Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/xZHK8sMXJRR9tFEPi8Dz0m2XwJE.roa
File:                     xZHK8sMXJRR9tFEPi8Dz0m2XwJE.roa (raw, json)
Hash identifier:          P4VjA7AD0Rq8qJwX9hUh9U04YYNDoPlLqjbXRLiEoic=
Subject key identifier:   C5:91:CA:F2:C3:17:25:14:7D:B4:51:0F:8B:C0:F3:D2:6D:97:C0:91
Certificate issuer:       /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial:       019421B19DDE098B88454A13A1B5F1CFAA4A
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/xZHK8sMXJRR9tFEPi8Dz0m2XwJE.roa
Signing time:             Wed 01 Jan 2025 11:47:55 +0000
ROA not before:           Wed 01 Jan 2025 11:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214941
IP address blocks:        45.10.151.0/24 maxlen: 24
                          45.143.98.0/24 maxlen: 24
                          185.148.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:9d:de:09:8b:88:45:4a:13:a1:b5:f1:cf:aa:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
        Validity
            Not Before: Jan  1 11:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c591caf2c31725147db4510f8bc0f3d26d97c091
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1f:2e:60:34:29:bb:3a:dc:30:42:0e:41:4e:
                    fe:e4:9a:97:81:a5:89:29:68:b2:ce:93:c0:51:29:
                    81:30:c0:fb:27:e1:f2:af:f0:6e:12:d1:71:c0:16:
                    3c:fb:d6:ba:cf:52:ef:98:87:b2:a6:57:42:a4:89:
                    5f:33:f3:f4:ce:5d:7c:fd:a3:0c:67:40:2c:e7:43:
                    6f:9d:91:1c:4e:3c:b2:b6:ce:e4:75:cc:05:1d:3b:
                    bb:78:43:65:46:1b:29:7b:72:dd:46:ad:90:09:f2:
                    85:00:b2:fa:6b:15:50:c2:9a:20:b3:8f:70:ea:9e:
                    23:81:07:92:a4:9d:b9:ca:4b:19:78:55:91:56:64:
                    e6:c9:18:70:10:47:15:07:c4:f6:1c:ff:d1:38:2b:
                    c9:e3:1a:59:73:c3:e3:0e:86:fa:0f:3c:2d:32:46:
                    cc:7e:45:cf:4f:f5:e7:11:78:d8:5d:cf:1b:f0:77:
                    55:87:fb:fe:a2:8d:37:e9:f1:76:70:ad:14:c9:ab:
                    20:54:a7:86:8b:ad:9c:f7:7d:b6:2c:b2:f0:5a:12:
                    6f:c6:a6:56:a8:11:9d:a2:a1:5c:18:97:11:95:fb:
                    0d:87:98:f7:eb:ea:92:ab:31:0c:d2:2a:a6:86:d5:
                    cf:82:14:d5:c6:b2:e9:5d:d8:77:56:0a:fd:ec:fb:
                    c1:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:91:CA:F2:C3:17:25:14:7D:B4:51:0F:8B:C0:F3:D2:6D:97:C0:91
            X509v3 Authority Key Identifier:
                keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/xZHK8sMXJRR9tFEPi8Dz0m2XwJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.151.0/24
                  45.143.98.0/24
                  185.148.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:4d:e5:c1:80:fb:24:20:bc:a3:fe:b0:68:3d:30:c7:c1:fd:
         cc:84:26:94:95:ce:c8:f5:8f:c2:76:5d:30:03:a5:69:0f:f2:
         38:5e:16:31:a2:b9:b3:d3:9d:7a:a7:66:ab:04:8b:e4:88:67:
         6c:be:6f:b2:7b:4f:2f:79:84:d3:c9:cb:90:a7:e0:8a:2d:6f:
         96:2c:31:cd:e9:48:95:3b:13:5b:54:1a:13:bb:43:7b:2b:fe:
         40:bb:b4:71:2e:63:8b:dc:09:c0:22:50:40:f1:25:11:f8:e8:
         a5:9a:e3:b3:21:61:39:80:b5:f9:c3:54:1a:8b:38:d3:74:82:
         6e:b7:b5:c0:f7:b0:df:75:0b:fb:cf:ba:62:4a:4e:95:d2:2c:
         81:40:02:72:ef:f4:31:f9:fb:74:10:d6:3a:61:13:6a:0b:2f:
         3e:84:89:d6:26:fa:9e:2e:24:d2:2f:c5:07:d6:83:b4:25:ab:
         fd:0e:2c:1d:20:3c:e8:f7:1c:b0:da:c0:3c:06:42:a7:53:85:
         28:59:5a:04:7d:01:ee:1f:a5:5f:ac:e4:dc:ab:e9:8b:5a:28:
         c8:da:8b:78:8b:e8:61:4f:d3:94:d6:60:60:4a:0d:f6:83:02:
         00:98:a0:71:38:95:6b:87:67:66:21:9d:f7:f4:29:35:d2:4f:
         7a:40:c8:8b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhsZ3eCYuIRUoTobXxz6pKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjUwMTAxMTE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTkxY2FmMmMzMTcyNTE0N2RiNDUxMGY4YmMwZjNkMjZkOTdjMDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoB8uYDQpuzrcMEIOQU7+5JqXgaWJ
KWiyzpPAUSmBMMD7J+Hyr/BuEtFxwBY8+9a6z1LvmIeypldCpIlfM/P0zl18/aMM
Z0As50NvnZEcTjyyts7kdcwFHTu7eENlRhspe3LdRq2QCfKFALL6axVQwpogs49w
6p4jgQeSpJ25yksZeFWRVmTmyRhwEEcVB8T2HP/ROCvJ4xpZc8PjDob6DzwtMkbM
fkXPT/XnEXjYXc8b8HdVh/v+oo036fF2cK0UyasgVKeGi62c9322LLLwWhJvxqZW
qBGdoqFcGJcRlfsNh5j36+qSqzEM0iqmhtXPghTVxrLpXdh3Vgr97PvBrQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMWRyvLDFyUUfbRRD4vA89Jtl8CRMB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEveFpISzhzTVhKUlI5dEZFUGk4RHowbTJYd0pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALQqXAwQA
LY9iAwQAuZTwMA0GCSqGSIb3DQEBCwUAA4IBAQB2TeXBgPskILyj/rBoPTDHwf3M
hCaUlc7I9Y/Cdl0wA6VpD/I4XhYxormz0516p2arBIvkiGdsvm+ye08veYTTycuQ
p+CKLW+WLDHN6UiVOxNbVBoTu0N7K/5Au7RxLmOL3AnAIlBA8SUR+OilmuOzIWE5
gLX5w1QaizjTdIJut7XA97DfdQv7z7piSk6V0iyBQAJy7/Qx+ft0ENY6YRNqCy8+
hInWJvqeLiTSL8UH1oO0Jav9DiwdIDzo9xyw2sA8BkKnU4UoWVoEfQHuH6VfrOTc
q+mLWijI2ot4i+hhT9OU1mBgSg32gwIAmKBxOJVrh2dmIZ339Ck10k96QMiL
-----END CERTIFICATE-----