Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/RMWbYdHceZbtSP3kPPphiVqhjKU.roa
File:                     RMWbYdHceZbtSP3kPPphiVqhjKU.roa (raw, json)
Hash identifier:          ZmPZq83tjvYdJrT/qGKDeRtwLFHx3yIuGdy+p00AfUY=
Subject key identifier:   44:C5:9B:61:D1:DC:79:96:ED:48:FD:E4:3C:FA:61:89:5A:A1:8C:A5
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       019420680A35DE511D04A4B0A9A58A343C1B
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/RMWbYdHceZbtSP3kPPphiVqhjKU.roa
Signing time:             Wed 01 Jan 2025 05:47:56 +0000
ROA not before:           Wed 01 Jan 2025 05:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204402
IP address blocks:        45.152.38.0/24 maxlen: 24
                          2a0b:3c40:24::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:0a:35:de:51:1d:04:a4:b0:a9:a5:8a:34:3c:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  1 05:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44c59b61d1dc7996ed48fde43cfa61895aa18ca5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c2:78:6f:24:b5:92:74:56:ef:97:48:ee:16:
                    fe:d0:be:20:e8:11:c8:88:78:d3:29:a1:8a:a2:d5:
                    bf:db:f7:e7:d1:06:e3:18:68:e8:bc:b9:60:73:8d:
                    9f:c1:00:c8:4d:62:8d:ab:bb:ca:a8:eb:d5:08:c0:
                    7a:e1:6f:f7:f5:31:f4:37:e9:ac:91:1c:99:53:3e:
                    c6:f1:42:9a:51:ad:48:c2:e8:f9:ee:d8:ce:52:ba:
                    4c:f8:8b:01:a0:88:d1:50:1d:cc:13:70:7d:cf:62:
                    b1:5d:15:89:4b:57:e1:86:97:c6:6c:05:68:5a:03:
                    ab:c1:01:a6:e7:02:4f:0c:4f:06:a2:86:ce:38:1c:
                    2a:03:e1:03:9a:ba:ad:48:13:26:80:78:78:d2:01:
                    d6:a1:d8:47:a4:92:9e:33:56:67:86:79:8f:de:b0:
                    71:14:03:d5:0e:e1:d1:4e:8a:7b:d1:bd:f9:ca:25:
                    55:89:42:18:3a:51:0d:7b:56:0b:9b:43:52:4d:86:
                    61:f3:00:db:89:75:38:77:3c:22:a8:f7:dc:08:e8:
                    da:0c:ba:d7:66:09:30:7e:98:a8:e0:2c:f7:f7:8b:
                    eb:a6:b2:a3:56:54:c0:78:e0:43:f1:c5:bc:b5:08:
                    1e:ff:21:f8:0b:d4:d5:f4:e9:d1:25:ad:e9:fa:19:
                    ba:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:C5:9B:61:D1:DC:79:96:ED:48:FD:E4:3C:FA:61:89:5A:A1:8C:A5
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/RMWbYdHceZbtSP3kPPphiVqhjKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.38.0/24
                IPv6:
                  2a0b:3c40:24::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:28:3b:3b:8a:9e:5f:7d:7f:bb:77:26:c1:5c:0f:7c:00:b6:
         a5:30:09:a7:0e:86:39:77:80:1c:1b:48:4d:6f:f2:c1:10:d6:
         a4:ba:73:53:1c:40:d1:1d:46:d5:de:7e:b3:da:cf:08:6c:14:
         24:e0:da:c3:99:0c:c4:a8:a0:8e:09:bd:0c:9e:7b:9f:aa:08:
         d5:ef:40:89:59:99:bc:8b:59:25:4d:8d:59:64:a6:57:a7:e1:
         09:7d:2e:80:b4:be:ea:43:4e:a9:af:2c:ba:ef:93:23:1e:12:
         a5:9e:dd:f2:ed:5b:9a:84:9b:4a:e9:96:8b:7b:b3:47:89:e5:
         21:7c:cc:dc:f9:b6:65:5d:08:56:c9:60:9b:60:03:58:b2:4a:
         37:c2:4b:ec:68:74:cc:4c:f5:c6:70:04:8b:60:45:22:dd:29:
         11:c3:62:23:c8:26:50:58:8e:5f:e0:3b:c7:33:56:62:a8:be:
         8d:37:8b:4b:2f:8d:0f:5a:a7:dd:a0:56:49:b1:88:3c:4c:dd:
         50:60:89:a0:2d:3a:bd:f2:f0:5a:a5:59:63:00:dd:33:3e:99:
         34:fe:b3:37:2d:12:71:cd:8a:98:c9:4c:0e:cc:fb:81:0a:6f:
         ae:3e:4a:0c:b0:a3:53:25:b9:dc:76:fc:91:20:a6:46:2e:95:
         96:af:e8:40
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQgaAo13lEdBKSwqaWKNDwbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUwMTAxMDU0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGM1OWI2MWQxZGM3OTk2ZWQ0OGZkZTQzY2ZhNjE4OTVhYTE4Y2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcJ4byS1knRW75dI7hb+0L4g6BHI
iHjTKaGKotW/2/fn0QbjGGjovLlgc42fwQDITWKNq7vKqOvVCMB64W/39TH0N+ms
kRyZUz7G8UKaUa1Iwuj57tjOUrpM+IsBoIjRUB3ME3B9z2KxXRWJS1fhhpfGbAVo
WgOrwQGm5wJPDE8GoobOOBwqA+EDmrqtSBMmgHh40gHWodhHpJKeM1ZnhnmP3rBx
FAPVDuHRTop70b35yiVViUIYOlENe1YLm0NSTYZh8wDbiXU4dzwiqPfcCOjaDLrX
Zgkwfpio4Cz394vrprKjVlTAeOBD8cW8tQge/yH4C9TV9OnRJa3p+hm6EwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFETFm2HR3HmW7Uj95Dz6YYlaoYylMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvUk1XYllkSGNlWmJ0U1Aza1BQcGhpVnFoaktVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALZgmMA8E
AgACMAkDBwAqCzxAACQwDQYJKoZIhvcNAQELBQADggEBAAAoOzuKnl99f7t3JsFc
D3wAtqUwCacOhjl3gBwbSE1v8sEQ1qS6c1McQNEdRtXefrPazwhsFCTg2sOZDMSo
oI4JvQyee5+qCNXvQIlZmbyLWSVNjVlkplen4Ql9LoC0vupDTqmvLLrvkyMeEqWe
3fLtW5qEm0rplot7s0eJ5SF8zNz5tmVdCFbJYJtgA1iySjfCS+xodMxM9cZwBItg
RSLdKRHDYiPIJlBYjl/gO8czVmKovo03i0svjQ9ap92gVkmxiDxM3VBgiaAtOr3y
8FqlWWMA3TM+mTT+szctEnHNipjJTA7M+4EKb64+Sgywo1Mludx2/JEgpkYulZav
6EA=
-----END CERTIFICATE-----