Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/b83e47-bc04-492d-9a07-ecdd8174007a/1/CKcxnnd19wN0dY_tJv81hrxqU-4.roa
File:                     CKcxnnd19wN0dY_tJv81hrxqU-4.roa (raw, json)
Hash identifier:          Jigb3Y01l+fMYMW0ZZB5oBdO1NKLRrYbvCaXnAo+wkY=
Subject key identifier:   08:A7:31:9E:77:75:F7:03:74:75:8F:ED:26:FF:35:86:BC:6A:53:EE
Certificate issuer:       /CN=bd8f9c03e757f3db514ca38d15ada451fa2e9615
Certificate serial:       019422FB13FA3F2DA0D3B9FFCC035793277C
Authority key identifier: BD:8F:9C:03:E7:57:F3:DB:51:4C:A3:8D:15:AD:A4:51:FA:2E:96:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vY-cA-dX89tRTKONFa2kUfoulhU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/b83e47-bc04-492d-9a07-ecdd8174007a/1/CKcxnnd19wN0dY_tJv81hrxqU-4.roa
Signing time:             Wed 01 Jan 2025 17:47:47 +0000
ROA not before:           Wed 01 Jan 2025 17:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202072
IP address blocks:        185.45.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/b83e47-bc04-492d-9a07-ecdd8174007a/1/vY-cA-dX89tRTKONFa2kUfoulhU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/b83e47-bc04-492d-9a07-ecdd8174007a/1/vY-cA-dX89tRTKONFa2kUfoulhU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vY-cA-dX89tRTKONFa2kUfoulhU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 20:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:13:fa:3f:2d:a0:d3:b9:ff:cc:03:57:93:27:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd8f9c03e757f3db514ca38d15ada451fa2e9615
        Validity
            Not Before: Jan  1 17:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08a7319e7775f70374758fed26ff3586bc6a53ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:cc:60:95:95:27:a7:52:12:07:d9:da:a8:39:
                    3f:81:2f:a1:e1:4d:4e:df:b7:3a:5f:3d:c5:dc:4e:
                    26:c0:a9:cc:98:8b:ba:62:88:c9:af:d0:65:47:19:
                    c8:b7:a5:7f:66:c8:d6:c6:a7:d3:12:8c:fc:a6:7a:
                    b0:f5:98:33:9d:b4:12:06:f8:d4:fd:ea:3c:b3:2f:
                    72:a8:61:1a:c2:24:96:fa:51:68:94:95:02:40:e9:
                    8b:40:91:00:be:f0:31:11:cc:2a:9e:fc:cb:83:00:
                    0b:b8:01:d7:55:cc:64:46:30:9f:60:07:b7:1e:83:
                    e2:fa:e9:7b:06:6c:57:85:53:93:b7:1e:7f:f1:12:
                    47:bb:3c:41:69:bd:b8:f8:dd:f0:9f:8f:75:1f:1a:
                    99:eb:95:d2:98:97:bf:96:5e:ab:cf:06:fc:9e:0a:
                    d4:44:f8:f3:d2:80:bd:d3:cb:d3:cf:b9:fe:d4:e0:
                    bd:1f:17:84:a4:f8:3d:34:6c:c7:e2:69:f0:82:24:
                    09:1d:66:d4:66:b9:32:c9:0f:2a:2b:fa:10:e6:45:
                    2f:c6:ce:e7:2b:97:90:9f:60:d7:48:45:91:da:77:
                    0f:e8:3b:b0:25:12:4d:ec:d1:e3:59:c9:db:08:2a:
                    6c:28:99:2a:19:a2:30:1b:a2:36:ac:39:f4:0e:2d:
                    de:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:A7:31:9E:77:75:F7:03:74:75:8F:ED:26:FF:35:86:BC:6A:53:EE
            X509v3 Authority Key Identifier:
