Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/H97ouy3hrfYyYkz57yJED4vYH7w.roa
File:                     H97ouy3hrfYyYkz57yJED4vYH7w.roa (raw, json)
Hash identifier:          wLooLKGVezQDgIKBy8P3hI3UwSQezkEVe5EotB03QWI=
Subject key identifier:   1F:DE:E8:BB:2D:E1:AD:F6:32:62:4C:F9:EF:22:44:0F:8B:D8:1F:BC
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       0194274890C1090095BE7CA66B463B629B28
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/H97ouy3hrfYyYkz57yJED4vYH7w.roa
Signing time:             Thu 02 Jan 2025 13:50:54 +0000
ROA not before:           Thu 02 Jan 2025 13:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133219
IP address blocks:        45.67.138.0/24 maxlen: 24
                          45.147.6.0/24 maxlen: 24
                          194.15.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:90:c1:09:00:95:be:7c:a6:6b:46:3b:62:9b:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1fdee8bb2de1adf632624cf9ef22440f8bd81fbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e8:de:17:0b:90:a0:b9:fd:7f:47:9b:76:87:
                    a3:d0:da:c3:92:f7:b2:50:a7:d6:ab:9d:7e:2f:5c:
                    d0:cf:b5:b3:93:9f:63:9c:4a:a8:20:ef:37:3f:00:
                    6b:e3:0e:f8:d7:ee:ae:37:67:a8:55:d1:d7:d5:fd:
                    af:fc:0d:ac:48:51:f3:1f:b7:19:ad:d2:ae:1f:31:
                    ef:c7:44:eb:7e:8d:41:89:bf:b0:eb:d6:d6:87:d8:
                    06:77:c3:2b:eb:80:1f:ad:71:e2:b5:3c:7a:db:64:
                    14:d7:3c:10:59:e5:d7:a5:c4:82:35:25:e3:49:de:
                    88:75:4d:05:a7:9d:51:d4:a8:13:83:f2:57:23:d8:
                    b3:90:18:ba:79:58:44:3a:36:ad:03:cc:5c:49:72:
                    2e:b8:a3:c5:35:1f:d6:a6:0a:d4:59:b3:0b:c5:a4:
                    75:60:26:1a:00:b3:06:96:46:c9:db:73:a2:68:f3:
                    30:cf:bf:76:5a:b3:39:e7:70:49:e6:a7:0b:76:04:
                    dd:4c:6c:9d:59:17:7d:d5:9d:42:4f:fa:d5:73:5f:
                    2d:ad:47:71:03:2b:3a:76:47:ab:62:b0:14:39:d3:
                    17:56:37:8c:91:a8:2f:9e:33:d1:4d:47:08:66:fc:
                    8e:1f:9b:c5:1d:81:ae:8f:14:10:68:a0:6c:f7:c6:
                    3d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:DE:E8:BB:2D:E1:AD:F6:32:62:4C:F9:EF:22:44:0F:8B:D8:1F:BC
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/H97ouy3hrfYyYkz57yJED4vYH7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.138.0/24
                  45.147.6.0/24
                  194.15.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:d9:a5:4f:9d:ab:61:56:87:6d:42:95:f1:35:47:bb:e7:b2:
         73:b5:21:61:be:03:a2:64:47:a2:3d:d5:4e:1d:9d:64:d7:ba:
         25:d8:3d:4a:37:91:15:2e:32:45:83:f3:bd:20:8d:db:06:ec:
         7a:3a:e3:b3:8b:2c:8f:bc:a4:7b:42:85:f1:a3:f6:b2:2c:59:
         eb:60:4e:59:64:2b:dc:10:c1:02:d5:8d:1d:c1:48:26:c3:fa:
         20:f9:2b:c1:7b:b7:1a:fb:f0:51:98:06:5e:98:70:72:6e:95:
         3e:e4:20:ab:18:ee:d0:1f:f7:81:68:71:39:b4:d4:19:f4:f3:
         42:79:a4:37:52:11:ab:49:87:53:f2:e3:22:3e:71:4d:b4:e8:
         36:07:81:aa:66:d7:34:ee:bc:8e:94:03:66:0b:ad:9c:69:b8:
         f3:5d:af:21:24:bd:34:b8:87:3a:2d:8d:3d:56:25:2f:df:96:
         35:23:f3:0b:8e:db:f1:4e:b2:32:a2:3b:f2:fd:09:7c:5f:ef:
         60:46:61:90:c8:fe:8b:85:f4:66:2e:2a:d4:d9:c7:26:76:30:
         1b:36:b1:53:a9:59:44:c6:a5:c1:7d:dd:9e:c8:27:08:aa:4d:
         26:20:bd:2d:05:a2:76:9c:9d:85:e5:76:67:34:e4:23:b2:91:
         0a:8a:24:2a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQnSJDBCQCVvnyma0Y7YpsoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmRlZThiYjJkZTFhZGY2MzI2MjRjZjllZjIyNDQwZjhiZDgxZmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOjeFwuQoLn9f0ebdoej0NrDkvey
UKfWq51+L1zQz7Wzk59jnEqoIO83PwBr4w741+6uN2eoVdHX1f2v/A2sSFHzH7cZ
rdKuHzHvx0Trfo1Bib+w69bWh9gGd8Mr64AfrXHitTx622QU1zwQWeXXpcSCNSXj
Sd6IdU0Fp51R1KgTg/JXI9izkBi6eVhEOjatA8xcSXIuuKPFNR/WpgrUWbMLxaR1
YCYaALMGlkbJ23OiaPMwz792WrM553BJ5qcLdgTdTGydWRd91Z1CT/rVc18trUdx
Ays6dkerYrAUOdMXVjeMkagvnjPRTUcIZvyOH5vFHYGujxQQaKBs98Y96QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB/e6Lst4a32MmJM+e8iRA+L2B+8MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvSDk3b3V5M2hyZll5WWt6NTd5SkVENHZZSDd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALUOKAwQA
LZMGAwQAwg8nMA0GCSqGSIb3DQEBCwUAA4IBAQCk2aVPnathVodtQpXxNUe757Jz
tSFhvgOiZEeiPdVOHZ1k17ol2D1KN5EVLjJFg/O9II3bBux6OuOziyyPvKR7QoXx
o/ayLFnrYE5ZZCvcEMEC1Y0dwUgmw/og+SvBe7ca+/BRmAZemHBybpU+5CCrGO7Q
H/eBaHE5tNQZ9PNCeaQ3UhGrSYdT8uMiPnFNtOg2B4GqZtc07ryOlANmC62cabjz
Xa8hJL00uIc6LY09ViUv35Y1I/MLjtvxTrIyojvy/Ql8X+9gRmGQyP6LhfRmLirU
2ccmdjAbNrFTqVlExqXBfd2eyCcIqk0mIL0tBaJ2nJ2F5XZnNOQjspEKiiQq
-----END CERTIFICATE-----