Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/PkYmFRf-HWr9904Mjt5yY6PLH9g.roa
File:                     PkYmFRf-HWr9904Mjt5yY6PLH9g.roa (raw, json)
Hash identifier:          RJEid7LlZQZzoUyryUgHJGiT0ar4rutqoeaDKqmZmog=
Subject key identifier:   3E:46:26:15:17:FE:1D:6A:FD:F7:4E:0C:8E:DE:72:63:A3:CB:1F:D8
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422201E01518BF778215FDB24E45B5A8C
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/PkYmFRf-HWr9904Mjt5yY6PLH9g.roa
Signing time:             Wed 01 Jan 2025 13:48:37 +0000
ROA not before:           Wed 01 Jan 2025 13:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29119
IP address blocks:        45.8.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:1e:01:51:8b:f7:78:21:5f:db:24:e4:5b:5a:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e46261517fe1d6afdf74e0c8ede7263a3cb1fd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:45:c7:d0:28:ab:04:3c:46:a3:f2:25:b6:6b:
                    d0:af:4b:81:d2:a0:c4:a7:ab:1e:4b:cd:77:5d:a8:
                    32:07:24:8b:2e:e4:d0:e5:6d:44:d2:47:4d:15:b1:
                    1d:3b:1b:6c:01:cf:b0:0b:e8:9c:58:48:0a:66:e6:
                    56:eb:2c:f4:10:58:08:06:a6:b8:25:bc:04:e9:6d:
                    f1:a5:e6:dc:e7:a7:ed:e6:b2:c2:6e:4f:9f:eb:b3:
                    00:99:e1:12:81:58:62:f3:18:fc:70:7c:fd:12:8c:
                    79:c1:b4:10:65:73:a6:81:4c:b5:5f:b2:ed:00:f4:
                    f8:ed:94:c6:8d:03:d2:c1:db:37:58:d9:42:96:5a:
                    0f:cb:6b:9d:da:06:b6:af:09:b4:22:7a:f5:01:bb:
                    5c:6d:53:17:17:fb:b4:7d:76:d1:a1:48:4a:78:54:
                    0c:61:8a:76:35:c4:3c:1a:fa:3b:c8:45:a4:6c:ac:
                    93:58:58:c6:9c:10:e6:0c:a0:81:cc:11:fe:f9:e4:
                    2d:9a:85:5d:46:6f:6b:a6:58:9b:4c:12:1b:8f:fc:
                    31:26:cc:bf:a5:d6:1d:a9:cf:7f:4c:55:a0:a8:8c:
                    97:91:2b:17:3e:7a:07:a9:1f:df:55:13:c2:3d:c5:
                    a6:ad:a0:f7:9f:31:68:42:4c:1d:0e:70:65:c7:d4:
                    d8:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:46:26:15:17:FE:1D:6A:FD:F7:4E:0C:8E:DE:72:63:A3:CB:1F:D8
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/PkYmFRf-HWr9904Mjt5yY6PLH9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:17:a3:9d:4a:10:20:74:3b:38:a1:ec:8a:6c:75:f6:a4:a3:
         c1:73:9f:10:06:34:de:6b:49:5b:49:ba:77:12:0d:66:6d:f6:
         4a:f3:62:4a:82:58:76:51:3a:c3:41:dd:91:b2:79:46:61:d3:
         c1:ad:c3:bb:6a:9a:3a:b2:95:6c:bc:1e:40:42:1f:4d:e6:eb:
         f7:26:2a:41:b6:22:98:60:89:ab:c6:9a:34:45:fd:4b:26:81:
         2e:f9:48:21:99:67:99:8f:de:5a:e9:83:5b:7b:87:f7:47:93:
         a5:5f:03:53:b2:32:f0:43:82:aa:6a:7e:34:32:9f:29:1d:6f:
         55:0d:00:a5:29:5f:9f:b3:c4:5e:6a:67:a4:27:61:3f:7d:11:
         a1:a6:fa:37:88:34:ae:a0:2e:8f:59:d9:66:41:11:bd:c3:ca:
         7f:6e:81:3e:eb:9a:69:f1:da:0d:8b:6f:99:7f:c3:3a:3f:f9:
         de:e2:e3:ed:d8:c0:74:ed:2e:ad:72:a1:c6:a6:d6:38:52:19:
         e0:38:1c:c6:b2:6e:09:ca:69:d1:0a:41:75:b5:e0:8b:10:ec:
         99:b9:fe:c6:14:e0:af:f3:85:d0:f7:28:22:08:1e:0d:ea:b4:
         80:5b:7a:8f:76:17:56:11:15:15:a9:15:86:4d:28:23:aa:2e:
         7b:11:6a:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIB4BUYv3eCFf2yTkW1qMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTQ2MjYxNTE3ZmUxZDZhZmRmNzRlMGM4ZWRlNzI2M2EzY2IxZmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUXH0CirBDxGo/IltmvQr0uB0qDE
p6seS813XagyBySLLuTQ5W1E0kdNFbEdOxtsAc+wC+icWEgKZuZW6yz0EFgIBqa4
JbwE6W3xpebc56ft5rLCbk+f67MAmeESgVhi8xj8cHz9Eox5wbQQZXOmgUy1X7Lt
APT47ZTGjQPSwds3WNlClloPy2ud2ga2rwm0Inr1AbtcbVMXF/u0fXbRoUhKeFQM
YYp2NcQ8Gvo7yEWkbKyTWFjGnBDmDKCBzBH++eQtmoVdRm9rplibTBIbj/wxJsy/
pdYdqc9/TFWgqIyXkSsXPnoHqR/fVRPCPcWmraD3nzFoQkwdDnBlx9TYHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD5GJhUX/h1q/fdODI7ecmOjyx/YMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvUGtZbUZSZi1IV3I5OTA0TWp0NXlZNlBMSDlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQgXMA0G
CSqGSIb3DQEBCwUAA4IBAQCkF6OdShAgdDs4oeyKbHX2pKPBc58QBjTea0lbSbp3
Eg1mbfZK82JKglh2UTrDQd2RsnlGYdPBrcO7apo6spVsvB5AQh9N5uv3JipBtiKY
YImrxpo0Rf1LJoEu+UghmWeZj95a6YNbe4f3R5OlXwNTsjLwQ4Kqan40Mp8pHW9V
DQClKV+fs8ReamekJ2E/fRGhpvo3iDSuoC6PWdlmQRG9w8p/boE+65pp8doNi2+Z
f8M6P/ne4uPt2MB07S6tcqHGptY4UhngOBzGsm4JymnRCkF1teCLEOyZuf7GFOCv
84XQ9ygiCB4N6rSAW3qPdhdWERUVqRWGTSgjqi57EWoF
-----END CERTIFICATE-----