Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/KH5q6_efsAJjbaCfus-hh1oZQWA.roa
File:                     KH5q6_efsAJjbaCfus-hh1oZQWA.roa (raw, json)
Hash identifier:          gjBnI4kxIIC3raOpuYMhEBykghBBy5koqMqm8N4fh5A=
Subject key identifier:   28:7E:6A:EB:F7:9F:B0:02:63:6D:A0:9F:BA:CF:A1:87:5A:19:41:60
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       01942825A9E9D0DC4971BD5E8223D31A85B2
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/KH5q6_efsAJjbaCfus-hh1oZQWA.roa
Signing time:             Thu 02 Jan 2025 17:52:24 +0000
ROA not before:           Thu 02 Jan 2025 17:52:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        45.145.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:a9:e9:d0:dc:49:71:bd:5e:82:23:d3:1a:85:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jan  2 17:52:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=287e6aebf79fb002636da09fbacfa1875a194160
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ae:d5:cc:33:0b:5f:e7:b0:78:a9:cc:3c:a4:
                    c8:50:d0:e6:d5:b0:91:75:47:fe:f1:c9:d4:5a:e6:
                    90:30:8e:7e:3f:17:51:43:1b:6e:38:48:9f:03:32:
                    54:f1:01:a2:1a:0f:84:6f:04:d5:f8:9f:43:2c:25:
                    95:5b:20:cb:fc:ef:c3:16:6d:19:33:d6:5b:5c:21:
                    ac:15:8e:52:6c:1d:22:e5:a1:81:db:4b:31:7d:41:
                    8b:5e:f0:d2:fb:1d:93:e7:b5:bf:b7:cc:01:91:98:
                    b7:d4:97:30:4a:43:98:e4:65:2f:10:ff:83:e7:3f:
                    c6:1f:75:7b:6a:8a:41:76:47:80:f7:50:a4:33:05:
                    3b:f6:70:8b:03:7d:3f:70:b5:22:45:27:b7:cb:ed:
                    6f:42:ba:3c:10:1e:bd:ce:31:f8:12:2c:75:e9:3c:
                    58:b0:48:0c:04:2e:7b:c9:dc:59:46:6b:db:53:26:
                    43:a1:15:a3:5a:77:f8:b1:34:dc:9c:5b:76:05:a4:
                    53:44:f6:10:89:cb:96:20:6c:14:8a:52:fe:c7:99:
                    ed:d8:1e:a5:35:45:85:7f:4c:67:62:c8:7b:42:b3:
                    18:20:25:a9:1f:3e:64:00:20:03:dd:85:64:a7:80:
                    2a:b5:ef:31:36:19:fb:b3:6c:f6:23:50:54:50:a7:
                    3e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:7E:6A:EB:F7:9F:B0:02:63:6D:A0:9F:BA:CF:A1:87:5A:19:41:60
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/KH5q6_efsAJjbaCfus-hh1oZQWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:57:cc:a1:ed:44:2c:4c:4b:0d:0c:b5:8b:1d:3d:9a:75:b5:
         28:e7:f6:8b:e1:a5:2a:f4:fd:64:5d:b3:d4:87:57:0b:8b:5e:
         0c:6b:fe:0c:8f:b4:c0:96:fa:87:7c:4a:bf:7b:92:7b:5e:33:
         6d:1b:e4:53:45:dd:01:25:cd:5f:cd:67:25:ce:ae:3b:e8:32:
         57:39:65:58:e2:3a:25:1c:04:bd:d9:8c:f7:08:b8:4e:3d:46:
         6e:20:04:e2:1b:27:8c:c4:03:ac:48:4e:f8:5f:21:5b:bd:ef:
         74:c6:df:55:0e:6f:3f:d5:67:86:f7:36:3f:0f:8d:19:e0:68:
         a7:f3:15:5b:21:44:92:8b:d4:ba:e9:05:6d:61:f4:40:f4:1e:
         26:9e:52:aa:42:94:ac:5b:56:3d:aa:96:49:8a:62:a1:32:b6:
         39:3f:0c:bd:7a:9e:ac:7d:35:52:b4:8b:01:53:f6:56:dc:b3:
         82:04:66:33:56:de:a5:f1:93:06:3b:89:24:db:db:3b:3d:3e:
         42:3e:7e:96:a3:ee:38:85:ad:f6:a1:1e:ae:d9:a8:b6:87:d8:
         44:7d:f7:ab:d4:32:64:47:27:b2:21:53:7f:c8:37:12:53:21:
         60:b7:26:6f:10:3c:e7:d9:ce:fc:fb:4b:8d:d8:a6:e1:a9:ac:
         e5:f8:48:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJanp0NxJcb1egiPTGoWyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjUwMTAyMTc1MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODdlNmFlYmY3OWZiMDAyNjM2ZGEwOWZiYWNmYTE4NzVhMTk0MTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxa7VzDMLX+eweKnMPKTIUNDm1bCR
dUf+8cnUWuaQMI5+PxdRQxtuOEifAzJU8QGiGg+EbwTV+J9DLCWVWyDL/O/DFm0Z
M9ZbXCGsFY5SbB0i5aGB20sxfUGLXvDS+x2T57W/t8wBkZi31JcwSkOY5GUvEP+D
5z/GH3V7aopBdkeA91CkMwU79nCLA30/cLUiRSe3y+1vQro8EB69zjH4Eix16TxY
sEgMBC57ydxZRmvbUyZDoRWjWnf4sTTcnFt2BaRTRPYQicuWIGwUilL+x5nt2B6l
NUWFf0xnYsh7QrMYICWpHz5kACAD3YVkp4Aqte8xNhn7s2z2I1BUUKc+7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCh+auv3n7ACY22gn7rPoYdaGUFgMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvS0g1cTZfZWZzQUpqYmFDZnVzLWhoMW9aUVdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGYMA0G
CSqGSIb3DQEBCwUAA4IBAQBzV8yh7UQsTEsNDLWLHT2adbUo5/aL4aUq9P1kXbPU
h1cLi14Ma/4Mj7TAlvqHfEq/e5J7XjNtG+RTRd0BJc1fzWclzq476DJXOWVY4jol
HAS92Yz3CLhOPUZuIATiGyeMxAOsSE74XyFbve90xt9VDm8/1WeG9zY/D40Z4Gin
8xVbIUSSi9S66QVtYfRA9B4mnlKqQpSsW1Y9qpZJimKhMrY5Pwy9ep6sfTVStIsB
U/ZW3LOCBGYzVt6l8ZMGO4kk29s7PT5CPn6Wo+44ha32oR6u2ai2h9hEffer1DJk
RyeyIVN/yDcSUyFgtyZvEDzn2c78+0uN2Kbhqazl+Ehi
-----END CERTIFICATE-----