Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/avHmGkpLG4dHNgSEy0MvqbKbHlE.roa
File:                     avHmGkpLG4dHNgSEy0MvqbKbHlE.roa (raw, json)
Hash identifier:          +cRbC0Mu5Vac+B4JyQffZVTD2bLx3qm5k5ngJxqQA8k=
Subject key identifier:   6A:F1:E6:1A:4A:4B:1B:87:47:36:04:84:CB:43:2F:A9:B2:9B:1E:51
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019427488A44AF76ACF3A2DD6375AA316B12
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/avHmGkpLG4dHNgSEy0MvqbKbHlE.roa
Signing time:             Thu 02 Jan 2025 13:50:52 +0000
ROA not before:           Thu 02 Jan 2025 13:50:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49981
IP address blocks:        45.141.116.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:8a:44:af:76:ac:f3:a2:dd:63:75:aa:31:6b:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6af1e61a4a4b1b8747360484cb432fa9b29b1e51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:13:b4:ae:7b:f6:46:f2:a7:f2:9c:88:f1:62:
                    59:d8:a0:d0:83:f9:a2:ff:8b:09:a5:ab:ce:79:7a:
                    c6:46:76:8a:0c:e1:a9:99:14:2e:de:30:bd:fe:3a:
                    f4:34:8e:cb:b1:21:e1:31:7d:63:45:e1:d9:8f:d6:
                    63:03:cd:dd:31:b8:8b:cd:fa:1c:5b:8a:bf:74:bb:
                    11:d3:dc:95:21:96:6c:0c:6f:6b:65:4d:72:9a:fb:
                    d1:62:2f:5c:ae:9e:33:26:c1:cb:df:a5:d7:09:fd:
                    85:c0:0c:d6:5c:f5:6a:a4:47:eb:55:be:07:2b:7e:
                    20:07:f0:67:07:ec:96:7d:49:ac:8b:03:7b:a5:b3:
                    c2:4c:e9:92:d7:07:b9:5c:9c:86:13:e0:7c:aa:0c:
                    7d:9d:51:b2:3a:fd:03:72:14:2e:88:76:5a:27:c8:
                    2b:66:b3:cd:91:b5:bb:6b:07:de:23:dd:6d:01:25:
                    f6:1a:d1:cb:ff:73:3d:f0:e8:e4:79:82:e2:8c:d0:
                    f4:d9:a2:ae:3c:4c:ef:bb:e5:ee:7b:df:e0:10:64:
                    1d:2a:c1:14:f4:3c:11:14:29:be:ab:c3:06:da:0a:
                    14:a0:84:af:05:e7:5c:db:73:d3:9a:ba:0f:a6:f3:
                    23:be:8a:5b:0e:06:e4:ad:82:61:40:04:69:c3:f1:
                    1d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:F1:E6:1A:4A:4B:1B:87:47:36:04:84:CB:43:2F:A9:B2:9B:1E:51
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/avHmGkpLG4dHNgSEy0MvqbKbHlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:8b:10:ce:48:0b:0b:99:68:05:b8:9b:44:b8:cd:b1:dc:56:
         c5:ab:b2:0f:27:a4:34:a3:bd:b8:53:ec:0d:4b:18:97:09:f3:
         43:f6:84:85:64:a7:3c:f9:ae:40:64:de:5c:2e:2b:6f:5e:4a:
         48:69:4b:b2:81:c4:ea:d4:a2:80:70:88:92:09:72:1c:a5:6c:
         fb:73:94:3e:6f:21:ad:23:18:78:e8:4d:ea:eb:ba:6a:95:e5:
         81:85:50:21:e5:b3:93:95:e9:f7:17:97:74:4c:99:1a:12:7f:
         27:91:07:25:b3:af:45:af:94:6d:93:e5:dd:6b:44:a7:16:4a:
         95:d4:22:27:82:9a:87:5d:5a:f4:3a:0b:bf:c5:3f:34:b6:d1:
         b5:f1:f9:34:46:82:45:d0:95:6e:7e:b5:d8:b7:3b:05:b4:1b:
         35:97:79:e6:15:7d:e1:b1:b0:f6:97:a3:42:9a:f8:07:cb:4c:
         e7:23:55:90:30:ed:6f:2f:63:eb:72:5a:5a:c4:49:01:f7:17:
         db:45:fe:59:b8:6f:d1:54:98:4d:5e:98:c8:a4:dd:c4:b6:3f:
         81:bc:20:5e:ad:0a:ab:c6:a2:d5:ec:8b:44:bf:ac:dc:e8:e8:
         29:dc:83:6d:fb:b1:69:b0:64:68:15:be:45:b9:cf:a1:67:22:
         89:6c:ed:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSIpEr3as86LdY3WqMWsSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWYxZTYxYTRhNGIxYjg3NDczNjA0ODRjYjQzMmZhOWIyOWIxZTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhO0rnv2RvKn8pyI8WJZ2KDQg/mi
/4sJpavOeXrGRnaKDOGpmRQu3jC9/jr0NI7LsSHhMX1jReHZj9ZjA83dMbiLzfoc
W4q/dLsR09yVIZZsDG9rZU1ymvvRYi9crp4zJsHL36XXCf2FwAzWXPVqpEfrVb4H
K34gB/BnB+yWfUmsiwN7pbPCTOmS1we5XJyGE+B8qgx9nVGyOv0DchQuiHZaJ8gr
ZrPNkbW7awfeI91tASX2GtHL/3M98OjkeYLijND02aKuPEzvu+Xue9/gEGQdKsEU
9DwRFCm+q8MG2goUoISvBedc23PTmroPpvMjvopbDgbkrYJhQARpw/EdGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGrx5hpKSxuHRzYEhMtDL6mymx5RMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvYXZIbUdrcExHNGRITmdTRXkwTXZxYktiSGxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLY10MA0G
CSqGSIb3DQEBCwUAA4IBAQB5ixDOSAsLmWgFuJtEuM2x3FbFq7IPJ6Q0o724U+wN
SxiXCfND9oSFZKc8+a5AZN5cLitvXkpIaUuygcTq1KKAcIiSCXIcpWz7c5Q+byGt
Ixh46E3q67pqleWBhVAh5bOTlen3F5d0TJkaEn8nkQcls69Fr5Rtk+Xda0SnFkqV
1CIngpqHXVr0Ogu/xT80ttG18fk0RoJF0JVufrXYtzsFtBs1l3nmFX3hsbD2l6NC
mvgHy0znI1WQMO1vL2PrclpaxEkB9xfbRf5ZuG/RVJhNXpjIpN3Etj+BvCBerQqr
xqLV7ItEv6zc6Ogp3INt+7FpsGRoFb5Fuc+hZyKJbO1T
-----END CERTIFICATE-----