                keyid:BD:8F:9C:03:E7:57:F3:DB:51:4C:A3:8D:15:AD:A4:51:FA:2E:96:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vY-cA-dX89tRTKONFa2kUfoulhU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b83e47-bc04-492d-9a07-ecdd8174007a/1/CKcxnnd19wN0dY_tJv81hrxqU-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b83e47-bc04-492d-9a07-ecdd8174007a/1/vY-cA-dX89tRTKONFa2kUfoulhU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:2a:d3:c7:19:f2:d7:9e:21:28:6f:33:7f:03:b6:6f:e9:cb:
         1b:2e:cc:45:b7:24:13:7c:d2:13:66:8d:45:f0:9e:c1:61:9a:
         6d:08:2e:f6:4b:5d:c6:58:37:ac:dd:f9:c7:1b:ac:75:3d:b5:
         f8:84:62:35:ea:00:87:9a:45:42:a0:1b:a0:a5:4c:3c:bb:c6:
         93:24:1a:3e:85:61:75:63:8d:b2:be:3a:be:d3:a7:36:df:cf:
         17:7a:94:eb:e9:20:d2:ca:f8:a2:7a:c9:a7:69:98:ab:b5:10:
         9c:36:19:10:d3:d0:ec:d5:9d:42:08:57:9f:9d:ad:db:73:de:
         cd:5f:91:25:d6:b8:e6:88:02:ec:e5:2e:d5:1e:78:47:c5:0b:
         b1:43:b7:d7:fd:f9:8f:82:06:6f:3b:8f:71:6a:04:95:59:89:
         6a:a3:d6:c5:63:eb:fc:04:e3:14:ea:36:a2:61:0a:99:5d:c8:
         11:e9:57:91:19:32:db:77:de:6a:53:95:b5:72:8c:6d:4b:85:
         5a:fe:b1:8c:62:55:89:a8:48:ba:d6:01:19:c6:cb:94:9f:4b:
         82:94:6a:c1:33:ee:81:21:2b:04:c6:a7:fa:11:11:59:42:3f:
         69:bf:9c:70:47:79:3e:c1:31:4d:87:4d:57:70:30:f0:1a:e5:
         b5:3c:91:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+xP6Py2g07n/zANXkyd8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkOGY5YzAzZTc1N2YzZGI1MTRjYTM4ZDE1YWRhNDUxZmEy
ZTk2MTUwHhcNMjUwMTAxMTc0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGE3MzE5ZTc3NzVmNzAzNzQ3NThmZWQyNmZmMzU4NmJjNmE1M2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6sxglZUnp1ISB9naqDk/gS+h4U1O
37c6Xz3F3E4mwKnMmIu6YojJr9BlRxnIt6V/ZsjWxqfTEoz8pnqw9ZgznbQSBvjU
/eo8sy9yqGEawiSW+lFolJUCQOmLQJEAvvAxEcwqnvzLgwALuAHXVcxkRjCfYAe3
HoPi+ul7BmxXhVOTtx5/8RJHuzxBab24+N3wn491HxqZ65XSmJe/ll6rzwb8ngrU
RPjz0oC908vTz7n+1OC9HxeEpPg9NGzH4mnwgiQJHWbUZrkyyQ8qK/oQ5kUvxs7n
K5eQn2DXSEWR2ncP6DuwJRJN7NHjWcnbCCpsKJkqGaIwG6I2rDn0Di3exQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAinMZ53dfcDdHWP7Sb/NYa8alPuMB8GA1UdIwQY
MBaAFL2PnAPnV/PbUUyjjRWtpFH6LpYVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlktY0EtZFg4OXRSVEtPTkZhMmtVZm91bGhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9iODNlNDctYmMwNC00OTJkLTlhMDct
ZWNkZDgxNzQwMDdhLzEvQ0tjeG5uZDE5d04wZFlfdEp2ODFocnhxVS00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9iODNlNDctYmMwNC00OTJkLTlhMDctZWNkZDgxNzQwMDdh
LzEvdlktY0EtZFg4OXRSVEtPTkZhMmtVZm91bGhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuS0sMA0G
CSqGSIb3DQEBCwUAA4IBAQBaKtPHGfLXniEobzN/A7Zv6csbLsxFtyQTfNITZo1F
8J7BYZptCC72S13GWDes3fnHG6x1PbX4hGI16gCHmkVCoBugpUw8u8aTJBo+hWF1
Y42yvjq+06c2388XepTr6SDSyviiesmnaZirtRCcNhkQ09Ds1Z1CCFefna3bc97N
X5El1rjmiALs5S7VHnhHxQuxQ7fX/fmPggZvO49xagSVWYlqo9bFY+v8BOMU6jai
YQqZXcgR6VeRGTLbd95qU5W1coxtS4Va/rGMYlWJqEi61gEZxsuUn0uClGrBM+6B
ISsExqf6ERFZQj9pv5xwR3k+wTFNh01XcDDwGuW1PJHT
-----END CERTIFICATE-----