Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/Smd34xeFUEeunOCrNaNvyPItMW4.roa
File:                     Smd34xeFUEeunOCrNaNvyPItMW4.roa (raw, json)
Hash identifier:          tLjLkBtCoEO7JoIBI3BKAYDHLRl3QBXXfkRn3x13Z0I=
Subject key identifier:   4A:67:77:E3:17:85:50:47:AE:9C:E0:AB:35:A3:6F:C8:F2:2D:31:6E
Certificate issuer:       /CN=66f8206e3311df394f48389b8122b94aa1f0b05c
Certificate serial:       0194266AC7C90596184A97D7DE8918E58F87
Authority key identifier: 66:F8:20:6E:33:11:DF:39:4F:48:38:9B:81:22:B9:4A:A1:F0:B0:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZvggbjMR3zlPSDibgSK5SqHwsFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/Smd34xeFUEeunOCrNaNvyPItMW4.roa
Signing time:             Thu 02 Jan 2025 09:48:39 +0000
ROA not before:           Thu 02 Jan 2025 09:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        45.83.200.0/22 maxlen: 22
                          185.114.158.0/24 maxlen: 24
                          185.114.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/ZvggbjMR3zlPSDibgSK5SqHwsFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/ZvggbjMR3zlPSDibgSK5SqHwsFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZvggbjMR3zlPSDibgSK5SqHwsFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 13:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:c7:c9:05:96:18:4a:97:d7:de:89:18:e5:8f:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66f8206e3311df394f48389b8122b94aa1f0b05c
        Validity
            Not Before: Jan  2 09:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a6777e317855047ae9ce0ab35a36fc8f22d316e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:cd:44:8d:c6:ac:ae:c8:d0:9d:d4:b8:57:d2:
                    c2:c6:07:6c:eb:ee:f5:e8:e4:b3:80:7f:6f:8b:a0:
                    9f:85:75:32:95:d4:f2:27:0a:a0:0f:e4:bd:77:8b:
                    41:25:a8:44:74:e1:8d:ab:77:16:f0:fd:37:16:37:
                    61:99:b9:b1:f6:12:76:06:7f:93:a4:37:62:db:25:
                    9a:57:ba:1d:e7:ef:13:e9:15:4a:75:3a:a9:50:2d:
                    f8:91:a2:ed:69:57:c3:73:58:40:f2:25:e3:05:19:
                    c8:b2:2a:25:a5:e1:9c:d8:2f:99:37:7a:13:fd:e2:
                    c7:56:76:49:36:9f:97:ae:5d:33:8d:cc:e3:80:ca:
                    09:7a:ae:a8:3f:95:48:1d:29:8f:25:df:19:59:a2:
                    a1:7f:c3:84:ad:0b:97:f5:b9:7c:de:a7:8d:4e:6b:
                    95:6c:4b:c4:69:7b:71:55:84:25:b1:12:1d:ce:7c:
                    14:5e:ef:0f:7e:4f:5e:a9:84:58:1e:5d:b6:ff:05:
                    22:dc:b6:74:b5:44:0f:88:26:13:08:e5:c6:35:8f:
                    e3:ec:82:e3:19:6e:ad:25:07:d0:a2:52:3d:b1:d7:
                    86:1a:30:5c:a8:a4:6f:4e:06:dd:56:d1:05:91:36:
                    6e:91:8e:31:06:51:12:e5:be:f8:e5:c4:5b:23:4d:
                    83:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:67:77:E3:17:85:50:47:AE:9C:E0:AB:35:A3:6F:C8:F2:2D:31:6E
            X509v3 Authority Key Identifier:
