Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/rrKDVy-QxSmZ2HqqmDRKJ_O3zjE.roa
File:                     rrKDVy-QxSmZ2HqqmDRKJ_O3zjE.roa (raw, json)
Hash identifier:          qQt4LgJZUrwxxbQW9H3UI+h4NYxT7FciUlDfdQlIp3Q=
Subject key identifier:   AE:B2:83:57:2F:90:C5:29:99:D8:7A:AA:98:34:4A:27:F3:B7:CE:31
Certificate issuer:       /CN=16cde139ae0573b0a4dda93e77b57ff27f9beba1
Certificate serial:       0194266A51605F72E3C160D648F014E19B9B
Authority key identifier: 16:CD:E1:39:AE:05:73:B0:A4:DD:A9:3E:77:B5:7F:F2:7F:9B:EB:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/rrKDVy-QxSmZ2HqqmDRKJ_O3zjE.roa
Signing time:             Thu 02 Jan 2025 09:48:09 +0000
ROA not before:           Thu 02 Jan 2025 09:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        155.45.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 18:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:51:60:5f:72:e3:c1:60:d6:48:f0:14:e1:9b:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16cde139ae0573b0a4dda93e77b57ff27f9beba1
        Validity
            Not Before: Jan  2 09:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aeb283572f90c52999d87aaa98344a27f3b7ce31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:8e:cf:00:52:53:6e:9c:39:d7:df:88:f6:b1:
                    94:9c:cf:aa:a5:ad:fe:05:e9:d3:6b:a5:83:96:3b:
                    ca:e3:1e:5f:d2:30:97:f6:99:a6:73:17:1b:8a:b2:
                    8e:62:ef:05:42:9c:8f:53:b6:28:2f:09:33:dd:5d:
                    61:8c:db:5d:69:b7:66:05:c5:4f:5d:f1:f8:db:93:
                    9b:41:62:8a:f7:9a:40:14:e3:81:b3:d1:4a:cf:e0:
                    db:be:d6:6f:56:89:13:b1:c0:0e:5d:57:5f:57:c8:
                    bd:e5:76:4e:83:c0:3f:28:5e:b5:53:48:3a:76:af:
                    15:90:c0:59:e5:2a:2a:a1:63:8b:50:51:6b:0f:ab:
                    73:f3:74:66:8b:be:54:2f:66:09:9f:40:de:00:94:
                    f1:fb:54:51:89:02:d6:50:8c:11:41:a2:a6:f1:6f:
                    37:b4:02:27:49:ab:f2:61:c7:87:10:f6:18:88:8e:
                    dd:88:c8:c3:8d:43:43:09:25:53:26:ad:78:c2:75:
                    f3:4c:c6:76:b3:50:dc:3b:ad:d2:b7:75:7e:59:1d:
                    91:5d:29:7e:7d:99:16:7c:13:ca:96:96:48:a5:56:
                    f9:6a:09:a7:4a:97:09:29:8f:0d:76:6d:b8:fe:6c:
                    2c:55:2b:a4:24:cc:40:3e:e2:37:2f:14:43:79:df:
                    15:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:B2:83:57:2F:90:C5:29:99:D8:7A:AA:98:34:4A:27:F3:B7:CE:31
            X509v3 Authority Key Identifier:
