Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/nmIlkSXw6C8WkWVj6hI0bVg-2gI.roa
File:                     nmIlkSXw6C8WkWVj6hI0bVg-2gI.roa (raw, json)
Hash identifier:          nUHXIqF73O7wBBY96SxdeauHwHyuVlB3NyPq0pYeTaU=
Subject key identifier:   9E:62:25:91:25:F0:E8:2F:16:91:65:63:EA:12:34:6D:58:3E:DA:02
Certificate issuer:       /CN=002647c801fb58fcfaac135bb48f5e61fea7e566
Certificate serial:       01959108D495947A2770F6773C8EDBC84DD2
Authority key identifier: 00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/nmIlkSXw6C8WkWVj6hI0bVg-2gI.roa
Signing time:             Thu 13 Mar 2025 19:43:49 +0000
ROA not before:           Thu 13 Mar 2025 19:43:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26042
IP address blocks:        45.129.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 10:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:91:08:d4:95:94:7a:27:70:f6:77:3c:8e:db:c8:4d:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002647c801fb58fcfaac135bb48f5e61fea7e566
        Validity
            Not Before: Mar 13 19:43:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e62259125f0e82f16916563ea12346d583eda02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:5e:9a:3d:4c:ef:b1:d5:fa:66:27:29:b8:d2:
                    35:f1:ce:68:3a:fd:a1:f9:4e:63:87:5d:28:67:b7:
                    d7:0c:3e:ab:2a:2d:ef:3d:46:e7:fd:a2:57:7e:c9:
                    1a:19:0a:69:82:75:b0:2d:6e:bf:93:e4:7c:3c:07:
                    22:b3:35:0f:93:ff:7c:2e:c1:56:ee:29:c9:19:24:
                    fb:1b:d1:5d:a4:8f:b7:7d:b5:73:33:0f:ef:1f:88:
                    3b:22:4d:35:2c:73:a6:3d:f6:ab:97:09:76:f6:2c:
                    0c:d2:24:f9:dd:81:e1:ca:e8:18:4e:41:a4:07:b5:
                    ff:9f:55:88:a7:80:68:62:e4:64:ee:09:74:69:41:
                    50:5a:98:55:b0:9e:df:4f:80:35:1b:50:2d:e5:1e:
                    55:c3:fa:44:ff:e8:15:d7:7c:3a:fb:b9:39:b5:29:
                    21:ff:99:e1:dd:1a:78:4c:7d:93:8e:6a:71:fc:96:
                    21:25:96:3c:f4:bd:40:7f:13:44:8b:21:0f:25:cb:
                    13:39:9a:5b:8f:26:97:d1:00:73:3a:86:d8:20:5d:
                    a8:94:23:4c:52:7c:5e:f5:25:6f:fd:9c:2c:9b:54:
                    e2:ab:94:14:89:fa:09:af:ae:ca:15:4e:62:54:ab:
                    ce:a1:e9:96:f5:95:62:f4:64:cd:43:b1:32:8a:8d:
                    b5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:62:25:91:25:F0:E8:2F:16:91:65:63:EA:12:34:6D:58:3E:DA:02
            X509v3 Authority Key Identifier:
                keyid:00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/nmIlkSXw6C8WkWVj6hI0bVg-2gI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:8a:56:e6:55:bb:4b:20:82:89:c1:c4:9e:eb:74:56:3b:cc:
         19:2c:f1:b9:1d:e9:e3:4a:ce:7d:e7:47:9b:40:a4:b3:11:b0:
         98:e1:e8:c0:4b:86:71:ec:ea:97:73:9e:d1:1e:b6:58:68:97:
         ad:3f:29:a2:a4:38:61:2d:dd:bd:71:d5:d7:c1:e2:90:f2:35:
         d9:6a:3b:42:65:05:5c:15:83:1d:a4:bf:eb:c8:ac:d6:63:d7:
         b5:a4:62:ba:d3:49:7e:02:dd:6c:af:4f:e0:7a:d5:57:20:40:
         81:ee:33:a2:73:f0:d8:97:63:6b:4b:35:23:13:2b:d2:f6:86:
         8d:3d:b1:2c:89:87:9d:42:c4:ef:55:e2:5d:0e:ea:3d:de:04:
         bf:ff:4a:40:c9:86:e4:d5:ef:4b:f4:b0:4c:42:11:88:84:02:
         65:94:e2:bb:7e:22:7f:2d:b1:5c:53:f3:86:5c:e3:e4:81:d6:
         ae:7d:24:d3:1b:b3:53:8d:84:e0:62:63:be:7d:0a:ba:be:80:
         f6:48:98:c4:c9:a3:90:6f:d5:9e:f0:8c:6e:da:c7:ea:e9:f6:
         3e:c5:45:3a:91:90:4b:78:3d:ae:16:e0:e2:1d:6a:8a:24:9e:
         09:8e:6a:bc:ad:e9:49:65:44:ce:ab:77:c5:06:ec:5f:73:ee:
         e8:48:87:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWRCNSVlHoncPZ3PI7byE3SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjY0N2M4MDFmYjU4ZmNmYWFjMTM1YmI0OGY1ZTYxZmVh
N2U1NjYwHhcNMjUwMzEzMTk0MzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTYyMjU5MTI1ZjBlODJmMTY5MTY1NjNlYTEyMzQ2ZDU4M2VkYTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4V6aPUzvsdX6ZicpuNI18c5oOv2h
+U5jh10oZ7fXDD6rKi3vPUbn/aJXfskaGQppgnWwLW6/k+R8PAciszUPk/98LsFW
7inJGST7G9FdpI+3fbVzMw/vH4g7Ik01LHOmPfarlwl29iwM0iT53YHhyugYTkGk
B7X/n1WIp4BoYuRk7gl0aUFQWphVsJ7fT4A1G1At5R5Vw/pE/+gV13w6+7k5tSkh
/5nh3Rp4TH2Tjmpx/JYhJZY89L1AfxNEiyEPJcsTOZpbjyaX0QBzOobYIF2olCNM
Unxe9SVv/Zwsm1Tiq5QUifoJr67KFU5iVKvOoemW9ZVi9GTNQ7Eyio21xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ5iJZEl8OgvFpFlY+oSNG1YPtoCMB8GA1UdIwQY
MBaAFAAmR8gB+1j8+qwTW7SPXmH+p+VmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODIt
OTRlZmJmNWNlY2Q0LzEvbm1JbGtTWHc2QzhXa1dWajZoSTBiVmctMmdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODItOTRlZmJmNWNlY2Q0
LzEvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYHwMA0G
CSqGSIb3DQEBCwUAA4IBAQBDilbmVbtLIIKJwcSe63RWO8wZLPG5HenjSs5950eb
QKSzEbCY4ejAS4Zx7OqXc57RHrZYaJetPymipDhhLd29cdXXweKQ8jXZajtCZQVc
FYMdpL/ryKzWY9e1pGK600l+At1sr0/getVXIECB7jOic/DYl2NrSzUjEyvS9oaN
PbEsiYedQsTvVeJdDuo93gS//0pAyYbk1e9L9LBMQhGIhAJllOK7fiJ/LbFcU/OG
XOPkgdaufSTTG7NTjYTgYmO+fQq6voD2SJjEyaOQb9We8Ixu2sfq6fY+xUU6kZBL
eD2uFuDiHWqKJJ4Jjmq8relJZUTOq3fFBuxfc+7oSId6
-----END CERTIFICATE-----