Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/fBLuy90uGCv22rBLuoDIiG2G66M.roa
File:                     fBLuy90uGCv22rBLuoDIiG2G66M.roa (raw, json)
Hash identifier:          jPE3VFqawczzibzPQw80OEeyieLxlbeXn6UrGWxbDQA=
Subject key identifier:   7C:12:EE:CB:DD:2E:18:2B:F6:DA:B0:4B:BA:80:C8:88:6D:86:EB:A3
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0195CEDAA3C375348FDF925425450275902C
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/fBLuy90uGCv22rBLuoDIiG2G66M.roa
Signing time:             Tue 25 Mar 2025 19:49:49 +0000
ROA not before:           Tue 25 Mar 2025 19:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5511
IP address blocks:        45.149.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ce:da:a3:c3:75:34:8f:df:92:54:25:45:02:75:90:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Mar 25 19:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c12eecbdd2e182bf6dab04bba80c8886d86eba3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:9f:5a:12:a8:9a:0f:97:82:bf:d4:1b:b7:ad:
                    11:64:8f:51:26:46:2d:c5:2b:16:c1:49:d2:a0:12:
                    80:70:98:12:c3:38:f5:d5:32:f6:81:12:a4:74:8b:
                    3d:bb:fb:1d:1b:96:f4:70:84:63:08:ce:da:e1:5f:
                    ce:e1:32:5c:c3:34:33:86:a1:eb:74:c6:3d:cf:63:
                    66:ea:72:fd:ca:b2:ec:b0:ba:af:98:3b:2c:4c:cb:
                    87:79:4a:be:83:00:6c:83:56:66:2c:78:08:c4:a9:
                    8d:8c:3f:43:b5:be:d4:21:b2:67:33:98:7f:5a:a7:
                    cc:5c:f4:9f:8f:8d:93:e3:0f:cd:81:98:f0:4a:4f:
                    9d:bf:20:88:46:da:1d:c7:78:3e:0b:4e:82:ec:b1:
                    b3:ed:a2:c6:5f:fa:83:fd:e5:bf:84:5c:a6:12:5a:
                    9c:f4:f9:cb:09:53:3d:5a:33:cb:bc:24:94:d0:fe:
                    2f:bf:e2:3e:fd:bf:fa:ef:be:02:5c:20:10:18:18:
                    8c:47:5f:18:04:c8:fd:1b:eb:16:ed:29:32:38:7b:
                    ba:f1:23:81:80:4f:f9:e7:08:c9:c8:a6:cc:1c:82:
                    55:4f:c3:a5:aa:f7:6f:33:5c:16:8d:6e:ec:cb:ae:
                    20:6b:3f:03:b4:80:7b:d6:d3:a7:ac:3f:41:21:d9:
                    af:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:12:EE:CB:DD:2E:18:2B:F6:DA:B0:4B:BA:80:C8:88:6D:86:EB:A3
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/fBLuy90uGCv22rBLuoDIiG2G66M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:6d:20:a3:88:77:37:5c:61:a7:97:86:62:7b:94:1b:43:9c:
         25:b5:c7:0d:1c:b5:bf:c4:74:4f:9a:73:6c:23:5c:6a:89:64:
         ef:e1:69:ee:92:2e:d2:66:d2:c6:b5:3a:bf:40:d0:4a:32:46:
         23:76:eb:81:b3:1d:3e:e7:c3:74:53:f1:05:f5:24:a6:79:51:
         01:72:0d:e7:4f:3a:8d:f5:83:89:97:ab:1b:a5:cf:fe:34:e9:
         79:66:e4:39:fa:5e:fb:2f:71:91:6d:dd:64:61:2e:b9:63:a8:
         6e:48:16:98:24:f3:f2:cf:28:3f:cd:60:3c:9f:fa:36:71:f0:
         02:bb:52:a8:7e:fe:1b:ca:1e:62:a7:1a:4a:d3:ad:9f:aa:1b:
         cf:a9:9e:a9:64:0f:f6:4e:56:e4:6f:a0:7f:c6:dd:a2:27:59:
         2e:61:1d:83:f2:ea:a9:43:ee:e0:2a:9f:d1:91:10:06:af:74:
         51:2c:cd:9a:d0:94:b7:a9:b8:5d:db:4b:74:2d:48:4f:75:3e:
         22:49:91:bb:9e:ad:9d:d2:7d:0f:c6:b2:af:e2:d9:aa:cf:44:
         d7:23:ef:bb:d3:87:cd:f9:e7:68:7a:6f:0b:71:be:9c:68:4d:
         80:0e:dd:af:12:21:52:5f:d4:4c:fa:4a:d6:1c:9a:16:c5:1b:
         41:73:4c:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXO2qPDdTSP35JUJUUCdZAsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwMzI1MTk0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzEyZWVjYmRkMmUxODJiZjZkYWIwNGJiYTgwYzg4ODZkODZlYmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkp9aEqiaD5eCv9Qbt60RZI9RJkYt
xSsWwUnSoBKAcJgSwzj11TL2gRKkdIs9u/sdG5b0cIRjCM7a4V/O4TJcwzQzhqHr
dMY9z2Nm6nL9yrLssLqvmDssTMuHeUq+gwBsg1ZmLHgIxKmNjD9Dtb7UIbJnM5h/
WqfMXPSfj42T4w/NgZjwSk+dvyCIRtodx3g+C06C7LGz7aLGX/qD/eW/hFymElqc
9PnLCVM9WjPLvCSU0P4vv+I+/b/6774CXCAQGBiMR18YBMj9G+sW7SkyOHu68SOB
gE/55wjJyKbMHIJVT8OlqvdvM1wWjW7sy64gaz8DtIB71tOnrD9BIdmv+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHwS7svdLhgr9tqwS7qAyIhthuujMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvZkJMdXk5MHVHQ3YyMnJCTHVvRElpRzJHNjZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZUaMA0G
CSqGSIb3DQEBCwUAA4IBAQCSbSCjiHc3XGGnl4Zie5QbQ5wltccNHLW/xHRPmnNs
I1xqiWTv4Wnuki7SZtLGtTq/QNBKMkYjduuBsx0+58N0U/EF9SSmeVEBcg3nTzqN
9YOJl6sbpc/+NOl5ZuQ5+l77L3GRbd1kYS65Y6huSBaYJPPyzyg/zWA8n/o2cfAC
u1Kofv4byh5ipxpK062fqhvPqZ6pZA/2Tlbkb6B/xt2iJ1kuYR2D8uqpQ+7gKp/R
kRAGr3RRLM2a0JS3qbhd20t0LUhPdT4iSZG7nq2d0n0PxrKv4tmqz0TXI++704fN
+edoem8Lcb6caE2ADt2vEiFSX9RM+krWHJoWxRtBc0xn
-----END CERTIFICATE-----