Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/EroWFxcSxy25LpPwAVY8mzY9O1Y.roa
File:                     EroWFxcSxy25LpPwAVY8mzY9O1Y.roa (raw, json)
Hash identifier:          GmijQ5rST35YchIuF2AZrefGsTJZ9/vl8Nyf0UaPmBQ=
Subject key identifier:   12:BA:16:17:17:12:C7:2D:B9:2E:93:F0:01:56:3C:9B:36:3D:3B:56
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019807FCDE510802DA8E5C5B6655FBAC4B4F
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/EroWFxcSxy25LpPwAVY8mzY9O1Y.roa
Signing time:             Mon 14 Jul 2025 08:11:09 +0000
ROA not before:           Mon 14 Jul 2025 08:11:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34534
IP address blocks:        45.152.162.0/24 maxlen: 24
                          45.152.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:07:fc:de:51:08:02:da:8e:5c:5b:66:55:fb:ac:4b:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jul 14 08:11:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=12ba16171712c72db92e93f001563c9b363d3b56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:01:ec:37:37:b4:7f:e5:d2:a0:0f:ac:56:0a:
                    aa:91:2a:37:7a:2c:d3:5d:37:1d:a1:34:fa:b1:3d:
                    87:51:15:9e:2f:26:37:81:61:d5:3b:55:1c:b5:77:
                    20:a5:e1:17:dd:3e:56:32:d5:30:11:96:f9:e9:40:
                    a8:bc:50:d0:2e:a5:29:92:4f:62:99:cd:62:62:da:
                    be:e4:7c:44:14:df:00:7b:1c:03:0b:d7:19:86:a8:
                    b2:ac:3f:17:88:fa:fe:ea:8e:68:d1:a6:6f:dc:dc:
                    5b:95:ce:c3:89:33:be:2f:13:dd:ec:0c:48:85:0f:
                    1d:3a:53:d4:26:40:37:3d:b2:0c:13:28:a2:0a:98:
                    a8:26:ab:e7:a4:fa:64:7a:34:23:6f:f0:63:f0:7f:
                    b4:46:53:32:2a:56:ac:37:84:d1:16:34:bc:c7:87:
                    cb:40:fd:f5:dc:59:55:4a:65:a1:91:ae:74:12:df:
                    40:77:1e:15:93:41:49:e9:e1:03:1f:87:fd:bf:96:
                    df:a1:45:98:ed:32:6f:ff:64:7e:14:c7:5b:37:30:
                    48:6d:c8:7c:05:a9:60:72:69:7b:2f:0d:3a:a1:d5:
                    e6:72:6c:7b:fe:0c:73:6b:86:97:ea:65:3f:0d:87:
                    a6:21:71:2b:33:7e:3e:d0:1d:6c:fc:40:3d:0b:c2:
                    6d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:BA:16:17:17:12:C7:2D:B9:2E:93:F0:01:56:3C:9B:36:3D:3B:56
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/EroWFxcSxy25LpPwAVY8mzY9O1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:6c:cb:26:dd:e7:ce:30:9a:c4:4e:35:1d:7a:ad:3e:eb:e5:
         7c:e3:e4:91:a0:2f:95:71:09:66:cf:bc:32:98:05:13:48:ad:
         93:a7:71:f3:66:c4:0d:1c:98:06:6c:d8:df:70:4c:96:0f:9b:
         1a:8d:32:a2:a1:d2:60:4c:5c:f7:fc:5d:6b:99:39:6d:db:c2:
         9f:11:2b:9f:b6:c7:e6:97:e7:59:df:de:fa:2a:d8:91:52:9b:
         3c:dd:80:0c:53:c8:bd:f7:81:ef:87:be:d1:55:71:26:79:2c:
         be:d3:05:af:39:34:12:92:a4:a1:5c:ee:16:dc:49:22:fc:7e:
         01:c7:ca:b0:37:01:09:55:a5:2f:3e:be:64:6f:69:00:c8:82:
         33:b6:8f:ed:c5:40:36:af:35:39:cc:00:5d:2f:66:ba:ea:21:
         9f:e2:ae:85:22:b6:12:f5:b8:b1:d3:37:45:85:a5:2c:d5:18:
         1d:89:68:8b:ba:af:75:42:a5:6a:1a:6c:5d:81:b1:8c:79:6f:
         56:8b:23:09:72:38:0a:d0:ff:76:c7:ce:94:67:90:27:e1:8d:
         9c:b6:a1:eb:98:9f:54:8e:3f:01:18:9d:69:bb:6a:48:8b:e0:
         c9:8f:dc:4d:35:f6:3d:c2:a9:d3:cc:55:5c:ff:e5:38:a2:f6:
         0e:e3:9c:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgH/N5RCALajlxbZlX7rEtPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwNzE0MDgxMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmJhMTYxNzE3MTJjNzJkYjkyZTkzZjAwMTU2M2M5YjM2M2QzYjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0AHsNze0f+XSoA+sVgqqkSo3eizT
XTcdoTT6sT2HURWeLyY3gWHVO1UctXcgpeEX3T5WMtUwEZb56UCovFDQLqUpkk9i
mc1iYtq+5HxEFN8AexwDC9cZhqiyrD8XiPr+6o5o0aZv3Nxblc7DiTO+LxPd7AxI
hQ8dOlPUJkA3PbIMEyiiCpioJqvnpPpkejQjb/Bj8H+0RlMyKlasN4TRFjS8x4fL
QP313FlVSmWhka50Et9Adx4Vk0FJ6eEDH4f9v5bfoUWY7TJv/2R+FMdbNzBIbch8
Balgcml7Lw06odXmcmx7/gxza4aX6mU/DYemIXErM34+0B1s/EA9C8JtdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBK6FhcXEsctuS6T8AFWPJs2PTtWMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvRXJvV0Z4Y1N4eTI1THBQd0FWWThtelk5TzFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZiiMA0G
CSqGSIb3DQEBCwUAA4IBAQChbMsm3efOMJrETjUdeq0+6+V84+SRoC+VcQlmz7wy
mAUTSK2Tp3HzZsQNHJgGbNjfcEyWD5sajTKiodJgTFz3/F1rmTlt28KfESuftsfm
l+dZ3976KtiRUps83YAMU8i994Hvh77RVXEmeSy+0wWvOTQSkqShXO4W3Eki/H4B
x8qwNwEJVaUvPr5kb2kAyIIzto/txUA2rzU5zABdL2a66iGf4q6FIrYS9bix0zdF
haUs1RgdiWiLuq91QqVqGmxdgbGMeW9WiyMJcjgK0P92x86UZ5An4Y2ctqHrmJ9U
jj8BGJ1pu2pIi+DJj9xNNfY9wqnTzFVc/+U4ovYO45wi
-----END CERTIFICATE-----