Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/G4MlXm_89uj6pHE4Hj0jm0JnAPs.roa
File:                     G4MlXm_89uj6pHE4Hj0jm0JnAPs.roa (raw, json)
Hash identifier:          IvJvABmtoL2D5H2lLbc36SYTprrxJ3+le+YIp65E/hA=
Subject key identifier:   1B:83:25:5E:6F:FC:F6:E8:FA:A4:71:38:1E:3D:23:9B:42:67:00:FB
Certificate issuer:       /CN=42cf4a128d09dfc4b8b035a12cd831f9f7b01469
Certificate serial:       019423D8074BDDA26AF5245798867C344620
Authority key identifier: 42:CF:4A:12:8D:09:DF:C4:B8:B0:35:A1:2C:D8:31:F9:F7:B0:14:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qs9KEo0J38S4sDWhLNgx-fewFGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/G4MlXm_89uj6pHE4Hj0jm0JnAPs.roa
Signing time:             Wed 01 Jan 2025 21:49:07 +0000
ROA not before:           Wed 01 Jan 2025 21:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209380
IP address blocks:        45.67.152.0/24 maxlen: 24
                          45.67.153.0/24 maxlen: 24
                          45.67.154.0/24 maxlen: 24
                          45.67.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/Qs9KEo0J38S4sDWhLNgx-fewFGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/Qs9KEo0J38S4sDWhLNgx-fewFGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qs9KEo0J38S4sDWhLNgx-fewFGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 15:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d8:07:4b:dd:a2:6a:f5:24:57:98:86:7c:34:46:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42cf4a128d09dfc4b8b035a12cd831f9f7b01469
        Validity
            Not Before: Jan  1 21:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b83255e6ffcf6e8faa471381e3d239b426700fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:28:d6:4f:f7:c5:ae:01:bd:60:b7:27:af:75:
                    fd:95:5e:c3:7f:cb:5e:df:39:23:12:59:f8:06:96:
                    ad:03:1e:b1:fd:d2:bb:cb:af:ac:e8:e9:ef:1d:b8:
                    c8:b9:c0:a2:63:f6:37:d8:7d:f8:11:66:2e:69:94:
                    f2:8c:44:3d:34:74:6e:40:94:ed:bf:41:1c:72:bf:
                    50:bb:83:06:4d:b7:03:a7:3e:b9:f5:a0:24:c7:a2:
                    17:e9:08:40:3d:33:a3:ac:0f:0a:f9:b9:b4:29:8e:
                    02:10:0f:84:c4:73:f3:0d:7a:bd:ab:e2:3a:fe:a1:
                    cc:bc:2d:78:19:e4:51:37:37:19:ed:03:03:da:3f:
                    8e:10:97:c7:a5:8c:41:54:4c:41:f1:53:85:c4:9c:
                    b2:a5:e8:41:5a:35:aa:9a:e6:8f:97:ed:a1:a5:fa:
                    dc:ac:fc:b3:41:65:7a:c7:b2:0c:ac:47:89:78:c5:
                    cd:57:06:1e:de:40:ce:ff:a6:99:f3:12:fa:40:ec:
                    24:18:82:da:4b:2d:aa:50:1f:0c:c2:e8:5c:d4:01:
                    49:3f:a5:27:c0:bd:c2:18:d2:3f:3f:45:c9:dc:a5:
                    29:63:31:d1:63:5d:67:22:e8:59:f3:f4:9d:d8:4d:
                    45:49:6f:ba:05:c5:fc:8d:d5:19:6a:27:49:4d:b4:
                    ad:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:83:25:5E:6F:FC:F6:E8:FA:A4:71:38:1E:3D:23:9B:42:67:00:FB
