Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CaN_YsoJNfxFQ0kBQmFzkBQJ9bU.roa
File:                     CaN_YsoJNfxFQ0kBQmFzkBQJ9bU.roa (raw, json)
Hash identifier:          pRNnfen7UkmTJtVenqneqhZ6/v5lLnNT3VBWOjdH7yA=
Subject key identifier:   09:A3:7F:62:CA:09:35:FC:45:43:49:01:42:61:73:90:14:09:F5:B5
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       0195152AD25CF8983DF84DDE20DCE1401A97
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CaN_YsoJNfxFQ0kBQmFzkBQJ9bU.roa
Signing time:             Mon 17 Feb 2025 18:28:02 +0000
ROA not before:           Mon 17 Feb 2025 18:28:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48433
IP address blocks:        45.151.28.0/24 maxlen: 24
                          185.201.29.0/24 maxlen: 24
                          185.201.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:15:2a:d2:5c:f8:98:3d:f8:4d:de:20:dc:e1:40:1a:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Feb 17 18:28:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=09a37f62ca0935fc45434901426173901409f5b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:5c:ab:8c:72:fb:7e:d8:c1:aa:9f:62:75:95:
                    8c:61:01:87:7e:af:01:4d:19:1e:5d:af:94:a7:e5:
                    92:05:4e:5e:03:3a:2e:db:d8:f1:a5:06:60:ed:50:
                    e5:e5:95:6d:8b:fb:05:20:9b:37:b9:c5:f1:57:76:
                    48:0b:5c:49:d0:45:fc:a6:84:7e:36:23:8a:75:fa:
                    ca:1b:15:6b:75:9b:8e:7e:77:39:7a:86:4d:ae:71:
                    e8:90:3c:4e:5e:02:f4:8f:0b:c6:95:9b:d0:87:b9:
                    a4:c1:b6:f6:47:f3:12:ee:33:ae:31:b0:8d:0f:1d:
                    46:3c:97:8d:cd:38:d7:75:b8:67:41:dc:e6:e0:a3:
                    a3:12:03:7b:74:26:71:ac:72:8c:6a:05:d7:f9:22:
                    8d:ef:63:8e:7c:48:6f:73:73:38:54:15:64:6e:ea:
                    aa:57:fc:68:75:9b:66:26:6f:dd:0f:02:f8:48:5a:
                    40:e7:19:0d:ae:ef:6b:45:fe:14:2a:4f:e4:2b:f5:
                    03:2a:65:56:18:59:34:67:13:cc:c0:0a:fa:54:f1:
                    49:a3:16:18:08:a8:31:d4:9a:84:29:3f:09:d8:47:
                    80:9f:73:95:86:b8:82:d5:b0:46:de:9b:fe:85:a7:
                    99:68:b0:aa:a3:c1:11:37:68:ed:1b:95:60:bf:c0:
                    8e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:A3:7F:62:CA:09:35:FC:45:43:49:01:42:61:73:90:14:09:F5:B5
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CaN_YsoJNfxFQ0kBQmFzkBQJ9bU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.28.0/24
                  185.201.29.0-185.201.30.255

    Signature Algorithm: sha256WithRSAEncryption
         2f:7a:6a:db:a7:10:a2:4b:d5:97:40:67:e6:60:33:e4:43:4d:
         bf:f2:29:82:e4:15:8e:83:90:7b:82:57:9a:83:c6:90:37:0e:
         14:0f:29:7b:9f:78:ca:57:ef:b5:9b:f6:96:a1:9c:ba:26:95:
         f5:4c:5d:dd:7b:54:15:51:0f:a4:8b:ea:78:5e:07:e1:6b:ee:
         04:6f:49:ac:1a:f9:d5:6e:cc:54:7d:2a:d4:40:c1:db:75:2a:
         0e:da:b2:bb:c5:da:ff:df:c2:0b:8f:55:46:10:e4:df:d3:9c:
         be:8d:33:7e:d2:9e:04:28:73:80:34:1d:e9:07:c5:9b:f1:04:
         1e:1d:1c:c2:d1:d6:52:3d:51:36:88:7d:cd:62:03:ec:f2:ff:
         70:21:05:eb:fa:1d:b2:a6:59:0c:29:06:c8:ef:b1:5d:62:69:
         54:f7:c0:ea:4c:2b:e0:14:dc:b8:2a:95:78:94:e9:8b:5a:8f:
         4f:82:7c:4b:df:ce:05:41:f6:b2:50:bc:c2:8f:b5:0b:70:b2:
         2f:b7:6c:16:97:a0:27:9e:da:87:c9:41:c7:3e:14:66:08:e1:
         bd:d0:9b:bc:fb:94:59:ba:66:98:c7:bd:41:6c:0d:f6:0d:77:
         35:01:dc:27:7f:1f:4f:7d:ad:ed:90:9f:35:69:5b:f5:4f:1c:
         3e:ee:a1:23
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZUVKtJc+Jg9+E3eINzhQBqXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMjE3MTgyODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWEzN2Y2MmNhMDkzNWZjNDU0MzQ5MDE0MjYxNzM5MDE0MDlmNWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlyrjHL7ftjBqp9idZWMYQGHfq8B
TRkeXa+Up+WSBU5eAzou29jxpQZg7VDl5ZVti/sFIJs3ucXxV3ZIC1xJ0EX8poR+
NiOKdfrKGxVrdZuOfnc5eoZNrnHokDxOXgL0jwvGlZvQh7mkwbb2R/MS7jOuMbCN
Dx1GPJeNzTjXdbhnQdzm4KOjEgN7dCZxrHKMagXX+SKN72OOfEhvc3M4VBVkbuqq
V/xodZtmJm/dDwL4SFpA5xkNru9rRf4UKk/kK/UDKmVWGFk0ZxPMwAr6VPFJoxYY
CKgx1JqEKT8J2EeAn3OVhriC1bBG3pv+haeZaLCqo8ERN2jtG5Vgv8COaQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAmjf2LKCTX8RUNJAUJhc5AUCfW1MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvQ2FOX1lzb0pOZnhGUTBrQlFtRnprQlFKOWJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQALZccMAwD
BAC5yR0DBAC5yR4wDQYJKoZIhvcNAQELBQADggEBAC96atunEKJL1ZdAZ+ZgM+RD
Tb/yKYLkFY6DkHuCV5qDxpA3DhQPKXufeMpX77Wb9pahnLomlfVMXd17VBVRD6SL
6nheB+Fr7gRvSawa+dVuzFR9KtRAwdt1Kg7asrvF2v/fwguPVUYQ5N/TnL6NM37S
ngQoc4A0HekHxZvxBB4dHMLR1lI9UTaIfc1iA+zy/3AhBev6HbKmWQwpBsjvsV1i
aVT3wOpMK+AU3LgqlXiU6Ytaj0+CfEvfzgVB9rJQvMKPtQtwsi+3bBaXoCee2ofJ
Qcc+FGYI4b3Qm7z7lFm6ZpjHvUFsDfYNdzUB3Cd/H099re2QnzVpW/VPHD7uoSM=
-----END CERTIFICATE-----