Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/7L9WpxmtitH2S6WORgl8emM5WOs.roa
File:                     7L9WpxmtitH2S6WORgl8emM5WOs.roa (raw, json)
Hash identifier:          Pc8VusIYtAqzyzq+XSj8sNMgJygQtITUd9+oB+v5Xt8=
Subject key identifier:   EC:BF:56:A7:19:AD:8A:D1:F6:4B:A5:8E:46:09:7C:7A:63:39:58:EB
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       01942748A23EC94EC663C5A44346C4B169CE
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/7L9WpxmtitH2S6WORgl8emM5WOs.roa
Signing time:             Thu 02 Jan 2025 13:50:59 +0000
ROA not before:           Thu 02 Jan 2025 13:50:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215738
IP address blocks:        45.137.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:a2:3e:c9:4e:c6:63:c5:a4:43:46:c4:b1:69:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ecbf56a719ad8ad1f64ba58e46097c7a633958eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0a:e8:23:19:ec:63:c5:6d:86:b7:7e:dc:3f:
                    e7:c4:58:25:2b:31:06:ae:75:92:5b:8e:f6:e0:88:
                    30:91:54:40:1e:ee:ee:23:4b:8f:5f:5d:ab:e5:ed:
                    1b:e4:8d:2a:67:21:58:44:b7:b0:a0:6a:a6:9b:9a:
                    29:6b:12:12:41:19:59:67:e5:41:2e:82:6d:e5:18:
                    d8:f2:d7:bc:6f:7d:a3:2f:95:95:74:8a:f6:a5:a0:
                    98:e6:d3:71:a5:cc:51:8b:11:7c:54:c6:12:3e:d5:
                    f9:85:16:2b:f3:4f:ff:7a:70:bf:3a:1c:c6:39:0d:
                    55:70:43:78:8c:5d:e3:e8:2b:d1:11:5b:22:dc:73:
                    69:16:33:7c:1d:62:ee:c9:fa:7c:f7:4e:cb:40:45:
                    19:83:43:1a:54:e0:14:3b:8d:a2:8e:1b:ec:81:a1:
                    c8:c4:09:7e:1b:9e:a9:06:9a:40:cd:45:ac:3b:4e:
                    14:a5:77:56:ae:dc:c6:5b:5e:fb:e1:4c:1b:a4:f2:
                    89:86:f2:85:93:f9:2e:fa:f2:fd:0b:a8:2f:8e:4a:
                    c9:2a:28:37:10:2b:21:d1:c2:01:ec:0e:47:99:fc:
                    94:21:34:79:b1:26:ae:d2:e1:83:f8:1c:89:31:46:
                    4d:2a:cd:1b:80:89:13:1d:a4:1d:ca:c7:4a:a8:7d:
                    17:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:BF:56:A7:19:AD:8A:D1:F6:4B:A5:8E:46:09:7C:7A:63:39:58:EB
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/7L9WpxmtitH2S6WORgl8emM5WOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:1c:6e:09:c6:5d:cf:95:ae:24:a6:2f:d2:68:40:54:f7:df:
         7a:95:99:58:b9:c2:81:1f:ad:c4:79:c9:11:06:1e:84:47:a9:
         bd:e5:3d:5e:0b:f6:b5:f3:77:1d:41:16:66:45:7a:4f:a2:98:
         3f:29:24:ae:dd:e4:59:05:4e:36:57:ff:53:e6:c7:66:fd:af:
         f2:81:bd:91:a2:ed:2b:91:84:6a:a1:91:68:fb:da:f9:57:70:
         00:b5:61:51:2f:01:86:56:c3:3c:87:ef:ae:d9:48:1f:bb:c0:
         61:d0:f4:8c:a0:96:e0:63:d8:79:5d:be:0e:b7:82:42:c0:57:
         af:51:b6:f9:26:9f:8c:6e:06:17:9e:f5:13:f2:4f:bc:7f:7b:
         1e:3c:11:28:67:dc:6e:6e:40:35:50:0a:6b:dd:a0:5d:75:04:
         e6:90:ac:4c:f4:b0:14:95:85:06:15:1f:d3:20:51:df:8c:a1:
         54:16:a0:63:71:5b:39:77:e2:a0:c8:06:c9:e4:71:62:8f:c5:
         aa:5f:74:f9:6c:15:69:fa:6e:d9:9a:4a:bf:5a:29:27:4e:45:
         69:43:4b:d9:c8:94:25:f0:09:75:9f:aa:6c:20:34:7f:36:77:
         5e:1b:71:ce:03:7b:f0:51:b3:d9:49:40:f2:e2:d6:6b:1e:8f:
         bf:5e:df:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSKI+yU7GY8WkQ0bEsWnOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2JmNTZhNzE5YWQ4YWQxZjY0YmE1OGU0NjA5N2M3YTYzMzk1OGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgroIxnsY8Vthrd+3D/nxFglKzEG
rnWSW4724IgwkVRAHu7uI0uPX12r5e0b5I0qZyFYRLewoGqmm5opaxISQRlZZ+VB
LoJt5RjY8te8b32jL5WVdIr2paCY5tNxpcxRixF8VMYSPtX5hRYr80//enC/OhzG
OQ1VcEN4jF3j6CvREVsi3HNpFjN8HWLuyfp8907LQEUZg0MaVOAUO42ijhvsgaHI
xAl+G56pBppAzUWsO04UpXdWrtzGW1774UwbpPKJhvKFk/ku+vL9C6gvjkrJKig3
ECsh0cIB7A5HmfyUITR5sSau0uGD+ByJMUZNKs0bgIkTHaQdysdKqH0XjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOy/VqcZrYrR9kuljkYJfHpjOVjrMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvN0w5V3B4bXRpdEgyUzZXT1JnbDhlbU01V09zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYlEMA0G
CSqGSIb3DQEBCwUAA4IBAQCeHG4Jxl3Pla4kpi/SaEBU9996lZlYucKBH63EeckR
Bh6ER6m95T1eC/a183cdQRZmRXpPopg/KSSu3eRZBU42V/9T5sdm/a/ygb2Rou0r
kYRqoZFo+9r5V3AAtWFRLwGGVsM8h++u2Ugfu8Bh0PSMoJbgY9h5Xb4Ot4JCwFev
Ubb5Jp+MbgYXnvUT8k+8f3sePBEoZ9xubkA1UApr3aBddQTmkKxM9LAUlYUGFR/T
IFHfjKFUFqBjcVs5d+KgyAbJ5HFij8WqX3T5bBVp+m7Zmkq/WiknTkVpQ0vZyJQl
8Al1n6psIDR/NndeG3HOA3vwUbPZSUDy4tZrHo+/Xt+M
-----END CERTIFICATE-----