Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/bHcMev0UOZc5Zl2SdyvJsnmo2QQ.roa
File:                     bHcMev0UOZc5Zl2SdyvJsnmo2QQ.roa (raw, json)
Hash identifier:          qTP0A1HB5mvJA1n58oTSPKHyZmDYMoyOT7RffMOm1Gg=
Subject key identifier:   6C:77:0C:7A:FD:14:39:97:39:66:5D:92:77:2B:C9:B2:79:A8:D9:04
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       0194274883FFD031204BB3B8A006F2EC66F3
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/bHcMev0UOZc5Zl2SdyvJsnmo2QQ.roa
Signing time:             Thu 02 Jan 2025 13:50:51 +0000
ROA not before:           Thu 02 Jan 2025 13:50:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38001
IP address blocks:        45.67.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:83:ff:d0:31:20:4b:b3:b8:a0:06:f2:ec:66:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c770c7afd14399739665d92772bc9b279a8d904
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:74:45:ab:b8:e0:c7:2c:d3:3b:e3:77:22:17:
                    e8:fe:14:fd:ab:42:ec:d0:07:3b:be:ca:63:bd:e4:
                    6a:b6:f7:8a:28:50:5c:de:a7:1a:c4:8c:af:c5:33:
                    77:65:95:1a:94:45:68:0e:f1:85:97:10:e6:d2:ff:
                    27:d2:74:60:94:dc:a6:41:45:17:94:a6:02:68:ba:
                    4a:6b:bd:87:99:25:1e:be:fb:c8:9f:fc:07:6c:c6:
                    18:06:e9:01:55:d2:8d:84:75:ea:ff:3d:86:e5:93:
                    d1:9a:87:33:28:65:45:00:98:0f:1e:f7:3f:57:e7:
                    ec:32:75:64:8c:c7:73:41:a9:55:7c:13:c4:c8:db:
                    aa:ef:d3:b2:e8:ce:7a:36:4b:a5:c0:80:28:ca:59:
                    26:3c:99:38:11:69:b5:1d:7f:bb:32:77:52:2f:48:
                    d7:c4:e9:ca:f1:43:3e:00:cc:f3:d9:7c:35:78:3e:
                    dc:21:e4:df:cf:7a:d7:99:45:e3:ee:a5:e6:64:32:
                    85:f8:44:24:29:4c:84:23:82:ca:8b:e1:f3:01:78:
                    38:16:13:ef:fe:4c:c4:3b:be:4e:a6:a3:5c:8c:97:
                    cf:b2:c1:46:b3:3f:28:04:11:66:f8:aa:7b:97:95:
                    b0:67:91:dd:e3:78:99:41:6c:6b:29:34:17:13:58:
                    4e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:77:0C:7A:FD:14:39:97:39:66:5D:92:77:2B:C9:B2:79:A8:D9:04
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/bHcMev0UOZc5Zl2SdyvJsnmo2QQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:e4:62:5e:af:d2:00:bd:1c:8d:04:d6:e9:79:fb:4b:b3:63:
         58:d8:6b:27:18:d4:14:48:d8:73:24:82:5f:4e:75:92:d8:c0:
         03:00:9d:4e:d1:9d:47:ec:d8:33:f2:46:9f:9b:83:8b:c8:37:
         c0:8d:e3:de:a3:dd:d4:fb:91:71:f9:f6:98:b7:14:1a:7d:bd:
         b7:ce:88:0a:63:d7:81:2f:95:c3:6b:4a:2c:e8:b1:8f:7b:66:
         32:19:7c:36:02:4f:9d:bb:45:8a:c5:4b:d4:29:fb:c3:4b:36:
         9b:74:8b:9c:9d:e2:f6:62:18:e0:6d:76:a5:2b:30:21:db:db:
         68:10:0c:ea:b6:43:85:10:cd:0c:00:d0:f6:42:87:90:d8:1b:
         bb:a4:07:32:04:ef:e4:aa:42:3d:b4:25:df:78:de:b3:39:05:
         63:33:42:a5:17:21:57:43:b8:d9:b7:f7:46:d5:31:c6:da:01:
         32:17:a5:86:62:5e:54:67:3e:db:94:b7:d1:27:5f:85:6e:a3:
         65:da:7c:56:d4:c1:ca:2c:ef:df:10:59:c6:0a:6b:25:a9:ce:
         93:ed:d3:d8:3b:1a:35:73:ac:13:3a:63:30:97:0e:96:4a:66:
         7d:85:ce:1e:9f:61:d1:c6:24:92:3f:78:c9:da:71:ad:11:a7:
         4c:52:fc:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSIP/0DEgS7O4oAby7GbzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yzc3MGM3YWZkMTQzOTk3Mzk2NjVkOTI3NzJiYzliMjc5YThkOTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHRFq7jgxyzTO+N3Ihfo/hT9q0Ls
0Ac7vspjveRqtveKKFBc3qcaxIyvxTN3ZZUalEVoDvGFlxDm0v8n0nRglNymQUUX
lKYCaLpKa72HmSUevvvIn/wHbMYYBukBVdKNhHXq/z2G5ZPRmoczKGVFAJgPHvc/
V+fsMnVkjMdzQalVfBPEyNuq79Oy6M56NkulwIAoylkmPJk4EWm1HX+7MndSL0jX
xOnK8UM+AMzz2Xw1eD7cIeTfz3rXmUXj7qXmZDKF+EQkKUyEI4LKi+HzAXg4FhPv
/kzEO75OpqNcjJfPssFGsz8oBBFm+Kp7l5WwZ5Hd43iZQWxrKTQXE1hOJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGx3DHr9FDmXOWZdkncrybJ5qNkEMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvYkhjTWV2MFVPWmM1WmwyU2R5dkpzbm1vMlFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUOJMA0G
CSqGSIb3DQEBCwUAA4IBAQAx5GJer9IAvRyNBNbpeftLs2NY2GsnGNQUSNhzJIJf
TnWS2MADAJ1O0Z1H7Ngz8kafm4OLyDfAjePeo93U+5Fx+faYtxQafb23zogKY9eB
L5XDa0os6LGPe2YyGXw2Ak+du0WKxUvUKfvDSzabdIucneL2YhjgbXalKzAh29to
EAzqtkOFEM0MAND2QoeQ2Bu7pAcyBO/kqkI9tCXfeN6zOQVjM0KlFyFXQ7jZt/dG
1THG2gEyF6WGYl5UZz7blLfRJ1+FbqNl2nxW1MHKLO/fEFnGCmslqc6T7dPYOxo1
c6wTOmMwlw6WSmZ9hc4en2HRxiSSP3jJ2nGtEadMUvxE
-----END CERTIFICATE-----