                keyid:66:F8:20:6E:33:11:DF:39:4F:48:38:9B:81:22:B9:4A:A1:F0:B0:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZvggbjMR3zlPSDibgSK5SqHwsFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/Smd34xeFUEeunOCrNaNvyPItMW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/ZvggbjMR3zlPSDibgSK5SqHwsFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.200.0/22
                  185.114.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:d9:6b:f0:83:da:5d:96:61:c3:34:22:75:24:be:e5:07:e3:
         7d:d1:ab:ca:6c:fc:5b:09:fb:f2:f0:3d:46:a7:26:0d:2e:e8:
         57:fe:45:67:8b:21:28:99:bb:08:ba:f7:7d:60:a0:1f:42:c8:
         37:50:48:d2:aa:3f:cb:9f:db:89:a4:71:77:d1:1a:71:e3:c8:
         d3:f1:98:4d:a0:9d:29:46:75:b8:62:aa:73:d9:0b:e5:1e:46:
         47:b1:4a:62:77:ca:59:64:16:01:54:c8:93:fe:7d:0d:c2:bd:
         9d:8d:ff:1d:1f:8d:4e:a4:81:67:76:0f:27:6c:3a:78:9c:c3:
         b3:b7:18:10:0b:f5:13:ae:75:74:5e:de:c4:46:8f:53:5c:69:
         a0:df:34:be:a8:a2:75:7a:97:e0:0c:c5:c7:25:97:dc:ef:18:
         46:28:4f:68:49:05:05:64:96:10:15:7d:d2:f5:37:a1:3b:5c:
         2f:e4:85:3c:35:ac:a7:b8:87:de:9d:56:41:e6:76:8c:87:53:
         ba:72:eb:f1:78:8e:bf:a4:0e:a9:79:9f:c8:41:04:37:d8:d1:
         bd:c1:67:9d:6b:fd:b4:09:7a:5c:cd:70:4a:04:cf:83:9c:89:
         a8:58:e3:d1:f3:e3:51:ed:a6:9e:00:a8:9c:86:44:46:b2:a8:
         66:ed:be:0d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQmasfJBZYYSpfX3okY5Y+HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZjgyMDZlMzMxMWRmMzk0ZjQ4Mzg5YjgxMjJiOTRhYTFm
MGIwNWMwHhcNMjUwMTAyMDk0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTY3NzdlMzE3ODU1MDQ3YWU5Y2UwYWIzNWEzNmZjOGYyMmQzMTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAos1EjcasrsjQndS4V9LCxgds6+71
6OSzgH9vi6CfhXUyldTyJwqgD+S9d4tBJahEdOGNq3cW8P03Fjdhmbmx9hJ2Bn+T
pDdi2yWaV7od5+8T6RVKdTqpUC34kaLtaVfDc1hA8iXjBRnIsiolpeGc2C+ZN3oT
/eLHVnZJNp+Xrl0zjczjgMoJeq6oP5VIHSmPJd8ZWaKhf8OErQuX9bl83qeNTmuV
bEvEaXtxVYQlsRIdznwUXu8Pfk9eqYRYHl22/wUi3LZ0tUQPiCYTCOXGNY/j7ILj
GW6tJQfQolI9sdeGGjBcqKRvTgbdVtEFkTZukY4xBlES5b745cRbI02D4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEpnd+MXhVBHrpzgqzWjb8jyLTFuMB8GA1UdIwQY
MBaAFGb4IG4zEd85T0g4m4EiuUqh8LBcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnZnZ2JqTVIzemxQU0RpYmdTSzVTcUh3c0Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iZTFhMjUtNTg1NS00YWVjLThlMTgt
YmJmZDQ1Yzg0YmVhLzEvU21kMzR4ZUZVRWV1bk9Dck5hTnZ5UEl0TVc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iZTFhMjUtNTg1NS00YWVjLThlMTgtYmJmZDQ1Yzg0YmVh
LzEvWnZnZ2JqTVIzemxQU0RpYmdTSzVTcUh3c0Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVPIAwQB
uXKeMA0GCSqGSIb3DQEBCwUAA4IBAQA32Wvwg9pdlmHDNCJ1JL7lB+N90avKbPxb
Cfvy8D1GpyYNLuhX/kVniyEombsIuvd9YKAfQsg3UEjSqj/Ln9uJpHF30Rpx48jT
8ZhNoJ0pRnW4Yqpz2QvlHkZHsUpid8pZZBYBVMiT/n0Nwr2djf8dH41OpIFndg8n
bDp4nMOztxgQC/UTrnV0Xt7ERo9TXGmg3zS+qKJ1epfgDMXHJZfc7xhGKE9oSQUF
ZJYQFX3S9TehO1wv5IU8NaynuIfenVZB5naMh1O6cuvxeI6/pA6peZ/IQQQ32NG9
wWeda/20CXpczXBKBM+DnImoWOPR8+NR7aaeAKichkRGsqhm7b4N
-----END CERTIFICATE-----