Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/G2YMUT8WZMSTQ7MK3_Sp1FETDAk.roa
File:                     G2YMUT8WZMSTQ7MK3_Sp1FETDAk.roa (raw, json)
Hash identifier:          hIMlTU+DT4A6A7uZvfD/8ICFCxVi5QCIz8WhtkNI7dw=
Subject key identifier:   1B:66:0C:51:3F:16:64:C4:93:43:B3:0A:DF:F4:A9:D4:51:13:0C:09
Certificate issuer:       /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial:       0197F76879F1C5F0873B7B7C744176BE86CE
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/G2YMUT8WZMSTQ7MK3_Sp1FETDAk.roa
Signing time:             Fri 11 Jul 2025 02:55:08 +0000
ROA not before:           Fri 11 Jul 2025 02:55:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9465
IP address blocks:        45.142.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f7:68:79:f1:c5:f0:87:3b:7b:7c:74:41:76:be:86:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
        Validity
            Not Before: Jul 11 02:55:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b660c513f1664c49343b30adff4a9d451130c09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:a9:61:87:f2:1d:a8:78:90:6c:89:47:1c:36:
                    29:3e:23:9f:98:7d:0d:07:8e:1a:3c:f4:db:a1:64:
                    03:7a:0c:58:34:83:2e:ea:b9:6b:fe:23:15:d9:66:
                    7f:c9:9b:21:dd:05:37:77:af:8a:ac:11:da:98:c0:
                    5e:6c:4c:04:3d:73:11:8d:25:17:16:56:b0:6e:00:
                    12:e1:53:22:56:0e:3c:f2:22:ed:03:1f:af:1e:9a:
                    70:ee:31:15:be:6f:4a:85:c8:39:89:66:22:2b:93:
                    ca:25:18:29:1e:bb:5a:0a:99:81:5c:d3:8a:54:f3:
                    66:11:5d:17:c7:87:93:15:b3:3b:55:21:26:22:91:
                    2f:72:44:ac:73:f6:cb:0c:41:ea:8f:98:82:ee:ce:
                    65:9c:c7:b6:1d:17:6e:18:c9:0f:02:93:d0:9d:ea:
                    e5:8b:ba:65:48:66:b7:a5:f4:b9:34:b3:d9:e8:c6:
                    dc:14:cb:b1:53:c3:56:72:c0:0f:ce:71:c0:33:2b:
                    6c:dc:48:be:57:74:db:45:06:aa:4f:c5:f1:81:98:
                    7e:d9:03:75:72:40:18:86:7e:46:7d:da:bb:ca:f8:
                    70:69:c4:7b:fe:b3:08:3d:05:7d:1a:3b:70:aa:bf:
                    df:31:3c:8b:c4:5c:f2:f9:84:5d:2c:25:fa:8e:61:
                    7e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:66:0C:51:3F:16:64:C4:93:43:B3:0A:DF:F4:A9:D4:51:13:0C:09
            X509v3 Authority Key Identifier:
                keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/G2YMUT8WZMSTQ7MK3_Sp1FETDAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:8e:78:4e:40:00:a9:f8:d9:2b:5a:ec:e1:f0:d3:45:98:4f:
         b1:5c:75:bf:bf:0d:34:8b:97:ba:f9:c3:e8:ae:f0:45:f3:5b:
         38:cf:13:6a:11:96:42:ba:5b:c8:a9:77:84:a6:a9:ce:70:79:
         15:d2:31:30:b2:34:94:2e:50:30:41:92:02:38:33:8b:78:49:
         d9:02:bf:2a:f8:a7:36:8e:19:0e:f9:ea:8c:13:a9:ba:d9:06:
         43:3b:49:22:26:5a:27:6d:6f:6b:2f:dc:d6:d2:47:af:7f:ce:
         c5:d8:7c:7f:fd:6f:0b:b2:d7:1b:fe:44:e5:3b:91:93:ee:5c:
         7f:20:b1:a0:67:84:0b:49:aa:50:b1:26:4a:b9:92:c9:b8:44:
         28:7b:54:84:1c:67:50:9d:66:e5:da:47:c0:a6:70:1f:bf:34:
         09:f3:b4:92:3d:a0:1c:41:8f:f3:6a:41:59:73:36:8c:6a:1b:
         e4:00:14:04:06:d9:a2:80:c2:bd:ce:19:4b:ac:96:41:6b:5e:
         c9:73:77:cf:8f:bd:b1:d4:ed:15:47:56:19:3b:90:93:ba:1f:
         3b:2a:87:a5:da:8e:15:86:a9:b9:91:16:b6:1e:58:1d:46:21:
         9d:47:25:07:06:ae:76:ca:60:02:3e:a6:1a:fa:a0:36:6d:b5:
         ac:ad:20:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf3aHnxxfCHO3t8dEF2vobOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjUwNzExMDI1NTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjY2MGM1MTNmMTY2NGM0OTM0M2IzMGFkZmY0YTlkNDUxMTMwYzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKlhh/IdqHiQbIlHHDYpPiOfmH0N
B44aPPTboWQDegxYNIMu6rlr/iMV2WZ/yZsh3QU3d6+KrBHamMBebEwEPXMRjSUX
FlawbgAS4VMiVg488iLtAx+vHppw7jEVvm9Khcg5iWYiK5PKJRgpHrtaCpmBXNOK
VPNmEV0Xx4eTFbM7VSEmIpEvckSsc/bLDEHqj5iC7s5lnMe2HRduGMkPApPQnerl
i7plSGa3pfS5NLPZ6MbcFMuxU8NWcsAPznHAMyts3Ei+V3TbRQaqT8XxgZh+2QN1
ckAYhn5Gfdq7yvhwacR7/rMIPQV9Gjtwqr/fMTyLxFzy+YRdLCX6jmF+JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtmDFE/FmTEk0OzCt/0qdRREwwJMB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEvRzJZTVVUOFdaTVNUUTdNSzNfU3AxRkVUREFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY6aMA0G
CSqGSIb3DQEBCwUAA4IBAQAdjnhOQACp+NkrWuzh8NNFmE+xXHW/vw00i5e6+cPo
rvBF81s4zxNqEZZCulvIqXeEpqnOcHkV0jEwsjSULlAwQZICODOLeEnZAr8q+Kc2
jhkO+eqME6m62QZDO0kiJlonbW9rL9zW0kevf87F2Hx//W8Lstcb/kTlO5GT7lx/
ILGgZ4QLSapQsSZKuZLJuEQoe1SEHGdQnWbl2kfApnAfvzQJ87SSPaAcQY/zakFZ
czaMahvkABQEBtmigMK9zhlLrJZBa17Jc3fPj72x1O0VR1YZO5CTuh87Koel2o4V
hqm5kRa2HlgdRiGdRyUHBq52ymACPqYa+qA2bbWsrSB0
-----END CERTIFICATE-----