Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/P54Qz9AI09JDOlqysqt799AeQRI.roa
File:                     P54Qz9AI09JDOlqysqt799AeQRI.roa (raw, json)
Hash identifier:          nIDEtW0TBUZxo5dIDtHdP7iLVF2Wse6E2BuTqfPasv8=
Subject key identifier:   3F:9E:10:CF:D0:08:D3:D2:43:3A:5A:B2:B2:AB:7B:F7:D0:1E:41:12
Certificate issuer:       /CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
Certificate serial:       01942826FC940E4DD6C36FEA9474D85ACA0F
Authority key identifier: E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/P54Qz9AI09JDOlqysqt799AeQRI.roa
Signing time:             Thu 02 Jan 2025 17:53:51 +0000
ROA not before:           Thu 02 Jan 2025 17:53:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     375
IP address blocks:        192.163.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:fc:94:0e:4d:d6:c3:6f:ea:94:74:d8:5a:ca:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
        Validity
            Not Before: Jan  2 17:53:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f9e10cfd008d3d2433a5ab2b2ab7bf7d01e4112
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:96:6d:03:e0:2a:e4:9b:2d:77:72:83:65:25:
                    ff:d9:4c:15:49:f0:b6:27:ac:82:df:02:37:e5:3f:
                    7b:92:74:28:8c:8b:69:73:1b:a5:d6:d3:d7:7e:d1:
                    ac:64:62:e7:ca:bf:f2:b4:43:e4:36:c8:a0:84:d8:
                    e1:b1:03:e8:cb:53:a2:d6:87:3c:e5:ed:d5:72:39:
                    08:c7:ed:0b:a6:00:2f:ba:f7:9e:72:71:c3:ab:b8:
                    db:b5:be:4a:39:22:87:c0:7c:1b:70:e2:85:3c:4a:
                    ef:27:86:a0:b3:04:17:9f:5f:c7:8d:34:44:df:3c:
                    ce:7c:b6:4d:37:b2:f2:d5:ae:de:ee:f8:c3:5a:f1:
                    9d:d8:8c:53:61:74:a3:b3:c8:9d:49:ab:85:e6:f5:
                    b2:3b:f0:d0:59:4d:b1:90:b4:0f:61:3a:0e:95:23:
                    8f:b9:6d:c2:50:ad:25:a8:f7:51:c6:25:d2:d0:d1:
                    21:59:0f:48:94:c3:df:7b:23:e1:b7:cc:b4:64:3c:
                    95:65:a0:78:69:dd:c6:dc:74:fe:9e:cc:8b:b2:e3:
                    60:f8:08:16:4f:16:02:c1:97:0b:d2:dc:3c:75:74:
                    32:67:95:d6:5c:7a:f4:53:85:8b:6d:ef:eb:7e:91:
                    46:4a:11:c6:8f:f5:42:a8:19:57:44:de:cb:fd:4f:
                    6c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:9E:10:CF:D0:08:D3:D2:43:3A:5A:B2:B2:AB:7B:F7:D0:1E:41:12
            X509v3 Authority Key Identifier:
                keyid:E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/P54Qz9AI09JDOlqysqt799AeQRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.163.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:1e:4b:4a:20:7a:fc:84:c4:fc:ce:ef:33:75:66:0a:01:d0:
         99:0f:a5:1a:a5:17:fd:fc:51:51:8a:bd:21:f8:b0:89:be:d1:
         f7:19:82:ed:1b:b5:af:91:f7:e6:d4:bf:41:c4:41:57:13:94:
         cf:b4:6b:37:26:61:08:1e:32:bd:0b:c0:40:18:3b:22:2d:f1:
         9b:02:47:38:f7:0c:f3:c4:1e:b4:cd:71:45:fd:2a:a2:21:b7:
         71:98:d5:9e:81:e1:1a:f0:06:68:c2:ff:bf:ab:bd:98:80:b5:
         16:1d:87:24:3d:de:3b:41:3f:82:5e:6e:46:a6:2a:a0:57:8e:
         1b:78:ad:29:bf:e2:2a:2c:02:36:19:51:39:c4:b3:82:b8:9c:
         b0:79:26:f8:5a:07:59:3f:a9:be:32:70:62:fe:c5:e4:e2:be:
         b6:28:12:4f:a1:02:96:b4:e5:7b:7e:e3:26:02:ec:19:e5:cd:
         f5:26:35:a5:3d:9f:44:30:df:3f:db:9e:d5:65:96:40:97:8b:
         95:cd:34:18:84:04:03:31:77:73:dd:ba:89:9c:d4:5f:2c:3f:
         6c:af:47:2a:53:7d:4a:c5:78:6e:7a:2c:16:56:c3:55:6a:f1:
         09:c7:c5:5a:18:fc:a4:54:e6:af:04:80:f8:84:bf:8d:0b:a9:
         3f:b5:21:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJvyUDk3Ww2/qlHTYWsoPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZGVlMWIwNmJhMjRhNjc2MjEzZjk3NmE0YjUwYzEyOWRj
YjJiNzMwHhcNMjUwMTAyMTc1MzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjllMTBjZmQwMDhkM2QyNDMzYTVhYjJiMmFiN2JmN2QwMWU0MTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZZtA+Aq5Jstd3KDZSX/2UwVSfC2
J6yC3wI35T97knQojItpcxul1tPXftGsZGLnyr/ytEPkNsighNjhsQPoy1Oi1oc8
5e3VcjkIx+0LpgAvuveecnHDq7jbtb5KOSKHwHwbcOKFPErvJ4agswQXn1/HjTRE
3zzOfLZNN7Ly1a7e7vjDWvGd2IxTYXSjs8idSauF5vWyO/DQWU2xkLQPYToOlSOP
uW3CUK0lqPdRxiXS0NEhWQ9IlMPfeyPht8y0ZDyVZaB4ad3G3HT+nsyLsuNg+AgW
TxYCwZcL0tw8dXQyZ5XWXHr0U4WLbe/rfpFGShHGj/VCqBlXRN7L/U9sMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+eEM/QCNPSQzpasrKre/fQHkESMB8GA1UdIwQY
MBaAFODe4bBrokpnYhP5dqS1DBKdyytzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMt
MTVlOTBiZjg3ZmFiLzEvUDU0UXo5QUkwOUpET2xxeXNxdDc5OUFlUVJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMtMTVlOTBiZjg3ZmFi
LzEvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKORMA0G
CSqGSIb3DQEBCwUAA4IBAQCfHktKIHr8hMT8zu8zdWYKAdCZD6UapRf9/FFRir0h
+LCJvtH3GYLtG7Wvkffm1L9BxEFXE5TPtGs3JmEIHjK9C8BAGDsiLfGbAkc49wzz
xB60zXFF/SqiIbdxmNWegeEa8AZowv+/q72YgLUWHYckPd47QT+CXm5GpiqgV44b
eK0pv+IqLAI2GVE5xLOCuJyweSb4WgdZP6m+MnBi/sXk4r62KBJPoQKWtOV7fuMm
AuwZ5c31JjWlPZ9EMN8/257VZZZAl4uVzTQYhAQDMXdz3bqJnNRfLD9sr0cqU31K
xXhueiwWVsNVavEJx8VaGPykVOavBID4hL+NC6k/tSEM
-----END CERTIFICATE-----