         50:4e:5a:09:e5:d1:d2:91:c1:7d:8a:69:f9:53:78:cb:78:58:
         41:79:20:e1:40:93:64:78:6c:7d:81:41:fb:3a:4f:cf:f5:ec:
         d6:58:3d:8e:70:20:82:bf:b5:0f:a7:f5:a2:a7:8a:21:33:b9:
         fb:44:2a:cc:43:19:90:a8:4e:1a:63:62:95:f3:84:2a:69:9c:
         fd:24:c0:d3:95:3f:32:ee:1b:3c:92:5c:d1:ac:e2:3e:18:de:
         d1:80:40:46:c5:8c:1d:13:ca:80:ef:77:be:dc:21:5b:5a:32:
         70:70:a6:0c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZW0N8r1vHJNNRU2vcW39J7OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NGQ5NDgyZWM2OGQzNTc3ZDkzMDQ4Yzk4ZmEwNTUxNzM4
MGEyYTgwHhcNMjUwMzIwMTU0MTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjA0NzBjYmVmN2NlMWI2Yzc3ZTVjMGFiYWM4ODkyMTU5ODA5MmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlOC4ktuqvW+EyNlsKrEHvr05YMQ
PxaRi36025f/HjIA37F9dE2dmm/VatOllM2sGQO8tTxq5QQ3VFX1BkHNNiTEhPnr
jvK0B5D2Pk0/JyL274bFJsM9QzU7AWc9AfpQ6+PC8rbVmTXcTj8p6W2wGj/4bfD6
XlMRCBSIQzhY7+XGxf+NvYPO740EvVLjqFsoxTZBoyet35YR7g9r5kjRCJWrXPAB
6GScuMX4ae1Y+2cVvx/sRLdqvc+Jr/k/NJDfuxR5FPnavaBZlmUJf4sNMHhwKwVy
vRw9Ufe9lOUmeDNvx2uWVpo1R69qT2+Ozg/fvfeI049ca/YDs9TckWKVmQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ8EcMvvfOG2x35cCrrIiSFZgJKuMB8GA1UdIwQY
MBaAFOhNlILsaNNXfZMEjJj6BVFzgKKoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkUyVWd1eG8wMWQ5a3dTTW1Qb0ZVWE9Bb3FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy82NGJkZWYtNWI1ZC00ZDEzLWFlOGUt
MDgzNWU2YjFlMzlhLzEvbndSd3ktOTg0YmJIZmx3S3VzaUpJVm1Ba3E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy82NGJkZWYtNWI1ZC00ZDEzLWFlOGUtMDgzNWU2YjFlMzlh
LzEvNkUyVWd1eG8wMWQ5a3dTTW1Qb0ZVWE9Bb3FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYH4MA0E
AgACMAcDBQMgATxAMA0GCSqGSIb3DQEBCwUAA4IBAQAB6CMIl7DlkqZertwXmkUA
kZlxiBmCpkNFriwRG3q61s6CUFjL8+uKpqh665idy1zyYrrV3Fto4n4G6Ng6oMKx
8LOI8ffdxe35qkBo9sxWYvsLwMqYnQ1oqdt0otHYwzzuwJgCBnjsuZcXa+28pdT1
bIbzw2+2VhjRrZhbZbPMT9p1Xe3ghDc1mZaw2kx+QhlQTloJ5dHSkcF9imn5U3jL
eFhBeSDhQJNkeGx9gUH7Ok/P9ezWWD2OcCCCv7UPp/Wip4ohM7n7RCrMQxmQqE4a
Y2KV84QqaZz9JMDTlT8y7hs8klzRrOI+GN7RgEBGxYwdE8qA73e+3CFbWjJwcKYM
-----END CERTIFICATE-----