Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/1-9PbJd606SAcljFaDXOqMtimHsk.roa
File:                     1-9PbJd606SAcljFaDXOqMtimHsk.roa (raw, json)
Hash identifier:          KXw8kntxbx0A19gUTumtpNuhW4BHiQmmsQFSl5B6ZYs=
Subject key identifier:   FB:D3:DB:25:DE:B4:E9:20:1C:96:31:5A:0D:73:AA:32:D8:A6:1E:C9
Certificate issuer:       /CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
Certificate serial:       0194258F4C5FCEFD97045804F14E5B314CEF
Authority key identifier: AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/1-9PbJd606SAcljFaDXOqMtimHsk.roa
Signing time:             Thu 02 Jan 2025 05:48:55 +0000
ROA not before:           Thu 02 Jan 2025 05:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212815
IP address blocks:        45.152.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:4c:5f:ce:fd:97:04:58:04:f1:4e:5b:31:4c:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
        Validity
            Not Before: Jan  2 05:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fbd3db25deb4e9201c96315a0d73aa32d8a61ec9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f9:87:f6:54:1b:3e:e5:b3:5f:e7:47:4f:d8:
                    28:ed:0b:91:b6:25:24:c0:af:9a:cf:e5:7d:47:33:
                    16:02:ba:47:4a:29:da:8a:de:d0:6f:36:92:de:a9:
                    9c:00:30:e8:90:81:e9:20:c7:c2:22:1e:2e:cd:46:
                    36:48:51:8f:71:99:36:57:71:65:8e:fd:f8:59:09:
                    74:0c:7b:f0:a1:63:4a:ef:cd:1a:94:de:42:e0:90:
                    9d:22:f3:78:c3:06:87:00:b1:cd:22:2c:f8:0b:45:
                    fd:3f:28:8c:06:52:4d:6c:d3:2f:4b:43:de:db:9f:
                    e5:df:05:79:3b:53:6e:66:4b:62:57:70:01:50:f8:
                    e2:c5:29:56:61:b9:6e:43:e2:21:d3:09:9e:a5:94:
                    f5:e7:db:cf:b2:0d:9e:95:38:81:ae:b7:75:cf:15:
                    c2:b2:cd:cc:ce:e6:37:75:40:70:cb:ef:1d:3a:33:
                    cf:f6:5c:86:95:f4:81:d6:01:b9:6d:27:cf:b6:94:
                    53:f8:84:b5:6a:f0:ff:a4:c5:9d:3d:c5:87:6c:bb:
                    09:73:ff:8f:94:86:33:b4:59:6a:fe:37:22:c8:9c:
                    66:14:30:4a:62:75:cf:2b:ab:93:75:29:9f:be:96:
                    71:45:88:cc:a1:c4:cb:fe:d1:63:86:21:3e:e0:e2:
                    68:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:D3:DB:25:DE:B4:E9:20:1C:96:31:5A:0D:73:AA:32:D8:A6:1E:C9
            X509v3 Authority Key Identifier:
                keyid:AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/1-9PbJd606SAcljFaDXOqMtimHsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:f8:bc:4c:b9:a9:4f:58:20:10:eb:2e:5f:31:c4:23:e1:b6:
         ff:b0:b5:8b:aa:36:69:3e:be:3c:c4:07:dd:e0:66:38:10:78:
         03:82:0f:60:93:62:3b:d4:b3:8c:60:9c:db:b8:31:fa:e9:38:
         7e:a2:35:c3:e3:9c:e7:1b:67:37:03:d4:df:96:5e:e5:7c:a6:
         fd:56:55:c5:08:3e:b9:52:d4:46:69:9e:64:93:82:e4:6a:10:
         85:63:7e:d3:c0:6b:3b:94:f2:ab:00:19:48:1c:c1:3b:14:8b:
         de:ab:3a:1f:aa:64:e8:4a:54:78:47:03:0b:61:d9:33:34:95:
         8b:4f:a0:33:59:13:f0:87:38:ba:a9:7f:30:63:57:c5:7f:28:
         c2:b6:f5:11:7b:54:7b:09:a4:b9:52:12:2c:f9:99:27:25:5a:
         57:da:15:0e:24:6c:bf:81:37:5b:e0:94:90:08:99:40:4d:4e:
         8d:96:56:24:f7:6b:a3:af:3d:ba:d1:41:d8:86:f3:f0:94:19:
         05:45:87:99:8d:4e:60:a4:9b:0b:69:36:a9:e1:ed:64:58:9c:
         9b:7b:9b:fc:71:6e:1f:63:9b:db:d1:fd:11:08:3e:98:93:8a:
         c7:ad:8e:27:82:f8:60:85:31:a7:75:f4:a1:6e:83:b7:c6:29:
         3e:a1:29:c3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQlj0xfzv2XBFgE8U5bMUzvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZjQ5Njk4NDJkZTljNGMxZTFhNTc1OWQ5OGQxZWQ1YzBk
NjJlZjgwHhcNMjUwMTAyMDU0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmQzZGIyNWRlYjRlOTIwMWM5NjMxNWEwZDczYWEzMmQ4YTYxZWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfmH9lQbPuWzX+dHT9go7QuRtiUk
wK+az+V9RzMWArpHSinait7QbzaS3qmcADDokIHpIMfCIh4uzUY2SFGPcZk2V3Fl
jv34WQl0DHvwoWNK780alN5C4JCdIvN4wwaHALHNIiz4C0X9PyiMBlJNbNMvS0Pe
25/l3wV5O1NuZktiV3ABUPjixSlWYbluQ+Ih0wmepZT159vPsg2elTiBrrd1zxXC
ss3MzuY3dUBwy+8dOjPP9lyGlfSB1gG5bSfPtpRT+IS1avD/pMWdPcWHbLsJc/+P
lIYztFlq/jciyJxmFDBKYnXPK6uTdSmfvpZxRYjMocTL/tFjhiE+4OJoUQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPvT2yXetOkgHJYxWg1zqjLYph7JMB8GA1UdIwQY
MBaAFKr0lphC3pxMHhpXWdmNHtXA1i74MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjct
ZjgxZmRmNzRlNjU1LzEvMS05UGJKZDYwNlNBY2xqRmFEWE9xTXRpbUhzay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMWQvNzIwZjlmLWYwYjgtNDRkMi04MzY3LWY4MWZkZjc0ZTY1
NS8xL3F2U1dtRUxlbkV3ZUdsZFoyWTBlMWNEV0x2Zy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2YRjAN
BgkqhkiG9w0BAQsFAAOCAQEAEvi8TLmpT1ggEOsuXzHEI+G2/7C1i6o2aT6+PMQH
3eBmOBB4A4IPYJNiO9SzjGCc27gx+uk4fqI1w+Oc5xtnNwPU35Ze5Xym/VZVxQg+
uVLURmmeZJOC5GoQhWN+08BrO5TyqwAZSBzBOxSL3qs6H6pk6EpUeEcDC2HZMzSV
i0+gM1kT8Ic4uql/MGNXxX8owrb1EXtUewmkuVISLPmZJyVaV9oVDiRsv4E3W+CU
kAiZQE1OjZZWJPdro689utFB2Ibz8JQZBUWHmY1OYKSbC2k2qeHtZFicm3ub/HFu
H2Ob29H9EQg+mJOKx62OJ4L4YIUxp3X0oW6Dt8YpPqEpww==
-----END CERTIFICATE-----