Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/RcpMhaSCPrOQZSJHIH4bqeSnFvs.roa
File:                     RcpMhaSCPrOQZSJHIH4bqeSnFvs.roa (raw, json)
Hash identifier:          lele51wHAEWK/XVJIHQCfJym3fVFBMalctiv8m+ndP4=
Subject key identifier:   45:CA:4C:85:A4:82:3E:B3:90:65:22:47:20:7E:1B:A9:E4:A7:16:FB
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019424B2E6EA5CFC5D2EC0BF4D440E4F9939
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/RcpMhaSCPrOQZSJHIH4bqeSnFvs.roa
Signing time:             Thu 02 Jan 2025 01:48:11 +0000
ROA not before:           Thu 02 Jan 2025 01:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15684
IP address blocks:        159.148.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:e6:ea:5c:fc:5d:2e:c0:bf:4d:44:0e:4f:99:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 01:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45ca4c85a4823eb390652247207e1ba9e4a716fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a5:c4:3a:05:12:f6:f8:d5:6c:5f:19:08:45:
                    4e:c1:c5:a1:10:7a:bc:8c:08:ed:93:01:5e:3e:28:
                    8f:03:3a:86:77:ef:ae:b9:99:dc:d7:f6:4f:49:45:
                    76:65:ef:5c:c8:88:02:eb:85:b2:18:fd:f0:3f:ba:
                    1b:76:4b:7d:ef:bd:46:f9:9a:1d:29:5b:b7:a0:c7:
                    1a:82:8e:16:72:96:98:9e:97:a7:b7:a7:7c:86:86:
                    18:56:d2:c2:04:dd:e0:ac:60:a3:9a:3a:4a:81:bc:
                    35:0b:be:9a:08:f2:14:55:76:96:90:2d:79:3d:d4:
                    d4:bd:d6:7c:88:85:af:82:fd:ac:99:54:4d:51:ce:
                    30:78:0d:f7:dd:d4:3d:10:ea:eb:a9:7a:c3:5e:ee:
                    50:3f:9a:8c:59:0c:65:56:2a:19:c6:3d:ac:cc:e1:
                    3b:92:c3:f8:41:82:01:b6:59:ae:79:d1:10:fd:d1:
                    17:94:f0:27:bc:99:91:86:7b:14:4f:ef:f5:fc:26:
                    ee:bd:ef:c1:2a:7e:45:c3:28:ea:b6:ed:25:5a:77:
                    b9:a5:ec:c3:e0:e6:79:cb:03:fd:f0:3d:17:1b:18:
                    e2:f8:85:c7:25:68:4f:91:08:2e:fb:18:ae:e6:b4:
                    10:7d:3d:b6:3d:16:b7:83:1b:41:2d:ac:24:07:15:
                    56:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:CA:4C:85:A4:82:3E:B3:90:65:22:47:20:7E:1B:A9:E4:A7:16:FB
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/RcpMhaSCPrOQZSJHIH4bqeSnFvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:a7:3d:d5:88:12:23:ad:4a:7d:69:c1:03:c2:ff:48:92:d1:
         1b:d4:40:18:14:eb:d2:c3:26:b2:8f:97:98:ff:bf:82:68:9a:
         c3:62:7a:af:62:a4:97:7a:86:51:28:67:28:3f:b4:82:ae:08:
         13:c9:61:71:09:d3:40:86:9c:cd:4d:40:82:d3:7d:e8:2a:42:
         8d:4a:26:05:24:48:1a:4f:bf:d7:20:ee:7f:07:27:46:93:45:
         ee:f2:b7:ee:7a:15:72:33:8b:f6:93:b4:b4:40:47:4c:c7:07:
         35:fb:67:fb:05:01:76:b2:90:52:45:e6:15:6a:a5:07:27:65:
         30:11:1d:9e:b1:00:1b:3a:db:2d:66:18:34:c0:2a:26:b6:b8:
         ac:e3:37:c5:c4:0b:bb:d1:d1:06:09:ff:62:cf:c1:06:96:53:
         2a:92:fe:7c:59:77:eb:01:4d:69:72:4e:11:2d:f2:5f:af:52:
         51:ae:7d:87:10:a9:c4:de:e1:67:21:6c:9d:ec:6e:2e:51:2e:
         d6:fe:ab:46:87:db:73:5d:f9:db:02:e7:b5:98:a9:9b:59:a1:
         41:ab:02:5f:fa:a0:23:e9:e3:33:ea:24:93:74:28:ce:e9:69:
         65:54:17:d3:af:41:d8:15:75:21:15:2d:27:fa:a6:53:7a:c1:
         13:17:e8:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksubqXPxdLsC/TUQOT5k5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUwMTAyMDE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWNhNGM4NWE0ODIzZWIzOTA2NTIyNDcyMDdlMWJhOWU0YTcxNmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaXEOgUS9vjVbF8ZCEVOwcWhEHq8
jAjtkwFePiiPAzqGd++uuZnc1/ZPSUV2Ze9cyIgC64WyGP3wP7obdkt9771G+Zod
KVu3oMcago4WcpaYnpent6d8hoYYVtLCBN3grGCjmjpKgbw1C76aCPIUVXaWkC15
PdTUvdZ8iIWvgv2smVRNUc4weA333dQ9EOrrqXrDXu5QP5qMWQxlVioZxj2szOE7
ksP4QYIBtlmuedEQ/dEXlPAnvJmRhnsUT+/1/Cbuve/BKn5Fwyjqtu0lWne5pezD
4OZ5ywP98D0XGxji+IXHJWhPkQgu+xiu5rQQfT22PRa3gxtBLawkBxVWCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEXKTIWkgj6zkGUiRyB+G6nkpxb7MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvUmNwTWhhU0NQck9RWlNKSElINGJxZVNuRnZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5TQMA0G
CSqGSIb3DQEBCwUAA4IBAQDCpz3ViBIjrUp9acEDwv9IktEb1EAYFOvSwyayj5eY
/7+CaJrDYnqvYqSXeoZRKGcoP7SCrggTyWFxCdNAhpzNTUCC033oKkKNSiYFJEga
T7/XIO5/BydGk0Xu8rfuehVyM4v2k7S0QEdMxwc1+2f7BQF2spBSReYVaqUHJ2Uw
ER2esQAbOtstZhg0wComtris4zfFxAu70dEGCf9iz8EGllMqkv58WXfrAU1pck4R
LfJfr1JRrn2HEKnE3uFnIWyd7G4uUS7W/qtGh9tzXfnbAue1mKmbWaFBqwJf+qAj
6eMz6iSTdCjO6WllVBfTr0HYFXUhFS0n+qZTesETF+ia
-----END CERTIFICATE-----