Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/igJsZiRyE_4FafNetHJsU2tAvxU.roa
File:                     igJsZiRyE_4FafNetHJsU2tAvxU.roa (raw, json)
Hash identifier:          YdMkAkXmG78qIoQI66GyQqNSSkW6yFTCyc+RQT7VwTw=
Subject key identifier:   8A:02:6C:66:24:72:13:FE:05:69:F3:5E:B4:72:6C:53:6B:40:BF:15
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       0194F00C89527A467F90D6436C60BE14249B
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/igJsZiRyE_4FafNetHJsU2tAvxU.roa
Signing time:             Mon 10 Feb 2025 13:29:00 +0000
ROA not before:           Mon 10 Feb 2025 13:29:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214382
IP address blocks:        5.180.104.0/24 maxlen: 24
                          45.141.150.0/24 maxlen: 24
                          2a13:a440:8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f0:0c:89:52:7a:46:7f:90:d6:43:6c:60:be:14:24:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Feb 10 13:29:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a026c66247213fe0569f35eb4726c536b40bf15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a0:82:eb:f6:98:a9:3c:1f:7c:e3:94:86:a5:
                    d9:bf:73:de:fe:ee:45:57:b1:75:1b:ce:31:ed:86:
                    6c:e1:3e:5d:1c:37:97:d3:18:38:68:a4:2b:eb:b4:
                    eb:39:1c:d0:35:e6:bd:b2:c1:df:92:29:45:5c:d4:
                    b7:1b:48:a7:7d:45:5b:34:4b:e8:2c:b2:65:10:dd:
                    89:31:1a:86:81:21:e0:7a:da:5b:5b:7c:ff:b6:9a:
                    8a:62:da:53:1d:7f:83:40:a5:1d:37:8e:96:8f:2b:
                    a8:c6:cf:63:0e:90:5b:9f:78:eb:3f:a8:7c:bc:f9:
                    6f:74:3d:35:93:cc:e0:6f:6e:e9:c7:b9:eb:fd:09:
                    1c:12:a3:d3:e4:76:74:46:1c:71:aa:62:58:a4:50:
                    74:41:1a:d0:4e:1e:44:51:1e:b3:93:ef:ee:56:64:
                    4e:a1:61:79:10:5f:3e:17:6f:eb:ce:51:ae:9a:24:
                    59:25:08:4f:43:9a:62:5a:0d:f7:2e:98:8d:29:0b:
                    61:ed:b5:47:9c:06:f8:ba:bd:e5:42:69:2e:fd:de:
                    a2:bc:ed:b0:72:22:1e:fb:21:85:c0:07:23:89:b9:
                    b0:b3:70:41:e9:53:ab:06:76:d5:fc:43:be:18:0a:
                    dd:63:b8:aa:e6:85:91:aa:62:1c:46:16:e3:e2:40:
                    a6:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:02:6C:66:24:72:13:FE:05:69:F3:5E:B4:72:6C:53:6B:40:BF:15
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/igJsZiRyE_4FafNetHJsU2tAvxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.104.0/24
                  45.141.150.0/24
                IPv6:
                  2a13:a440:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:47:98:b8:72:e5:82:54:18:5a:a5:e0:17:6d:de:14:ba:30:
         30:e2:c0:cc:02:f4:9c:9d:8c:09:41:bd:fe:f2:ab:c5:5f:f4:
         04:27:03:10:c1:0b:11:c8:42:e0:f3:52:48:1b:51:6b:2f:3a:
         97:56:77:01:e9:61:93:e6:7a:44:16:09:16:43:ac:fb:a9:f9:
         7b:b1:9c:01:17:3b:9e:0d:2e:72:88:59:52:76:78:12:64:70:
         8f:2c:a5:b5:92:7a:88:81:18:0d:b9:a5:ba:db:fa:e6:30:de:
         39:66:6c:78:ac:e1:9c:36:47:5d:bd:7c:3d:7f:3c:09:84:aa:
         88:fa:0a:83:ea:d6:fa:2a:35:de:00:8a:09:0a:9b:70:34:bf:
         9b:c3:92:0a:0f:7f:3d:37:b1:53:db:84:3b:50:d9:1c:e9:e8:
         3e:43:bd:ab:e2:8c:c7:07:b0:a7:13:87:a1:2e:2e:1b:cb:eb:
         fe:87:fa:e3:8a:4a:2f:23:c5:64:d2:13:0d:ac:78:6d:f6:4b:
         14:d9:d3:c6:42:96:f1:24:60:c0:b6:3f:27:af:67:f8:2f:34:
         2e:80:b4:31:2d:72:0c:5c:c3:2a:0e:0e:c1:a2:8c:67:03:9a:
         a5:f1:4d:17:87:4d:64:27:4d:f3:a7:ab:04:f8:a6:23:84:b6:
         b4:ee:65:2e
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZTwDIlSekZ/kNZDbGC+FCSbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjUwMjEwMTMyOTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTAyNmM2NjI0NzIxM2ZlMDU2OWYzNWViNDcyNmM1MzZiNDBiZjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6CC6/aYqTwffOOUhqXZv3Pe/u5F
V7F1G84x7YZs4T5dHDeX0xg4aKQr67TrORzQNea9ssHfkilFXNS3G0infUVbNEvo
LLJlEN2JMRqGgSHgetpbW3z/tpqKYtpTHX+DQKUdN46Wjyuoxs9jDpBbn3jrP6h8
vPlvdD01k8zgb27px7nr/QkcEqPT5HZ0RhxxqmJYpFB0QRrQTh5EUR6zk+/uVmRO
oWF5EF8+F2/rzlGumiRZJQhPQ5piWg33LpiNKQth7bVHnAb4ur3lQmku/d6ivO2w
ciIe+yGFwAcjibmws3BB6VOrBnbV/EO+GArdY7iq5oWRqmIcRhbj4kCmVQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFIoCbGYkchP+BWnzXrRybFNrQL8VMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvaWdKc1ppUnlFXzRGYWZOZXRISnNVMnRBdnhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQABbRoAwQA
LY2WMA8EAgACMAkDBwAqE6RAAAgwDQYJKoZIhvcNAQELBQADggEBAB5HmLhy5YJU
GFql4Bdt3hS6MDDiwMwC9JydjAlBvf7yq8Vf9AQnAxDBCxHIQuDzUkgbUWsvOpdW
dwHpYZPmekQWCRZDrPup+XuxnAEXO54NLnKIWVJ2eBJkcI8spbWSeoiBGA25pbrb
+uYw3jlmbHis4Zw2R129fD1/PAmEqoj6CoPq1voqNd4AigkKm3A0v5vDkgoPfz03
sVPbhDtQ2Rzp6D5DvavijMcHsKcTh6EuLhvL6/6H+uOKSi8jxWTSEw2seG32SxTZ
08ZClvEkYMC2PyevZ/gvNC6AtDEtcgxcwyoODsGijGcDmqXxTReHTWQnTfOnqwT4
piOEtrTuZS4=
-----END CERTIFICATE-----