Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/czmDpB69mapYVPq75wH0whlt8vo.roa
File:                     czmDpB69mapYVPq75wH0whlt8vo.roa (raw, json)
Hash identifier:          eo9gtPxXRjMYYcCWgX24EwgOrp/qW9kZYDbYK/cpB+0=
Subject key identifier:   73:39:83:A4:1E:BD:99:AA:58:54:FA:BB:E7:01:F4:C2:19:6D:F2:FA
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       01953E19F2C602EF68DED498FD71840E68E2
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/czmDpB69mapYVPq75wH0whlt8vo.roa
Signing time:             Tue 25 Feb 2025 17:14:02 +0000
ROA not before:           Tue 25 Feb 2025 17:14:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398465
IP address blocks:        45.13.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3e:19:f2:c6:02:ef:68:de:d4:98:fd:71:84:0e:68:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Feb 25 17:14:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=733983a41ebd99aa5854fabbe701f4c2196df2fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:67:9b:76:c6:5c:49:22:00:b4:5b:d1:e6:29:
                    e6:9a:ee:e6:38:36:de:5c:fb:c4:b7:38:9d:e3:99:
                    ee:f9:68:6f:eb:d8:ac:5e:08:fd:8c:e9:74:ff:2c:
                    0c:8d:6f:15:74:be:99:cc:c5:44:aa:e6:3e:85:1e:
                    d9:34:5c:c0:45:45:0d:e7:75:80:08:71:90:a6:0f:
                    50:80:41:0d:a5:ca:e1:da:dc:79:f0:48:f3:f7:cd:
                    19:f7:df:09:67:94:a4:b7:b2:51:6e:89:c3:c4:91:
                    43:d4:7d:01:d4:20:07:0d:56:d9:31:3e:d3:2f:1a:
                    7e:38:bf:50:f9:cf:bd:cd:76:61:c6:43:28:2e:af:
                    ee:6d:c3:4b:c9:02:aa:b4:41:89:39:bc:e3:26:0d:
                    de:d8:a9:63:ac:ac:9e:7e:4a:d1:04:8f:f0:65:8b:
                    57:68:40:f8:7a:82:7e:25:98:0e:6c:5b:6a:6d:2f:
                    6b:a4:a5:18:86:02:4b:de:e1:45:6c:aa:92:f9:d2:
                    91:a7:22:f9:d8:ff:ba:50:98:16:f4:f7:5b:52:2d:
                    82:44:11:e4:ff:60:ea:c1:27:e6:e8:d7:70:92:66:
                    fb:ed:65:61:74:a5:a1:d0:94:45:e3:57:1c:0f:d7:
                    d0:95:7f:cd:7c:a8:d0:01:2a:ea:f0:68:8b:3a:84:
                    98:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:39:83:A4:1E:BD:99:AA:58:54:FA:BB:E7:01:F4:C2:19:6D:F2:FA
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/czmDpB69mapYVPq75wH0whlt8vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:e1:dc:ad:3c:d8:a4:fb:46:c0:72:e0:64:eb:e6:1a:f9:28:
         82:14:c6:ee:4a:1f:ba:0f:e2:cf:15:95:d5:d5:57:ab:68:92:
         ed:d2:af:28:78:ae:5e:b0:e8:12:ff:50:29:b5:72:7f:e6:36:
         13:a4:77:34:fa:e2:bf:7b:d1:97:d9:e0:87:e8:57:50:11:b3:
         4e:53:d7:e8:4c:aa:8b:fa:f9:cd:8d:b5:da:97:51:0f:8a:9e:
         21:b3:22:f5:3f:6e:a7:21:6e:ab:a4:50:66:73:0d:6f:59:0b:
         90:09:44:e3:da:5f:64:1b:dd:c2:ae:43:84:75:0f:8a:54:c5:
         7d:28:97:23:7a:bb:a6:f2:34:92:29:0d:a3:b1:a2:ea:a8:83:
         b8:12:22:2c:21:fb:d2:03:c6:c4:5d:7c:9e:24:2e:00:5f:94:
         90:1c:a8:2b:98:86:e9:58:0c:cc:fd:61:fd:75:1d:fb:3d:97:
         e0:0d:53:f6:5e:77:f5:2c:19:8d:19:c3:eb:ce:a9:7e:cd:00:
         1d:86:f4:29:e8:02:95:fb:5b:2f:2f:81:3c:76:4e:b0:01:09:
         a8:3e:23:ac:2a:95:f0:44:94:b9:bc:d7:48:ae:40:96:2f:54:
         56:d2:ba:c1:09:f3:e7:de:25:d8:d0:12:ba:51:19:10:05:0f:
         5b:d4:76:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZU+GfLGAu9o3tSY/XGEDmjiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMjI1MTcxNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzM5ODNhNDFlYmQ5OWFhNTg1NGZhYmJlNzAxZjRjMjE5NmRmMmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA42ebdsZcSSIAtFvR5inmmu7mODbe
XPvEtzid45nu+Whv69isXgj9jOl0/ywMjW8VdL6ZzMVEquY+hR7ZNFzARUUN53WA
CHGQpg9QgEENpcrh2tx58Ejz980Z998JZ5Skt7JRbonDxJFD1H0B1CAHDVbZMT7T
Lxp+OL9Q+c+9zXZhxkMoLq/ubcNLyQKqtEGJObzjJg3e2KljrKyefkrRBI/wZYtX
aED4eoJ+JZgObFtqbS9rpKUYhgJL3uFFbKqS+dKRpyL52P+6UJgW9PdbUi2CRBHk
/2DqwSfm6Ndwkmb77WVhdKWh0JRF41ccD9fQlX/NfKjQASrq8GiLOoSYZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHM5g6QevZmqWFT6u+cB9MIZbfL6MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvY3ptRHBCNjltYXBZVlBxNzV3SDB3aGx0OHZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ3sMA0G
CSqGSIb3DQEBCwUAA4IBAQAQ4dytPNik+0bAcuBk6+Ya+SiCFMbuSh+6D+LPFZXV
1VeraJLt0q8oeK5esOgS/1AptXJ/5jYTpHc0+uK/e9GX2eCH6FdQEbNOU9foTKqL
+vnNjbXal1EPip4hsyL1P26nIW6rpFBmcw1vWQuQCUTj2l9kG93CrkOEdQ+KVMV9
KJcjerum8jSSKQ2jsaLqqIO4EiIsIfvSA8bEXXyeJC4AX5SQHKgrmIbpWAzM/WH9
dR37PZfgDVP2Xnf1LBmNGcPrzql+zQAdhvQp6AKV+1svL4E8dk6wAQmoPiOsKpXw
RJS5vNdIrkCWL1RW0rrBCfPn3iXY0BK6URkQBQ9b1HbF
-----END CERTIFICATE-----