Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/HtZ57OBsmdXhe-F5g-lmzijNxck.roa
File:                     HtZ57OBsmdXhe-F5g-lmzijNxck.roa (raw, json)
Hash identifier:          P0xwVuTg9ir4CIbwZxsA+9nWaNItfve6TrNuKY2zqxM=
Subject key identifier:   1E:D6:79:EC:E0:6C:99:D5:E1:7B:E1:79:83:E9:66:CE:28:CD:C5:C9
Certificate issuer:       /CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
Certificate serial:       01942747CFB452774B7CE687C01EC79C7F2D
Authority key identifier: E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/HtZ57OBsmdXhe-F5g-lmzijNxck.roa
Signing time:             Thu 02 Jan 2025 13:50:05 +0000
ROA not before:           Thu 02 Jan 2025 13:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63956
IP address blocks:        45.137.244.0/24 maxlen: 24
                          45.137.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:cf:b4:52:77:4b:7c:e6:87:c0:1e:c7:9c:7f:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
        Validity
            Not Before: Jan  2 13:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ed679ece06c99d5e17be17983e966ce28cdc5c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:34:30:cb:14:25:30:32:5c:c2:5b:14:6f:01:
                    58:bf:5f:e4:ed:ff:ee:1b:99:aa:fd:fe:82:e2:62:
                    8d:8c:66:06:14:07:fb:5c:5b:fe:90:da:d4:91:62:
                    9d:3d:cf:d6:f7:54:4f:59:71:4a:e6:42:ab:bd:f3:
                    19:74:a4:4c:f8:9e:14:57:cb:01:b3:64:bc:05:4e:
                    ec:60:e6:dd:9e:ff:86:8b:30:29:9c:b2:66:52:20:
                    fb:ef:2d:9c:79:aa:a4:0e:a7:67:e0:e2:b9:55:39:
                    54:41:28:df:01:de:e3:e4:71:7e:2d:f2:3b:e8:b9:
                    20:75:3d:f3:9f:de:7c:bc:c6:d1:4a:f2:aa:40:91:
                    2c:0c:df:53:e0:1e:0c:e2:82:18:bf:a3:22:bf:8b:
                    74:2c:cd:25:ce:8f:29:ef:5a:fb:ff:f3:c3:0b:83:
                    35:00:5e:2c:fd:fc:20:a8:22:35:74:5c:ba:54:97:
                    52:72:dc:61:50:e5:51:93:2c:5e:11:2d:f7:97:a5:
                    af:75:ed:cf:f8:4f:6c:a7:5a:7b:fb:81:bc:c9:e1:
                    92:74:24:0e:b3:02:64:dd:c8:35:59:1a:38:16:d7:
                    be:6c:dc:98:c9:87:d6:cb:e2:66:50:22:9e:3e:84:
                    aa:8a:40:34:51:b9:16:6a:c0:ad:b9:0e:2c:49:f6:
                    c8:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:D6:79:EC:E0:6C:99:D5:E1:7B:E1:79:83:E9:66:CE:28:CD:C5:C9
            X509v3 Authority Key Identifier:
                keyid:E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/HtZ57OBsmdXhe-F5g-lmzijNxck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c7:1a:db:3b:c0:12:77:c3:9d:a1:3e:45:89:db:86:90:11:21:
         a6:22:85:f2:df:12:7d:e3:ec:8d:ad:b3:90:d1:cc:d8:5d:07:
         4c:14:e7:99:1e:9f:53:28:aa:dd:03:58:23:a4:20:7d:5f:da:
         95:a2:96:1d:77:19:70:94:98:aa:e7:49:9f:ce:75:1e:c7:a4:
         72:b4:ce:84:bb:3f:35:6b:fa:10:e6:09:32:f1:95:e2:10:46:
         52:23:18:9a:92:82:e7:98:c4:c4:80:58:03:0b:25:be:09:67:
         ac:ed:67:d5:46:51:f4:71:ee:7b:e0:3e:5d:a8:ac:0c:b3:d1:
         34:be:a2:36:0c:81:97:2e:bc:89:f3:ff:38:3e:e3:de:52:f9:
         1f:2e:cc:31:84:24:98:7f:cc:30:cf:30:3c:99:13:8b:10:7a:
         8d:39:d1:10:6f:ce:f7:2b:3f:fd:98:33:79:8f:71:f3:a4:fc:
         5e:e9:63:d7:2b:1e:17:6e:dc:a9:90:a8:e9:19:02:a0:eb:ab:
         fb:15:3f:4a:89:78:7a:2f:4d:a9:3b:a9:4a:38:36:d3:35:9b:
         74:0b:e6:54:d7:27:f5:11:7a:e6:b5:c1:8f:4f:47:6a:96:ca:
         4c:e2:62:62:a7:f7:5b:51:60:03:83:2f:35:3b:2f:a9:3f:35:
         6f:4f:4b:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR8+0UndLfOaHwB7HnH8tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDBjNDlhMGU5N2UwZDVmM2NlZDNiN2I2YjlmNzJjYTBj
YjUzZDYwHhcNMjUwMTAyMTM1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWQ2NzllY2UwNmM5OWQ1ZTE3YmUxNzk4M2U5NjZjZTI4Y2RjNWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTQwyxQlMDJcwlsUbwFYv1/k7f/u
G5mq/f6C4mKNjGYGFAf7XFv+kNrUkWKdPc/W91RPWXFK5kKrvfMZdKRM+J4UV8sB
s2S8BU7sYObdnv+GizApnLJmUiD77y2ceaqkDqdn4OK5VTlUQSjfAd7j5HF+LfI7
6LkgdT3zn958vMbRSvKqQJEsDN9T4B4M4oIYv6Miv4t0LM0lzo8p71r7//PDC4M1
AF4s/fwgqCI1dFy6VJdSctxhUOVRkyxeES33l6Wvde3P+E9sp1p7+4G8yeGSdCQO
swJk3cg1WRo4Fte+bNyYyYfWy+JmUCKePoSqikA0UbkWasCtuQ4sSfbIAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB7WeezgbJnV4XvheYPpZs4ozcXJMB8GA1UdIwQY
MBaAFOLQxJoOl+DV887Tt7a59yygy1PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEt
NDY5MGEwMDcxNDFmLzEvSHRaNTdPQnNtZFhoZS1GNWctbG16aWpOeGNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEtNDY5MGEwMDcxNDFm
LzEvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYn0MA0G
CSqGSIb3DQEBCwUAA4IBAQDHGts7wBJ3w52hPkWJ24aQESGmIoXy3xJ94+yNrbOQ
0czYXQdMFOeZHp9TKKrdA1gjpCB9X9qVopYddxlwlJiq50mfznUex6RytM6Euz81
a/oQ5gky8ZXiEEZSIxiakoLnmMTEgFgDCyW+CWes7WfVRlH0ce574D5dqKwMs9E0
vqI2DIGXLryJ8/84PuPeUvkfLswxhCSYf8wwzzA8mROLEHqNOdEQb873Kz/9mDN5
j3HzpPxe6WPXKx4XbtypkKjpGQKg66v7FT9KiXh6L02pO6lKODbTNZt0C+ZU1yf1
EXrmtcGPT0dqlspM4mJip/dbUWADgy81Oy+pPzVvT0uF
-----END CERTIFICATE-----