Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/1oM3GP4XRi0mqDBcN0k0C4RTdHY.roa
File:                     1oM3GP4XRi0mqDBcN0k0C4RTdHY.roa (raw, json)
Hash identifier:          Eqko1gSCAK/Ec5hGsjBzpPB0Hmmto77uxcqKM6nkuos=
Subject key identifier:   D6:83:37:18:FE:17:46:2D:26:A8:30:5C:37:49:34:0B:84:53:74:76
Certificate issuer:       /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial:       019421B19B42413E41DBAF1751AF59BFF9E1
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/1oM3GP4XRi0mqDBcN0k0C4RTdHY.roa
Signing time:             Wed 01 Jan 2025 11:47:55 +0000
ROA not before:           Wed 01 Jan 2025 11:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208198
IP address blocks:        45.10.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 13:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:9b:42:41:3e:41:db:af:17:51:af:59:bf:f9:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
        Validity
            Not Before: Jan  1 11:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6833718fe17462d26a8305c3749340b84537476
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:5d:30:b9:87:5e:3b:0f:49:8b:8c:27:fd:d5:
                    23:cf:17:7e:2b:a6:c7:f8:87:57:93:86:58:b6:f0:
                    b0:85:50:5a:ab:89:2e:63:bb:0e:6c:64:14:73:87:
                    e9:bb:9a:f0:3a:68:43:75:d7:75:d5:08:90:9b:09:
                    e6:5d:c8:6b:e3:95:85:f4:98:de:fd:dd:d1:4b:69:
                    87:57:a7:05:a8:16:51:df:87:53:e2:cc:be:b7:de:
                    41:0c:73:a4:34:d6:22:7e:64:5f:02:e1:4d:a6:42:
                    4d:4f:c6:cd:bd:aa:70:d0:76:b6:27:b8:b4:b9:ad:
                    27:f7:fc:d7:d9:37:ca:98:63:20:78:eb:11:cf:f8:
                    cc:6f:4c:9e:1c:6b:5c:5c:5b:87:9b:8d:ce:e6:27:
                    e2:66:27:78:79:b5:d6:82:9e:9a:c4:d8:bc:95:3c:
                    47:ee:b7:77:14:f8:ab:63:9d:05:f2:90:4e:0e:a7:
                    c2:11:ab:1e:aa:fa:eb:e7:0d:dd:14:a1:22:2b:3d:
                    52:a9:de:5f:ff:34:04:bb:ab:f3:7c:cf:78:e7:9e:
                    b7:4d:87:9b:5c:a7:66:7e:24:5d:29:ff:02:e4:40:
                    75:14:e4:d0:fc:c8:49:69:e2:0f:6c:23:76:b8:e3:
                    62:1e:ee:17:6c:c5:52:a5:6d:74:e2:bd:76:de:3a:
                    81:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:83:37:18:FE:17:46:2D:26:A8:30:5C:37:49:34:0B:84:53:74:76
            X509v3 Authority Key Identifier:
                keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/1oM3GP4XRi0mqDBcN0k0C4RTdHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:05:32:7e:f1:45:e4:ba:96:b8:84:ea:54:aa:1e:a4:9f:77:
         8e:8b:f5:75:77:fa:c4:ba:ec:64:1a:a7:0d:75:f8:be:ea:04:
         1b:91:cc:a3:f6:c9:b8:06:ee:8e:48:d2:0c:3b:3c:cf:10:2d:
         45:a5:0a:2b:e2:c6:df:e9:93:a9:f7:4b:01:70:00:68:a3:7e:
         db:88:db:b7:ce:1b:4a:60:f1:b7:6e:45:f9:bb:92:0c:39:d5:
         27:cd:e6:3a:82:48:4c:7e:2c:7d:b6:40:d8:b9:c0:52:42:c1:
         c6:03:52:98:b6:ca:5c:b5:23:e2:ee:ae:a2:dc:47:a1:98:82:
         6a:88:98:9a:7f:3a:63:a9:88:2d:ff:1f:19:f9:c9:34:ec:e8:
         9a:12:d0:6a:29:0e:08:7b:8a:4e:42:65:11:fb:cd:59:62:ec:
         09:56:f5:d4:3f:fc:96:7c:ba:e6:50:68:9a:cc:52:90:82:70:
         16:b7:5e:5f:2d:60:cd:99:0b:50:24:06:7a:bc:71:72:f1:2d:
         01:2e:b9:38:40:09:e8:c9:a9:73:a1:ed:de:0e:fd:02:3a:15:
         76:92:7c:7c:2d:8b:5a:86:bc:c6:5b:25:a3:2f:b7:a2:5e:74:
         67:0f:03:1b:fd:07:50:bf:c3:49:ad:f4:4a:78:f2:41:c9:4f:
         33:1a:b9:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsZtCQT5B268XUa9Zv/nhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjUwMTAxMTE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjgzMzcxOGZlMTc0NjJkMjZhODMwNWMzNzQ5MzQwYjg0NTM3NDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnl0wuYdeOw9Ji4wn/dUjzxd+K6bH
+IdXk4ZYtvCwhVBaq4kuY7sObGQUc4fpu5rwOmhDddd11QiQmwnmXchr45WF9Jje
/d3RS2mHV6cFqBZR34dT4sy+t95BDHOkNNYifmRfAuFNpkJNT8bNvapw0Ha2J7i0
ua0n9/zX2TfKmGMgeOsRz/jMb0yeHGtcXFuHm43O5ifiZid4ebXWgp6axNi8lTxH
7rd3FPirY50F8pBODqfCEaseqvrr5w3dFKEiKz1Sqd5f/zQEu6vzfM945563TYeb
XKdmfiRdKf8C5EB1FOTQ/MhJaeIPbCN2uONiHu4XbMVSpW104r123jqB2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNaDNxj+F0YtJqgwXDdJNAuEU3R2MB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvMW9NM0dQNFhSaTBtcURCY04wazBDNFJUZEhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQqVMA0G
CSqGSIb3DQEBCwUAA4IBAQBbBTJ+8UXkupa4hOpUqh6kn3eOi/V1d/rEuuxkGqcN
dfi+6gQbkcyj9sm4Bu6OSNIMOzzPEC1FpQor4sbf6ZOp90sBcABoo37biNu3zhtK
YPG3bkX5u5IMOdUnzeY6gkhMfix9tkDYucBSQsHGA1KYtspctSPi7q6i3EehmIJq
iJiafzpjqYgt/x8Z+ck07OiaEtBqKQ4Ie4pOQmUR+81ZYuwJVvXUP/yWfLrmUGia
zFKQgnAWt15fLWDNmQtQJAZ6vHFy8S0BLrk4QAnoyalzoe3eDv0COhV2knx8LYta
hrzGWyWjL7eiXnRnDwMb/QdQv8NJrfRKePJByU8zGrk+
-----END CERTIFICATE-----