Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/g-ueJOZ8CrwpGCeGD3tl16S98d0.roa
File:                     g-ueJOZ8CrwpGCeGD3tl16S98d0.roa (raw, json)
Hash identifier:          bDoSFJsdsspb9o+5HCKGnMJFTdCyV6X4FzTImtyv2cE=
Subject key identifier:   83:EB:9E:24:E6:7C:0A:BC:29:18:27:86:0F:7B:65:D7:A4:BD:F1:DD
Certificate issuer:       /CN=9a78fd4d41a49384bdf6e7dc3ebbc500bf66d9d5
Certificate serial:       01942445556FCD3D8A369858E9F7ACF57E0D
Authority key identifier: 9A:78:FD:4D:41:A4:93:84:BD:F6:E7:DC:3E:BB:C5:00:BF:66:D9:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mnj9TUGkk4S99ufcPrvFAL9m2dU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/g-ueJOZ8CrwpGCeGD3tl16S98d0.roa
Signing time:             Wed 01 Jan 2025 23:48:31 +0000
ROA not before:           Wed 01 Jan 2025 23:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        45.8.84.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/mnj9TUGkk4S99ufcPrvFAL9m2dU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/mnj9TUGkk4S99ufcPrvFAL9m2dU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mnj9TUGkk4S99ufcPrvFAL9m2dU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:55:6f:cd:3d:8a:36:98:58:e9:f7:ac:f5:7e:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a78fd4d41a49384bdf6e7dc3ebbc500bf66d9d5
        Validity
            Not Before: Jan  1 23:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83eb9e24e67c0abc291827860f7b65d7a4bdf1dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:b9:4a:d5:2b:98:11:70:76:41:e7:d4:ef:8b:
                    bb:7c:55:75:70:79:a1:63:b7:0b:f1:8d:fd:a1:43:
                    a2:c1:fd:0a:68:9b:a0:5c:4d:6b:77:4d:ab:65:88:
                    f5:3d:5e:5b:b7:8b:33:23:d5:2d:8e:59:a7:91:42:
                    07:44:e1:8a:55:3a:5e:a0:11:8c:9a:27:35:5d:cc:
                    03:63:60:db:b3:b1:c1:e5:8d:ce:44:32:63:97:d5:
                    3f:58:8f:8b:36:a8:53:5c:55:71:8e:bd:65:2f:0f:
                    a1:af:87:f9:64:8b:82:44:c7:d3:0f:38:61:58:00:
                    a5:65:6b:05:1d:80:89:8c:84:5a:96:af:95:9a:52:
                    37:f8:8e:5a:f8:08:6a:e0:c2:fc:43:e3:18:90:a3:
                    ac:25:50:c9:20:5f:b5:db:3c:4c:a8:47:e2:7c:bc:
                    e2:34:62:37:b8:40:d1:0d:5a:9c:07:0e:81:3f:55:
                    7f:43:54:ee:44:8a:e1:c4:05:ba:1b:18:b8:a3:06:
                    5d:ff:63:8e:46:80:d1:2e:fe:3f:a5:4f:e0:49:a4:
                    2a:75:03:3e:15:fd:1e:19:6d:5c:b3:db:89:ae:55:
                    98:54:f4:75:04:f3:98:d2:a5:23:77:d6:c4:82:67:
                    9e:3f:dd:13:4a:cb:ca:b8:4f:7f:59:21:fe:85:9c:
                    9c:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:EB:9E:24:E6:7C:0A:BC:29:18:27:86:0F:7B:65:D7:A4:BD:F1:DD
            X509v3 Authority Key Identifier:
