Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/CxWCh0pgCI-yWWaZecos4ZAGe84.roa
File:                     CxWCh0pgCI-yWWaZecos4ZAGe84.roa (raw, json)
Hash identifier:          gbw65+9jYL/CeaIIWZLjW3pMnXx6h1C33TyduUiWZ8Y=
Subject key identifier:   0B:15:82:87:4A:60:08:8F:B2:59:66:99:79:CA:2C:E1:90:06:7B:CE
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       01942748918E37C9D733FDD7FAB22E516903
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/CxWCh0pgCI-yWWaZecos4ZAGe84.roa
Signing time:             Thu 02 Jan 2025 13:50:54 +0000
ROA not before:           Thu 02 Jan 2025 13:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     134351
IP address blocks:        45.137.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:91:8e:37:c9:d7:33:fd:d7:fa:b2:2e:51:69:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b1582874a60088fb259669979ca2ce190067bce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e3:ca:17:68:c4:a1:72:63:8d:63:74:93:7f:
                    b2:81:a8:79:47:31:b6:16:22:af:ba:3c:fe:af:c8:
                    ba:dd:28:5d:eb:bf:ec:d0:fe:eb:e5:f7:09:97:6e:
                    36:a4:12:25:f1:72:bb:09:4d:2e:3e:a8:6f:7b:ce:
                    cd:2f:4a:db:95:fe:3e:b9:e4:7c:76:60:32:87:8f:
                    77:cc:28:68:c3:13:d1:6a:8c:27:3a:f1:4e:21:d3:
                    e1:16:06:7b:52:65:a5:f6:4f:c8:b1:43:9d:32:3e:
                    21:97:4b:5c:9c:da:05:5b:71:e1:7d:30:41:e2:f7:
                    69:eb:a3:3b:39:b6:fb:ea:ac:46:8e:e2:46:e1:ab:
                    da:f5:4f:5b:64:18:10:46:9b:82:22:4c:85:7d:67:
                    56:ab:5c:a6:39:3e:5f:ee:ca:a3:95:0a:82:ae:73:
                    9b:32:e4:d3:b8:60:4a:2a:2d:a2:02:e6:ce:29:2c:
                    4d:32:ef:8e:e4:de:88:40:76:4c:10:8d:66:78:80:
                    e1:43:4b:d2:3e:b8:2d:5b:30:30:75:7a:d3:a9:a0:
                    9c:07:4b:66:fc:ff:7a:84:93:db:60:ad:5b:be:b7:
                    32:a0:74:4b:0a:f1:53:33:9b:9b:fa:14:c6:5a:ff:
                    51:d0:c1:d3:1f:7f:f3:7a:17:14:e8:d1:51:6f:fc:
                    64:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:15:82:87:4A:60:08:8F:B2:59:66:99:79:CA:2C:E1:90:06:7B:CE
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/CxWCh0pgCI-yWWaZecos4ZAGe84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:16:96:92:8c:6e:97:56:d3:8b:0b:50:04:7c:24:76:96:2b:
         b6:90:3e:1e:02:13:ec:9d:2f:b8:2b:2b:38:e6:08:61:80:fe:
         f4:41:30:79:d4:21:8a:0c:b7:4b:be:98:e0:d9:7e:fd:99:21:
         95:25:2d:1f:0a:30:81:c2:1c:03:45:b9:07:8f:66:dc:f1:d2:
         ef:e3:38:e3:4a:74:46:db:6e:4f:51:7b:e7:44:28:5c:21:4a:
         18:1c:2e:7e:91:03:d0:53:bd:b0:25:91:39:01:17:c9:8d:d5:
         e5:b4:82:18:1d:b8:4f:60:b2:90:31:0e:28:e6:7e:39:ae:3b:
         20:ec:7c:87:2b:82:44:7f:2c:97:6d:4a:d7:04:b5:cf:0f:2a:
         3b:b1:13:0c:de:59:fb:96:25:ad:1c:c3:55:6e:f6:0b:a9:b4:
         5a:92:c5:99:10:9b:2e:a4:02:33:d1:3c:4a:9d:0e:d1:1f:b9:
         df:18:ed:09:e3:30:5b:d3:6c:87:d7:ee:67:09:b8:c8:85:52:
         c8:30:3f:2d:7e:a8:47:88:06:f2:da:83:ec:8e:21:30:1a:f3:
         ad:ab:4f:a6:91:65:92:9e:f6:6f:d7:98:8a:91:22:51:77:2d:
         4b:cf:11:5a:9b:cf:8b:28:b0:c2:de:f4:36:9a:d2:13:91:a9:
         01:61:6f:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSJGON8nXM/3X+rIuUWkDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjE1ODI4NzRhNjAwODhmYjI1OTY2OTk3OWNhMmNlMTkwMDY3YmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+PKF2jEoXJjjWN0k3+ygah5RzG2
FiKvujz+r8i63Shd67/s0P7r5fcJl242pBIl8XK7CU0uPqhve87NL0rblf4+ueR8
dmAyh493zChowxPRaownOvFOIdPhFgZ7UmWl9k/IsUOdMj4hl0tcnNoFW3HhfTBB
4vdp66M7Obb76qxGjuJG4ava9U9bZBgQRpuCIkyFfWdWq1ymOT5f7sqjlQqCrnOb
MuTTuGBKKi2iAubOKSxNMu+O5N6IQHZMEI1meIDhQ0vSPrgtWzAwdXrTqaCcB0tm
/P96hJPbYK1bvrcyoHRLCvFTM5ub+hTGWv9R0MHTH3/zehcU6NFRb/xkBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAsVgodKYAiPsllmmXnKLOGQBnvOMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvQ3hXQ2gwcGdDSS15V1dhWmVjb3M0WkFHZTg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYnKMA0G
CSqGSIb3DQEBCwUAA4IBAQA1FpaSjG6XVtOLC1AEfCR2liu2kD4eAhPsnS+4Kys4
5ghhgP70QTB51CGKDLdLvpjg2X79mSGVJS0fCjCBwhwDRbkHj2bc8dLv4zjjSnRG
225PUXvnRChcIUoYHC5+kQPQU72wJZE5ARfJjdXltIIYHbhPYLKQMQ4o5n45rjsg
7HyHK4JEfyyXbUrXBLXPDyo7sRMM3ln7liWtHMNVbvYLqbRaksWZEJsupAIz0TxK
nQ7RH7nfGO0J4zBb02yH1+5nCbjIhVLIMD8tfqhHiAby2oPsjiEwGvOtq0+mkWWS
nvZv15iKkSJRdy1LzxFam8+LKLDC3vQ2mtITkakBYW94
-----END CERTIFICATE-----