Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/9690d0-a2ab-4b74-b104-d9e1b81dd1c7/1/N6mQt4p5LaN2cPNO7YXd-z2Q3Ds.roa
File:                     N6mQt4p5LaN2cPNO7YXd-z2Q3Ds.roa (raw, json)
Hash identifier:          NGM3dzWw+RuSOK1JbfI7JvooWiDasEuAqNb3dRiWmXY=
Subject key identifier:   37:A9:90:B7:8A:79:2D:A3:76:70:F3:4E:ED:85:DD:FB:3D:90:DC:3B
Certificate issuer:       /CN=1086a7c0dea73dd0f94e2e9fe1ac9ab6701b2253
Certificate serial:       0194E051376DCF8B01EEAD5BEBE662C7124C
Authority key identifier: 10:86:A7:C0:DE:A7:3D:D0:F9:4E:2E:9F:E1:AC:9A:B6:70:1B:22:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EIanwN6nPdD5Ti6f4ayatnAbIlM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/9690d0-a2ab-4b74-b104-d9e1b81dd1c7/1/N6mQt4p5LaN2cPNO7YXd-z2Q3Ds.roa
Signing time:             Fri 07 Feb 2025 12:10:06 +0000
ROA not before:           Fri 07 Feb 2025 12:10:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34934
IP address blocks:        45.152.253.0/24 maxlen: 24
                          45.152.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/9690d0-a2ab-4b74-b104-d9e1b81dd1c7/1/EIanwN6nPdD5Ti6f4ayatnAbIlM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/9690d0-a2ab-4b74-b104-d9e1b81dd1c7/1/EIanwN6nPdD5Ti6f4ayatnAbIlM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EIanwN6nPdD5Ti6f4ayatnAbIlM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:e0:51:37:6d:cf:8b:01:ee:ad:5b:eb:e6:62:c7:12:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1086a7c0dea73dd0f94e2e9fe1ac9ab6701b2253
        Validity
            Not Before: Feb  7 12:10:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37a990b78a792da37670f34eed85ddfb3d90dc3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:05:09:f4:d8:cb:4f:94:d0:00:13:47:f8:fa:
                    b3:36:79:b9:89:da:a4:2a:1d:ac:6f:b7:e8:0d:0c:
                    9f:30:c0:8e:8c:6f:d3:fc:f9:3e:e5:e1:65:b0:92:
                    a6:df:7b:8b:d8:7f:ae:2a:43:a9:75:5a:b2:d3:67:
                    d0:59:a1:7c:a2:d1:07:2c:aa:a2:72:17:35:b4:8e:
                    1f:65:ef:29:98:66:eb:c9:74:d4:e1:5c:4a:29:ba:
                    89:77:e1:d4:b5:a8:d1:a1:4b:d5:88:2a:c3:c2:8b:
                    24:53:a4:d2:12:fa:f9:c3:f2:bd:35:e5:e5:e7:f7:
                    5e:bc:ca:e6:16:4f:c8:8d:81:eb:f2:c2:01:b3:12:
                    ba:a7:51:1b:20:65:6c:01:8c:65:f5:9f:4f:92:43:
                    ad:5e:0f:db:d0:f1:fc:db:b0:eb:10:e9:26:7e:17:
                    cd:92:3a:6a:db:94:6d:39:88:31:30:0a:df:d5:e1:
                    15:cb:f9:3f:07:62:1c:88:1b:4b:22:89:ea:25:eb:
                    a3:ac:de:01:2d:11:72:72:d8:73:1e:a3:28:49:9a:
                    f7:7c:eb:d2:bc:6d:97:50:d4:4f:f7:10:1b:b0:c9:
                    ae:b2:a4:40:a4:7b:06:3d:55:ef:b2:7b:eb:42:40:
                    8b:66:d3:6d:e6:86:44:24:0f:21:59:b6:7c:86:5e:
                    d9:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:A9:90:B7:8A:79:2D:A3:76:70:F3:4E:ED:85:DD:FB:3D:90:DC:3B
            X509v3 Authority Key Identifier:
                keyid:10:86:A7:C0:DE:A7:3D:D0:F9:4E:2E:9F:E1:AC:9A:B6:70:1B:22:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EIanwN6nPdD5Ti6f4ayatnAbIlM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/9690d0-a2ab-4b74-b104-d9e1b81dd1c7/1/N6mQt4p5LaN2cPNO7YXd-z2Q3Ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/9690d0-a2ab-4b74-b104-d9e1b81dd1c7/1/EIanwN6nPdD5Ti6f4ayatnAbIlM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.253.0-45.152.254.255

    Signature Algorithm: sha256WithRSAEncryption
         69:9d:e4:f5:74:9d:74:c4:94:fa:71:20:d4:71:e6:28:24:9f:
         31:6d:17:c0:ed:35:b6:e5:a5:33:9e:e3:83:53:18:59:81:66:
         a1:92:cc:28:d3:aa:b5:fd:0a:73:20:73:ae:17:ec:82:a7:1a:
         b2:ed:33:79:c0:8b:71:2d:77:a8:2f:ce:23:08:8f:16:47:86:
         48:4f:5e:98:2e:f9:58:a8:16:8e:a3:f0:48:11:34:3e:49:46:
         25:5e:65:c2:57:4e:3f:bd:10:b1:39:96:64:7f:76:e3:4a:0a:
         c3:89:ff:d8:ce:bf:50:da:40:68:bc:c3:0a:31:c4:d2:0a:b2:
         81:62:9d:3e:86:70:5f:3d:0c:cd:2a:6a:d8:28:44:43:12:82:
         43:1b:71:fb:38:72:ec:f3:f4:f6:ef:4e:b9:18:6c:51:63:47:
         b4:d1:55:8e:43:27:0b:88:f4:da:52:8b:3e:7f:0c:7f:10:1b:
         28:13:0e:ab:c2:67:1c:be:94:7d:99:37:99:0d:6b:1a:db:21:
         75:b1:b2:8b:7c:a7:8f:81:4d:fe:49:c6:df:66:77:bd:42:0e:
         24:a6:72:57:4a:a9:44:23:31:e0:d6:8c:82:6b:87:cd:0c:8f:
         53:82:8f:1f:66:82:25:03:25:0d:b1:2d:1e:1b:ac:31:81:ba:
         0e:4b:ed:01
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZTgUTdtz4sB7q1b6+ZixxJMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwODZhN2MwZGVhNzNkZDBmOTRlMmU5ZmUxYWM5YWI2NzAx
YjIyNTMwHhcNMjUwMjA3MTIxMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2E5OTBiNzhhNzkyZGEzNzY3MGYzNGVlZDg1ZGRmYjNkOTBkYzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgUJ9NjLT5TQABNH+PqzNnm5idqk
Kh2sb7foDQyfMMCOjG/T/Pk+5eFlsJKm33uL2H+uKkOpdVqy02fQWaF8otEHLKqi
chc1tI4fZe8pmGbryXTU4VxKKbqJd+HUtajRoUvViCrDwoskU6TSEvr5w/K9NeXl
5/devMrmFk/IjYHr8sIBsxK6p1EbIGVsAYxl9Z9PkkOtXg/b0PH827DrEOkmfhfN
kjpq25RtOYgxMArf1eEVy/k/B2IciBtLIonqJeujrN4BLRFycthzHqMoSZr3fOvS
vG2XUNRP9xAbsMmusqRApHsGPVXvsnvrQkCLZtNt5oZEJA8hWbZ8hl7ZBwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDepkLeKeS2jdnDzTu2F3fs9kNw7MB8GA1UdIwQY
MBaAFBCGp8Depz3Q+U4un+GsmrZwGyJTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUlhbndONm5QZEQ1VGk2ZjRheWF0bkFiSWxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi85NjkwZDAtYTJhYi00Yjc0LWIxMDQt
ZDllMWI4MWRkMWM3LzEvTjZtUXQ0cDVMYU4yY1BOTzdZWGQtejJRM0RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi85NjkwZDAtYTJhYi00Yjc0LWIxMDQtZDllMWI4MWRkMWM3
LzEvRUlhbndONm5QZEQ1VGk2ZjRheWF0bkFiSWxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtmP0D
BAAtmP4wDQYJKoZIhvcNAQELBQADggEBAGmd5PV0nXTElPpxINRx5igknzFtF8Dt
NbblpTOe44NTGFmBZqGSzCjTqrX9CnMgc64X7IKnGrLtM3nAi3Etd6gvziMIjxZH
hkhPXpgu+VioFo6j8EgRND5JRiVeZcJXTj+9ELE5lmR/duNKCsOJ/9jOv1DaQGi8
wwoxxNIKsoFinT6GcF89DM0qatgoREMSgkMbcfs4cuzz9PbvTrkYbFFjR7TRVY5D
JwuI9NpSiz5/DH8QGygTDqvCZxy+lH2ZN5kNaxrbIXWxsot8p4+BTf5Jxt9md71C
DiSmcldKqUQjMeDWjIJrh80Mj1OCjx9mgiUDJQ2xLR4brDGBug5L7QE=
-----END CERTIFICATE-----