Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/0SyYaQgLQzTmHyjwALNgjgW6Ips.roa
File:                     0SyYaQgLQzTmHyjwALNgjgW6Ips.roa (raw, json)
Hash identifier:          9FZRGxKEG0jtfYGiry8IM0OKO6/JFkO8TxODVgljdw8=
Subject key identifier:   D1:2C:98:69:08:0B:43:34:E6:1F:28:F0:00:B3:60:8E:05:BA:22:9B
Certificate issuer:       /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial:       019421B19DA18234FB59A0661DECA7872A42
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/0SyYaQgLQzTmHyjwALNgjgW6Ips.roa
Signing time:             Wed 01 Jan 2025 11:47:55 +0000
ROA not before:           Wed 01 Jan 2025 11:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213157
IP address blocks:        45.143.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:9d:a1:82:34:fb:59:a0:66:1d:ec:a7:87:2a:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
        Validity
            Not Before: Jan  1 11:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d12c9869080b4334e61f28f000b3608e05ba229b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:80:ce:6b:4e:12:93:0e:eb:e5:a3:b0:7a:ec:
                    7d:14:44:61:c2:fe:19:29:60:76:e7:cc:e3:00:c2:
                    98:22:fc:b0:80:50:9c:06:b3:24:dd:0f:27:ae:3c:
                    3c:e0:cf:cd:98:ae:61:0b:a5:ee:c4:68:c7:01:65:
                    50:62:a5:a8:aa:80:26:90:57:2e:b7:d3:8c:a4:0d:
                    2d:50:1d:f4:94:e5:e3:b9:2e:91:9e:23:85:73:b7:
                    76:a0:a3:05:36:ec:9d:8e:6c:7e:e7:fb:b4:19:74:
                    c7:4e:92:98:b9:2b:4a:6e:d4:40:1b:a6:1e:b2:71:
                    16:ca:68:eb:cb:c1:6b:eb:19:df:bd:dd:5a:22:ba:
                    3e:26:fb:9c:cb:0a:58:10:de:aa:36:84:9b:0c:86:
                    71:ea:0f:b8:20:c8:a0:cc:ab:3f:60:7a:00:79:da:
                    61:bb:72:dc:3a:3a:d5:57:a9:c3:aa:f5:cb:8d:04:
                    dc:24:d3:89:2a:16:a8:95:ca:8c:7e:81:21:6f:d9:
                    ab:f9:44:3c:e0:38:b4:cb:b9:ad:ed:5a:1b:ed:d8:
                    2a:bb:1b:01:66:4e:c0:b5:06:92:2e:39:0f:7f:fb:
                    48:58:71:a9:f7:bf:b0:a6:c2:04:53:d2:e4:e3:a2:
                    4a:9f:17:77:52:15:a8:43:35:54:69:0e:5c:3d:43:
                    53:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:2C:98:69:08:0B:43:34:E6:1F:28:F0:00:B3:60:8E:05:BA:22:9B
            X509v3 Authority Key Identifier:
                keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/0SyYaQgLQzTmHyjwALNgjgW6Ips.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:43:c0:d8:86:df:73:06:2b:23:6a:2b:b1:30:83:a7:39:ee:
         71:06:fa:74:81:fb:4a:a4:63:9f:9b:c2:65:64:ca:a1:5e:d4:
         73:1e:08:e8:d6:72:25:8c:0e:55:ea:2e:32:b5:5c:1c:47:10:
         e3:52:60:6c:2b:d5:08:d8:7b:ae:80:8b:99:e9:c6:9e:1e:b6:
         41:71:ed:e5:6f:31:17:50:01:80:d4:fa:fd:c5:36:82:0b:b6:
         e1:15:4e:f6:c7:8d:54:88:b4:53:60:0f:d7:7e:a1:ac:90:ef:
         5b:48:bb:4d:32:53:10:f3:a7:d6:46:f4:18:f5:6a:86:6d:75:
         ca:09:ad:a7:95:a0:ac:7d:6b:79:2c:ac:ce:cf:10:7b:02:d5:
         28:7c:93:1e:72:b3:6f:a6:d0:d8:6e:ca:dc:e2:ad:e2:9a:b9:
         de:2e:27:e1:6d:c8:ee:15:68:c6:a7:8a:a3:1c:85:aa:19:10:
         a7:d2:a6:00:95:06:b7:0b:da:93:0c:6e:cb:18:61:b3:61:22:
         9d:20:7b:5e:cb:61:ba:4c:94:53:0e:99:e4:f5:7b:22:ef:93:
         b2:1b:66:a6:05:8e:e3:27:cc:0b:10:2c:eb:11:b7:75:a6:69:
         86:f7:6f:91:54:13:c6:2d:57:43:e4:ba:7e:91:33:7b:7c:bf:
         4d:99:8a:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsZ2hgjT7WaBmHeynhypCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjUwMTAxMTE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTJjOTg2OTA4MGI0MzM0ZTYxZjI4ZjAwMGIzNjA4ZTA1YmEyMjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIDOa04Skw7r5aOweux9FERhwv4Z
KWB258zjAMKYIvywgFCcBrMk3Q8nrjw84M/NmK5hC6XuxGjHAWVQYqWoqoAmkFcu
t9OMpA0tUB30lOXjuS6RniOFc7d2oKMFNuydjmx+5/u0GXTHTpKYuStKbtRAG6Ye
snEWymjry8Fr6xnfvd1aIro+JvucywpYEN6qNoSbDIZx6g+4IMigzKs/YHoAedph
u3LcOjrVV6nDqvXLjQTcJNOJKhaolcqMfoEhb9mr+UQ84Di0y7mt7Vob7dgquxsB
Zk7AtQaSLjkPf/tIWHGp97+wpsIEU9Lk46JKnxd3UhWoQzVUaQ5cPUNT3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNEsmGkIC0M05h8o8ACzYI4FuiKbMB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvMFN5WWFRZ0xRelRtSHlqd0FMTmdqZ1c2SXBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY9gMA0G
CSqGSIb3DQEBCwUAA4IBAQBXQ8DYht9zBisjaiuxMIOnOe5xBvp0gftKpGOfm8Jl
ZMqhXtRzHgjo1nIljA5V6i4ytVwcRxDjUmBsK9UI2HuugIuZ6caeHrZBce3lbzEX
UAGA1Pr9xTaCC7bhFU72x41UiLRTYA/XfqGskO9bSLtNMlMQ86fWRvQY9WqGbXXK
Ca2nlaCsfWt5LKzOzxB7AtUofJMecrNvptDYbsrc4q3imrneLifhbcjuFWjGp4qj
HIWqGRCn0qYAlQa3C9qTDG7LGGGzYSKdIHtey2G6TJRTDpnk9Xsi75OyG2amBY7j
J8wLECzrEbd1pmmG92+RVBPGLVdD5Lp+kTN7fL9NmYo5
-----END CERTIFICATE-----