Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/52565b-b8bd-4e95-89de-d32f8d875f98/1/lO3U7O5xn_SH8biBa02wbaj6rwE.roa
File:                     lO3U7O5xn_SH8biBa02wbaj6rwE.roa (raw, json)
Hash identifier:          Ur2/ddmmedYhTdeyhrYUxfNHrSlslVFvOy6wD+8Tc1U=
Subject key identifier:   94:ED:D4:EC:EE:71:9F:F4:87:F1:B8:81:6B:4D:B0:6D:A8:FA:AF:01
Certificate issuer:       /CN=a9e0b6d13cd11f36114fa984033804941c82f143
Certificate serial:       019423D6DB1F7514BDC45EC95BCD3F306644
Authority key identifier: A9:E0:B6:D1:3C:D1:1F:36:11:4F:A9:84:03:38:04:94:1C:82:F1:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qeC20TzRHzYRT6mEAzgElByC8UM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/52565b-b8bd-4e95-89de-d32f8d875f98/1/lO3U7O5xn_SH8biBa02wbaj6rwE.roa
Signing time:             Wed 01 Jan 2025 21:47:50 +0000
ROA not before:           Wed 01 Jan 2025 21:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208922
IP address blocks:        45.15.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/52565b-b8bd-4e95-89de-d32f8d875f98/1/qeC20TzRHzYRT6mEAzgElByC8UM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/52565b-b8bd-4e95-89de-d32f8d875f98/1/qeC20TzRHzYRT6mEAzgElByC8UM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qeC20TzRHzYRT6mEAzgElByC8UM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 03:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:db:1f:75:14:bd:c4:5e:c9:5b:cd:3f:30:66:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9e0b6d13cd11f36114fa984033804941c82f143
        Validity
            Not Before: Jan  1 21:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94edd4ecee719ff487f1b8816b4db06da8faaf01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:44:18:a4:79:a2:02:8b:09:7f:63:d6:5b:52:
                    60:5b:80:72:44:e2:03:9a:31:ba:7e:16:ef:ef:ec:
                    b4:a7:31:70:a3:a4:8a:6a:56:98:c6:3d:c3:1d:5c:
                    60:6b:49:6c:ca:35:63:90:3f:be:62:9a:14:d9:2f:
                    d4:74:31:73:30:94:9f:ae:f0:e0:b7:1e:98:f7:55:
                    ec:31:6e:f3:63:3a:22:ad:8e:82:66:94:33:fc:97:
                    ee:18:ec:26:7e:83:ee:57:ea:d6:d2:8f:90:b7:eb:
                    d0:a2:04:bd:ca:7d:1e:88:77:2a:ce:35:29:85:7f:
                    07:48:ca:94:14:1e:b2:a4:ac:5f:86:f8:9c:a2:a4:
                    ce:5a:ff:10:49:82:8b:c4:72:31:0a:c6:a5:c4:4b:
                    85:4a:fc:ba:74:aa:4e:a5:d3:c8:2a:19:04:bb:5a:
                    9e:fe:61:e3:f5:e0:6f:4b:a6:50:e6:4b:33:0c:6c:
                    dd:92:11:68:6d:bd:bc:0d:bd:46:62:aa:eb:0d:07:
                    86:f0:d2:32:22:67:79:25:73:70:9b:ae:cb:45:a6:
                    8c:17:a1:50:e7:84:92:ba:89:2f:29:3e:50:8e:28:
                    7e:81:f5:41:7d:da:06:71:95:97:ea:9f:0f:8c:26:
                    5d:ea:f9:65:bd:e3:89:13:31:40:fd:71:96:e4:fc:
                    46:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:ED:D4:EC:EE:71:9F:F4:87:F1:B8:81:6B:4D:B0:6D:A8:FA:AF:01
            X509v3 Authority Key Identifier:
