Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/wMpCtJuJnMKH9PZbiphThxb5p3I.roa
File:                     wMpCtJuJnMKH9PZbiphThxb5p3I.roa (raw, json)
Hash identifier:          ho1eRYtOPimdRyr4aEbAZG/GlZlHUFROWz250IKu38c=
Subject key identifier:   C0:CA:42:B4:9B:89:9C:C2:87:F4:F6:5B:8A:98:53:87:16:F9:A7:72
Certificate issuer:       /CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
Certificate serial:       01942747D28C683AF2D7C5FBF65033301417
Authority key identifier: E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/wMpCtJuJnMKH9PZbiphThxb5p3I.roa
Signing time:             Thu 02 Jan 2025 13:50:05 +0000
ROA not before:           Thu 02 Jan 2025 13:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     264617
IP address blocks:        45.82.220.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:d2:8c:68:3a:f2:d7:c5:fb:f6:50:33:30:14:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
        Validity
            Not Before: Jan  2 13:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0ca42b49b899cc287f4f65b8a98538716f9a772
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:10:c5:b6:1a:a0:0f:4a:d4:ab:ff:e7:72:42:
                    a6:c9:e3:e6:0d:39:94:e7:24:c3:2f:f5:50:c5:ab:
                    6d:80:81:7e:2d:bb:d7:7c:a1:19:28:43:c8:40:84:
                    7e:5f:e2:e3:ab:f4:21:2d:35:8c:92:99:c3:cb:c6:
                    53:37:49:da:d4:82:85:6f:ca:bb:b8:27:0a:58:cd:
                    da:42:85:90:63:60:ea:d0:83:aa:83:f3:ab:6e:50:
                    25:fb:dc:14:cb:e1:df:a8:1a:a9:75:7d:73:a4:7d:
                    82:9d:bd:f6:ce:7b:a3:a7:73:fb:ee:ba:8f:2c:5d:
                    70:26:1a:10:7a:cd:d1:87:68:43:64:da:46:af:11:
                    1c:fc:04:a5:26:3d:54:82:ca:eb:9b:3a:07:f8:53:
                    9f:f1:d5:04:74:78:eb:3a:e5:09:da:9e:e6:7b:b3:
                    55:8f:86:2e:ad:c1:f2:96:ad:d3:1e:34:a3:f7:98:
                    4e:3d:58:40:14:67:e7:8f:04:09:60:7e:1d:7c:d7:
                    31:04:59:69:1f:f0:4b:77:94:21:91:3d:62:41:ec:
                    98:78:d4:35:3f:5c:d8:e4:d4:5d:cc:9b:d4:4a:81:
                    7e:41:02:36:67:4a:38:bb:82:2e:18:74:35:47:5f:
                    12:b1:05:82:2a:f0:f5:af:f0:03:8f:9a:8f:98:54:
                    12:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:CA:42:B4:9B:89:9C:C2:87:F4:F6:5B:8A:98:53:87:16:F9:A7:72
            X509v3 Authority Key Identifier:
                keyid:E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/wMpCtJuJnMKH9PZbiphThxb5p3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:0d:20:18:82:96:20:0d:d4:f0:0f:9c:2b:56:6d:0c:91:0f:
         00:ce:28:be:75:4e:66:89:0a:5b:a0:c3:af:bf:6f:48:6b:64:
         c4:42:c3:4f:7d:e4:08:20:56:d7:38:47:60:0f:f4:24:fa:b8:
         18:65:e9:86:a8:b7:48:29:51:5b:14:a2:01:5f:23:f8:ce:16:
         23:26:4c:fb:d1:8c:33:41:55:ce:3e:46:cc:9b:f2:17:67:4d:
         dc:c1:8b:a2:ec:ff:0e:15:33:65:77:0f:bf:4d:f0:91:92:0c:
         34:f5:30:04:ef:94:e7:0a:3b:90:14:ef:eb:12:95:eb:36:ad:
         12:72:e9:50:e2:d4:be:24:af:5f:a7:47:91:a0:9e:df:59:52:
         67:de:d9:54:09:2d:40:1a:c5:db:54:34:18:1d:6b:e8:52:b4:
         50:85:9c:d0:18:9c:fb:9b:37:cb:9f:be:8b:ca:6d:58:71:e7:
         a5:67:10:9e:4b:e0:50:55:9a:70:6d:0e:64:b5:cf:d5:95:9f:
         22:fb:60:f5:63:54:7e:64:4e:c4:32:f1:fd:0c:c1:96:6e:c4:
         54:5b:e4:a4:e2:1d:8e:e1:d2:49:d2:c6:e2:32:a5:e8:10:89:
         43:d4:67:ec:e4:02:44:85:b4:42:60:b1:4a:f3:78:61:96:16:
         d6:ea:77:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR9KMaDry18X79lAzMBQXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDBjNDlhMGU5N2UwZDVmM2NlZDNiN2I2YjlmNzJjYTBj
YjUzZDYwHhcNMjUwMTAyMTM1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGNhNDJiNDliODk5Y2MyODdmNGY2NWI4YTk4NTM4NzE2ZjlhNzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6xDFthqgD0rUq//nckKmyePmDTmU
5yTDL/VQxattgIF+LbvXfKEZKEPIQIR+X+Ljq/QhLTWMkpnDy8ZTN0na1IKFb8q7
uCcKWM3aQoWQY2Dq0IOqg/OrblAl+9wUy+HfqBqpdX1zpH2Cnb32znujp3P77rqP
LF1wJhoQes3Rh2hDZNpGrxEc/ASlJj1UgsrrmzoH+FOf8dUEdHjrOuUJ2p7me7NV
j4YurcHylq3THjSj95hOPVhAFGfnjwQJYH4dfNcxBFlpH/BLd5QhkT1iQeyYeNQ1
P1zY5NRdzJvUSoF+QQI2Z0o4u4IuGHQ1R18SsQWCKvD1r/ADj5qPmFQS6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMDKQrSbiZzCh/T2W4qYU4cW+adyMB8GA1UdIwQY
MBaAFOLQxJoOl+DV887Tt7a59yygy1PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEt
NDY5MGEwMDcxNDFmLzEvd01wQ3RKdUpuTUtIOVBaYmlwaFRoeGI1cDNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEtNDY5MGEwMDcxNDFm
LzEvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVLcMA0G
CSqGSIb3DQEBCwUAA4IBAQBHDSAYgpYgDdTwD5wrVm0MkQ8Azii+dU5miQpboMOv
v29Ia2TEQsNPfeQIIFbXOEdgD/Qk+rgYZemGqLdIKVFbFKIBXyP4zhYjJkz70Ywz
QVXOPkbMm/IXZ03cwYui7P8OFTNldw+/TfCRkgw09TAE75TnCjuQFO/rEpXrNq0S
culQ4tS+JK9fp0eRoJ7fWVJn3tlUCS1AGsXbVDQYHWvoUrRQhZzQGJz7mzfLn76L
ym1YceelZxCeS+BQVZpwbQ5ktc/VlZ8i+2D1Y1R+ZE7EMvH9DMGWbsRUW+Sk4h2O
4dJJ0sbiMqXoEIlD1Gfs5AJEhbRCYLFK83hhlhbW6nfO
-----END CERTIFICATE-----