Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/CS3fkAwQa6jbpAuBFjvlkhT4QM4.roa
File:                     CS3fkAwQa6jbpAuBFjvlkhT4QM4.roa (raw, json)
Hash identifier:          B07gzww+qg1cGY1+Noy7EqGS0qu6LsylkSmHxbsB5UI=
Subject key identifier:   09:2D:DF:90:0C:10:6B:A8:DB:A4:0B:81:16:3B:E5:92:14:F8:40:CE
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       019420680E4FFBB35C44EAA073517F559A63
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/CS3fkAwQa6jbpAuBFjvlkhT4QM4.roa
Signing time:             Wed 01 Jan 2025 05:47:57 +0000
ROA not before:           Wed 01 Jan 2025 05:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209493
IP address blocks:        45.141.61.0/24 maxlen: 24
                          193.109.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:0e:4f:fb:b3:5c:44:ea:a0:73:51:7f:55:9a:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  1 05:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=092ddf900c106ba8dba40b81163be59214f840ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b5:c6:f9:9d:9c:f7:02:78:20:0d:77:00:9a:
                    16:cc:b1:ee:fa:a2:b9:b2:25:3b:2d:90:6a:39:b2:
                    8f:87:2f:40:b7:63:75:c2:f6:9c:b2:a5:8d:ad:6f:
                    7b:74:aa:97:2d:2a:a9:28:9d:26:20:05:4f:13:6c:
                    3d:5c:ed:a5:a6:04:1f:cc:4f:27:dc:e5:13:43:e5:
                    24:16:08:a0:23:ad:15:70:72:b7:d3:7f:3d:5c:76:
                    fa:f3:43:ad:9c:1c:d7:99:be:a1:9d:eb:83:92:24:
                    d9:f8:5c:ad:d0:d4:3e:bd:0d:ea:a6:46:7b:26:1b:
                    f5:e5:58:a5:0f:7b:50:79:af:a6:30:bb:eb:e9:68:
                    d1:b0:94:b4:b2:1a:e5:3f:47:82:d7:17:32:70:8d:
                    33:29:c8:80:5e:55:55:ca:14:fd:51:6f:8c:1c:b9:
                    bd:97:74:dc:44:d2:fd:e4:6d:3d:5c:af:78:34:f8:
                    ce:bb:66:f7:3a:19:68:3e:91:08:3d:96:62:d0:1b:
                    de:3e:4a:16:99:db:79:13:51:f9:e1:cc:99:52:01:
                    22:94:ae:70:db:d9:c0:3b:54:05:c7:f5:db:7d:3a:
                    c2:90:ed:0c:a8:e9:ed:74:2b:a8:d1:b0:f1:9b:42:
                    1c:dd:bf:4c:71:cf:18:8e:e9:b4:4a:0a:9e:00:37:
                    c3:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:2D:DF:90:0C:10:6B:A8:DB:A4:0B:81:16:3B:E5:92:14:F8:40:CE
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/CS3fkAwQa6jbpAuBFjvlkhT4QM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.61.0/24
                  193.109.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:f2:5a:39:d7:0f:e5:13:b6:b1:d4:0f:a5:e6:8b:54:84:91:
         e2:03:1d:f6:d2:ca:61:24:4d:58:b1:66:7f:8c:76:41:28:33:
         b3:24:83:ab:ef:07:a1:5f:65:f0:8c:5d:06:76:3f:99:a9:f5:
         19:31:5c:e2:17:96:c7:b2:f9:f6:27:f9:a1:26:3a:81:d0:6c:
         ff:09:f1:bc:02:4a:4b:16:cd:52:2f:f8:7b:e5:23:fe:20:03:
         39:04:20:9e:9e:ca:b9:f4:37:f6:ac:a7:d6:13:84:83:03:c5:
         67:17:5c:35:e0:87:99:20:fc:b9:1e:1e:e4:51:3e:3a:b6:cf:
         1c:44:6e:0b:e6:df:ad:46:75:af:7c:92:7b:1a:aa:76:62:34:
         dd:d8:e1:8c:e4:f0:b6:8a:d3:ee:d3:c2:07:8c:ee:66:a2:50:
         06:58:c7:73:33:ee:43:52:e4:5f:fd:f7:30:a4:05:b5:9d:3b:
         24:c4:5b:2d:e5:c4:c4:b4:57:a3:0a:22:99:f5:b2:97:74:a3:
         af:bc:6f:74:f0:4e:a0:40:d1:21:f8:b1:9b:40:19:19:0e:cb:
         5a:36:92:92:62:26:a6:53:36:06:9a:4a:46:9d:9c:44:1d:af:
         3e:12:3f:16:6f:5a:86:b5:62:8e:21:3e:1a:79:04:2e:68:1f:
         00:f5:89:94
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgaA5P+7NcROqgc1F/VZpjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUwMTAxMDU0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTJkZGY5MDBjMTA2YmE4ZGJhNDBiODExNjNiZTU5MjE0Zjg0MGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7XG+Z2c9wJ4IA13AJoWzLHu+qK5
siU7LZBqObKPhy9At2N1wvacsqWNrW97dKqXLSqpKJ0mIAVPE2w9XO2lpgQfzE8n
3OUTQ+UkFgigI60VcHK30389XHb680OtnBzXmb6hneuDkiTZ+Fyt0NQ+vQ3qpkZ7
Jhv15VilD3tQea+mMLvr6WjRsJS0shrlP0eC1xcycI0zKciAXlVVyhT9UW+MHLm9
l3TcRNL95G09XK94NPjOu2b3OhloPpEIPZZi0BvePkoWmdt5E1H54cyZUgEilK5w
29nAO1QFx/XbfTrCkO0MqOntdCuo0bDxm0Ic3b9Mcc8Yjum0SgqeADfDJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAkt35AMEGuo26QLgRY75ZIU+EDOMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvQ1MzZmtBd1FhNmpicEF1QkZqdmxraFQ0UU00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALY09AwQA
wW2IMA0GCSqGSIb3DQEBCwUAA4IBAQBV8lo51w/lE7ax1A+l5otUhJHiAx320sph
JE1YsWZ/jHZBKDOzJIOr7wehX2XwjF0Gdj+ZqfUZMVziF5bHsvn2J/mhJjqB0Gz/
CfG8AkpLFs1SL/h75SP+IAM5BCCensq59Df2rKfWE4SDA8VnF1w14IeZIPy5Hh7k
UT46ts8cRG4L5t+tRnWvfJJ7Gqp2YjTd2OGM5PC2itPu08IHjO5molAGWMdzM+5D
UuRf/fcwpAW1nTskxFst5cTEtFejCiKZ9bKXdKOvvG908E6gQNEh+LGbQBkZDsta
NpKSYiamUzYGmkpGnZxEHa8+Ej8Wb1qGtWKOIT4aeQQuaB8A9YmU
-----END CERTIFICATE-----