                keyid:A9:E0:B6:D1:3C:D1:1F:36:11:4F:A9:84:03:38:04:94:1C:82:F1:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qeC20TzRHzYRT6mEAzgElByC8UM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/52565b-b8bd-4e95-89de-d32f8d875f98/1/lO3U7O5xn_SH8biBa02wbaj6rwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/52565b-b8bd-4e95-89de-d32f8d875f98/1/qeC20TzRHzYRT6mEAzgElByC8UM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:49:87:d8:f5:5a:b4:11:38:95:e4:0b:46:52:f2:0e:62:f8:
         b4:83:4c:d1:97:a9:3a:7a:b6:99:b0:e9:6f:a7:46:6f:5d:80:
         4c:86:c9:15:fa:0c:24:1e:46:62:4c:60:ba:76:41:d7:ce:25:
         85:85:0a:b5:45:02:43:9f:b5:9f:a8:b6:bd:ca:06:f2:4b:a6:
         2e:0a:9e:85:92:c4:98:56:0a:46:c5:ed:1c:34:0e:52:29:3d:
         b4:d0:81:96:d9:bf:ae:fe:7d:de:29:4b:29:c3:f4:45:e4:62:
         eb:e0:05:c5:00:97:ac:39:32:a2:b6:5d:6c:98:2a:c5:fc:53:
         f3:2a:6d:56:f5:08:4b:6b:56:a7:eb:6b:4b:c7:42:fb:1b:9c:
         38:0c:e1:0d:b1:8c:d2:c4:53:3f:67:3b:39:88:9a:00:db:9b:
         48:3e:ce:08:22:62:f5:a9:59:fa:4c:6f:f4:af:78:52:f6:4c:
         a2:e9:de:68:80:d6:20:be:16:47:19:8c:6c:6e:4e:e8:14:e2:
         e9:6d:af:80:cb:97:cb:aa:5a:63:5d:87:1d:bd:36:24:1e:cb:
         3f:8a:49:7b:4e:75:0e:09:27:79:19:df:b4:1c:6a:3c:c7:89:
         3e:e3:06:5d:fd:fd:5a:01:3f:3c:03:b3:02:28:fe:77:d1:43:
         c0:40:0f:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1tsfdRS9xF7JW80/MGZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ZTBiNmQxM2NkMTFmMzYxMTRmYTk4NDAzMzgwNDk0MWM4
MmYxNDMwHhcNMjUwMTAxMjE0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGVkZDRlY2VlNzE5ZmY0ODdmMWI4ODE2YjRkYjA2ZGE4ZmFhZjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0QYpHmiAosJf2PWW1JgW4ByROID
mjG6fhbv7+y0pzFwo6SKalaYxj3DHVxga0lsyjVjkD++YpoU2S/UdDFzMJSfrvDg
tx6Y91XsMW7zYzoirY6CZpQz/JfuGOwmfoPuV+rW0o+Qt+vQogS9yn0eiHcqzjUp
hX8HSMqUFB6ypKxfhvicoqTOWv8QSYKLxHIxCsalxEuFSvy6dKpOpdPIKhkEu1qe
/mHj9eBvS6ZQ5kszDGzdkhFobb28Db1GYqrrDQeG8NIyImd5JXNwm67LRaaMF6FQ
54SSuokvKT5Qjih+gfVBfdoGcZWX6p8PjCZd6vllveOJEzFA/XGW5PxGGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJTt1OzucZ/0h/G4gWtNsG2o+q8BMB8GA1UdIwQY
MBaAFKngttE80R82EU+phAM4BJQcgvFDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWVDMjBUelJIellSVDZtRUF6Z0VsQnlDOFVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi81MjU2NWItYjhiZC00ZTk1LTg5ZGUt
ZDMyZjhkODc1Zjk4LzEvbE8zVTdPNXhuX1NIOGJpQmEwMndiYWo2cndFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi81MjU2NWItYjhiZC00ZTk1LTg5ZGUtZDMyZjhkODc1Zjk4
LzEvcWVDMjBUelJIellSVDZtRUF6Z0VsQnlDOFVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ+sMA0G
CSqGSIb3DQEBCwUAA4IBAQCTSYfY9Vq0ETiV5AtGUvIOYvi0g0zRl6k6eraZsOlv
p0ZvXYBMhskV+gwkHkZiTGC6dkHXziWFhQq1RQJDn7WfqLa9ygbyS6YuCp6FksSY
VgpGxe0cNA5SKT200IGW2b+u/n3eKUspw/RF5GLr4AXFAJesOTKitl1smCrF/FPz
Km1W9QhLa1an62tLx0L7G5w4DOENsYzSxFM/Zzs5iJoA25tIPs4IImL1qVn6TG/0
r3hS9kyi6d5ogNYgvhZHGYxsbk7oFOLpba+Ay5fLqlpjXYcdvTYkHss/ikl7TnUO
CSd5Gd+0HGo8x4k+4wZd/f1aAT88A7MCKP530UPAQA+4
-----END CERTIFICATE-----