Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/72806a-0394-4ad5-8e04-b5b8d02448b8/1/rhwM13yb7i-t6Ly0MQtbcj3bZd8.roa
File:                     rhwM13yb7i-t6Ly0MQtbcj3bZd8.roa (raw, json)
Hash identifier:          rGHoCJ+25kyVkfObLSePRMqiDDa8j9R9c6PT4fGFhmg=
Subject key identifier:   AE:1C:0C:D7:7C:9B:EE:2F:AD:E8:BC:B4:31:0B:5B:72:3D:DB:65:DF
Certificate issuer:       /CN=8da60e9000c75a75d67e37fe07b14e07b22c5887
Certificate serial:       01967CA06C52DD5E5A9445573B7CEF143D8D
Authority key identifier: 8D:A6:0E:90:00:C7:5A:75:D6:7E:37:FE:07:B1:4E:07:B2:2C:58:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jaYOkADHWnXWfjf-B7FOB7IsWIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/72806a-0394-4ad5-8e04-b5b8d02448b8/1/rhwM13yb7i-t6Ly0MQtbcj3bZd8.roa
Signing time:             Mon 28 Apr 2025 13:40:10 +0000
ROA not before:           Mon 28 Apr 2025 13:40:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208327
IP address blocks:        45.145.92.0/24 maxlen: 24
                          45.145.95.0/24 maxlen: 24
                          2a0c:4d80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/72806a-0394-4ad5-8e04-b5b8d02448b8/1/jaYOkADHWnXWfjf-B7FOB7IsWIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/72806a-0394-4ad5-8e04-b5b8d02448b8/1/jaYOkADHWnXWfjf-B7FOB7IsWIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jaYOkADHWnXWfjf-B7FOB7IsWIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:a0:6c:52:dd:5e:5a:94:45:57:3b:7c:ef:14:3d:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8da60e9000c75a75d67e37fe07b14e07b22c5887
        Validity
            Not Before: Apr 28 13:40:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae1c0cd77c9bee2fade8bcb4310b5b723ddb65df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ba:4f:14:b8:f1:da:39:4c:fa:f6:d0:af:d8:
                    9e:ca:20:b0:f2:4e:9a:5c:1e:dc:00:91:ea:45:c8:
                    b9:3d:46:97:8d:38:f0:08:98:05:3c:8a:4f:94:e9:
                    96:ea:0c:dc:5d:42:2a:06:a5:56:32:91:5e:bd:a1:
                    9e:99:56:fc:30:05:d6:0d:25:97:18:8f:6b:c6:70:
                    c8:4b:cf:c1:ee:f7:d3:48:44:85:15:35:92:7a:54:
                    35:d0:e3:42:7d:2b:67:5f:f5:cf:c3:e1:c0:40:4e:
                    97:1b:bc:7e:41:a9:23:68:cf:0f:d7:d3:b8:8d:8d:
                    dc:59:4c:4b:5f:02:ac:c5:f6:33:78:5a:55:27:c2:
                    ba:bf:a3:20:bf:7b:40:29:2c:55:e2:6d:c5:68:d4:
                    63:06:ab:d7:73:6d:a1:9e:87:b4:c9:96:bc:f9:6b:
                    2c:58:9b:6b:e0:37:5e:7d:20:8d:38:2e:79:f6:b8:
                    2b:d2:89:14:d0:f1:8f:c6:ca:1f:3d:5d:05:87:76:
                    ac:9a:f7:87:c2:75:0b:0a:42:59:d4:7b:9e:88:af:
                    24:b1:5e:39:aa:b0:ea:75:ff:0d:38:13:e3:fd:10:
                    f6:12:05:ba:f0:bf:69:82:54:76:69:0d:f5:b5:56:
                    1c:d3:07:6c:be:68:cc:3d:46:dd:f1:4a:23:54:b9:
                    56:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:1C:0C:D7:7C:9B:EE:2F:AD:E8:BC:B4:31:0B:5B:72:3D:DB:65:DF
            X509v3 Authority Key Identifier:
