Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/72ompPbzpmnzneIjTtp_bgxv8to.roa
File:                     72ompPbzpmnzneIjTtp_bgxv8to.roa (raw, json)
Hash identifier:          aazsmeYdXGvcDu68YTmlm+z5hJVBvjGJrpJeAcUoELg=
Subject key identifier:   EF:6A:26:A4:F6:F3:A6:69:F3:9D:E2:23:4E:DA:7F:6E:0C:6F:F2:DA
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       019423D7A30925AFA2922F85098AA3290AC2
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/72ompPbzpmnzneIjTtp_bgxv8to.roa
Signing time:             Wed 01 Jan 2025 21:48:42 +0000
ROA not before:           Wed 01 Jan 2025 21:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20454
IP address blocks:        45.156.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:a3:09:25:af:a2:92:2f:85:09:8a:a3:29:0a:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: Jan  1 21:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef6a26a4f6f3a669f39de2234eda7f6e0c6ff2da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:1e:ff:ce:d4:95:8a:74:91:c5:48:8c:7e:ab:
                    9c:72:dc:74:ed:2d:0e:6a:a3:2f:74:09:b0:61:61:
                    a3:1c:75:00:ea:66:8f:c8:a8:af:52:33:05:93:b7:
                    7e:25:9c:31:47:df:d7:33:6c:87:b5:13:b1:17:c2:
                    88:2c:a7:c6:9e:7d:c0:03:fc:09:82:86:b5:3b:06:
                    48:fd:d0:46:6b:36:c8:bc:11:22:ac:02:28:ba:1e:
                    1e:66:0c:df:40:dc:c9:4b:c2:79:a9:06:39:5e:da:
                    e6:63:94:15:93:9c:78:ee:23:d0:6d:96:fc:2b:4e:
                    57:d7:61:41:8f:bd:a3:7a:0a:a3:fd:c0:66:fb:0a:
                    9d:23:50:e1:8f:7f:3d:92:c2:5e:d4:40:e2:af:87:
                    c0:c0:4b:48:2a:fb:48:bf:04:ee:d0:37:6b:2e:95:
                    91:71:f3:bc:46:6d:dd:ca:58:9f:43:0d:71:40:71:
                    3e:fd:4a:db:d0:a7:86:da:dd:7d:d6:e6:00:c7:d9:
                    e5:99:74:26:48:fb:54:0f:7a:f9:8e:8b:89:06:67:
                    82:4b:ca:23:9e:98:dd:1b:79:d2:a7:3c:6a:f5:f5:
                    4c:f2:c6:fe:6c:a8:65:b8:f9:df:30:a1:9f:6b:55:
                    f3:d5:aa:d7:af:1d:fe:bc:36:f1:56:bf:99:cb:10:
                    f8:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:6A:26:A4:F6:F3:A6:69:F3:9D:E2:23:4E:DA:7F:6E:0C:6F:F2:DA
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/72ompPbzpmnzneIjTtp_bgxv8to.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:e8:68:e0:83:18:12:cb:b6:6c:33:50:a3:10:7b:48:94:78:
         d8:d4:b6:ca:31:c7:14:c7:23:6b:4d:88:e3:e3:34:f6:dc:aa:
         7b:dd:47:b6:96:1f:5e:b8:54:60:92:fb:17:4d:72:60:e5:54:
         ff:c4:2a:1a:4a:bc:8b:60:93:25:a5:4a:f4:1f:eb:fd:23:1d:
         c8:10:74:31:54:02:62:6c:64:91:5e:8e:b7:ce:ba:14:39:43:
         a2:70:b6:e7:50:d7:9e:b8:c8:85:22:9d:e8:07:82:84:8d:a5:
         a2:c7:c2:00:39:9b:58:ef:92:b2:e1:62:f5:9c:2f:7d:04:66:
         58:97:86:a1:33:47:70:35:b9:2f:5e:f9:24:15:93:2e:22:b5:
         78:11:51:f6:20:2e:ad:69:32:e9:74:2b:3b:c1:5f:d0:fd:73:
         77:d4:ee:8f:81:e5:88:d9:a8:60:e3:aa:32:d6:09:3e:34:89:
         ca:90:2c:a3:af:86:18:27:69:e9:5e:5a:46:2d:e3:92:fd:a3:
         ad:30:2a:c4:e7:1a:16:c8:a2:f9:e8:ec:77:0c:7a:4e:2d:57:
         90:ba:67:11:55:f1:5f:ea:a5:c8:ae:4a:1f:93:ba:e3:e0:54:
         cf:f6:41:46:02:a1:16:59:da:48:0b:00:28:92:ed:96:1f:42:
         34:63:40:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj16MJJa+iki+FCYqjKQrCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhN2YwMzZlMjU5MjM5MWZiNDVhM2RkMzNjYWYwYjA3OTU2
OTczY2YwHhcNMjUwMTAxMjE0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjZhMjZhNGY2ZjNhNjY5ZjM5ZGUyMjM0ZWRhN2Y2ZTBjNmZmMmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8x7/ztSVinSRxUiMfqucctx07S0O
aqMvdAmwYWGjHHUA6maPyKivUjMFk7d+JZwxR9/XM2yHtROxF8KILKfGnn3AA/wJ
goa1OwZI/dBGazbIvBEirAIouh4eZgzfQNzJS8J5qQY5XtrmY5QVk5x47iPQbZb8
K05X12FBj72jegqj/cBm+wqdI1Dhj389ksJe1EDir4fAwEtIKvtIvwTu0DdrLpWR
cfO8Rm3dylifQw1xQHE+/Urb0KeG2t191uYAx9nlmXQmSPtUD3r5jouJBmeCS8oj
npjdG3nSpzxq9fVM8sb+bKhluPnfMKGfa1Xz1arXrx3+vDbxVr+ZyxD46wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO9qJqT286Zp853iI07af24Mb/LaMB8GA1UdIwQY
MBaAFBp/A24lkjkftFo90zyvCweVaXPPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2It
MzQwZDYyNWM2ZGJhLzEvNzJvbXBQYnpwbW56bmVJalR0cF9iZ3h2OHRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2ItMzQwZDYyNWM2ZGJh
LzEvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZySMA0G
CSqGSIb3DQEBCwUAA4IBAQBu6GjggxgSy7ZsM1CjEHtIlHjY1LbKMccUxyNrTYjj
4zT23Kp73Ue2lh9euFRgkvsXTXJg5VT/xCoaSryLYJMlpUr0H+v9Ix3IEHQxVAJi
bGSRXo63zroUOUOicLbnUNeeuMiFIp3oB4KEjaWix8IAOZtY75Ky4WL1nC99BGZY
l4ahM0dwNbkvXvkkFZMuIrV4EVH2IC6taTLpdCs7wV/Q/XN31O6PgeWI2ahg46oy
1gk+NInKkCyjr4YYJ2npXlpGLeOS/aOtMCrE5xoWyKL56Ox3DHpOLVeQumcRVfFf
6qXIrkofk7rj4FTP9kFGAqEWWdpICwAoku2WH0I0Y0CE
-----END CERTIFICATE-----