Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/rOoYFHKRe7ghGBjkeruHV6kIlyA.roa
File:                     rOoYFHKRe7ghGBjkeruHV6kIlyA.roa (raw, json)
Hash identifier:          elXY8PrAbFgsd98hRj7mkOX8iG0smL3sFgAD/6xBNtE=
Subject key identifier:   AC:EA:18:14:72:91:7B:B8:21:18:18:E4:7A:BB:87:57:A9:08:97:20
Certificate issuer:       /CN=bfd81ca90cc5224586afebab1c78b1790268d5c1
Certificate serial:       019424B277271FBEC982DE1D44791995183B
Authority key identifier: BF:D8:1C:A9:0C:C5:22:45:86:AF:EB:AB:1C:78:B1:79:02:68:D5:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v9gcqQzFIkWGr-urHHixeQJo1cE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/rOoYFHKRe7ghGBjkeruHV6kIlyA.roa
Signing time:             Thu 02 Jan 2025 01:47:43 +0000
ROA not before:           Thu 02 Jan 2025 01:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202492
IP address blocks:        45.149.218.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/v9gcqQzFIkWGr-urHHixeQJo1cE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/v9gcqQzFIkWGr-urHHixeQJo1cE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v9gcqQzFIkWGr-urHHixeQJo1cE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 07:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:77:27:1f:be:c9:82:de:1d:44:79:19:95:18:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfd81ca90cc5224586afebab1c78b1790268d5c1
        Validity
            Not Before: Jan  2 01:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=acea181472917bb8211818e47abb8757a9089720
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ec:f7:3c:4e:25:87:6b:13:30:89:29:cc:16:
                    d4:25:ef:2f:59:52:5b:c3:a7:af:d3:2c:f4:9f:80:
                    74:bb:66:e3:30:f0:fd:f5:81:6b:fb:7a:46:f0:1c:
                    42:0e:2b:84:be:8d:d1:1a:cf:b0:7e:d9:7d:7b:27:
                    0c:59:49:6b:24:b1:a6:f9:30:48:90:4f:1d:0c:6e:
                    e9:2f:30:fa:43:f8:ad:d4:f7:52:e2:40:64:04:ff:
                    67:bd:31:e2:54:1f:9f:ef:67:04:9f:a8:dc:d1:66:
                    61:2d:e5:83:f9:bf:d3:e2:4c:6f:e6:9a:8c:d6:7f:
                    38:ca:ec:d7:21:9d:5f:38:a4:5f:da:69:4a:c5:5e:
                    23:31:6e:a7:41:13:d7:e7:2c:c5:ab:e3:7e:81:8e:
                    a3:d1:7e:53:d3:6c:4e:cb:64:a1:81:bf:25:7a:35:
                    d7:d0:ca:a8:d6:70:56:40:2f:aa:84:e1:4f:ae:e5:
                    a7:0d:06:a2:bd:98:4b:68:f7:57:5e:1d:5a:12:27:
                    43:89:66:4b:4a:cc:d3:1d:5f:86:db:bf:1a:8d:4a:
                    cd:72:96:d8:55:cc:b5:f5:7f:53:9c:90:82:a0:e4:
                    5d:a4:46:54:1d:d3:6d:f7:56:fe:c4:55:c8:bf:6a:
                    1f:fb:86:f1:0b:8d:03:0e:ba:b9:f2:4c:d8:40:e0:
                    ff:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:EA:18:14:72:91:7B:B8:21:18:18:E4:7A:BB:87:57:A9:08:97:20
            X509v3 Authority Key Identifier:
