Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/Z9kOlfq-w01D8Ml4l6fqbORR_5E.roa
File:                     Z9kOlfq-w01D8Ml4l6fqbORR_5E.roa (raw, json)
Hash identifier:          gxikB87WE0XHMDAk0eS1AdtF8pmhQbJr0n4lM1hO40I=
Subject key identifier:   67:D9:0E:95:FA:BE:C3:4D:43:F0:C9:78:97:A7:EA:6C:E4:51:FF:91
Certificate issuer:       /CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
Certificate serial:       019421443054A10D4C86139EC7380C4286F6
Authority key identifier: 1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/Z9kOlfq-w01D8Ml4l6fqbORR_5E.roa
Signing time:             Wed 01 Jan 2025 09:48:24 +0000
ROA not before:           Wed 01 Jan 2025 09:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213946
IP address blocks:        45.156.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:30:54:a1:0d:4c:86:13:9e:c7:38:0c:42:86:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
        Validity
            Not Before: Jan  1 09:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67d90e95fabec34d43f0c97897a7ea6ce451ff91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:37:df:14:0b:3c:a3:b0:95:fc:ec:1e:03:d5:
                    35:f7:b4:d5:ed:08:12:77:68:39:7b:b6:a4:a0:9d:
                    30:62:34:37:8e:3c:71:6b:ed:5d:94:e1:d3:12:65:
                    9f:c0:68:d9:5a:32:10:53:41:fe:31:d2:0c:5b:39:
                    9c:fb:0b:9b:ca:af:81:4b:81:ef:49:b5:76:9a:dd:
                    b2:b6:d6:99:e9:96:9f:72:6c:7a:38:ee:e1:f8:63:
                    b6:96:70:0f:77:9c:37:55:e8:96:2c:d7:c1:3f:ca:
                    cd:06:70:60:b7:22:39:aa:7b:eb:3e:e0:56:30:f4:
                    cd:9f:30:0f:66:7a:0c:3e:5d:90:82:10:7f:b5:99:
                    a2:95:38:86:63:ae:3a:04:c7:40:36:99:9d:3c:3d:
                    4d:de:d5:2d:50:05:45:77:94:33:e2:59:93:92:50:
                    75:97:28:bd:ae:86:1b:40:d1:ee:93:9e:57:37:39:
                    53:1d:c4:e7:46:72:1c:33:9c:5a:86:e2:51:5b:d8:
                    54:fe:8a:17:99:dc:05:22:e7:9a:5c:6c:d8:1a:33:
                    4d:63:8e:98:c6:78:02:fb:39:b7:d6:ba:33:ac:f2:
                    f7:f5:9b:e6:31:57:47:04:32:b3:53:8b:4d:ff:55:
                    df:a5:00:27:9a:70:17:40:35:bd:67:e7:df:b4:11:
                    82:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:D9:0E:95:FA:BE:C3:4D:43:F0:C9:78:97:A7:EA:6C:E4:51:FF:91
            X509v3 Authority Key Identifier:
                keyid:1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/Z9kOlfq-w01D8Ml4l6fqbORR_5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:dd:86:c2:64:34:60:9d:1c:ee:aa:6f:d3:95:e6:d1:80:cf:
         39:8a:e8:3e:2f:5e:f6:e1:55:a7:15:13:60:d4:4a:e3:b7:27:
         20:79:70:36:9e:a1:31:45:4b:a8:d5:e3:84:17:dd:a6:d0:f2:
         b8:c3:97:a8:1f:d1:ff:33:85:00:62:9b:27:df:68:c9:c9:fc:
         1c:6e:1c:45:df:f5:df:da:fb:69:8a:be:3f:fa:59:74:b1:6b:
         2e:7b:a9:75:95:4e:bf:81:d2:07:fb:92:ec:48:dd:22:0a:f3:
         d2:7f:a0:bc:66:10:01:22:3b:4a:4f:59:ae:86:d8:81:2c:76:
         b9:81:bf:67:f7:f0:fc:f6:1c:8e:11:12:a4:00:3a:f2:2d:e3:
         40:ca:a6:e4:1e:ea:b2:bc:04:93:dc:e2:25:8d:25:a5:f5:d5:
         19:39:fc:82:9a:0e:4e:d1:a2:e5:a3:ff:4f:63:44:6a:4e:1d:
         fc:8b:8a:e9:65:5b:09:2a:ef:31:05:5c:62:7e:27:27:e6:e0:
         6e:a5:b8:5a:ab:e4:b0:9c:21:43:79:04:77:f3:42:52:1b:1f:
         3f:ed:17:0c:79:ad:31:e1:e2:96:a1:4a:d2:c9:83:cd:4c:91:
         2b:a1:c7:81:de:d7:49:8e:64:64:31:46:79:3e:32:dc:25:05:
         47:b3:9b:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRDBUoQ1MhhOexzgMQob2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2IwNmJmNDEzMDBkYzRkMzBmM2QwZTE4MGM5Yjk1ZDJi
Y2RkZmYwHhcNMjUwMTAxMDk0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2Q5MGU5NWZhYmVjMzRkNDNmMGM5Nzg5N2E3ZWE2Y2U0NTFmZjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDffFAs8o7CV/OweA9U197TV7QgS
d2g5e7akoJ0wYjQ3jjxxa+1dlOHTEmWfwGjZWjIQU0H+MdIMWzmc+wubyq+BS4Hv
SbV2mt2yttaZ6Zafcmx6OO7h+GO2lnAPd5w3VeiWLNfBP8rNBnBgtyI5qnvrPuBW
MPTNnzAPZnoMPl2QghB/tZmilTiGY646BMdANpmdPD1N3tUtUAVFd5Qz4lmTklB1
lyi9roYbQNHuk55XNzlTHcTnRnIcM5xahuJRW9hU/ooXmdwFIueaXGzYGjNNY46Y
xngC+zm31rozrPL39ZvmMVdHBDKzU4tN/1XfpQAnmnAXQDW9Z+fftBGC8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfZDpX6vsNNQ/DJeJen6mzkUf+RMB8GA1UdIwQY
MBaAFBx7Br9BMA3E0w89DhgMm5XSvN3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAt
MjRmZGRjNmQxNDdiLzEvWjlrT2xmcS13MDFEOE1sNGw2ZnFiT1JSXzVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAtMjRmZGRjNmQxNDdi
LzEvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZyPMA0G
CSqGSIb3DQEBCwUAA4IBAQAp3YbCZDRgnRzuqm/TlebRgM85iug+L1724VWnFRNg
1ErjtycgeXA2nqExRUuo1eOEF92m0PK4w5eoH9H/M4UAYpsn32jJyfwcbhxF3/Xf
2vtpir4/+ll0sWsue6l1lU6/gdIH+5LsSN0iCvPSf6C8ZhABIjtKT1muhtiBLHa5
gb9n9/D89hyOERKkADryLeNAyqbkHuqyvAST3OIljSWl9dUZOfyCmg5O0aLlo/9P
Y0RqTh38i4rpZVsJKu8xBVxificn5uBupbhaq+SwnCFDeQR380JSGx8/7RcMea0x
4eKWoUrSyYPNTJEroceB3tdJjmRkMUZ5PjLcJQVHs5sc
-----END CERTIFICATE-----