Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/f04658-fad7-423c-bb42-82fa3d260869/1/W8kldn3kdGYqCFVL9Vj-_yMc_YQ.roa
File:                     W8kldn3kdGYqCFVL9Vj-_yMc_YQ.roa (raw, json)
Hash identifier:          GEboFATMOMt3GSxR34v0QsuLahbz9VbOcfy1sr+D47k=
Subject key identifier:   5B:C9:25:76:7D:E4:74:66:2A:08:55:4B:F5:58:FE:FF:23:1C:FD:84
Certificate issuer:       /CN=220ab0d7ae01c7ba7da69d71a91472b390cd7091
Certificate serial:       0194258F994416BB9DAF6A8472A0B3C6618D
Authority key identifier: 22:0A:B0:D7:AE:01:C7:BA:7D:A6:9D:71:A9:14:72:B3:90:CD:70:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Igqw164Bx7p9pp1xqRRys5DNcJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/f04658-fad7-423c-bb42-82fa3d260869/1/W8kldn3kdGYqCFVL9Vj-_yMc_YQ.roa
Signing time:             Thu 02 Jan 2025 05:49:15 +0000
ROA not before:           Thu 02 Jan 2025 05:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50017
IP address blocks:        45.66.88.0/24 maxlen: 24
                          2a09:6644:2::/48 maxlen: 48
                          2a09:6644:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/f04658-fad7-423c-bb42-82fa3d260869/1/Igqw164Bx7p9pp1xqRRys5DNcJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/f04658-fad7-423c-bb42-82fa3d260869/1/Igqw164Bx7p9pp1xqRRys5DNcJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Igqw164Bx7p9pp1xqRRys5DNcJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:99:44:16:bb:9d:af:6a:84:72:a0:b3:c6:61:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=220ab0d7ae01c7ba7da69d71a91472b390cd7091
        Validity
            Not Before: Jan  2 05:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5bc925767de474662a08554bf558feff231cfd84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:52:7a:0a:96:73:79:97:78:86:28:3a:c1:de:
                    85:41:4e:b6:2a:e1:f5:85:48:23:64:78:77:81:67:
                    af:5a:2e:37:70:e9:96:65:6d:4a:bc:19:1f:f2:75:
                    b8:01:3e:3f:03:59:f4:d7:5a:e0:cd:5c:84:db:67:
                    06:30:f5:5b:01:26:0e:95:d3:be:82:3b:00:d3:81:
                    24:ec:c6:94:35:44:e7:29:53:0d:d1:08:da:67:3a:
                    fe:8b:c7:51:9e:e4:1c:75:2d:18:0c:28:c5:96:b3:
                    1b:eb:19:8c:84:21:29:a5:9b:d6:32:de:a2:c4:b3:
                    eb:f7:e7:d4:b8:f2:70:a4:67:ad:d2:06:50:27:60:
                    a0:fc:03:e5:71:df:f5:77:f9:70:a5:5a:fd:91:df:
                    1a:85:a6:f6:a8:15:80:e8:95:76:4d:5a:c3:c0:da:
                    12:11:aa:03:2b:71:72:db:02:26:16:c5:e5:71:3c:
                    a9:05:fc:9f:22:ec:76:50:cb:41:9a:ee:aa:2f:d8:
                    6e:61:68:b9:af:10:9b:46:4c:f5:c9:d5:7b:7a:8a:
                    96:7b:0b:d1:46:24:37:18:5b:91:c1:6c:d5:8c:d2:
                    38:69:b5:49:e5:1f:0c:c2:30:31:07:5d:67:ce:04:
                    f4:91:00:fe:21:cd:96:94:cb:c8:e8:3c:1a:bb:93:
                    0d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:C9:25:76:7D:E4:74:66:2A:08:55:4B:F5:58:FE:FF:23:1C:FD:84
            X509v3 Authority Key Identifier:
