Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/PsfOoD3izcdQ8P1ZE0P2oyuHTMI.roa
File:                     PsfOoD3izcdQ8P1ZE0P2oyuHTMI.roa (raw, json)
Hash identifier:          TVShOuqBPMIZ6RJivnoSy7fd+idFxGFOyhw9qAD5PUA=
Subject key identifier:   3E:C7:CE:A0:3D:E2:CD:C7:50:F0:FD:59:13:43:F6:A3:2B:87:4C:C2
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019427487E6C76DF57B4EFEE762CE23B26EC
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/PsfOoD3izcdQ8P1ZE0P2oyuHTMI.roa
Signing time:             Thu 02 Jan 2025 13:50:49 +0000
ROA not before:           Thu 02 Jan 2025 13:50:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24961
IP address blocks:        45.151.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:7e:6c:76:df:57:b4:ef:ee:76:2c:e2:3b:26:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ec7cea03de2cdc750f0fd591343f6a32b874cc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:fe:d4:81:6c:d7:af:60:05:fa:dd:78:f2:bb:
                    fa:20:80:fe:8c:3f:5d:4a:5b:e5:e0:64:07:8c:4e:
                    c4:c3:fe:d1:e6:ee:d6:55:4c:3e:f5:7e:37:1a:71:
                    27:7c:c6:6f:61:01:f2:dc:ea:83:51:73:26:73:88:
                    f0:25:c2:f2:3d:f3:36:3b:b9:62:40:cc:53:c3:e6:
                    7f:19:7a:05:7d:98:6a:b0:4f:c3:c6:f9:48:e2:6e:
                    2c:5d:2a:6c:87:cc:d1:38:f4:04:ce:64:fc:a9:a2:
                    48:d1:92:54:92:71:cb:d3:69:7d:63:12:65:27:02:
                    5c:c8:06:1f:a9:e3:41:95:f4:3d:84:96:4a:50:80:
                    56:40:51:23:0b:45:04:4d:7e:73:a4:e1:33:69:5e:
                    a1:55:e1:f7:c4:d6:77:a8:6f:c6:5c:bc:9e:d5:81:
                    2c:18:d0:47:25:8a:c2:23:3a:03:b6:1d:71:80:ef:
                    4f:eb:f9:dd:c9:b3:31:b8:a8:c7:8b:59:42:05:2b:
                    a1:24:58:d3:77:17:bb:a5:72:e7:ec:e9:a8:61:d9:
                    27:b2:1b:7d:6c:c0:0d:15:de:16:cb:1f:ad:22:f2:
                    46:4b:78:3f:8f:ef:48:72:fa:31:70:40:c2:6d:9d:
                    ee:fa:2c:8c:fe:20:62:13:33:55:bd:e4:ce:d5:77:
                    15:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:C7:CE:A0:3D:E2:CD:C7:50:F0:FD:59:13:43:F6:A3:2B:87:4C:C2
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/PsfOoD3izcdQ8P1ZE0P2oyuHTMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:95:97:d4:0a:37:c2:3f:86:7b:a8:02:b6:d8:24:5d:89:0a:
         04:6f:fe:cc:39:87:75:0e:14:f3:f5:2f:ca:7f:2e:a6:09:a2:
         5d:f2:9a:24:e6:07:8a:51:6e:81:a9:e2:6e:00:05:8b:97:70:
         d5:b7:ba:29:9b:f5:ea:88:fa:dc:a1:68:96:92:3e:b8:dd:76:
         60:2d:db:38:ad:10:b5:54:3b:90:c7:9e:bc:0e:33:ab:ec:1b:
         e1:4a:62:3d:8d:43:1a:94:54:18:d8:7b:e5:d2:18:41:5f:a5:
         41:8e:ef:b9:61:fd:19:8f:d0:36:e6:24:29:8b:41:fe:49:28:
         ba:5c:e2:ad:97:92:76:dd:64:d3:a6:13:17:b6:72:e7:72:0a:
         a6:62:0a:f7:54:dd:ee:92:20:a3:85:bd:32:e6:41:b6:2d:63:
         fe:5d:0d:89:bc:9b:1a:74:70:01:db:7c:1c:9b:5d:b6:68:b8:
         47:a9:30:e7:af:04:3a:bb:03:aa:c6:ed:5d:43:eb:a1:a9:2f:
         81:bb:56:4e:d2:51:e4:9b:3c:37:ac:3a:38:e3:73:37:ac:59:
         c2:94:53:b6:f7:e9:b2:36:5a:65:fe:ea:c6:b8:9c:46:89:64:
         bc:3d:79:53:48:15:b3:0c:1b:8b:d6:d4:34:07:3d:b9:a0:84:
         28:ef:dc:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSH5sdt9XtO/udiziOybsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWM3Y2VhMDNkZTJjZGM3NTBmMGZkNTkxMzQzZjZhMzJiODc0Y2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/7UgWzXr2AF+t148rv6IID+jD9d
Slvl4GQHjE7Ew/7R5u7WVUw+9X43GnEnfMZvYQHy3OqDUXMmc4jwJcLyPfM2O7li
QMxTw+Z/GXoFfZhqsE/DxvlI4m4sXSpsh8zROPQEzmT8qaJI0ZJUknHL02l9YxJl
JwJcyAYfqeNBlfQ9hJZKUIBWQFEjC0UETX5zpOEzaV6hVeH3xNZ3qG/GXLye1YEs
GNBHJYrCIzoDth1xgO9P6/ndybMxuKjHi1lCBSuhJFjTdxe7pXLn7OmoYdknsht9
bMANFd4Wyx+tIvJGS3g/j+9IcvoxcEDCbZ3u+iyM/iBiEzNVveTO1XcV4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7HzqA94s3HUPD9WRND9qMrh0zCMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvUHNmT29EM2l6Y2RROFAxWkUwUDJveXVIVE1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZc7MA0G
CSqGSIb3DQEBCwUAA4IBAQAblZfUCjfCP4Z7qAK22CRdiQoEb/7MOYd1DhTz9S/K
fy6mCaJd8pok5geKUW6BqeJuAAWLl3DVt7opm/XqiPrcoWiWkj643XZgLds4rRC1
VDuQx568DjOr7BvhSmI9jUMalFQY2Hvl0hhBX6VBju+5Yf0Zj9A25iQpi0H+SSi6
XOKtl5J23WTTphMXtnLncgqmYgr3VN3ukiCjhb0y5kG2LWP+XQ2JvJsadHAB23wc
m122aLhHqTDnrwQ6uwOqxu1dQ+uhqS+Bu1ZO0lHkmzw3rDo443M3rFnClFO29+my
Nlpl/urGuJxGiWS8PXlTSBWzDBuL1tQ0Bz25oIQo79yN
-----END CERTIFICATE-----