Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/jimBz39dlHE2MfUY4L25nGwN-0k.roa
File:                     jimBz39dlHE2MfUY4L25nGwN-0k.roa (raw, json)
Hash identifier:          ERw9Pg+xxXFworqjhjysZEnVIEowGkRsBZaaEld0xWo=
Subject key identifier:   8E:29:81:CF:7F:5D:94:71:36:31:F5:18:E0:BD:B9:9C:6C:0D:FB:49
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CC2FD488516FCE67AD43BC83DB5E6
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/jimBz39dlHE2MfUY4L25nGwN-0k.roa
Signing time:             Wed 01 Jan 2025 01:48:26 +0000
ROA not before:           Wed 01 Jan 2025 01:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207923
IP address blocks:        45.158.100.0/22 maxlen: 24
                          2a0f:4c40::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:c2:fd:48:85:16:fc:e6:7a:d4:3b:c8:3d:b5:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e2981cf7f5d94713631f518e0bdb99c6c0dfb49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7f:9e:6e:d2:b3:d8:67:ee:2b:34:f8:b6:31:
                    30:27:38:a8:fe:4c:99:95:2b:6e:1e:09:7b:b3:57:
                    59:7a:ad:00:31:a5:e3:ab:e0:01:69:24:f7:43:db:
                    35:55:a8:3d:3a:74:8c:f3:06:bf:f5:6f:29:e6:48:
                    d3:4e:d9:7d:0d:86:3e:27:d4:bd:4c:f5:f3:93:b4:
                    da:f3:e9:0c:20:fa:f8:73:17:44:81:f8:1d:02:68:
                    fa:77:2a:f8:d7:af:df:5e:8b:e9:c1:35:f0:d9:01:
                    ca:f5:5e:dd:b6:65:0d:24:9c:e1:21:be:14:8e:d9:
                    5a:62:78:60:b0:78:57:5a:71:e7:15:9d:f0:ea:57:
                    07:5b:bb:16:86:79:96:36:d2:7b:3e:c1:66:75:6f:
                    7f:d6:9f:c8:2e:ec:ec:49:50:0f:c8:ce:2c:de:84:
                    43:2b:ef:a3:8c:f2:ed:31:45:df:2b:1a:89:14:8a:
                    d2:80:97:c8:f8:c6:bc:fc:b8:f8:9c:7c:fe:51:21:
                    32:b4:07:72:bd:55:1c:e7:2e:3a:77:f7:38:69:41:
                    7e:61:15:ad:c0:fd:8f:4e:86:0f:ba:1c:d7:b7:69:
                    5c:a5:66:bf:12:b8:ac:c9:e2:f3:d0:81:c6:ff:da:
                    d8:ee:52:1f:e6:d2:d7:b5:75:fe:de:d7:8d:99:0c:
                    22:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:29:81:CF:7F:5D:94:71:36:31:F5:18:E0:BD:B9:9C:6C:0D:FB:49
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/jimBz39dlHE2MfUY4L25nGwN-0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.100.0/22
                IPv6:
                  2a0f:4c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         97:42:44:17:4f:fd:a7:13:0d:84:ec:22:49:e4:99:5e:ae:49:
         b0:b1:0f:b2:bd:09:b7:c8:68:5a:10:13:66:7b:d1:af:11:a0:
         c4:16:07:ca:1a:5d:42:df:e7:36:c4:de:b3:03:69:83:e3:26:
         94:80:1e:7a:29:57:1d:ff:2f:28:91:9e:3d:9a:32:ff:4f:68:
         5e:9b:3d:84:5b:ac:ee:cc:50:bd:c6:1f:d0:eb:1e:3c:bd:1b:
         6f:4a:b5:29:6c:91:57:2d:bd:ec:d9:01:6d:da:03:e8:a5:b1:
         7a:d4:e5:a3:49:47:ce:8f:92:0a:a3:d9:99:b9:23:c6:2d:72:
         a1:88:52:23:15:bf:40:ea:1e:f4:f0:1f:b3:2f:d0:99:77:9b:
         18:33:b0:41:95:33:8c:fc:a6:87:19:2b:05:9f:51:78:d9:e4:
         2c:07:7d:c8:86:ab:67:3c:eb:3b:89:05:3f:5a:36:9a:40:af:
         ba:fd:a4:a2:65:40:1f:6e:85:e9:69:0d:2e:35:45:17:89:ad:
         2b:a6:42:86:0a:7c:8d:c7:b0:47:1f:a7:3e:9a:8b:36:34:f0:
         b5:48:d9:e4:4f:79:31:5a:00:92:3b:0b:b0:a5:42:dd:df:d1:
         7c:27:7b:e3:45:4d:d2:04:81:43:f9:94:64:71:c5:9f:b0:ed:
         10:5c:88:8f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjML9SIUW/OZ61DvIPbXmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTI5ODFjZjdmNWQ5NDcxMzYzMWY1MThlMGJkYjk5YzZjMGRmYjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3+ebtKz2GfuKzT4tjEwJzio/kyZ
lStuHgl7s1dZeq0AMaXjq+ABaST3Q9s1Vag9OnSM8wa/9W8p5kjTTtl9DYY+J9S9
TPXzk7Ta8+kMIPr4cxdEgfgdAmj6dyr416/fXovpwTXw2QHK9V7dtmUNJJzhIb4U
jtlaYnhgsHhXWnHnFZ3w6lcHW7sWhnmWNtJ7PsFmdW9/1p/ILuzsSVAPyM4s3oRD
K++jjPLtMUXfKxqJFIrSgJfI+Ma8/Lj4nHz+USEytAdyvVUc5y46d/c4aUF+YRWt
wP2PToYPuhzXt2lcpWa/ErisyeLz0IHG/9rY7lIf5tLXtXX+3teNmQwiIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI4pgc9/XZRxNjH1GOC9uZxsDftJMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvamltQnozOWRsSEUyTWZVWTRMMjVuR3dOLTBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZ5kMA0E
AgACMAcDBQMqD0xAMA0GCSqGSIb3DQEBCwUAA4IBAQCXQkQXT/2nEw2E7CJJ5Jle
rkmwsQ+yvQm3yGhaEBNme9GvEaDEFgfKGl1C3+c2xN6zA2mD4yaUgB56KVcd/y8o
kZ49mjL/T2hemz2EW6zuzFC9xh/Q6x48vRtvSrUpbJFXLb3s2QFt2gPopbF61OWj
SUfOj5IKo9mZuSPGLXKhiFIjFb9A6h708B+zL9CZd5sYM7BBlTOM/KaHGSsFn1F4
2eQsB33IhqtnPOs7iQU/WjaaQK+6/aSiZUAfboXpaQ0uNUUXia0rpkKGCnyNx7BH
H6c+mos2NPC1SNnkT3kxWgCSOwuwpULd39F8J3vjRU3SBIFD+ZRkccWfsO0QXIiP
-----END CERTIFICATE-----