Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HrhWa2FXZ9vu7poQ-wHj3IUsnNs.roa
File:                     HrhWa2FXZ9vu7poQ-wHj3IUsnNs.roa (raw, json)
Hash identifier:          6qxtS4omk1Rs/8CuBzxdN9l4ssaIdYuZ4Ew9jgxYnnk=
Subject key identifier:   1E:B8:56:6B:61:57:67:DB:EE:EE:9A:10:FB:01:E3:DC:85:2C:9C:DB
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0195EC72A29880FC9143F43C347C519B5B3D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HrhWa2FXZ9vu7poQ-wHj3IUsnNs.roa
Signing time:             Mon 31 Mar 2025 13:44:50 +0000
ROA not before:           Mon 31 Mar 2025 13:44:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206776
IP address blocks:        45.141.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ec:72:a2:98:80:fc:91:43:f4:3c:34:7c:51:9b:5b:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 31 13:44:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1eb8566b615767dbeeee9a10fb01e3dc852c9cdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:bc:da:c6:7a:0c:8a:dd:60:b5:80:18:48:a2:
                    1d:6b:c1:30:c8:d6:f3:f8:f9:a8:0c:c9:ff:45:0f:
                    63:4f:0f:34:7b:47:ea:e5:ed:ec:fd:53:36:90:66:
                    11:b7:20:79:f8:5f:9b:20:9d:a0:7b:17:97:1b:22:
                    e9:d0:78:de:49:3c:a9:0d:b6:57:b4:ea:80:4a:1c:
                    86:ad:4e:09:30:83:c8:59:6f:08:bd:c7:ac:8e:db:
                    41:97:e6:30:aa:e1:c9:b2:40:fb:11:5e:23:11:b6:
                    9a:5b:2c:d1:c5:a4:dd:c8:e9:b1:41:a4:53:7c:c4:
                    85:37:d7:2a:6c:1d:d7:ed:c4:76:d2:ff:6d:ad:11:
                    2a:2a:41:11:9e:1a:25:43:99:51:f1:73:0e:8a:e4:
                    c3:87:11:d9:ea:59:c7:07:26:a2:73:fe:3d:bf:28:
                    5b:74:32:1e:b0:9a:94:53:83:33:b7:ee:04:a3:74:
                    f6:0b:ed:b4:74:5a:f3:9a:83:95:13:17:f0:6a:e9:
                    c0:6e:46:49:a7:e7:9b:59:3e:d0:d3:93:19:5e:3e:
                    52:06:f2:24:59:d9:76:a5:09:b4:1c:32:55:16:40:
                    f4:cb:7f:25:d3:aa:6f:69:9d:c4:c9:76:51:72:bf:
                    32:78:62:ea:24:80:0d:c2:79:58:8f:d7:0e:ce:db:
                    35:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:B8:56:6B:61:57:67:DB:EE:EE:9A:10:FB:01:E3:DC:85:2C:9C:DB
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HrhWa2FXZ9vu7poQ-wHj3IUsnNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:82:5a:0d:fa:9f:50:fb:1e:d1:c5:41:0c:01:cf:b3:53:65:
         d6:56:5f:35:dc:47:e1:6d:3b:64:15:f3:21:26:2f:ab:ca:3a:
         de:a4:a1:1e:c4:ff:5c:a8:9e:d1:42:81:e7:b4:e1:c5:3f:9f:
         7c:5b:b8:a8:12:e4:39:d3:f6:f0:8e:cf:05:72:8d:9a:dc:9d:
         74:72:46:cb:f4:40:b8:ea:07:51:3c:04:87:05:8d:b8:87:e8:
         82:e0:10:01:6a:4e:b9:93:cf:7b:75:70:6e:43:39:40:29:e7:
         45:92:3a:48:d4:45:25:d8:54:2b:f5:fb:1a:8e:58:df:95:e0:
         e3:d8:e7:e1:94:42:1a:3a:a9:94:bb:be:5f:2b:ee:89:37:b7:
         de:c5:b9:cb:ec:46:49:65:9d:56:62:3c:dd:fc:a0:bc:17:88:
         e8:c0:93:a6:3f:c2:83:97:e3:0c:35:49:4d:72:64:ad:53:d9:
         9f:48:53:6d:16:29:c5:fd:13:80:2d:b0:99:4c:a6:b1:4a:f8:
         1d:40:b2:82:e4:05:28:2c:77:70:a0:ec:5b:ed:eb:db:ef:7f:
         04:12:60:7c:65:c2:f4:27:8e:16:5b:fb:c1:76:3b:ae:9c:d9:
         b8:28:58:1d:5c:7f:30:39:c8:3e:d5:fb:1b:45:46:d1:31:49:
         c5:b1:d2:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXscqKYgPyRQ/Q8NHxRm1s9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzMxMTM0NDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWI4NTY2YjYxNTc2N2RiZWVlZTlhMTBmYjAxZTNkYzg1MmM5Y2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrzaxnoMit1gtYAYSKIda8EwyNbz
+PmoDMn/RQ9jTw80e0fq5e3s/VM2kGYRtyB5+F+bIJ2gexeXGyLp0HjeSTypDbZX
tOqAShyGrU4JMIPIWW8IvcesjttBl+YwquHJskD7EV4jEbaaWyzRxaTdyOmxQaRT
fMSFN9cqbB3X7cR20v9trREqKkERnholQ5lR8XMOiuTDhxHZ6lnHByaic/49vyhb
dDIesJqUU4Mzt+4Eo3T2C+20dFrzmoOVExfwaunAbkZJp+ebWT7Q05MZXj5SBvIk
Wdl2pQm0HDJVFkD0y38l06pvaZ3EyXZRcr8yeGLqJIANwnlYj9cOzts1LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB64VmthV2fb7u6aEPsB49yFLJzbMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSHJoV2EyRlhaOXZ1N3BvUS13SGozSVVzbk5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY2cMA0G
CSqGSIb3DQEBCwUAA4IBAQA+gloN+p9Q+x7RxUEMAc+zU2XWVl813EfhbTtkFfMh
Ji+ryjrepKEexP9cqJ7RQoHntOHFP598W7ioEuQ50/bwjs8Fco2a3J10ckbL9EC4
6gdRPASHBY24h+iC4BABak65k897dXBuQzlAKedFkjpI1EUl2FQr9fsajljfleDj
2OfhlEIaOqmUu75fK+6JN7fexbnL7EZJZZ1WYjzd/KC8F4jowJOmP8KDl+MMNUlN
cmStU9mfSFNtFinF/ROALbCZTKaxSvgdQLKC5AUoLHdwoOxb7evb738EEmB8ZcL0
J44WW/vBdjuunNm4KFgdXH8wOcg+1fsbRUbRMUnFsdL2
-----END CERTIFICATE-----