            X509v3 Authority Key Identifier:
                keyid:42:CF:4A:12:8D:09:DF:C4:B8:B0:35:A1:2C:D8:31:F9:F7:B0:14:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qs9KEo0J38S4sDWhLNgx-fewFGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/G4MlXm_89uj6pHE4Hj0jm0JnAPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/Qs9KEo0J38S4sDWhLNgx-fewFGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:15:de:54:d8:be:73:d8:d1:02:6a:51:c2:d3:82:e9:dc:9e:
         6d:56:94:c7:ba:dd:ae:c1:eb:d3:97:24:a6:18:7e:80:8c:b0:
         32:55:e8:4c:3d:c6:a3:3b:1f:70:58:98:36:a4:ff:0d:c0:1f:
         d0:64:62:8e:37:45:17:26:0a:6a:5b:8e:b3:1f:45:a0:0c:2c:
         32:b8:82:dc:69:17:85:a0:ff:cb:38:57:4f:8f:d2:0e:52:fd:
         f2:e7:89:0c:e1:e5:1d:85:b3:b3:4c:10:33:71:c0:84:c3:e3:
         17:f0:03:af:65:c0:8e:bc:f5:2c:be:03:0e:72:d7:8c:5f:1b:
         94:3f:95:1e:92:fc:21:3d:d8:ab:52:01:76:82:d9:11:68:6b:
         9e:45:74:2a:05:9c:0e:a0:52:9d:b5:52:fd:40:bf:cd:10:56:
         22:7d:7f:92:06:d1:a2:05:36:8d:6a:5d:9d:47:8a:72:a1:97:
         e3:b3:37:77:d0:61:b7:64:15:c5:f6:8b:7e:15:2c:ff:3c:83:
         96:c0:9c:7c:53:93:3f:2e:11:ad:64:6a:1b:83:30:68:5d:25:
         c7:8d:36:07:58:95:c2:38:56:c8:80:a5:c7:41:0f:98:d2:82:
         25:83:b4:09:55:fd:d6:f4:68:19:8a:3f:6f:81:df:9c:e4:79:
         b4:43:66:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj2AdL3aJq9SRXmIZ8NEYgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyY2Y0YTEyOGQwOWRmYzRiOGIwMzVhMTJjZDgzMWY5Zjdi
MDE0NjkwHhcNMjUwMTAxMjE0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjgzMjU1ZTZmZmNmNmU4ZmFhNDcxMzgxZTNkMjM5YjQyNjcwMGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSjWT/fFrgG9YLcnr3X9lV7Df8te
3zkjEln4BpatAx6x/dK7y6+s6OnvHbjIucCiY/Y32H34EWYuaZTyjEQ9NHRuQJTt
v0Eccr9Qu4MGTbcDpz659aAkx6IX6QhAPTOjrA8K+bm0KY4CEA+ExHPzDXq9q+I6
/qHMvC14GeRRNzcZ7QMD2j+OEJfHpYxBVExB8VOFxJyypehBWjWqmuaPl+2hpfrc
rPyzQWV6x7IMrEeJeMXNVwYe3kDO/6aZ8xL6QOwkGILaSy2qUB8Mwuhc1AFJP6Un
wL3CGNI/P0XJ3KUpYzHRY11nIuhZ8/Sd2E1FSW+6BcX8jdUZaidJTbStYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuDJV5v/Pbo+qRxOB49I5tCZwD7MB8GA1UdIwQY
MBaAFELPShKNCd/EuLA1oSzYMfn3sBRpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXM5S0VvMEozOFM0c0RXaExOZ3gtZmV3RkdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC81ZGE3MjktYmEyNi00ZmRhLTkwMTEt
MGIwNDM3NWY5YjM2LzEvRzRNbFhtXzg5dWo2cEhFNEhqMGptMEpuQVBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC81ZGE3MjktYmEyNi00ZmRhLTkwMTEtMGIwNDM3NWY5YjM2
LzEvUXM5S0VvMEozOFM0c0RXaExOZ3gtZmV3RkdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLUOYMA0G
CSqGSIb3DQEBCwUAA4IBAQCKFd5U2L5z2NECalHC04Lp3J5tVpTHut2uwevTlySm
GH6AjLAyVehMPcajOx9wWJg2pP8NwB/QZGKON0UXJgpqW46zH0WgDCwyuILcaReF
oP/LOFdPj9IOUv3y54kM4eUdhbOzTBAzccCEw+MX8AOvZcCOvPUsvgMOcteMXxuU
P5UekvwhPdirUgF2gtkRaGueRXQqBZwOoFKdtVL9QL/NEFYifX+SBtGiBTaNal2d
R4pyoZfjszd30GG3ZBXF9ot+FSz/PIOWwJx8U5M/LhGtZGobgzBoXSXHjTYHWJXC
OFbIgKXHQQ+Y0oIlg7QJVf3W9GgZij9vgd+c5Hm0Q2YF
-----END CERTIFICATE-----