Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/bDIcLcgGp-5S7AYDgnIAsZkN5sQ.roa
File:                     bDIcLcgGp-5S7AYDgnIAsZkN5sQ.roa (raw, json)
Hash identifier:          gQjvkkb2pNgzXW4i64U/jxG8dqyN9edAwWDPKi6u07c=
Subject key identifier:   6C:32:1C:2D:C8:06:A7:EE:52:EC:06:03:82:72:00:B1:99:0D:E6:C4
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       0195CDF12E19B50A450E78D6C7FDE54AB49F
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/bDIcLcgGp-5S7AYDgnIAsZkN5sQ.roa
Signing time:             Tue 25 Mar 2025 15:34:50 +0000
ROA not before:           Tue 25 Mar 2025 15:34:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        45.67.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:cd:f1:2e:19:b5:0a:45:0e:78:d6:c7:fd:e5:4a:b4:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Mar 25 15:34:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c321c2dc806a7ee52ec0603827200b1990de6c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:65:1d:de:3a:05:c2:0c:05:9a:86:1a:b9:78:
                    b5:e4:2b:25:37:58:d6:6b:ac:33:0e:06:b6:04:ab:
                    19:b0:43:8c:22:a0:cf:10:63:e6:be:52:e1:b6:38:
                    b7:ef:54:6c:d1:be:60:b9:02:b6:48:f0:6d:ee:62:
                    c3:b9:b8:8b:4f:2f:e2:75:6f:e7:f3:bf:c8:13:02:
                    cf:59:60:93:a5:ad:c5:12:8f:b1:98:e0:ce:30:ba:
                    e2:34:9c:e2:9e:8e:d2:7e:d4:9a:d9:a9:fb:3a:6e:
                    07:df:0a:dd:d6:d9:7a:d1:c5:2a:2e:b7:13:17:f0:
                    a1:7f:0b:55:59:62:fd:d5:9e:ac:99:0a:55:4d:79:
                    52:c4:d9:63:d5:f8:1e:e4:7c:ad:ce:4e:22:6f:80:
                    60:eb:ab:ad:7b:44:9a:40:20:d7:08:ca:42:b1:66:
                    a3:ed:6c:d7:e1:c7:d6:55:88:19:30:8c:22:3a:52:
                    2d:4b:c3:88:e6:5b:35:d1:9d:fe:cf:f7:d4:08:41:
                    5a:1d:11:a7:4b:c7:9e:a3:36:56:7f:57:2b:ba:cd:
                    c8:9d:08:25:4f:2f:63:55:fd:7d:a2:9f:8f:b2:19:
                    2c:ba:63:64:b1:32:4b:8c:6e:24:02:9a:6c:49:54:
                    04:b0:95:14:0a:00:c5:14:6e:dc:09:01:f7:5b:32:
                    d6:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:32:1C:2D:C8:06:A7:EE:52:EC:06:03:82:72:00:B1:99:0D:E6:C4
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/bDIcLcgGp-5S7AYDgnIAsZkN5sQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:90:55:a6:0d:3a:42:cf:0e:33:18:eb:61:e3:b6:7e:38:37:
         16:f7:83:42:03:57:8c:09:6d:23:37:04:04:9a:6b:69:67:91:
         46:7f:f8:95:50:46:20:a7:0a:0f:ac:19:a2:74:f0:a0:dd:02:
         25:01:be:25:0e:0e:01:5e:5d:dc:52:93:85:2b:6e:d7:ac:aa:
         6d:2b:2d:3d:5e:69:43:bc:8a:8f:9a:71:2b:c3:19:b3:5b:0f:
         d1:44:71:8f:7f:15:04:af:5e:65:b9:d0:f1:0d:cb:2d:ac:e0:
         0c:37:d0:de:8e:fb:d2:74:8a:50:b1:1e:b7:e3:4a:fb:10:c4:
         c6:ac:c8:7c:a9:c2:8b:4f:86:bc:7f:b6:5b:4b:e4:c2:91:5a:
         f3:35:b6:c4:1e:0e:65:07:75:67:a1:3f:96:4b:53:8f:ed:99:
         28:5c:96:b9:5d:e8:c1:33:41:b9:30:8f:62:9d:70:92:a8:71:
         fe:8c:ab:34:7c:5a:be:d4:2a:46:2f:c8:75:0c:a1:b7:e7:e0:
         37:cb:d5:fe:6d:b7:07:b8:cc:51:8d:3a:de:bc:13:b9:f9:a1:
         73:74:e2:13:00:61:24:59:6e:92:83:24:a3:8e:66:f8:48:ee:
         8a:fc:ff:b2:c9:36:c0:85:94:50:60:4d:10:75:2f:36:0b:fd:
         50:cc:33:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXN8S4ZtQpFDnjWx/3lSrSfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwMzI1MTUzNDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzMyMWMyZGM4MDZhN2VlNTJlYzA2MDM4MjcyMDBiMTk5MGRlNmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2Ud3joFwgwFmoYauXi15CslN1jW
a6wzDga2BKsZsEOMIqDPEGPmvlLhtji371Rs0b5guQK2SPBt7mLDubiLTy/idW/n
87/IEwLPWWCTpa3FEo+xmODOMLriNJzino7SftSa2an7Om4H3wrd1tl60cUqLrcT
F/ChfwtVWWL91Z6smQpVTXlSxNlj1fge5Hytzk4ib4Bg66ute0SaQCDXCMpCsWaj
7WzX4cfWVYgZMIwiOlItS8OI5ls10Z3+z/fUCEFaHRGnS8eeozZWf1crus3InQgl
Ty9jVf19op+PshksumNksTJLjG4kAppsSVQEsJUUCgDFFG7cCQH3WzLWjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwyHC3IBqfuUuwGA4JyALGZDebEMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvYkRJY0xjZ0dwLTVTN0FZRGduSUFzWmtONXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUPKMA0G
CSqGSIb3DQEBCwUAA4IBAQAHkFWmDTpCzw4zGOth47Z+ODcW94NCA1eMCW0jNwQE
mmtpZ5FGf/iVUEYgpwoPrBmidPCg3QIlAb4lDg4BXl3cUpOFK27XrKptKy09XmlD
vIqPmnErwxmzWw/RRHGPfxUEr15ludDxDcstrOAMN9DejvvSdIpQsR6340r7EMTG
rMh8qcKLT4a8f7ZbS+TCkVrzNbbEHg5lB3VnoT+WS1OP7ZkoXJa5XejBM0G5MI9i
nXCSqHH+jKs0fFq+1CpGL8h1DKG35+A3y9X+bbcHuMxRjTrevBO5+aFzdOITAGEk
WW6SgySjjmb4SO6K/P+yyTbAhZRQYE0QdS82C/1QzDNd
-----END CERTIFICATE-----