Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/uHCer9bSYtAYzAW97IkYAtxT0oY.roa
File:                     uHCer9bSYtAYzAW97IkYAtxT0oY.roa (raw, json)
Hash identifier:          pEZrL5HUVwpESwP8P9Avj4b8s7dLWZdI+MAnQfTy42g=
Subject key identifier:   B8:70:9E:AF:D6:D2:62:D0:18:CC:05:BD:EC:89:18:02:DC:53:D2:86
Certificate issuer:       /CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Certificate serial:       0194236A29DE16033F4344CBFE7DE621A776
Authority key identifier: 9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/uHCer9bSYtAYzAW97IkYAtxT0oY.roa
Signing time:             Wed 01 Jan 2025 19:49:07 +0000
ROA not before:           Wed 01 Jan 2025 19:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     264617
IP address blocks:        45.94.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:29:de:16:03:3f:43:44:cb:fe:7d:e6:21:a7:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
        Validity
            Not Before: Jan  1 19:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8709eafd6d262d018cc05bdec891802dc53d286
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f3:b0:ec:7a:00:3a:63:9d:b7:79:39:ac:84:
                    46:93:ac:c2:fc:b4:ec:00:5c:c4:3b:ab:84:f3:21:
                    b0:e0:e9:c2:77:35:36:e4:49:d5:a3:0c:06:e1:11:
                    dc:17:ea:f0:c7:08:22:1d:d1:64:cf:97:33:1f:32:
                    59:17:aa:b5:fb:44:a4:f2:62:10:47:cc:2c:db:48:
                    df:5f:36:c2:57:b7:dc:0b:5f:0e:ce:67:59:43:c6:
                    35:41:99:5c:d5:7a:1b:4d:49:6b:d0:19:00:1f:7b:
                    37:29:34:6c:71:51:c0:a9:e1:34:50:d5:ab:12:13:
                    26:33:0a:fd:31:fa:8e:67:43:49:a0:90:9e:f7:57:
                    31:dc:7d:57:3b:c4:d8:e1:21:70:93:a8:4e:0f:b2:
                    0b:9f:a9:d3:b5:fa:8f:41:fe:68:8d:6d:74:c9:4f:
                    df:3b:be:a6:2e:23:da:ad:59:94:f5:1b:f0:ca:7b:
                    1f:52:a5:8d:33:cb:c1:61:fd:77:5b:10:ff:01:8b:
                    3f:f9:6f:32:bc:3f:01:53:33:f3:85:31:61:d8:3f:
                    35:fc:f3:76:58:3d:7a:cc:44:9c:4f:38:58:a1:ba:
                    88:3d:6f:1a:30:ba:b2:66:e2:dc:04:31:0f:43:0f:
                    7e:54:cc:80:f4:2d:3d:ad:f6:5b:0f:ce:15:cf:8e:
                    1a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:70:9E:AF:D6:D2:62:D0:18:CC:05:BD:EC:89:18:02:DC:53:D2:86
            X509v3 Authority Key Identifier:
                keyid:9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/uHCer9bSYtAYzAW97IkYAtxT0oY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:cd:11:32:22:84:dc:02:49:73:22:c5:f1:41:b2:59:63:fb:
         ed:e2:b2:3a:8b:87:2d:3f:96:ee:2a:22:6a:b1:fc:64:54:50:
         7f:ae:a8:33:0d:59:3c:cf:7c:72:f7:57:f8:42:a6:37:64:2b:
         25:00:bf:44:2c:b7:25:3e:74:f2:3d:1c:44:3c:d9:58:f5:19:
         b5:02:b5:5f:1b:dc:8a:d2:1f:76:2d:86:7d:a9:ab:69:ad:af:
         93:da:1b:4b:20:d4:32:d5:1a:44:b9:d8:75:ed:48:59:60:50:
         eb:e5:24:34:90:3d:9a:00:85:98:c6:7c:e8:2e:65:a8:17:8f:
         5c:88:c0:8a:33:63:4c:d1:42:db:94:79:32:a2:1e:3e:12:88:
         c4:ab:67:48:c8:bf:65:cd:95:ba:f6:86:be:53:2a:65:9a:8d:
         a1:f7:97:06:9a:ce:92:cf:1b:6c:c5:f8:3b:af:07:5a:23:b7:
         59:10:62:3f:14:e9:fb:d4:9e:ee:c6:dc:11:e9:f1:b4:5f:78:
         23:86:64:5a:78:15:56:4e:ad:5c:0b:51:44:28:3b:7f:ac:51:
         88:22:d2:52:2c:83:06:2d:66:bf:d9:08:eb:fb:16:df:b3:4a:
         f1:bf:bb:84:df:c7:53:85:ec:91:b5:89:48:30:30:82:bc:c7:
         42:d4:1b:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaineFgM/Q0TL/n3mIad2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjI1Y2U1NTBlNGQ5YmRhMDViZDVkNDVjOGI2YmEzNzQz
MGJiYmEwHhcNMjUwMTAxMTk0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODcwOWVhZmQ2ZDI2MmQwMThjYzA1YmRlYzg5MTgwMmRjNTNkMjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/Ow7HoAOmOdt3k5rIRGk6zC/LTs
AFzEO6uE8yGw4OnCdzU25EnVowwG4RHcF+rwxwgiHdFkz5czHzJZF6q1+0Sk8mIQ
R8ws20jfXzbCV7fcC18OzmdZQ8Y1QZlc1XobTUlr0BkAH3s3KTRscVHAqeE0UNWr
EhMmMwr9MfqOZ0NJoJCe91cx3H1XO8TY4SFwk6hOD7ILn6nTtfqPQf5ojW10yU/f
O76mLiParVmU9RvwynsfUqWNM8vBYf13WxD/AYs/+W8yvD8BUzPzhTFh2D81/PN2
WD16zEScTzhYobqIPW8aMLqyZuLcBDEPQw9+VMyA9C09rfZbD84Vz44a4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLhwnq/W0mLQGMwFveyJGALcU9KGMB8GA1UdIwQY
MBaAFJyyXOVQ5Nm9oFvV1FyLa6N0MLu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYt
YmU0NWYwZDJhYmJiLzEvdUhDZXI5YlNZdEFZekFXOTdJa1lBdHhUMG9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYtYmU0NWYwZDJhYmJi
LzEvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV6IMA0G
CSqGSIb3DQEBCwUAA4IBAQAZzREyIoTcAklzIsXxQbJZY/vt4rI6i4ctP5buKiJq
sfxkVFB/rqgzDVk8z3xy91f4QqY3ZCslAL9ELLclPnTyPRxEPNlY9Rm1ArVfG9yK
0h92LYZ9qatpra+T2htLINQy1RpEudh17UhZYFDr5SQ0kD2aAIWYxnzoLmWoF49c
iMCKM2NM0ULblHkyoh4+EojEq2dIyL9lzZW69oa+Uyplmo2h95cGms6Szxtsxfg7
rwdaI7dZEGI/FOn71J7uxtwR6fG0X3gjhmRaeBVWTq1cC1FEKDt/rFGIItJSLIMG
LWa/2Qjr+xbfs0rxv7uE38dTheyRtYlIMDCCvMdC1BsC
-----END CERTIFICATE-----