Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/D-_QiVeAYymMyrqyEwwxZVlJ77w.roa
File:                     D-_QiVeAYymMyrqyEwwxZVlJ77w.roa (raw, json)
Hash identifier:          pLHDIfQfn00HxVAd67SY9GUFCYPJH9fT0t4z495xhcU=
Subject key identifier:   0F:EF:D0:89:57:80:63:29:8C:CA:BA:B2:13:0C:31:65:59:49:EF:BC
Certificate issuer:       /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial:       019421B19A04A41572A91EBBA69CFB0CB5B4
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/D-_QiVeAYymMyrqyEwwxZVlJ77w.roa
Signing time:             Wed 01 Jan 2025 11:47:54 +0000
ROA not before:           Wed 01 Jan 2025 11:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207279
IP address blocks:        45.143.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:9a:04:a4:15:72:a9:1e:bb:a6:9c:fb:0c:b5:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
        Validity
            Not Before: Jan  1 11:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fefd089578063298ccabab2130c31655949efbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ee:95:a8:bc:87:f3:40:5c:1c:c8:38:aa:fb:
                    88:52:7e:c8:1d:33:5c:48:f2:22:6a:c3:5f:a2:fc:
                    ea:31:8b:54:f7:05:7f:40:c9:ab:69:ce:a0:fa:11:
                    d3:3d:d7:80:b5:28:1d:b9:f8:b3:01:b7:84:47:f6:
                    f1:1c:95:ae:d1:23:cf:d3:43:b8:0f:32:8c:e1:f2:
                    7d:52:2f:73:7e:4f:f6:1a:05:15:0f:20:1b:ca:75:
                    02:73:81:5f:5e:d1:89:0b:2d:53:dd:88:0c:9d:9d:
                    bb:d4:8d:11:ab:a1:d5:e5:e8:b2:66:4f:56:88:78:
                    c2:67:5b:3d:c9:b2:44:4c:88:f5:78:8f:ce:a1:e7:
                    13:c2:1e:9f:46:69:a3:80:8d:59:f2:98:8c:f0:04:
                    a4:37:fb:17:31:db:04:d0:a7:04:be:3e:d5:03:dd:
                    dc:08:22:f5:ca:29:7b:fb:07:47:27:15:ac:ec:00:
                    02:06:d0:93:9d:96:27:03:7e:c9:bc:06:f1:4a:94:
                    71:60:0c:4f:3f:58:82:9a:01:d6:5a:2b:ef:48:36:
                    65:36:ee:f4:40:fe:03:54:22:1e:17:0b:61:3f:88:
                    61:2e:cd:90:71:6b:dc:d0:56:81:8c:75:62:7a:92:
                    6b:c8:78:18:bc:8b:9d:c2:fa:a6:71:5b:18:25:14:
                    da:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:EF:D0:89:57:80:63:29:8C:CA:BA:B2:13:0C:31:65:59:49:EF:BC
            X509v3 Authority Key Identifier:
                keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/D-_QiVeAYymMyrqyEwwxZVlJ77w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:e4:21:6c:f3:43:72:6e:f3:df:9d:58:2b:70:2c:2b:16:eb:
         f8:8b:74:df:ce:1f:ae:d0:79:6e:94:38:e5:01:4d:f5:e7:b5:
         0b:f8:73:35:b4:c4:26:99:97:1e:a9:d1:eb:03:42:ec:25:03:
         ae:bf:48:d2:2b:03:05:75:21:38:1a:94:51:0a:be:8d:91:13:
         85:91:82:20:d6:e2:61:f4:87:3a:bd:17:62:1a:d2:b9:f1:fd:
         47:f7:79:5f:f4:f6:ce:0b:64:9a:85:b4:50:d8:10:c5:4d:83:
         c0:f2:76:fa:c1:8a:7c:4d:fa:25:44:9f:4e:a3:c5:56:c1:1b:
         f9:da:fe:7c:f1:cd:cb:bf:b6:ef:b9:5a:e5:1c:be:b4:b2:7a:
         ad:f7:d9:ee:b9:d8:60:40:13:8a:97:de:eb:81:99:7c:ce:28:
         04:35:32:c5:3b:18:34:58:d9:cc:6e:e7:11:d2:cf:52:63:ff:
         67:f2:cf:20:3b:15:e8:ba:f9:6d:b9:71:75:c0:7e:97:31:0e:
         26:42:19:d8:32:38:fa:8d:cd:50:9b:93:74:a3:88:c8:c4:a0:
         38:2d:15:e4:ff:53:99:40:73:26:d5:e0:7b:ed:24:bb:71:9a:
         1a:5c:5a:23:0d:83:2f:ef:aa:bd:8b:6e:61:ab:f4:97:26:21:
         e6:a3:48:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsZoEpBVyqR67ppz7DLW0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjUwMTAxMTE0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmVmZDA4OTU3ODA2MzI5OGNjYWJhYjIxMzBjMzE2NTU5NDllZmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+6VqLyH80BcHMg4qvuIUn7IHTNc
SPIiasNfovzqMYtU9wV/QMmrac6g+hHTPdeAtSgdufizAbeER/bxHJWu0SPP00O4
DzKM4fJ9Ui9zfk/2GgUVDyAbynUCc4FfXtGJCy1T3YgMnZ271I0Rq6HV5eiyZk9W
iHjCZ1s9ybJETIj1eI/OoecTwh6fRmmjgI1Z8piM8ASkN/sXMdsE0KcEvj7VA93c
CCL1yil7+wdHJxWs7AACBtCTnZYnA37JvAbxSpRxYAxPP1iCmgHWWivvSDZlNu70
QP4DVCIeFwthP4hhLs2QcWvc0FaBjHViepJryHgYvIudwvqmcVsYJRTaCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/v0IlXgGMpjMq6shMMMWVZSe+8MB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvRC1fUWlWZUFZeW1NeXJxeUV3d3haVmxKNzd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY9jMA0G
CSqGSIb3DQEBCwUAA4IBAQBB5CFs80NybvPfnVgrcCwrFuv4i3Tfzh+u0HlulDjl
AU3157UL+HM1tMQmmZceqdHrA0LsJQOuv0jSKwMFdSE4GpRRCr6NkROFkYIg1uJh
9Ic6vRdiGtK58f1H93lf9PbOC2SahbRQ2BDFTYPA8nb6wYp8TfolRJ9Oo8VWwRv5
2v588c3Lv7bvuVrlHL60snqt99nuudhgQBOKl97rgZl8zigENTLFOxg0WNnMbucR
0s9SY/9n8s8gOxXouvltuXF1wH6XMQ4mQhnYMjj6jc1Qm5N0o4jIxKA4LRXk/1OZ
QHMm1eB77SS7cZoaXFojDYMv76q9i25hq/SXJiHmo0jw
-----END CERTIFICATE-----