Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/gFeIvXYaJ1GP37K0bcXkhf_le5c.roa
File:                     gFeIvXYaJ1GP37K0bcXkhf_le5c.roa (raw, json)
Hash identifier:          ItsR09LOh5mTYwbIMQqB6yA7QiobT25+XSzyHkyvzaE=
Subject key identifier:   80:57:88:BD:76:1A:27:51:8F:DF:B2:B4:6D:C5:E4:85:FF:E5:7B:97
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       0194274896CFAA569DF0880D52F00A810F9C
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/gFeIvXYaJ1GP37K0bcXkhf_le5c.roa
Signing time:             Thu 02 Jan 2025 13:50:56 +0000
ROA not before:           Thu 02 Jan 2025 13:50:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200303
IP address blocks:        45.67.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:96:cf:aa:56:9d:f0:88:0d:52:f0:0a:81:0f:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=805788bd761a27518fdfb2b46dc5e485ffe57b97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:8a:5e:a5:c5:6e:e7:af:d6:5f:5f:9c:96:ae:
                    b2:2e:7c:cb:5a:cf:12:e5:bd:1a:57:f8:48:6e:5f:
                    92:f8:3c:2c:c8:0b:ab:a2:01:b9:26:ce:ab:18:ff:
                    f3:a6:64:77:dc:eb:7b:ca:8c:5b:b8:38:6d:54:11:
                    cd:e2:85:4d:cc:d6:ca:da:0a:16:5c:6d:bb:64:15:
                    2e:c1:dd:19:7c:d4:f7:a5:8e:e3:b3:e8:3b:b0:68:
                    c1:13:2e:b1:2c:a7:d2:0c:6f:9e:6b:5b:4b:de:d3:
                    3b:3a:10:61:38:a8:20:a3:36:c0:b6:56:73:c7:26:
                    18:35:89:8c:af:53:e4:6a:24:cd:29:af:bb:e9:26:
                    a7:19:0c:86:4d:09:e5:e4:ec:5b:8d:2c:2b:c2:f2:
                    45:ec:49:78:a5:73:49:64:e2:13:f0:38:c6:e0:8b:
                    41:59:9f:52:e5:58:1a:ca:4b:42:22:54:7d:25:f7:
                    c9:5e:31:c0:15:d6:4a:48:21:a4:48:13:c2:e6:a6:
                    07:2a:53:ff:28:bd:89:d7:ad:39:bf:76:0d:74:cf:
                    99:6b:08:4d:73:c0:19:c4:6e:d5:7c:c0:b4:26:45:
                    00:b1:13:fb:d6:3c:7d:4c:4a:be:c0:24:31:8e:ea:
                    27:48:22:36:58:64:d4:89:8d:bd:2c:31:95:09:e9:
                    ed:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:57:88:BD:76:1A:27:51:8F:DF:B2:B4:6D:C5:E4:85:FF:E5:7B:97
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/gFeIvXYaJ1GP37K0bcXkhf_le5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:4e:9d:99:be:1d:c4:64:0b:fe:cc:2f:3b:ab:d8:57:b0:9e:
         ed:2a:9d:f9:02:0d:bc:c1:29:ad:9c:9d:87:95:b5:41:eb:ff:
         52:82:e0:92:56:ac:53:a0:2e:95:55:52:36:e1:34:47:5b:94:
         6d:c9:9f:3c:2c:b4:5a:ee:d2:86:4d:94:40:2d:76:52:31:ca:
         15:65:21:6f:6b:40:74:8f:c4:11:a9:1c:d4:11:b1:78:33:df:
         57:0f:96:50:7c:fc:18:d5:1a:ac:96:68:40:b0:90:fc:f6:96:
         4b:e1:65:3e:1f:2a:97:82:72:90:46:c2:d5:1b:04:13:d1:45:
         dc:62:a9:b4:1e:72:69:e6:1f:b6:bb:8f:75:f5:89:26:57:e4:
         7c:52:a0:8f:fa:21:29:25:0b:df:83:9d:fc:54:fe:72:7a:a6:
         4a:52:3e:76:d8:48:e6:3b:3b:12:17:0d:eb:b0:d5:a6:1c:ed:
         d2:22:5d:cb:70:7d:48:23:f6:4c:47:11:3b:86:99:09:07:9e:
         33:e0:eb:8e:ef:f4:75:4e:4f:c4:ec:8b:40:1b:ad:20:10:ca:
         bf:3d:fc:d4:60:5e:43:c4:0f:a2:01:24:1c:1e:d8:32:84:9e:
         0c:ac:0e:8a:6a:f4:3a:ff:9e:e0:3b:22:6c:f1:25:be:81:96:
         d4:5b:b0:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSJbPqlad8IgNUvAKgQ+cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDU3ODhiZDc2MWEyNzUxOGZkZmIyYjQ2ZGM1ZTQ4NWZmZTU3Yjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYpepcVu56/WX1+clq6yLnzLWs8S
5b0aV/hIbl+S+DwsyAurogG5Js6rGP/zpmR33Ot7yoxbuDhtVBHN4oVNzNbK2goW
XG27ZBUuwd0ZfNT3pY7js+g7sGjBEy6xLKfSDG+ea1tL3tM7OhBhOKggozbAtlZz
xyYYNYmMr1PkaiTNKa+76SanGQyGTQnl5OxbjSwrwvJF7El4pXNJZOIT8DjG4ItB
WZ9S5VgayktCIlR9JffJXjHAFdZKSCGkSBPC5qYHKlP/KL2J1605v3YNdM+ZawhN
c8AZxG7VfMC0JkUAsRP71jx9TEq+wCQxjuonSCI2WGTUiY29LDGVCentNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBXiL12GidRj9+ytG3F5IX/5XuXMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvZ0ZlSXZYWWFKMUdQMzdLMGJjWGtoZl9sZTVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUOKMA0G
CSqGSIb3DQEBCwUAA4IBAQCfTp2Zvh3EZAv+zC87q9hXsJ7tKp35Ag28wSmtnJ2H
lbVB6/9SguCSVqxToC6VVVI24TRHW5RtyZ88LLRa7tKGTZRALXZSMcoVZSFva0B0
j8QRqRzUEbF4M99XD5ZQfPwY1RqslmhAsJD89pZL4WU+HyqXgnKQRsLVGwQT0UXc
Yqm0HnJp5h+2u4919YkmV+R8UqCP+iEpJQvfg538VP5yeqZKUj522EjmOzsSFw3r
sNWmHO3SIl3LcH1II/ZMRxE7hpkJB54z4OuO7/R1Tk/E7ItAG60gEMq/PfzUYF5D
xA+iASQcHtgyhJ4MrA6KavQ6/57gOyJs8SW+gZbUW7DI
-----END CERTIFICATE-----