                keyid:BF:D8:1C:A9:0C:C5:22:45:86:AF:EB:AB:1C:78:B1:79:02:68:D5:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9gcqQzFIkWGr-urHHixeQJo1cE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/rOoYFHKRe7ghGBjkeruHV6kIlyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/v9gcqQzFIkWGr-urHHixeQJo1cE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:e5:c2:5f:3f:db:a3:ff:aa:1e:16:2c:87:07:8d:f7:f3:45:
         f8:42:7e:d2:6c:f0:19:c6:ae:66:95:62:78:ce:bc:7b:0d:be:
         33:6e:d0:d6:f7:67:dd:62:9c:e6:42:25:f6:b4:ae:19:98:76:
         b0:7f:75:70:4a:30:81:e7:df:56:57:a2:e0:46:c7:72:49:1b:
         ca:a8:66:e1:4f:b8:07:3f:4e:4d:df:a3:b2:e9:bc:90:7e:89:
         ad:2d:4a:6b:2c:27:42:b1:16:83:4f:15:e1:e2:61:f4:4c:11:
         9e:f7:88:8d:27:6e:42:c5:7c:af:21:e5:2a:5b:bd:49:1f:f7:
         ce:24:6a:33:19:a3:eb:e6:9e:6d:97:2a:85:8e:0b:ab:f0:86:
         c3:2a:55:8b:60:37:02:93:43:92:58:73:f2:58:68:5f:cf:b4:
         2c:9a:72:18:75:0d:05:34:b6:0b:bf:77:fb:ad:b3:35:20:c2:
         a8:5a:a8:b4:60:46:82:2d:eb:7f:ac:d8:d0:f0:cb:b3:a1:20:
         fa:9e:31:f5:26:cd:07:5a:6e:af:33:8e:f9:bf:54:a4:b3:cc:
         00:22:ea:72:d9:99:fa:ba:7d:54:a6:d9:17:34:47:a3:64:c5:
         fd:e9:72:b3:29:78:53:ef:95:7c:dd:c4:a9:e6:96:1f:2b:20:
         c4:b4:d9:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksncnH77Jgt4dRHkZlRg7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDgxY2E5MGNjNTIyNDU4NmFmZWJhYjFjNzhiMTc5MDI2
OGQ1YzEwHhcNMjUwMTAyMDE0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2VhMTgxNDcyOTE3YmI4MjExODE4ZTQ3YWJiODc1N2E5MDg5NzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+z3PE4lh2sTMIkpzBbUJe8vWVJb
w6ev0yz0n4B0u2bjMPD99YFr+3pG8BxCDiuEvo3RGs+wftl9eycMWUlrJLGm+TBI
kE8dDG7pLzD6Q/it1PdS4kBkBP9nvTHiVB+f72cEn6jc0WZhLeWD+b/T4kxv5pqM
1n84yuzXIZ1fOKRf2mlKxV4jMW6nQRPX5yzFq+N+gY6j0X5T02xOy2Shgb8lejXX
0Mqo1nBWQC+qhOFPruWnDQaivZhLaPdXXh1aEidDiWZLSszTHV+G278ajUrNcpbY
Vcy19X9TnJCCoORdpEZUHdNt91b+xFXIv2of+4bxC40DDrq58kzYQOD/rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKzqGBRykXu4IRgY5Hq7h1epCJcgMB8GA1UdIwQY
MBaAFL/YHKkMxSJFhq/rqxx4sXkCaNXBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjlnY3FRekZJa1dHci11ckhIaXhlUUpvMWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yNWE1OWMtYzJmYy00ZmQ0LTk2Zjct
ODRhZGNiZjVhYzU1LzEvck9vWUZIS1JlN2doR0Jqa2VydUhWNmtJbHlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yNWE1OWMtYzJmYy00ZmQ0LTk2ZjctODRhZGNiZjVhYzU1
LzEvdjlnY3FRekZJa1dHci11ckhIaXhlUUpvMWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZXaMA0G
CSqGSIb3DQEBCwUAA4IBAQA65cJfP9uj/6oeFiyHB43380X4Qn7SbPAZxq5mlWJ4
zrx7Db4zbtDW92fdYpzmQiX2tK4ZmHawf3VwSjCB599WV6LgRsdySRvKqGbhT7gH
P05N36Oy6byQfomtLUprLCdCsRaDTxXh4mH0TBGe94iNJ25CxXyvIeUqW71JH/fO
JGozGaPr5p5tlyqFjgur8IbDKlWLYDcCk0OSWHPyWGhfz7QsmnIYdQ0FNLYLv3f7
rbM1IMKoWqi0YEaCLet/rNjQ8MuzoSD6njH1Js0HWm6vM475v1Sks8wAIupy2Zn6
un1UptkXNEejZMX96XKzKXhT75V83cSp5pYfKyDEtNkj
-----END CERTIFICATE-----