                keyid:9A:78:FD:4D:41:A4:93:84:BD:F6:E7:DC:3E:BB:C5:00:BF:66:D9:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mnj9TUGkk4S99ufcPrvFAL9m2dU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/g-ueJOZ8CrwpGCeGD3tl16S98d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/mnj9TUGkk4S99ufcPrvFAL9m2dU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:99:dc:8c:e3:6f:0a:af:9c:0e:f3:8e:a0:db:3f:b2:7d:81:
         09:a9:95:17:be:8e:0c:30:3b:e1:a8:c4:4d:83:a3:bf:13:9b:
         72:6c:84:f7:a5:8a:c7:8c:19:92:d2:e6:a1:4a:c6:aa:d4:93:
         98:04:7b:04:d8:14:5b:15:4b:ab:95:2b:4a:bf:82:c4:9b:80:
         89:0e:dc:7e:c0:40:f6:a2:7c:94:39:49:aa:e0:0e:a5:8c:bc:
         e0:d5:2d:4a:5c:3c:89:75:48:84:89:3b:08:d6:dd:dd:96:0d:
         c9:53:52:23:a6:45:d6:d8:f3:76:d5:63:fe:12:c7:63:76:80:
         1e:d2:0b:a5:fc:e0:6e:c8:5d:82:64:7b:c8:f9:22:e5:d1:ea:
         cc:f0:11:19:fa:70:34:f6:88:a6:59:39:1e:f8:8a:99:03:32:
         f8:0a:40:56:dd:f7:0d:e1:5c:22:33:ee:57:39:be:b3:ba:46:
         be:3c:f5:42:60:5f:66:f9:b7:71:fb:d6:d9:65:2f:ad:fc:c6:
         6d:ab:3f:e8:85:6f:ea:58:0d:f9:a1:be:f9:7f:36:9c:03:43:
         76:38:58:42:f8:5b:0b:78:e2:66:be:f9:ef:aa:26:55:84:b2:
         d5:71:4d:ae:38:01:e8:d4:61:89:40:28:64:3c:06:b5:67:19:
         71:0a:ba:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRVVvzT2KNphY6fes9X4NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNzhmZDRkNDFhNDkzODRiZGY2ZTdkYzNlYmJjNTAwYmY2
NmQ5ZDUwHhcNMjUwMTAxMjM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2ViOWUyNGU2N2MwYWJjMjkxODI3ODYwZjdiNjVkN2E0YmRmMWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LlK1SuYEXB2QefU74u7fFV1cHmh
Y7cL8Y39oUOiwf0KaJugXE1rd02rZYj1PV5bt4szI9UtjlmnkUIHROGKVTpeoBGM
mic1XcwDY2Dbs7HB5Y3ORDJjl9U/WI+LNqhTXFVxjr1lLw+hr4f5ZIuCRMfTDzhh
WAClZWsFHYCJjIRalq+VmlI3+I5a+Ahq4ML8Q+MYkKOsJVDJIF+12zxMqEfifLzi
NGI3uEDRDVqcBw6BP1V/Q1TuRIrhxAW6Gxi4owZd/2OORoDRLv4/pU/gSaQqdQM+
Ff0eGW1cs9uJrlWYVPR1BPOY0qUjd9bEgmeeP90TSsvKuE9/WSH+hZycowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIPrniTmfAq8KRgnhg97ZdekvfHdMB8GA1UdIwQY
MBaAFJp4/U1BpJOEvfbn3D67xQC/ZtnVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbW5qOVRVR2trNFM5OXVmY1BydkZBTDltMmRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS81Y2I5OGMtZWUwOC00Yjk5LThiNGQt
YzZmNDEwNjBjNWQ3LzEvZy11ZUpPWjhDcndwR0NlR0QzdGwxNlM5OGQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS81Y2I5OGMtZWUwOC00Yjk5LThiNGQtYzZmNDEwNjBjNWQ3
LzEvbW5qOVRVR2trNFM5OXVmY1BydkZBTDltMmRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQhUMA0G
CSqGSIb3DQEBCwUAA4IBAQATmdyM428Kr5wO846g2z+yfYEJqZUXvo4MMDvhqMRN
g6O/E5tybIT3pYrHjBmS0uahSsaq1JOYBHsE2BRbFUurlStKv4LEm4CJDtx+wED2
onyUOUmq4A6ljLzg1S1KXDyJdUiEiTsI1t3dlg3JU1IjpkXW2PN21WP+EsdjdoAe
0gul/OBuyF2CZHvI+SLl0erM8BEZ+nA09oimWTke+IqZAzL4CkBW3fcN4VwiM+5X
Ob6zuka+PPVCYF9m+bdx+9bZZS+t/MZtqz/ohW/qWA35ob75fzacA0N2OFhC+FsL
eOJmvvnvqiZVhLLVcU2uOAHo1GGJQChkPAa1ZxlxCrps
-----END CERTIFICATE-----