                keyid:16:CD:E1:39:AE:05:73:B0:A4:DD:A9:3E:77:B5:7F:F2:7F:9B:EB:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/rrKDVy-QxSmZ2HqqmDRKJ_O3zjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.45.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:f8:fa:c1:f8:05:8b:d7:3a:e0:be:71:e9:02:e6:e7:0e:30:
         92:81:26:eb:fb:23:c2:03:74:41:b8:d7:37:5f:f0:38:44:bd:
         56:7e:ab:16:5e:a8:84:88:1e:75:eb:55:ed:00:3b:64:33:f9:
         b0:71:ac:fa:b3:be:71:e8:45:eb:e4:1d:ad:0d:06:01:04:29:
         00:23:fa:76:23:0d:ce:5a:46:28:7e:97:0c:83:a3:56:ea:4d:
         fb:cf:58:9a:ec:db:31:03:c7:11:7a:fb:78:d5:73:c2:ef:e2:
         91:fd:5e:6f:aa:8a:3a:a6:dc:99:ac:b5:7f:7b:62:2e:df:5d:
         78:a7:4e:33:03:e4:72:d0:aa:df:2c:cd:ae:62:61:fd:a1:df:
         b9:f6:71:ca:58:95:e2:fd:d4:15:93:07:5e:3a:b8:c1:38:39:
         eb:9e:eb:3e:49:d0:a8:74:d6:31:47:e4:fb:f2:23:85:2c:1d:
         cf:d5:6b:1e:81:95:e2:a7:f8:81:2a:20:d2:fa:c3:54:47:43:
         34:b2:23:6d:dd:ba:eb:26:06:77:8e:27:c5:2c:42:e4:ca:df:
         22:a9:8d:2d:05:71:49:ce:e9:b2:10:f6:2b:02:32:28:d3:51:
         0b:2f:27:c5:32:b0:20:9f:58:ce:00:d8:fa:07:7a:25:7c:3b:
         47:a3:a6:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmalFgX3LjwWDWSPAU4ZubMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2Y2RlMTM5YWUwNTczYjBhNGRkYTkzZTc3YjU3ZmYyN2Y5
YmViYTEwHhcNMjUwMTAyMDk0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWIyODM1NzJmOTBjNTI5OTlkODdhYWE5ODM0NGEyN2YzYjdjZTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmo7PAFJTbpw519+I9rGUnM+qpa3+
BenTa6WDljvK4x5f0jCX9pmmcxcbirKOYu8FQpyPU7YoLwkz3V1hjNtdabdmBcVP
XfH425ObQWKK95pAFOOBs9FKz+DbvtZvVokTscAOXVdfV8i95XZOg8A/KF61U0g6
dq8VkMBZ5SoqoWOLUFFrD6tz83Rmi75UL2YJn0DeAJTx+1RRiQLWUIwRQaKm8W83
tAInSavyYceHEPYYiI7diMjDjUNDCSVTJq14wnXzTMZ2s1DcO63St3V+WR2RXSl+
fZkWfBPKlpZIpVb5agmnSpcJKY8Ndm24/mwsVSukJMxAPuI3LxRDed8V2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6yg1cvkMUpmdh6qpg0Sifzt84xMB8GA1UdIwQY
MBaAFBbN4TmuBXOwpN2pPne1f/J/m+uhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnMzaE9hNEZjN0NrM2FrLWQ3Vl84bi1iNjZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8zYzAyZjYtN2M0MS00OWJiLWI5ZGUt
YjY5ZGNlNzU0N2ExLzEvcnJLRFZ5LVF4U21aMkhxcW1EUktKX08zempFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8zYzAyZjYtN2M0MS00OWJiLWI5ZGUtYjY5ZGNlNzU0N2Ex
LzEvRnMzaE9hNEZjN0NrM2FrLWQ3Vl84bi1iNjZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmy35MA0G
CSqGSIb3DQEBCwUAA4IBAQB4+PrB+AWL1zrgvnHpAubnDjCSgSbr+yPCA3RBuNc3
X/A4RL1WfqsWXqiEiB5161XtADtkM/mwcaz6s75x6EXr5B2tDQYBBCkAI/p2Iw3O
WkYofpcMg6NW6k37z1ia7NsxA8cRevt41XPC7+KR/V5vqoo6ptyZrLV/e2Iu3114
p04zA+Ry0KrfLM2uYmH9od+59nHKWJXi/dQVkwdeOrjBODnrnus+SdCodNYxR+T7
8iOFLB3P1WsegZXip/iBKiDS+sNUR0M0siNt3brrJgZ3jifFLELkyt8iqY0tBXFJ
zumyEPYrAjIo01ELLyfFMrAgn1jOANj6B3olfDtHo6Z0
-----END CERTIFICATE-----