Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/fhVodD3Al80st-44wh_3zJPa9hw.roa
File:                     fhVodD3Al80st-44wh_3zJPa9hw.roa (raw, json)
Hash identifier:          fjogseqmXaDswGCqZQtmESnsh5NfjXgWetNNokS6YuY=
Subject key identifier:   7E:15:68:74:3D:C0:97:CD:2C:B7:EE:38:C2:1F:F7:CC:93:DA:F6:1C
Certificate issuer:       /CN=1b18e0a19ae790fa503951559f47d41b47e7fd0f
Certificate serial:       0194221F7A1AD80B45FE2A4337BF901A0766
Authority key identifier: 1B:18:E0:A1:9A:E7:90:FA:50:39:51:55:9F:47:D4:1B:47:E7:FD:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/fhVodD3Al80st-44wh_3zJPa9hw.roa
Signing time:             Wed 01 Jan 2025 13:47:55 +0000
ROA not before:           Wed 01 Jan 2025 13:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        45.85.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 16:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:7a:1a:d8:0b:45:fe:2a:43:37:bf:90:1a:07:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b18e0a19ae790fa503951559f47d41b47e7fd0f
        Validity
            Not Before: Jan  1 13:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e1568743dc097cd2cb7ee38c21ff7cc93daf61c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:16:30:87:03:9a:89:19:64:23:3d:a8:95:af:
                    ae:a1:33:4e:42:64:3b:02:05:fe:f2:3b:3a:3e:a1:
                    79:3a:5d:23:a1:6d:fe:5a:43:39:14:62:39:97:e6:
                    93:fa:dc:22:05:fb:a6:30:d8:d7:0e:f4:3c:20:49:
                    d4:c0:fc:6e:d8:9d:e0:fe:fb:80:0c:f5:c7:41:d9:
                    83:8f:31:ed:13:b0:43:3b:37:fd:71:65:01:75:1e:
                    79:fa:67:95:a1:05:34:9b:ca:0a:34:20:a5:02:11:
                    d9:ea:5d:d5:bc:95:e6:3c:d9:b1:a7:52:f6:d7:3f:
                    de:b1:2b:52:5c:56:b3:84:db:f3:1b:ef:a7:38:9a:
                    a7:7c:2b:d5:9d:1a:1c:ec:3a:f1:23:d1:8f:a4:b4:
                    95:09:98:43:1d:41:58:52:7d:f2:0b:65:e0:c3:1e:
                    be:31:7e:9a:02:35:8b:ac:b1:e7:e6:86:29:4f:4c:
                    61:1a:ed:b4:de:e2:cd:a1:4d:4b:84:bd:f1:20:f0:
                    05:6d:fb:4b:27:d8:e4:36:73:71:3f:77:86:af:85:
                    b9:20:b3:74:d6:37:d1:a7:02:8a:46:2f:1e:3c:11:
                    c7:f0:2d:df:de:a8:81:3c:f9:71:f7:53:ee:26:aa:
                    5d:d5:28:e2:c8:43:f4:a2:50:79:ee:2b:e3:ae:82:
                    a5:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:15:68:74:3D:C0:97:CD:2C:B7:EE:38:C2:1F:F7:CC:93:DA:F6:1C
            X509v3 Authority Key Identifier:
