Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/B1A6dwsWNlRDJoMSwF6AjzqNz00.roa
File:                     B1A6dwsWNlRDJoMSwF6AjzqNz00.roa (raw, json)
Hash identifier:          5GOUeelnHic79Dp3J+UifClxcf3i+rWnVmLP0UoRedU=
Subject key identifier:   07:50:3A:77:0B:16:36:54:43:26:83:12:C0:5E:80:8F:3A:8D:CF:4D
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019427488D933ED8E98BA7FB00CBA99011D6
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/B1A6dwsWNlRDJoMSwF6AjzqNz00.roa
Signing time:             Thu 02 Jan 2025 13:50:53 +0000
ROA not before:           Thu 02 Jan 2025 13:50:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53340
IP address blocks:        45.10.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:8d:93:3e:d8:e9:8b:a7:fb:00:cb:a9:90:11:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07503a770b16365443268312c05e808f3a8dcf4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:09:59:31:d4:69:70:5d:37:ec:9a:59:1a:8d:
                    71:dd:0d:53:a0:64:72:8c:a1:c2:e4:58:df:df:96:
                    69:4f:9a:52:38:5a:77:2b:af:4c:09:54:65:df:ee:
                    d6:65:a9:1b:c8:aa:12:88:54:fd:bf:95:d4:e0:dc:
                    53:bf:ed:6a:50:e7:81:a0:0b:32:55:a1:1a:bc:cb:
                    24:79:86:78:27:1e:bd:97:20:a9:f9:49:e9:5a:96:
                    c0:e7:6a:ec:af:7b:fb:aa:d0:b4:10:ab:a4:c2:d2:
                    e5:fc:95:9a:ab:27:a7:96:e9:81:28:13:76:80:7f:
                    83:b7:cd:e1:b5:71:a3:43:f5:9f:1d:0e:c5:8c:0d:
                    0c:62:8f:bb:4e:55:34:8b:14:2f:96:60:59:20:3a:
                    f5:b7:12:85:bd:ba:5c:8c:54:9d:f4:7b:86:9c:a7:
                    e6:d9:ef:37:64:da:14:14:1a:bc:26:b3:fc:a6:78:
                    b0:58:64:36:45:a9:75:e0:b1:7b:54:a0:60:84:44:
                    8f:0e:59:5f:73:8f:44:84:da:00:7a:6b:5e:6a:81:
                    18:3d:16:7d:c1:da:fa:12:9b:12:a6:37:69:6f:b7:
                    0b:ba:7f:0b:6f:cd:a3:8a:a5:37:67:98:56:ea:f5:
                    93:d2:ac:64:3c:23:bf:55:7d:43:3d:58:cd:c0:1d:
                    a2:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:50:3A:77:0B:16:36:54:43:26:83:12:C0:5E:80:8F:3A:8D:CF:4D
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/B1A6dwsWNlRDJoMSwF6AjzqNz00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:11:0b:39:9b:4e:cc:b5:a7:e1:3a:7e:01:89:7c:01:9a:2c:
         94:83:e5:32:34:a6:89:95:1d:76:e5:8b:dd:1c:89:21:92:cc:
         45:78:7d:ed:64:03:12:f4:ae:da:29:cb:ea:25:88:f3:31:8b:
         be:37:9d:c7:86:4a:58:0d:b6:5d:a7:52:8c:5a:c3:43:65:a7:
         87:a1:43:14:5d:ee:16:0a:5d:ed:5d:99:3c:ec:45:7c:d1:20:
         d2:cd:39:fc:b4:45:53:d7:70:cc:9a:28:eb:1b:40:ac:cd:d5:
         4b:60:d1:25:a5:b7:38:80:19:57:55:e8:02:1d:19:e3:73:20:
         1e:3a:4e:35:c6:e2:09:24:64:24:18:52:b7:63:22:d4:2e:f0:
         65:0c:d2:b1:05:1b:c3:db:a8:72:3a:3a:df:9a:a1:16:b3:9c:
         17:49:08:0e:0a:7c:17:5e:d4:cd:9e:aa:09:f8:01:0d:85:d5:
         4d:a9:15:1f:45:77:3a:7a:94:6d:85:58:00:45:c9:7c:66:0e:
         d0:24:dc:3d:5c:75:b0:2d:93:90:b9:7a:50:c1:3c:33:d9:9f:
         d3:b0:e0:b5:1e:9f:2e:d0:86:38:34:55:67:15:15:90:88:56:
         0c:6c:be:fb:ee:99:95:d6:3b:61:be:66:73:08:d1:fe:e5:e1:
         c8:25:38:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSI2TPtjpi6f7AMupkBHWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzUwM2E3NzBiMTYzNjU0NDMyNjgzMTJjMDVlODA4ZjNhOGRjZjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQlZMdRpcF037JpZGo1x3Q1ToGRy
jKHC5Fjf35ZpT5pSOFp3K69MCVRl3+7WZakbyKoSiFT9v5XU4NxTv+1qUOeBoAsy
VaEavMskeYZ4Jx69lyCp+UnpWpbA52rsr3v7qtC0EKukwtLl/JWaqyenlumBKBN2
gH+Dt83htXGjQ/WfHQ7FjA0MYo+7TlU0ixQvlmBZIDr1txKFvbpcjFSd9HuGnKfm
2e83ZNoUFBq8JrP8pniwWGQ2Ral14LF7VKBghESPDllfc49EhNoAemteaoEYPRZ9
wdr6EpsSpjdpb7cLun8Lb82jiqU3Z5hW6vWT0qxkPCO/VX1DPVjNwB2ipQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAdQOncLFjZUQyaDEsBegI86jc9NMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvQjFBNmR3c1dObFJESm9NU3dGNkFqenFOejAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQoWMA0G
CSqGSIb3DQEBCwUAA4IBAQB0EQs5m07MtafhOn4BiXwBmiyUg+UyNKaJlR125Yvd
HIkhksxFeH3tZAMS9K7aKcvqJYjzMYu+N53HhkpYDbZdp1KMWsNDZaeHoUMUXe4W
Cl3tXZk87EV80SDSzTn8tEVT13DMmijrG0CszdVLYNElpbc4gBlXVegCHRnjcyAe
Ok41xuIJJGQkGFK3YyLULvBlDNKxBRvD26hyOjrfmqEWs5wXSQgOCnwXXtTNnqoJ
+AENhdVNqRUfRXc6epRthVgARcl8Zg7QJNw9XHWwLZOQuXpQwTwz2Z/TsOC1Hp8u
0IY4NFVnFRWQiFYMbL777pmV1jthvmZzCNH+5eHIJTiK
-----END CERTIFICATE-----