Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/JPuN2YPz_l01LHcxJTRgQ5fN06Q.roa
File:                     JPuN2YPz_l01LHcxJTRgQ5fN06Q.roa (raw, json)
Hash identifier:          sO4iVZOw03myN2KiGjBOdg4pmq+1tC1eFs8GD/uCEJk=
Subject key identifier:   24:FB:8D:D9:83:F3:FE:5D:35:2C:77:31:25:34:60:43:97:CD:D3:A4
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       019424B3EB8BF325AE4289F18B5272D826B6
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/JPuN2YPz_l01LHcxJTRgQ5fN06Q.roa
Signing time:             Thu 02 Jan 2025 01:49:18 +0000
ROA not before:           Thu 02 Jan 2025 01:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207717
IP address blocks:        45.132.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:eb:8b:f3:25:ae:42:89:f1:8b:52:72:d8:26:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Jan  2 01:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24fb8dd983f3fe5d352c77312534604397cdd3a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:17:3b:5e:be:4d:b1:67:f6:25:f4:61:aa:9e:
                    62:c1:0f:bd:1f:ca:56:9e:37:45:71:1b:ab:34:44:
                    d2:31:ee:5a:cb:dd:85:e0:e7:e8:46:bd:16:30:68:
                    d2:9f:fb:eb:f7:62:02:c6:07:29:12:65:0e:0e:74:
                    68:83:e2:d0:0d:db:79:b9:48:30:2a:bc:15:80:dc:
                    03:b5:fe:e2:44:55:3a:89:e0:70:12:6a:d8:f2:d4:
                    ab:57:27:d2:17:b7:91:a6:3d:0d:b1:dd:ad:6f:5f:
                    79:70:b3:2c:87:05:a0:20:f8:5b:6d:74:c9:68:a2:
                    68:46:4e:48:e8:7c:c7:26:39:1c:c9:08:44:66:a9:
                    3a:a0:cc:84:ae:f5:3d:46:e1:fb:27:cb:1b:8c:c8:
                    1a:32:c9:b0:79:b8:af:af:87:9d:ac:f9:cc:bb:6d:
                    42:40:2c:b2:91:f6:45:65:55:68:e7:b1:ff:43:c4:
                    25:91:33:47:e4:f5:bf:72:2c:3a:e1:a8:0a:b9:3b:
                    71:8b:50:37:93:7e:88:4f:f8:fd:4d:11:fa:f9:13:
                    6b:43:d3:ae:43:f7:59:d5:93:e3:02:dc:ce:d4:83:
                    0e:4c:24:33:5c:28:14:77:37:5c:99:b1:0d:2d:dc:
                    3d:0c:4c:da:40:8f:ca:4e:d4:c2:af:27:d7:2c:75:
                    36:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:FB:8D:D9:83:F3:FE:5D:35:2C:77:31:25:34:60:43:97:CD:D3:A4
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/JPuN2YPz_l01LHcxJTRgQ5fN06Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:b7:30:f9:45:33:3f:b6:30:bb:a1:a6:21:ab:8e:b6:ef:ab:
         53:bb:e2:c1:31:9b:9e:a4:08:8f:fb:49:78:5c:ab:d5:37:0e:
         4e:f2:2d:31:09:63:14:34:a1:70:76:0b:7d:be:d3:39:a0:5b:
         ac:38:b9:fb:1a:ea:88:93:1c:ec:77:2c:62:4d:a6:8d:1c:4f:
         63:89:54:8b:93:ac:44:eb:bb:81:eb:c4:9e:6c:02:5b:3e:79:
         fb:81:ca:66:31:ba:41:49:ca:fe:e4:57:17:d0:a3:18:9d:d8:
         2c:2f:d7:b2:29:4b:c9:c5:82:3e:23:fa:3f:43:c7:8b:c9:90:
         6b:d4:8c:45:4a:ff:cc:09:00:6c:d6:2a:47:c3:33:0f:ce:e9:
         7b:d2:bf:bc:f6:32:b6:42:35:6e:f2:a1:d6:68:e5:b2:db:d9:
         0e:1e:1b:70:61:92:be:b3:1c:34:9c:8e:9c:a3:ae:1d:16:32:
         03:aa:58:80:6b:28:f4:79:45:a8:b8:cc:28:0d:aa:5c:47:a3:
         05:03:68:e2:9c:70:26:80:0d:79:f1:7b:21:2d:f7:3a:6b:f8:
         e9:91:f1:9d:41:5e:5f:35:bd:35:20:e1:cd:96:76:c5:74:be:
         8f:fc:af:f2:6c:4d:bc:d1:cd:8b:40:62:9b:4a:6a:de:c9:33:
         d1:b7:ae:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks+uL8yWuQonxi1Jy2Ca2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjUwMTAyMDE0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGZiOGRkOTgzZjNmZTVkMzUyYzc3MzEyNTM0NjA0Mzk3Y2RkM2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRc7Xr5NsWf2JfRhqp5iwQ+9H8pW
njdFcRurNETSMe5ay92F4OfoRr0WMGjSn/vr92ICxgcpEmUODnRog+LQDdt5uUgw
KrwVgNwDtf7iRFU6ieBwEmrY8tSrVyfSF7eRpj0Nsd2tb195cLMshwWgIPhbbXTJ
aKJoRk5I6HzHJjkcyQhEZqk6oMyErvU9RuH7J8sbjMgaMsmwebivr4edrPnMu21C
QCyykfZFZVVo57H/Q8QlkTNH5PW/ciw64agKuTtxi1A3k36IT/j9TRH6+RNrQ9Ou
Q/dZ1ZPjAtzO1IMOTCQzXCgUdzdcmbENLdw9DEzaQI/KTtTCryfXLHU2AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCT7jdmD8/5dNSx3MSU0YEOXzdOkMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvSlB1TjJZUHpfbDAxTEhjeEpUUmdRNWZOMDZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYSWMA0G
CSqGSIb3DQEBCwUAA4IBAQCxtzD5RTM/tjC7oaYhq46276tTu+LBMZuepAiP+0l4
XKvVNw5O8i0xCWMUNKFwdgt9vtM5oFusOLn7GuqIkxzsdyxiTaaNHE9jiVSLk6xE
67uB68SebAJbPnn7gcpmMbpBScr+5FcX0KMYndgsL9eyKUvJxYI+I/o/Q8eLyZBr
1IxFSv/MCQBs1ipHwzMPzul70r+89jK2QjVu8qHWaOWy29kOHhtwYZK+sxw0nI6c
o64dFjIDqliAayj0eUWouMwoDapcR6MFA2jinHAmgA158XshLfc6a/jpkfGdQV5f
Nb01IOHNlnbFdL6P/K/ybE280c2LQGKbSmreyTPRt64r
-----END CERTIFICATE-----