Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/1LTqADwjB0rWZquwxB-CdfA1rEU.roa
File:                     1LTqADwjB0rWZquwxB-CdfA1rEU.roa (raw, json)
Hash identifier:          x0CsBlAzdNn1FO9d3SRxgbi92hpJARNsfLcoirakUmo=
Subject key identifier:   D4:B4:EA:00:3C:23:07:4A:D6:66:AB:B0:C4:1F:82:75:F0:35:AC:45
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       01981E354B6AD5D66DB0CE98A53EE75AA506
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/1LTqADwjB0rWZquwxB-CdfA1rEU.roa
Signing time:             Fri 18 Jul 2025 15:44:25 +0000
ROA not before:           Fri 18 Jul 2025 15:44:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.154.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1e:35:4b:6a:d5:d6:6d:b0:ce:98:a5:3e:e7:5a:a5:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Jul 18 15:44:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4b4ea003c23074ad666abb0c41f8275f035ac45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e7:db:25:8f:86:17:6f:bc:89:be:18:aa:69:
                    6a:e5:cf:5e:88:41:00:ba:3a:51:47:97:f4:55:27:
                    8d:6e:55:f9:de:49:2a:8c:f5:d0:8e:a8:fb:b2:a2:
                    10:19:99:af:58:7b:5a:03:04:97:b6:c1:ab:07:60:
                    ac:ea:cd:9d:81:4f:6c:99:1a:b7:a2:aa:e0:e2:77:
                    d9:94:69:ea:b9:40:ba:f5:68:ce:e2:ec:62:90:8f:
                    63:af:f4:f4:bd:ed:b4:f5:c4:9d:bb:4c:22:31:d9:
                    96:e6:d3:56:c5:0e:c2:8f:84:e8:94:10:f2:73:a8:
                    e4:d4:9e:5f:7d:c9:02:d7:b0:5b:9c:05:53:82:14:
                    18:de:3e:04:7d:4a:50:9b:42:19:61:a1:bd:1d:7c:
                    b8:d2:23:9d:89:84:eb:c1:9d:a9:85:1f:83:cd:a9:
                    ee:fe:f8:ff:cf:c5:4c:85:8d:32:d9:5d:e8:6b:41:
                    64:ad:ed:5e:b8:8b:df:1b:5d:fc:cf:38:ac:e6:f0:
                    79:4a:05:75:0a:8c:78:97:a4:e0:19:18:cc:da:9d:
                    a4:5f:6b:03:cb:0b:3d:da:a6:6b:51:e9:b4:3c:bb:
                    00:c1:d3:1b:6a:2e:b7:eb:26:0c:61:c6:d1:fb:d2:
                    a9:bf:9b:d3:ed:fa:3d:88:60:af:8e:b4:bd:e0:55:
                    11:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:B4:EA:00:3C:23:07:4A:D6:66:AB:B0:C4:1F:82:75:F0:35:AC:45
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/1LTqADwjB0rWZquwxB-CdfA1rEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:49:15:8c:b2:b4:d6:d5:eb:70:0d:b3:e9:1d:a4:5d:47:27:
         a0:f1:18:0c:e7:0f:ec:39:73:3a:88:55:89:25:01:7d:dc:dd:
         18:c8:66:1c:ce:70:83:5a:54:88:b3:a9:c9:5e:54:08:c2:47:
         84:92:96:46:55:ae:90:fb:0d:a1:99:3f:6a:ca:2f:0c:a9:ff:
         bf:93:9c:25:12:9f:72:8a:fb:ff:a3:e1:51:00:ec:4f:37:01:
         10:74:f4:49:dd:08:f4:ab:1f:06:d7:8d:0d:43:e7:2e:ce:0c:
         0c:f4:00:d6:c3:41:fa:d2:d1:f7:35:5b:27:4d:b0:b8:83:be:
         b9:d4:3b:34:fe:e7:69:bc:aa:84:60:53:ef:60:dd:2d:62:3d:
         b5:d6:bb:45:4c:53:6f:5c:70:7c:13:a0:44:25:32:46:6f:f6:
         92:dc:f3:2f:4d:5c:b1:72:69:22:71:88:1e:60:7e:fd:20:6f:
         3a:d3:fd:a9:e2:57:88:a2:58:86:bf:b3:e5:72:38:f6:0c:20:
         8b:c0:46:c7:ad:0a:3a:cc:33:26:a0:4f:63:4b:03:c8:82:4a:
         51:59:b0:53:8b:01:15:de:57:20:47:7e:63:82:c7:be:ab:b4:
         0b:36:8f:84:ad:51:f9:c2:3d:87:59:4d:84:e6:15:7d:23:c4:
         57:d7:3e:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgeNUtq1dZtsM6YpT7nWqUGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwNzE4MTU0NDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGI0ZWEwMDNjMjMwNzRhZDY2NmFiYjBjNDFmODI3NWYwMzVhYzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOfbJY+GF2+8ib4Yqmlq5c9eiEEA
ujpRR5f0VSeNblX53kkqjPXQjqj7sqIQGZmvWHtaAwSXtsGrB2Cs6s2dgU9smRq3
oqrg4nfZlGnquUC69WjO4uxikI9jr/T0ve209cSdu0wiMdmW5tNWxQ7Cj4TolBDy
c6jk1J5ffckC17BbnAVTghQY3j4EfUpQm0IZYaG9HXy40iOdiYTrwZ2phR+Dzanu
/vj/z8VMhY0y2V3oa0Fkre1euIvfG138zzis5vB5SgV1Cox4l6TgGRjM2p2kX2sD
yws92qZrUem0PLsAwdMbai636yYMYcbR+9Kpv5vT7fo9iGCvjrS94FURUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNS06gA8IwdK1marsMQfgnXwNaxFMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvMUxUcUFEd2pCMHJXWnF1d3hCLUNkZkExckVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZqdMA0G
CSqGSIb3DQEBCwUAA4IBAQCmSRWMsrTW1etwDbPpHaRdRyeg8RgM5w/sOXM6iFWJ
JQF93N0YyGYcznCDWlSIs6nJXlQIwkeEkpZGVa6Q+w2hmT9qyi8Mqf+/k5wlEp9y
ivv/o+FRAOxPNwEQdPRJ3Qj0qx8G140NQ+cuzgwM9ADWw0H60tH3NVsnTbC4g765
1Ds0/udpvKqEYFPvYN0tYj211rtFTFNvXHB8E6BEJTJGb/aS3PMvTVyxcmkicYge
YH79IG860/2p4leIoliGv7Plcjj2DCCLwEbHrQo6zDMmoE9jSwPIgkpRWbBTiwEV
3lcgR35jgse+q7QLNo+ErVH5wj2HWU2E5hV9I8RX1z7s
-----END CERTIFICATE-----