Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/nIwx89Eb9m44qA-EuN5l6HcsdKE.roa
File:                     nIwx89Eb9m44qA-EuN5l6HcsdKE.roa (raw, json)
Hash identifier:          DecarAEj0arkMyPFg0sDDqW7tw36JjO3TCbrdAfyPLc=
Subject key identifier:   9C:8C:31:F3:D1:1B:F6:6E:38:A8:0F:84:B8:DE:65:E8:77:2C:74:A1
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019695219EAAF225C1ABDFB6714BAC206EEF
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/nIwx89Eb9m44qA-EuN5l6HcsdKE.roa
Signing time:             Sat 03 May 2025 07:52:10 +0000
ROA not before:           Sat 03 May 2025 07:52:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49055
IP address blocks:        147.45.208.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:95:21:9e:aa:f2:25:c1:ab:df:b6:71:4b:ac:20:6e:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: May  3 07:52:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c8c31f3d11bf66e38a80f84b8de65e8772c74a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:27:57:64:07:01:ee:ac:df:af:73:17:77:78:
                    4f:f7:d3:71:df:5d:ee:e1:c5:ed:43:19:62:12:93:
                    7a:a3:28:2d:cb:55:96:c6:5f:60:44:6e:52:a6:51:
                    e6:54:a0:5f:f5:f2:b9:84:44:04:dc:31:44:df:8b:
                    dd:cc:28:63:e6:3b:1d:8b:2a:d5:44:36:83:30:6f:
                    64:df:2c:5f:a0:9b:f6:df:c9:6f:d1:c0:21:8c:e3:
                    ee:6b:60:8b:49:9f:92:f2:66:9f:ef:ce:49:f0:f4:
                    65:4e:9a:cd:77:b2:37:a2:14:1e:b1:7e:f3:15:20:
                    7a:91:76:2b:05:ec:b3:63:0e:16:53:a8:48:7a:03:
                    69:0e:31:62:04:18:dd:93:8a:ae:f9:e7:58:cd:1c:
                    e8:fa:48:4e:1f:97:88:35:60:2f:56:a9:9b:20:40:
                    1f:31:c3:2d:0b:25:3f:de:ce:d5:fb:02:36:ea:ea:
                    66:a7:3b:4c:17:4e:f7:0f:6c:a3:fb:9c:55:2b:00:
                    80:54:57:be:e7:1f:f4:eb:ae:40:fb:8f:29:8c:b1:
                    5e:d8:e2:71:af:cf:fa:c2:39:16:e6:e4:cc:ae:15:
                    c8:8d:00:11:2f:91:89:fc:5d:6e:f5:8a:b8:77:18:
                    2d:c5:b2:bd:67:aa:ba:2c:03:9c:3f:95:d8:65:74:
                    55:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:8C:31:F3:D1:1B:F6:6E:38:A8:0F:84:B8:DE:65:E8:77:2C:74:A1
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/nIwx89Eb9m44qA-EuN5l6HcsdKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:84:e2:26:8c:16:7e:a3:0e:d8:3b:0b:5f:78:4c:56:45:d6:
         c7:7e:41:94:ad:5a:a5:97:e0:74:1c:63:9a:c0:51:41:ea:79:
         77:6d:a4:17:16:f5:d4:1c:a5:f9:b9:72:33:f6:7c:d7:35:58:
         ef:6b:13:7a:94:26:27:5f:5e:fc:0f:a4:b6:bd:9c:0e:21:d9:
         c5:2f:79:37:d3:03:19:b8:ac:59:36:6c:c7:1e:3f:ae:c0:e4:
         f9:76:be:bc:7c:96:73:1e:69:e0:0b:e9:88:dc:7a:75:de:63:
         03:d8:85:43:68:d6:5d:72:db:2b:ff:f3:b6:2d:6b:67:9a:06:
         cc:58:b4:ac:d6:73:c9:75:79:47:e0:1c:8b:1e:fd:03:f2:1f:
         c3:84:54:fa:52:85:67:b0:aa:cb:89:3a:a0:32:6d:6f:a0:b9:
         8f:70:7d:19:73:13:ac:a1:5a:19:e5:65:38:e0:80:96:aa:1a:
         10:9d:b1:e6:b3:7b:b7:dc:92:99:32:5b:a2:f9:ef:fa:e1:80:
         bc:27:67:1f:c2:24:4a:5a:de:8a:99:81:e8:82:fb:ca:77:94:
         0a:00:11:d2:91:c0:ec:d9:47:a7:48:29:46:46:49:b3:bb:ff:
         96:6f:d0:a1:02:ac:9d:67:82:25:15:53:ed:91:b3:14:34:16:
         e1:2e:19:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaVIZ6q8iXBq9+2cUusIG7vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwNTAzMDc1MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzhjMzFmM2QxMWJmNjZlMzhhODBmODRiOGRlNjVlODc3MmM3NGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8CdXZAcB7qzfr3MXd3hP99Nx313u
4cXtQxliEpN6oygty1WWxl9gRG5SplHmVKBf9fK5hEQE3DFE34vdzChj5jsdiyrV
RDaDMG9k3yxfoJv238lv0cAhjOPua2CLSZ+S8maf785J8PRlTprNd7I3ohQesX7z
FSB6kXYrBeyzYw4WU6hIegNpDjFiBBjdk4qu+edYzRzo+khOH5eINWAvVqmbIEAf
McMtCyU/3s7V+wI26upmpztMF073D2yj+5xVKwCAVFe+5x/0665A+48pjLFe2OJx
r8/6wjkW5uTMrhXIjQARL5GJ/F1u9Yq4dxgtxbK9Z6q6LAOcP5XYZXRVIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJyMMfPRG/ZuOKgPhLjeZeh3LHShMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvbkl3eDg5RWI5bTQ0cUEtRXVONWw2SGNzZEtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBky3QMA0G
CSqGSIb3DQEBCwUAA4IBAQAShOImjBZ+ow7YOwtfeExWRdbHfkGUrVqll+B0HGOa
wFFB6nl3baQXFvXUHKX5uXIz9nzXNVjvaxN6lCYnX178D6S2vZwOIdnFL3k30wMZ
uKxZNmzHHj+uwOT5dr68fJZzHmngC+mI3Hp13mMD2IVDaNZdctsr//O2LWtnmgbM
WLSs1nPJdXlH4ByLHv0D8h/DhFT6UoVnsKrLiTqgMm1voLmPcH0ZcxOsoVoZ5WU4
4ICWqhoQnbHms3u33JKZMlui+e/64YC8J2cfwiRKWt6KmYHogvvKd5QKABHSkcDs
2UenSClGRkmzu/+Wb9ChAqydZ4IlFVPtkbMUNBbhLhl5
-----END CERTIFICATE-----