Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/USKS0btdbaHoI_bpJ6edPiW0uJk.roa
File:                     USKS0btdbaHoI_bpJ6edPiW0uJk.roa (raw, json)
Hash identifier:          +gF0rP5N678e2LNBu80N29IUdvnNyB6k2/C5AZRZF3M=
Subject key identifier:   51:22:92:D1:BB:5D:6D:A1:E8:23:F6:E9:27:A7:9D:3E:25:B4:B8:99
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0194A78C22CC0E47D66EABEAF0B568EFE2E9
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/USKS0btdbaHoI_bpJ6edPiW0uJk.roa
Signing time:             Mon 27 Jan 2025 11:36:06 +0000
ROA not before:           Mon 27 Jan 2025 11:36:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215242
IP address blocks:        45.138.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 02:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a7:8c:22:cc:0e:47:d6:6e:ab:ea:f0:b5:68:ef:e2:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan 27 11:36:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=512292d1bb5d6da1e823f6e927a79d3e25b4b899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a9:84:54:09:11:a9:f5:88:1c:ae:48:4e:8c:
                    95:7d:c4:de:d7:d1:97:a8:24:2e:34:d0:87:89:cd:
                    15:d9:65:8a:f0:3b:de:fd:dc:f7:f4:60:68:aa:b1:
                    ea:bc:80:d2:4d:21:c6:62:26:4b:96:88:84:d4:ff:
                    06:a1:db:60:c4:49:01:69:ba:63:71:71:bd:42:d6:
                    eb:fb:e2:2f:72:70:80:b4:cb:a9:3e:c7:27:6a:4b:
                    2f:fc:1c:0a:19:2e:f2:f2:ce:5d:05:37:f7:13:f6:
                    5e:bc:28:f0:0d:62:1d:73:4e:39:8b:0d:4e:85:85:
                    88:6d:04:c4:3a:3a:d8:9e:af:f4:34:04:93:04:7a:
                    ef:90:4e:52:9c:9d:b2:d4:0a:2d:1a:7a:cb:6d:70:
                    7d:90:4b:b6:b8:0c:bf:bd:e2:96:5c:16:5f:3d:fc:
                    7e:4e:1c:b4:08:94:08:c6:6a:56:42:db:c0:be:a2:
                    c9:20:ec:72:3a:a2:28:a0:67:84:2f:09:1e:b9:3d:
                    19:2e:92:1c:e7:74:70:27:06:82:17:e3:07:7e:fa:
                    aa:dc:53:06:fe:41:52:0b:7f:e8:ac:94:c1:77:97:
                    ab:47:3d:a4:63:3b:d9:17:5d:71:60:d9:88:fa:ce:
                    cf:91:08:73:22:56:ec:d4:3a:d2:e6:41:4e:45:72:
                    ab:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:22:92:D1:BB:5D:6D:A1:E8:23:F6:E9:27:A7:9D:3E:25:B4:B8:99
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/USKS0btdbaHoI_bpJ6edPiW0uJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:3a:f4:53:38:4e:ba:f3:cf:ae:26:aa:b9:54:00:2a:bc:bc:
         fc:1c:69:39:08:09:8a:64:e0:71:4e:d4:4f:6a:f3:54:19:05:
         ea:a9:6b:6b:12:63:22:bf:f0:0d:ec:56:26:32:f6:cd:e9:94:
         4e:8d:04:43:5e:97:ba:93:1e:c0:e3:aa:cb:0d:b2:9f:a1:dc:
         f6:5a:fa:58:bf:af:af:da:a9:65:a6:88:85:43:73:ba:a1:8b:
         ef:0e:06:0a:60:58:d2:8b:94:05:a9:cb:1c:02:ae:b4:af:f6:
         23:71:76:c4:3c:2e:52:8a:a8:57:e3:40:05:10:4a:a6:29:eb:
         23:fa:05:2d:fd:0e:eb:26:e5:69:df:15:dc:2b:e9:be:89:b0:
         e4:67:b9:64:27:f5:e9:a5:b1:81:4b:dd:7d:78:6e:15:92:ac:
         6b:96:af:6f:d6:8c:41:c7:86:6f:3a:69:9d:18:6e:3d:f5:3b:
         1e:62:ed:ab:b5:5a:71:17:b6:35:9f:cf:99:6e:50:0d:dd:3f:
         9c:89:1b:bf:21:8e:40:3e:6e:4b:b9:56:fc:0f:16:ef:e7:85:
         1d:0e:d3:35:21:2c:cf:20:af:bc:ee:39:00:e1:da:3f:45:23:
         e3:99:df:67:cf:94:c5:c1:0d:af:77:70:47:d2:8e:a8:13:8b:
         b8:f0:30:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSnjCLMDkfWbqvq8LVo7+LpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTI3MTEzNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTIyOTJkMWJiNWQ2ZGExZTgyM2Y2ZTkyN2E3OWQzZTI1YjRiODk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzamEVAkRqfWIHK5IToyVfcTe19GX
qCQuNNCHic0V2WWK8Dve/dz39GBoqrHqvIDSTSHGYiZLloiE1P8GodtgxEkBabpj
cXG9Qtbr++IvcnCAtMupPscnaksv/BwKGS7y8s5dBTf3E/ZevCjwDWIdc045iw1O
hYWIbQTEOjrYnq/0NASTBHrvkE5SnJ2y1AotGnrLbXB9kEu2uAy/veKWXBZfPfx+
Thy0CJQIxmpWQtvAvqLJIOxyOqIooGeELwkeuT0ZLpIc53RwJwaCF+MHfvqq3FMG
/kFSC3/orJTBd5erRz2kYzvZF11xYNmI+s7PkQhzIlbs1DrS5kFORXKrIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEiktG7XW2h6CP26SennT4ltLiZMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvVVNLUzBidGRiYUhvSV9icEo2ZWRQaVcwdUprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYq0MA0G
CSqGSIb3DQEBCwUAA4IBAQAXOvRTOE6688+uJqq5VAAqvLz8HGk5CAmKZOBxTtRP
avNUGQXqqWtrEmMiv/AN7FYmMvbN6ZROjQRDXpe6kx7A46rLDbKfodz2WvpYv6+v
2qllpoiFQ3O6oYvvDgYKYFjSi5QFqcscAq60r/YjcXbEPC5SiqhX40AFEEqmKesj
+gUt/Q7rJuVp3xXcK+m+ibDkZ7lkJ/XppbGBS919eG4Vkqxrlq9v1oxBx4ZvOmmd
GG499TseYu2rtVpxF7Y1n8+ZblAN3T+ciRu/IY5APm5LuVb8Dxbv54UdDtM1ISzP
IK+87jkA4do/RSPjmd9nz5TFwQ2vd3BH0o6oE4u48DDm
-----END CERTIFICATE-----