Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/x7oG_y2SYlgnC2r7zsflKQ8o-rY.roa
File:                     x7oG_y2SYlgnC2r7zsflKQ8o-rY.roa (raw, json)
Hash identifier:          KFCld0di2DLr+LnAGVB3MOJKjKH3l9Lzpl/u4e0udxU=
Subject key identifier:   C7:BA:06:FF:2D:92:62:58:27:0B:6A:FB:CE:C7:E5:29:0F:28:FA:B6
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019427489D760A64FC1140E10DF6E8BB56A1
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/x7oG_y2SYlgnC2r7zsflKQ8o-rY.roa
Signing time:             Thu 02 Jan 2025 13:50:57 +0000
ROA not before:           Thu 02 Jan 2025 13:50:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210851
IP address blocks:        45.137.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:9d:76:0a:64:fc:11:40:e1:0d:f6:e8:bb:56:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7ba06ff2d926258270b6afbcec7e5290f28fab6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c6:ce:87:a2:de:65:51:07:1b:29:39:1f:8f:
                    c2:b5:f3:35:24:22:56:25:7a:e5:77:e6:96:41:fe:
                    48:a2:84:e9:8d:b6:b2:51:a6:6d:4c:23:8b:d7:19:
                    19:59:fa:3f:96:d3:12:b4:b3:19:a6:75:f6:df:f4:
                    ae:d5:cb:05:c7:88:89:7e:37:1a:69:ab:b7:a1:a0:
                    8d:42:75:77:8d:3f:8d:79:7c:4a:14:ae:fa:88:b9:
                    1d:06:91:12:79:cd:06:ce:02:68:e3:73:fd:2f:fc:
                    95:c1:7b:40:fc:70:6f:82:cf:11:d6:8d:b8:4f:17:
                    b9:cd:77:91:94:f0:cc:0c:e6:27:7a:48:1b:06:c7:
                    d7:b3:db:17:24:62:fe:4a:67:99:89:a6:b6:90:f5:
                    fa:1d:db:b7:54:37:e1:67:29:61:74:62:cf:75:77:
                    8b:70:23:91:6c:f9:a7:8c:ca:7a:ed:4d:35:ae:3c:
                    9d:df:4e:ae:34:93:e5:b7:b8:3f:3c:6a:2e:ea:7e:
                    bc:04:ba:bd:1f:2d:00:d3:27:ae:92:53:34:2c:ec:
                    1c:f0:1b:d0:d5:a7:3c:d3:7f:0e:38:47:a1:9e:ae:
                    69:a0:62:ff:e8:4d:af:61:e2:77:5b:ae:81:7d:73:
                    43:ee:49:9c:1f:bc:63:ce:71:0d:c8:5b:a8:d0:c8:
                    40:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:BA:06:FF:2D:92:62:58:27:0B:6A:FB:CE:C7:E5:29:0F:28:FA:B6
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/x7oG_y2SYlgnC2r7zsflKQ8o-rY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:f6:4f:a0:5b:6d:c9:63:6e:b2:26:fa:90:88:79:07:3f:8a:
         79:54:d1:50:35:1c:cc:53:60:b6:31:ae:d9:53:71:f6:a6:92:
         70:7e:1c:d6:3a:c4:29:2c:df:55:7a:99:d0:d7:71:5f:28:a4:
         92:4a:c0:e1:97:7a:a9:70:e2:36:ec:fb:d0:20:f0:21:66:ca:
         39:a6:91:48:eb:69:99:e0:31:7e:cb:e0:6a:86:8f:5a:91:ed:
         97:aa:ba:c0:5d:44:11:7c:78:5a:ec:00:5d:ae:08:c1:6e:c5:
         cb:f0:97:48:c7:0e:8a:e9:c1:b9:5c:70:2c:73:ff:95:b7:37:
         56:b7:47:16:c2:3e:7e:04:c7:97:6a:51:3c:41:2e:0d:7b:53:
         08:38:dd:c1:38:4c:ac:52:9d:0f:58:21:dc:53:64:3a:1d:27:
         87:09:29:92:74:3e:d9:21:de:9f:b0:4b:89:09:00:89:3f:dd:
         1e:61:36:fa:5b:21:fe:07:05:10:54:77:22:66:98:2b:e2:25:
         98:d5:b1:4a:4c:72:ee:fb:49:69:ee:d5:a3:bd:72:4a:86:80:
         3c:05:e5:bc:79:33:92:32:7e:c7:d3:6a:d5:3e:41:c4:4d:d0:
         58:bb:9f:39:15:0b:d2:a9:16:6f:b8:5c:dc:74:ce:c7:5f:db:
         6a:26:7d:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSJ12CmT8EUDhDfbou1ahMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2JhMDZmZjJkOTI2MjU4MjcwYjZhZmJjZWM3ZTUyOTBmMjhmYWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcbOh6LeZVEHGyk5H4/CtfM1JCJW
JXrld+aWQf5IooTpjbayUaZtTCOL1xkZWfo/ltMStLMZpnX23/Su1csFx4iJfjca
aau3oaCNQnV3jT+NeXxKFK76iLkdBpESec0GzgJo43P9L/yVwXtA/HBvgs8R1o24
Txe5zXeRlPDMDOYnekgbBsfXs9sXJGL+SmeZiaa2kPX6Hdu3VDfhZylhdGLPdXeL
cCORbPmnjMp67U01rjyd306uNJPlt7g/PGou6n68BLq9Hy0A0yeuklM0LOwc8BvQ
1ac8038OOEehnq5poGL/6E2vYeJ3W66BfXND7kmcH7xjznENyFuo0MhAkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMe6Bv8tkmJYJwtq+87H5SkPKPq2MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEveDdvR195MlNZbGduQzJyN3pzZmxLUThvLXJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYnIMA0G
CSqGSIb3DQEBCwUAA4IBAQBM9k+gW23JY26yJvqQiHkHP4p5VNFQNRzMU2C2Ma7Z
U3H2ppJwfhzWOsQpLN9VepnQ13FfKKSSSsDhl3qpcOI27PvQIPAhZso5ppFI62mZ
4DF+y+Bqho9ake2XqrrAXUQRfHha7ABdrgjBbsXL8JdIxw6K6cG5XHAsc/+VtzdW
t0cWwj5+BMeXalE8QS4Ne1MION3BOEysUp0PWCHcU2Q6HSeHCSmSdD7ZId6fsEuJ
CQCJP90eYTb6WyH+BwUQVHciZpgr4iWY1bFKTHLu+0lp7tWjvXJKhoA8BeW8eTOS
Mn7H02rVPkHETdBYu585FQvSqRZvuFzcdM7HX9tqJn3x
-----END CERTIFICATE-----