Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/yNgpBLQm6ELi-mIexk0YaTfXxb4.roa
File:                     yNgpBLQm6ELi-mIexk0YaTfXxb4.roa (raw, json)
Hash identifier:          pd8PpO8asVpf3qyRi+SsT0Kl6uLeF6RLa31NmZBcfSI=
Subject key identifier:   C8:D8:29:04:B4:26:E8:42:E2:FA:62:1E:C6:4D:18:69:37:D7:C5:BE
Certificate issuer:       /CN=3a00807698f0b097d69ab3926917d1dcc838a624
Certificate serial:       019679B0C61600DC8B8E728060E5DAF6871C
Authority key identifier: 3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/yNgpBLQm6ELi-mIexk0YaTfXxb4.roa
Signing time:             Sun 27 Apr 2025 23:59:10 +0000
ROA not before:           Sun 27 Apr 2025 23:59:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     328543
IP address blocks:        45.81.34.0/23 maxlen: 24
                          45.150.236.0/22 maxlen: 24
                          2a0e:4c80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:79:b0:c6:16:00:dc:8b:8e:72:80:60:e5:da:f6:87:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a00807698f0b097d69ab3926917d1dcc838a624
        Validity
            Not Before: Apr 27 23:59:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8d82904b426e842e2fa621ec64d186937d7c5be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ea:45:f0:20:70:76:2e:67:44:58:18:d9:06:
                    00:a7:1d:c4:b5:bb:c4:8f:17:6a:9a:91:6b:84:39:
                    1b:4e:a5:ce:54:18:02:17:3a:1a:13:f8:28:15:14:
                    d3:28:01:76:8d:5c:43:30:1b:2a:ae:89:2e:c8:95:
                    ef:89:7b:9d:fd:84:93:e3:27:2b:63:6f:20:1f:f3:
                    cf:e3:66:8b:e6:e2:3b:1a:ad:ae:cd:8e:59:4d:b9:
                    f8:14:22:02:11:3e:0e:2c:05:c2:89:5b:5a:f3:01:
                    0b:9a:da:b3:86:2d:e6:55:f1:b9:34:33:6a:82:5c:
                    88:a8:b0:aa:ff:2b:c0:eb:54:7c:74:52:de:2c:5f:
                    14:a4:03:ce:35:41:74:37:82:5e:84:c8:2e:af:d5:
                    d9:90:7c:a1:ee:8c:db:11:43:2e:01:dd:7c:33:2b:
                    2c:e0:68:f1:79:30:8b:3a:cc:f2:c8:70:d3:00:24:
                    28:23:94:c4:98:26:9f:fe:36:be:7c:78:3d:73:70:
                    77:1b:02:b0:e3:c8:64:8a:d2:a3:0b:d7:8e:bc:c4:
                    78:fd:e7:33:43:a6:fb:d7:1d:07:87:38:b2:68:8c:
                    0b:a4:2e:1f:fe:db:ff:97:9f:c4:88:a0:df:e0:d6:
                    16:e2:22:cf:48:9a:39:e5:70:fb:c7:79:45:95:cf:
                    b8:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:D8:29:04:B4:26:E8:42:E2:FA:62:1E:C6:4D:18:69:37:D7:C5:BE
            X509v3 Authority Key Identifier:
                keyid:3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/yNgpBLQm6ELi-mIexk0YaTfXxb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.34.0/23
