Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/4k2m6oWhbCxHwu7ZoOs8FYwRSeo.roa
File:                     4k2m6oWhbCxHwu7ZoOs8FYwRSeo.roa (raw, json)
Hash identifier:          0X2CSeSS5EmJeG6XWlWGwSVUMGQ8gwE0QRYVBIvMpS0=
Subject key identifier:   E2:4D:A6:EA:85:A1:6C:2C:47:C2:EE:D9:A0:EB:3C:15:8C:11:49:EA
Certificate issuer:       /CN=b7c40a747e3ac1acc611a4c403b6007398e7d79f
Certificate serial:       01941FFA70CDCCA2F7CC04FF3E7179AF85F2
Authority key identifier: B7:C4:0A:74:7E:3A:C1:AC:C6:11:A4:C4:03:B6:00:73:98:E7:D7:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t8QKdH46wazGEaTEA7YAc5jn158.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/4k2m6oWhbCxHwu7ZoOs8FYwRSeo.roa
Signing time:             Wed 01 Jan 2025 03:48:14 +0000
ROA not before:           Wed 01 Jan 2025 03:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142594
IP address blocks:        45.67.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/t8QKdH46wazGEaTEA7YAc5jn158.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/t8QKdH46wazGEaTEA7YAc5jn158.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t8QKdH46wazGEaTEA7YAc5jn158.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:70:cd:cc:a2:f7:cc:04:ff:3e:71:79:af:85:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7c40a747e3ac1acc611a4c403b6007398e7d79f
        Validity
            Not Before: Jan  1 03:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e24da6ea85a16c2c47c2eed9a0eb3c158c1149ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:4c:ee:93:1c:5e:53:73:ef:cf:57:dd:a5:09:
                    1d:8d:af:a0:5c:a4:9a:6c:37:3b:df:eb:1c:ee:d5:
                    47:08:f9:5f:42:f2:40:c3:4e:a4:c6:7e:27:34:50:
                    3c:30:8d:ef:8c:7e:12:0f:f5:8c:7d:c6:4e:9f:15:
                    df:c8:15:d7:2c:d9:e9:1b:4b:43:0a:37:96:1a:00:
                    69:22:c3:dc:01:99:47:1b:3a:45:7f:aa:4b:32:95:
                    70:98:7f:f8:96:44:fd:62:b5:f5:1b:ce:6c:28:83:
                    ee:51:99:fe:ea:2b:20:be:74:a3:0e:81:e0:b3:d0:
                    42:4b:45:30:0d:57:16:07:19:bd:64:da:96:04:85:
                    e5:bd:22:d3:db:54:09:ea:62:ed:3a:d7:25:c8:e7:
                    bc:c6:54:15:06:75:4a:a1:05:8d:94:3b:cf:55:79:
                    e4:63:47:91:e1:ad:a9:c0:99:9f:f8:88:7e:12:5c:
                    b8:ad:8b:0c:5f:eb:53:0b:f9:c8:c9:a2:bf:15:52:
                    6a:94:7c:e2:60:41:6a:d6:e6:3c:2c:52:b1:85:3e:
                    67:b6:9d:97:de:0a:bb:2b:22:90:43:dc:b6:5d:4b:
                    56:9c:5a:dd:76:82:71:cb:91:bc:5a:63:af:82:25:
                    fd:ea:e8:98:f2:57:f7:48:41:a0:27:57:d8:10:50:
                    6a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:4D:A6:EA:85:A1:6C:2C:47:C2:EE:D9:A0:EB:3C:15:8C:11:49:EA
            X509v3 Authority Key Identifier:
                keyid:B7:C4:0A:74:7E:3A:C1:AC:C6:11:A4:C4:03:B6:00:73:98:E7:D7:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t8QKdH46wazGEaTEA7YAc5jn158.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/4k2m6oWhbCxHwu7ZoOs8FYwRSeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/t8QKdH46wazGEaTEA7YAc5jn158.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:67:bd:8e:c0:64:f5:bc:8e:ca:84:76:3f:b3:b1:37:3a:5e:
         5e:fe:57:00:cb:01:a3:8b:c7:a8:e0:4f:6d:65:87:b8:ed:0f:
         56:ea:b6:d8:c6:e1:f6:2c:c9:f9:ce:59:e6:03:9a:b3:fc:e8:
         2e:4d:2e:7e:79:a5:5b:cc:d3:e1:04:a0:e4:5a:e9:09:37:e7:
         42:d2:5c:7b:ac:12:ec:fe:2b:d9:0e:43:b2:e9:ab:71:8d:9b:
         ff:34:45:7c:b6:fc:3e:1b:ec:85:1a:5d:68:45:69:de:3e:9b:
         05:7f:33:34:bd:6f:1d:8c:2c:32:db:fc:e8:bc:56:87:35:4b:
         71:3d:48:da:69:a0:4a:56:05:7c:39:e1:3f:69:9f:1d:cf:26:
         3e:c8:0f:5d:23:63:e6:b5:e9:e7:eb:65:92:f7:6d:79:71:e5:
         10:3e:5a:15:72:34:d9:2d:95:be:d4:86:a7:30:8b:cb:79:56:
         ae:68:ac:94:87:76:b1:d3:a0:64:c7:79:19:02:56:4d:78:61:
         d5:c9:f5:27:4a:2f:56:24:d2:9e:cf:a3:3b:ea:4a:ee:14:1b:
         74:4b:dd:b9:45:1f:ae:88:b4:41:34:08:32:9a:e4:9e:fc:b7:
         25:75:78:9d:1a:9a:ef:83:44:4b:e7:67:a2:1f:b7:e9:bb:e3:
         bb:04:0b:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+nDNzKL3zAT/PnF5r4XyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3YzQwYTc0N2UzYWMxYWNjNjExYTRjNDAzYjYwMDczOThl
N2Q3OWYwHhcNMjUwMTAxMDM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjRkYTZlYTg1YTE2YzJjNDdjMmVlZDlhMGViM2MxNThjMTE0OWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEzukxxeU3Pvz1fdpQkdja+gXKSa
bDc73+sc7tVHCPlfQvJAw06kxn4nNFA8MI3vjH4SD/WMfcZOnxXfyBXXLNnpG0tD
CjeWGgBpIsPcAZlHGzpFf6pLMpVwmH/4lkT9YrX1G85sKIPuUZn+6isgvnSjDoHg
s9BCS0UwDVcWBxm9ZNqWBIXlvSLT21QJ6mLtOtclyOe8xlQVBnVKoQWNlDvPVXnk
Y0eR4a2pwJmf+Ih+Ely4rYsMX+tTC/nIyaK/FVJqlHziYEFq1uY8LFKxhT5ntp2X
3gq7KyKQQ9y2XUtWnFrddoJxy5G8WmOvgiX96uiY8lf3SEGgJ1fYEFBqoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJNpuqFoWwsR8Lu2aDrPBWMEUnqMB8GA1UdIwQY
MBaAFLfECnR+OsGsxhGkxAO2AHOY59efMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDhRS2RINDZ3YXpHRWFURUE3WUFjNWpuMTU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zNzVlYmMtYmFmYi00ZTBiLWI1NDkt
Nzc2MzVhMjJlYjk2LzEvNGsybTZvV2hiQ3hId3U3Wm9PczhGWXdSU2VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zNzVlYmMtYmFmYi00ZTBiLWI1NDktNzc2MzVhMjJlYjk2
LzEvdDhRS2RINDZ3YXpHRWFURUE3WUFjNWpuMTU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUMPMA0G
CSqGSIb3DQEBCwUAA4IBAQBJZ72OwGT1vI7KhHY/s7E3Ol5e/lcAywGji8eo4E9t
ZYe47Q9W6rbYxuH2LMn5zlnmA5qz/OguTS5+eaVbzNPhBKDkWukJN+dC0lx7rBLs
/ivZDkOy6atxjZv/NEV8tvw+G+yFGl1oRWnePpsFfzM0vW8djCwy2/zovFaHNUtx
PUjaaaBKVgV8OeE/aZ8dzyY+yA9dI2Pmtenn62WS9215ceUQPloVcjTZLZW+1Ian
MIvLeVauaKyUh3ax06Bkx3kZAlZNeGHVyfUnSi9WJNKez6M76kruFBt0S925RR+u
iLRBNAgymuSe/LcldXidGprvg0RL52eiH7fpu+O7BAuH
-----END CERTIFICATE-----