                keyid:1B:18:E0:A1:9A:E7:90:FA:50:39:51:55:9F:47:D4:1B:47:E7:FD:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/fhVodD3Al80st-44wh_3zJPa9hw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:8b:ea:23:5f:46:70:e6:ca:87:d4:7e:26:02:de:2c:b4:a3:
         25:0f:7c:a9:bb:90:1d:9c:57:11:b7:8e:1a:0d:d5:72:0a:cd:
         52:d0:f6:90:6c:bb:5a:75:47:d8:89:08:4f:84:d8:f1:12:b2:
         04:68:33:56:68:3d:cb:5c:68:cb:d9:b5:e1:8e:63:3f:2a:92:
         d8:53:e5:9f:c4:a7:33:de:16:ef:20:3d:c9:1c:00:70:12:54:
         41:72:1a:a8:8b:2e:3f:d8:7a:9c:c8:63:de:ae:e8:47:75:95:
         cb:e7:4b:fd:25:f3:29:12:65:1e:72:e9:a6:fc:9f:f6:16:71:
         b6:2e:56:95:6d:2a:a5:24:99:4a:c1:3c:e5:3b:6a:36:48:36:
         f4:ec:f3:70:87:bf:93:8f:04:14:6e:38:d8:8b:28:c3:f4:6b:
         30:ba:75:af:aa:c2:8c:34:55:92:11:b4:88:76:c8:41:64:5b:
         33:c5:39:39:20:ef:b8:02:2a:71:c7:df:42:71:e4:cb:9c:f8:
         79:df:c4:a6:71:f9:85:f7:55:35:65:6c:4c:8c:d1:9d:78:22:
         67:2e:a0:9f:48:93:bf:cd:5f:bf:da:56:10:28:31:1a:70:26:
         1b:a5:83:e0:08:22:d8:52:0c:29:4b:2d:f1:b7:13:46:5f:f7:
         f3:d3:9f:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH3oa2AtF/ipDN7+QGgdmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMThlMGExOWFlNzkwZmE1MDM5NTE1NTlmNDdkNDFiNDdl
N2ZkMGYwHhcNMjUwMTAxMTM0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTE1Njg3NDNkYzA5N2NkMmNiN2VlMzhjMjFmZjdjYzkzZGFmNjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BYwhwOaiRlkIz2ola+uoTNOQmQ7
AgX+8js6PqF5Ol0joW3+WkM5FGI5l+aT+twiBfumMNjXDvQ8IEnUwPxu2J3g/vuA
DPXHQdmDjzHtE7BDOzf9cWUBdR55+meVoQU0m8oKNCClAhHZ6l3VvJXmPNmxp1L2
1z/esStSXFazhNvzG++nOJqnfCvVnRoc7DrxI9GPpLSVCZhDHUFYUn3yC2Xgwx6+
MX6aAjWLrLHn5oYpT0xhGu203uLNoU1LhL3xIPAFbftLJ9jkNnNxP3eGr4W5ILN0
1jfRpwKKRi8ePBHH8C3f3qiBPPlx91PuJqpd1SjiyEP0olB57ivjroKldQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4VaHQ9wJfNLLfuOMIf98yT2vYcMB8GA1UdIwQY
MBaAFBsY4KGa55D6UDlRVZ9H1BtH5/0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3hqZ29acm5rUHBRT1ZGVm4wZlVHMGZuX1E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9mMmUyYzktY2VhYi00ZDdiLWE5ZDgt
YTEwNTc3NmMzMzQ3LzEvZmhWb2REM0FsODBzdC00NHdoXzN6SlBhOWh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9mMmUyYzktY2VhYi00ZDdiLWE5ZDgtYTEwNTc3NmMzMzQ3
LzEvR3hqZ29acm5rUHBRT1ZGVm4wZlVHMGZuX1E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVWoMA0G
CSqGSIb3DQEBCwUAA4IBAQAli+ojX0Zw5sqH1H4mAt4stKMlD3ypu5AdnFcRt44a
DdVyCs1S0PaQbLtadUfYiQhPhNjxErIEaDNWaD3LXGjL2bXhjmM/KpLYU+WfxKcz
3hbvID3JHABwElRBchqoiy4/2HqcyGPeruhHdZXL50v9JfMpEmUecumm/J/2FnG2
LlaVbSqlJJlKwTzlO2o2SDb07PNwh7+TjwQUbjjYiyjD9GswunWvqsKMNFWSEbSI
dshBZFszxTk5IO+4Aipxx99CceTLnPh538SmcfmF91U1ZWxMjNGdeCJnLqCfSJO/
zV+/2lYQKDEacCYbpYPgCCLYUgwpSy3xtxNGX/fz058/
-----END CERTIFICATE-----