                  45.150.236.0/22
                IPv6:
                  2a0e:4c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:8d:88:46:da:ae:49:e6:e8:6e:63:2a:11:b0:71:83:63:b5:
         dc:84:ad:6a:6f:53:d5:1e:e8:f3:95:aa:06:96:5e:43:05:27:
         03:49:ec:fb:e8:30:43:9f:d3:ff:a7:24:68:d2:95:d2:29:79:
         54:3d:02:b7:b7:15:ae:cb:96:82:cd:da:30:25:dd:ab:28:7c:
         f6:d3:cd:6c:41:1a:df:07:06:bb:e9:13:3d:86:94:ed:68:d0:
         28:3b:e7:ab:5d:19:63:b6:93:23:e9:e2:34:7c:e2:10:57:d0:
         47:99:98:c9:9f:07:5b:14:28:cb:b4:50:5e:10:23:ba:26:8b:
         ac:67:2c:10:1b:d3:d1:5e:e5:f7:45:9a:71:8f:08:ed:c6:df:
         b2:17:e2:71:ee:f4:5a:e2:34:8c:09:26:47:01:f5:88:88:ea:
         ee:b7:d8:67:e2:ca:cc:e5:3b:56:f1:e9:5a:35:a0:81:bf:ee:
         4a:20:8e:ab:c0:7b:e9:6d:03:e3:83:a4:66:2c:5c:53:2e:8e:
         44:37:21:57:87:e0:c9:98:c0:13:13:dd:4d:e4:f9:64:a3:b4:
         db:cc:d8:18:89:9c:ed:5c:cd:68:a4:6c:e3:4b:ec:45:a2:50:
         dd:e9:a9:f2:ec:52:8d:e5:7b:b8:20:57:8d:f4:6c:ab:5f:9b:
         d7:a1:e8:79
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZZ5sMYWANyLjnKAYOXa9occMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDA4MDc2OThmMGIwOTdkNjlhYjM5MjY5MTdkMWRjYzgz
OGE2MjQwHhcNMjUwNDI3MjM1OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGQ4MjkwNGI0MjZlODQyZTJmYTYyMWVjNjRkMTg2OTM3ZDdjNWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtupF8CBwdi5nRFgY2QYApx3EtbvE
jxdqmpFrhDkbTqXOVBgCFzoaE/goFRTTKAF2jVxDMBsqrokuyJXviXud/YST4ycr
Y28gH/PP42aL5uI7Gq2uzY5ZTbn4FCICET4OLAXCiVta8wELmtqzhi3mVfG5NDNq
glyIqLCq/yvA61R8dFLeLF8UpAPONUF0N4JehMgur9XZkHyh7ozbEUMuAd18Myss
4GjxeTCLOszyyHDTACQoI5TEmCaf/ja+fHg9c3B3GwKw48hkitKjC9eOvMR4/ecz
Q6b71x0HhziyaIwLpC4f/tv/l5/EiKDf4NYW4iLPSJo55XD7x3lFlc+4lQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMjYKQS0JuhC4vpiHsZNGGk318W+MB8GA1UdIwQY
MBaAFDoAgHaY8LCX1pqzkmkX0dzIOKYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMt
MTZhZmM0ZGZmZGQ0LzEveU5ncEJMUW02RUxpLW1JZXhrMFlhVGZYeGI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMtMTZhZmM0ZGZmZGQ0
LzEvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBLVEiAwQC
LZbsMA0EAgACMAcDBQMqDkyAMA0GCSqGSIb3DQEBCwUAA4IBAQARjYhG2q5J5uhu
YyoRsHGDY7XchK1qb1PVHujzlaoGll5DBScDSez76DBDn9P/pyRo0pXSKXlUPQK3
txWuy5aCzdowJd2rKHz2081sQRrfBwa76RM9hpTtaNAoO+erXRljtpMj6eI0fOIQ
V9BHmZjJnwdbFCjLtFBeECO6JousZywQG9PRXuX3RZpxjwjtxt+yF+Jx7vRa4jSM
CSZHAfWIiOrut9hn4srM5TtW8elaNaCBv+5KII6rwHvpbQPjg6RmLFxTLo5ENyFX
h+DJmMATE91N5Plko7TbzNgYiZztXM1opGzjS+xFolDd6any7FKN5Xu4IFeN9Gyr
X5vXoeh5
-----END CERTIFICATE-----