Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/V-Wxa-tbUgoFMlYz9VJl0zL9MmI.roa
File:                     V-Wxa-tbUgoFMlYz9VJl0zL9MmI.roa (raw, json)
Hash identifier:          davEKpNo7b4buavhgkad4b/Nct37Hz3CI1e2h1ytQ1M=
Subject key identifier:   57:E5:B1:6B:EB:5B:52:0A:05:32:56:33:F5:52:65:D3:32:FD:32:62
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01942369F35299E206538ED580494CDD8052
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/V-Wxa-tbUgoFMlYz9VJl0zL9MmI.roa
Signing time:             Wed 01 Jan 2025 19:48:53 +0000
ROA not before:           Wed 01 Jan 2025 19:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        45.155.65.0/24 maxlen: 24
                          176.118.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f3:52:99:e2:06:53:8e:d5:80:49:4c:dd:80:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57e5b16beb5b520a05325633f55265d332fd3262
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:26:03:57:70:f1:d9:8a:a0:d8:cb:f5:44:63:
                    7f:ca:12:c7:34:40:9f:e4:86:b8:77:df:ae:4c:82:
                    1c:3a:f2:4a:96:f2:c6:ed:96:0b:81:e7:e6:fe:34:
                    8f:04:1f:75:82:75:8c:82:b5:1c:a9:56:b8:b1:bf:
                    f7:51:0e:67:0a:2f:ac:61:4f:df:a2:89:a0:bf:c4:
                    41:77:1d:56:45:a6:43:df:50:86:79:3d:2b:9a:44:
                    11:d7:67:8a:38:f5:eb:70:93:ef:b2:2c:7b:c3:ac:
                    ed:64:ff:37:d1:10:c1:e8:e7:72:e1:75:f4:62:f7:
                    37:09:de:09:5e:6e:24:23:ab:85:9a:d5:3f:37:e1:
                    72:0a:d7:08:28:bf:d2:23:a4:cd:b3:8a:42:96:14:
                    6f:e3:6a:b0:af:2b:5d:d7:f2:25:a9:be:d3:81:46:
                    25:3c:e8:f8:e2:0f:e2:5a:08:09:cf:ef:66:26:f5:
                    00:ce:82:23:e3:d4:9d:8d:14:18:01:af:83:60:4a:
                    d1:0d:cd:99:f5:4f:32:78:4a:3e:c0:2c:f8:95:78:
                    ca:1d:0e:67:07:28:7e:8a:f7:15:0f:ad:53:39:55:
                    1c:5f:56:b6:74:d5:0f:de:84:76:7e:66:4f:c0:67:
                    48:08:e6:13:37:66:dc:0a:f9:a0:c7:bf:2e:e6:75:
                    5a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:E5:B1:6B:EB:5B:52:0A:05:32:56:33:F5:52:65:D3:32:FD:32:62
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/V-Wxa-tbUgoFMlYz9VJl0zL9MmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.65.0/24
                  176.118.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:1c:13:9f:0d:cb:e4:2e:85:a2:c5:91:1d:9a:c7:25:c1:65:
         5e:6b:02:e7:f5:dc:a5:f2:5a:72:90:48:fc:af:0d:73:42:6a:
         7e:f9:0d:43:c6:17:f3:72:69:fb:b6:80:13:fe:a2:04:3e:45:
         99:86:7f:70:99:23:1d:e2:85:85:6d:16:65:34:0b:ba:da:b0:
         f0:bb:f4:c0:75:ab:12:fe:ee:e3:b1:4c:aa:f3:75:be:47:16:
         6a:c1:17:a6:b2:33:ab:17:9a:ae:0f:85:6a:88:bc:40:62:09:
         0b:d9:29:23:8e:1f:b3:60:f1:c6:77:41:3d:8e:16:15:11:0f:
         7e:d7:d8:1e:4c:7c:30:dd:4b:f9:c9:6e:3b:fd:bb:f5:64:ed:
         35:13:c7:0c:2a:c4:2f:e9:d6:67:9a:c3:bf:74:ce:ea:87:c5:
         55:cb:33:f8:a8:81:68:7d:66:f2:5c:40:e4:5d:d9:79:22:1e:
         87:8c:53:d5:58:7f:ef:3d:f8:06:c6:d7:ca:87:53:0c:53:47:
         81:af:e7:51:76:63:3b:eb:c0:2b:58:68:58:bf:a7:d5:89:5c:
         ee:35:cc:bd:02:e3:31:22:c3:2c:88:2f:e9:7f:4a:94:17:92:
         57:56:c4:c2:f6:41:c9:5e:38:9d:b4:e5:05:c5:ea:c5:99:f8:
         f7:c4:f7:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjafNSmeIGU47VgElM3YBSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2U1YjE2YmViNWI1MjBhMDUzMjU2MzNmNTUyNjVkMzMyZmQzMjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyYDV3Dx2Yqg2Mv1RGN/yhLHNECf
5Ia4d9+uTIIcOvJKlvLG7ZYLgefm/jSPBB91gnWMgrUcqVa4sb/3UQ5nCi+sYU/f
oomgv8RBdx1WRaZD31CGeT0rmkQR12eKOPXrcJPvsix7w6ztZP830RDB6Ody4XX0
Yvc3Cd4JXm4kI6uFmtU/N+FyCtcIKL/SI6TNs4pClhRv42qwrytd1/Ilqb7TgUYl
POj44g/iWggJz+9mJvUAzoIj49SdjRQYAa+DYErRDc2Z9U8yeEo+wCz4lXjKHQ5n
Byh+ivcVD61TOVUcX1a2dNUP3oR2fmZPwGdICOYTN2bcCvmgx78u5nVavwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFflsWvrW1IKBTJWM/VSZdMy/TJiMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvVi1XeGEtdGJVZ29GTWxZejlWSmwwekw5TW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZtBAwQA
sHYhMA0GCSqGSIb3DQEBCwUAA4IBAQBxHBOfDcvkLoWixZEdmsclwWVeawLn9dyl
8lpykEj8rw1zQmp++Q1Dxhfzcmn7toAT/qIEPkWZhn9wmSMd4oWFbRZlNAu62rDw
u/TAdasS/u7jsUyq83W+RxZqwRemsjOrF5quD4VqiLxAYgkL2Skjjh+zYPHGd0E9
jhYVEQ9+19geTHww3Uv5yW47/bv1ZO01E8cMKsQv6dZnmsO/dM7qh8VVyzP4qIFo
fWbyXEDkXdl5Ih6HjFPVWH/vPfgGxtfKh1MMU0eBr+dRdmM768ArWGhYv6fViVzu
Ncy9AuMxIsMsiC/pf0qUF5JXVsTC9kHJXjidtOUFxerFmfj3xPdX
-----END CERTIFICATE-----