                keyid:8D:A6:0E:90:00:C7:5A:75:D6:7E:37:FE:07:B1:4E:07:B2:2C:58:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jaYOkADHWnXWfjf-B7FOB7IsWIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/72806a-0394-4ad5-8e04-b5b8d02448b8/1/rhwM13yb7i-t6Ly0MQtbcj3bZd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/72806a-0394-4ad5-8e04-b5b8d02448b8/1/jaYOkADHWnXWfjf-B7FOB7IsWIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.92.0/24
                  45.145.95.0/24
                IPv6:
                  2a0c:4d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         3e:91:fc:dd:d2:37:b9:f4:df:10:f6:69:4e:e3:7f:98:c1:56:
         c3:5f:64:f0:3d:28:15:73:20:29:64:57:d0:a2:76:7e:88:f6:
         2c:fe:82:37:c7:61:36:b7:1e:d2:b5:18:83:68:a6:b0:84:cb:
         e1:01:97:f9:b5:e1:45:68:e3:bc:df:ac:c2:1f:3d:b1:4a:1b:
         29:63:62:5e:46:13:9c:fe:db:51:bb:89:5b:56:43:c9:13:a2:
         3d:c2:17:3d:77:49:96:1f:ba:c2:d8:0b:7a:13:4d:39:c6:c6:
         39:45:35:52:02:34:ad:3f:2e:79:e7:d1:19:fb:8e:ac:a8:37:
         f2:43:59:a2:3d:8d:ff:48:fd:65:eb:74:7c:d2:ba:24:f7:cc:
         36:41:ae:7b:81:44:9d:68:90:2b:8d:96:a0:7c:ca:16:39:38:
         75:36:7e:a5:e1:49:4b:86:9d:a6:3f:07:46:e5:e9:b0:eb:e5:
         68:44:a1:c3:b7:29:0d:30:e9:01:bf:ae:98:d4:e7:16:ce:91:
         f3:08:5e:78:ad:fb:7b:e2:4f:68:9e:0c:e0:79:65:d8:db:38:
         0e:b7:a0:b3:ee:06:ec:1f:f3:58:32:ef:49:9a:88:55:74:ee:
         93:68:2e:4d:96:6d:93:e6:ea:e8:d5:0a:8e:b2:11:9c:bc:70:
         ae:d6:8f:a4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZZ8oGxS3V5alEVXO3zvFD2NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYTYwZTkwMDBjNzVhNzVkNjdlMzdmZTA3YjE0ZTA3YjIy
YzU4ODcwHhcNMjUwNDI4MTM0MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTFjMGNkNzdjOWJlZTJmYWRlOGJjYjQzMTBiNWI3MjNkZGI2NWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrpPFLjx2jlM+vbQr9ieyiCw8k6a
XB7cAJHqRci5PUaXjTjwCJgFPIpPlOmW6gzcXUIqBqVWMpFevaGemVb8MAXWDSWX
GI9rxnDIS8/B7vfTSESFFTWSelQ10ONCfStnX/XPw+HAQE6XG7x+QakjaM8P19O4
jY3cWUxLXwKsxfYzeFpVJ8K6v6Mgv3tAKSxV4m3FaNRjBqvXc22hnoe0yZa8+Wss
WJtr4DdefSCNOC559rgr0okU0PGPxsofPV0Fh3asmveHwnULCkJZ1HueiK8ksV45
qrDqdf8NOBPj/RD2EgW68L9pglR2aQ31tVYc0wdsvmjMPUbd8UojVLlWrwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFK4cDNd8m+4vrei8tDELW3I922XfMB8GA1UdIwQY
MBaAFI2mDpAAx1p11n43/gexTgeyLFiHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamFZT2tBREhXblhXZmpmLUI3Rk9CN0lzV0ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS83MjgwNmEtMDM5NC00YWQ1LThlMDQt
YjViOGQwMjQ0OGI4LzEvcmh3TTEzeWI3aS10Nkx5ME1RdGJjajNiWmQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS83MjgwNmEtMDM5NC00YWQ1LThlMDQtYjViOGQwMjQ0OGI4
LzEvamFZT2tBREhXblhXZmpmLUI3Rk9CN0lzV0ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALZFcAwQA
LZFfMA0EAgACMAcDBQMqDE2AMA0GCSqGSIb3DQEBCwUAA4IBAQA+kfzd0je59N8Q
9mlO43+YwVbDX2TwPSgVcyApZFfQonZ+iPYs/oI3x2E2tx7StRiDaKawhMvhAZf5
teFFaOO836zCHz2xShspY2JeRhOc/ttRu4lbVkPJE6I9whc9d0mWH7rC2At6E005
xsY5RTVSAjStPy5559EZ+46sqDfyQ1miPY3/SP1l63R80rok98w2Qa57gUSdaJAr
jZagfMoWOTh1Nn6l4UlLhp2mPwdG5emw6+VoRKHDtykNMOkBv66Y1OcWzpHzCF54
rft74k9ongzgeWXY2zgOt6Cz7gbsH/NYMu9JmohVdO6TaC5Nlm2T5uro1QqOshGc
vHCu1o+k
-----END CERTIFICATE-----