                keyid:22:0A:B0:D7:AE:01:C7:BA:7D:A6:9D:71:A9:14:72:B3:90:CD:70:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Igqw164Bx7p9pp1xqRRys5DNcJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/f04658-fad7-423c-bb42-82fa3d260869/1/W8kldn3kdGYqCFVL9Vj-_yMc_YQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/f04658-fad7-423c-bb42-82fa3d260869/1/Igqw164Bx7p9pp1xqRRys5DNcJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.88.0/24
                IPv6:
                  2a09:6644:2::/47

    Signature Algorithm: sha256WithRSAEncryption
         69:33:17:30:5a:39:5b:ad:2e:96:b5:07:db:cc:7e:2e:e8:4e:
         51:de:43:60:56:7c:35:b5:f9:14:c6:bf:42:d6:b7:ff:6c:a2:
         47:c9:f6:e7:2b:61:5a:7a:de:7c:16:f9:a3:c4:a3:12:a4:c0:
         43:3e:70:c8:20:8c:bc:e3:fc:54:dc:6d:06:cf:ac:ea:64:dc:
         bf:c7:fe:04:25:e7:7d:34:92:53:ec:d1:e2:b5:56:c8:0d:6a:
         64:ce:49:42:8d:c2:1f:b8:7b:68:01:df:cc:ff:74:c4:71:c3:
         96:22:6d:7f:42:3f:ea:96:f7:0f:1f:24:93:23:3f:19:8f:04:
         98:7f:a4:84:95:59:8b:ef:a1:56:5b:3e:a3:da:e3:41:40:27:
         59:83:25:f1:b7:46:8f:51:aa:cb:0d:7f:f0:dc:ca:6e:4b:84:
         7b:14:40:c2:f7:ce:98:ca:07:56:31:10:54:fe:71:20:75:42:
         25:52:0f:1b:37:56:85:4d:ff:fd:7e:24:ee:2b:f7:59:c2:0d:
         03:2f:d2:73:8a:19:99:54:22:c6:58:21:21:77:94:b2:6e:e8:
         44:20:e9:63:05:0d:a6:8a:aa:b5:a4:80:d8:f3:0d:9b:ef:6b:
         4f:bd:f2:c5:23:11:0e:f1:27:c6:78:f4:86:80:0d:9a:52:54:
         fc:3f:c1:d5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlj5lEFrudr2qEcqCzxmGNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMGFiMGQ3YWUwMWM3YmE3ZGE2OWQ3MWE5MTQ3MmIzOTBj
ZDcwOTEwHhcNMjUwMTAyMDU0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmM5MjU3NjdkZTQ3NDY2MmEwODU1NGJmNTU4ZmVmZjIzMWNmZDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVJ6CpZzeZd4hig6wd6FQU62KuH1
hUgjZHh3gWevWi43cOmWZW1KvBkf8nW4AT4/A1n011rgzVyE22cGMPVbASYOldO+
gjsA04Ek7MaUNUTnKVMN0QjaZzr+i8dRnuQcdS0YDCjFlrMb6xmMhCEppZvWMt6i
xLPr9+fUuPJwpGet0gZQJ2Cg/APlcd/1d/lwpVr9kd8ahab2qBWA6JV2TVrDwNoS
EaoDK3Fy2wImFsXlcTypBfyfIux2UMtBmu6qL9huYWi5rxCbRkz1ydV7eoqWewvR
RiQ3GFuRwWzVjNI4abVJ5R8MwjAxB11nzgT0kQD+Ic2WlMvI6Dwau5MNhQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFvJJXZ95HRmKghVS/VY/v8jHP2EMB8GA1UdIwQY
MBaAFCIKsNeuAce6faadcakUcrOQzXCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWdxdzE2NEJ4N3A5cHAxeHFSUnlzNUROY0pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9mMDQ2NTgtZmFkNy00MjNjLWJiNDIt
ODJmYTNkMjYwODY5LzEvVzhrbGRuM2tkR1lxQ0ZWTDlWai1feU1jX1lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9mMDQ2NTgtZmFkNy00MjNjLWJiNDItODJmYTNkMjYwODY5
LzEvSWdxdzE2NEJ4N3A5cHAxeHFSUnlzNUROY0pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALUJYMA8E
AgACMAkDBwEqCWZEAAIwDQYJKoZIhvcNAQELBQADggEBAGkzFzBaOVutLpa1B9vM
fi7oTlHeQ2BWfDW1+RTGv0LWt/9sokfJ9ucrYVp63nwW+aPEoxKkwEM+cMggjLzj
/FTcbQbPrOpk3L/H/gQl5300klPs0eK1VsgNamTOSUKNwh+4e2gB38z/dMRxw5Yi
bX9CP+qW9w8fJJMjPxmPBJh/pISVWYvvoVZbPqPa40FAJ1mDJfG3Ro9RqssNf/Dc
ym5LhHsUQML3zpjKB1YxEFT+cSB1QiVSDxs3VoVN//1+JO4r91nCDQMv0nOKGZlU
IsZYISF3lLJu6EQg6WMFDaaKqrWkgNjzDZvva0+98sUjEQ7xJ8Z49IaADZpSVPw/
wdU=
-----END CERTIFICATE-----