Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/oBfSHl3ucRIpkcQyDUj1we8phxs.roa
File:                     oBfSHl3ucRIpkcQyDUj1we8phxs.roa (raw, json)
Hash identifier:          j/HMZZaAuf4iz04RFO0z03UcpD0ZGWxt9D6E2EQcWWU=
Subject key identifier:   A0:17:D2:1E:5D:EE:71:12:29:91:C4:32:0D:48:F5:C1:EF:29:87:1B
Certificate issuer:       /CN=72e4baf99ab840129133285fe9ad7b83fd130c39
Certificate serial:       0194266BC0D03BBAAD797A0098893C7C600C
Authority key identifier: 72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/oBfSHl3ucRIpkcQyDUj1we8phxs.roa
Signing time:             Thu 02 Jan 2025 09:49:43 +0000
ROA not before:           Thu 02 Jan 2025 09:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        45.87.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 03:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c0:d0:3b:ba:ad:79:7a:00:98:89:3c:7c:60:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72e4baf99ab840129133285fe9ad7b83fd130c39
        Validity
            Not Before: Jan  2 09:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a017d21e5dee71122991c4320d48f5c1ef29871b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c5:0e:b2:9d:e2:95:71:ca:96:b2:03:a1:47:
                    95:25:2a:61:7c:a9:24:01:77:f0:a2:5b:3b:40:bf:
                    fc:9e:a2:31:01:3a:51:88:57:63:ad:76:09:b7:30:
                    43:33:c9:1b:39:43:f7:87:6a:90:d7:22:fb:19:06:
                    7f:d8:f1:67:09:9f:3e:bf:8b:d5:4b:24:9e:49:5a:
                    f5:bd:34:1b:d2:f2:69:bf:2b:31:4a:6a:ea:ae:fd:
                    6a:9c:11:67:72:0a:36:0c:75:56:6d:9e:f2:7c:79:
                    8b:4d:1d:23:99:b8:b2:8d:ff:d1:93:cd:0c:65:2f:
                    7a:c6:f4:01:27:60:ae:57:c4:50:5c:4b:ab:7d:1c:
                    bb:aa:f8:c7:95:0c:fe:1a:2e:36:f1:f6:a8:77:73:
                    67:93:5d:53:6b:32:65:d1:01:fd:20:e3:e2:ed:f4:
                    35:1a:50:2e:28:b8:a9:b7:87:b6:8e:ba:92:58:84:
                    78:e2:a8:9a:07:ca:85:15:d4:fd:93:f5:8e:84:dc:
                    2f:c4:36:a7:96:b2:50:da:15:e4:1e:29:a9:d0:72:
                    7b:2f:d2:1c:59:47:c4:0f:a4:7f:85:45:f7:57:5b:
                    23:5b:00:6e:e3:55:48:c1:a9:e5:b2:df:93:96:0b:
                    a0:b1:35:64:7d:27:4a:9f:1c:df:0b:3e:91:f1:18:
                    55:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:17:D2:1E:5D:EE:71:12:29:91:C4:32:0D:48:F5:C1:EF:29:87:1B
            X509v3 Authority Key Identifier:
                keyid:72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/oBfSHl3ucRIpkcQyDUj1we8phxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:8b:c0:d4:34:4c:23:35:49:5a:4b:b9:3a:c8:eb:fa:15:6d:
         97:b9:82:73:ce:f6:15:03:e6:94:6d:d5:e9:91:f0:8e:53:45:
         f7:63:c1:9c:48:38:3e:b9:b4:ba:06:a9:99:9c:8d:e8:9c:f8:
         4c:f1:1f:87:73:00:53:61:ac:f7:54:3a:be:7b:d2:d1:0c:74:
         d5:0f:8d:b2:76:1f:86:d8:0c:ae:a0:8d:3d:a5:db:a2:1b:f2:
         d3:55:78:ed:95:4e:ab:53:86:c9:cf:01:1c:90:b1:42:85:bb:
         2e:93:f6:45:94:34:af:cf:67:ff:e9:51:fd:94:5f:22:6f:0f:
         51:1b:62:34:94:9c:f1:c6:8d:f5:97:b3:cc:f6:d1:3d:51:05:
         c9:5c:12:f1:24:1e:42:72:4a:85:7a:b6:11:1d:50:7c:38:c1:
         21:f5:3d:18:13:d2:4f:5b:a7:e8:48:e2:07:64:55:09:fd:7d:
         18:0c:c2:ab:7b:9e:89:c3:93:21:c2:d1:a1:1c:97:83:4a:4c:
         86:b5:9f:e9:64:52:d2:a9:35:bc:e6:2d:d8:86:59:b8:a0:da:
         98:03:7c:28:11:ba:41:99:2b:5c:9d:4d:52:62:5f:3d:62:d7:
         c1:d1:b5:1f:49:9c:c6:87:86:f0:1b:84:06:61:9c:53:54:58:
         c3:70:21:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma8DQO7qteXoAmIk8fGAMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZTRiYWY5OWFiODQwMTI5MTMzMjg1ZmU5YWQ3YjgzZmQx
MzBjMzkwHhcNMjUwMTAyMDk0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDE3ZDIxZTVkZWU3MTEyMjk5MWM0MzIwZDQ4ZjVjMWVmMjk4NzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8UOsp3ilXHKlrIDoUeVJSphfKkk
AXfwols7QL/8nqIxATpRiFdjrXYJtzBDM8kbOUP3h2qQ1yL7GQZ/2PFnCZ8+v4vV
SySeSVr1vTQb0vJpvysxSmrqrv1qnBFncgo2DHVWbZ7yfHmLTR0jmbiyjf/Rk80M
ZS96xvQBJ2CuV8RQXEurfRy7qvjHlQz+Gi428faod3Nnk11TazJl0QH9IOPi7fQ1
GlAuKLipt4e2jrqSWIR44qiaB8qFFdT9k/WOhNwvxDanlrJQ2hXkHimp0HJ7L9Ic
WUfED6R/hUX3V1sjWwBu41VIwanlst+TlgugsTVkfSdKnxzfCz6R8RhVewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAX0h5d7nESKZHEMg1I9cHvKYcbMB8GA1UdIwQY
MBaAFHLkuvmauEASkTMoX+mte4P9Eww5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2Qt
YThkNjVkY2NiOTZiLzEvb0JmU0hsM3VjUklwa2NReURVajF3ZThwaHhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2QtYThkNjVkY2NiOTZi
LzEvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVdEMA0G
CSqGSIb3DQEBCwUAA4IBAQBMi8DUNEwjNUlaS7k6yOv6FW2XuYJzzvYVA+aUbdXp
kfCOU0X3Y8GcSDg+ubS6BqmZnI3onPhM8R+HcwBTYaz3VDq+e9LRDHTVD42ydh+G
2AyuoI09pduiG/LTVXjtlU6rU4bJzwEckLFChbsuk/ZFlDSvz2f/6VH9lF8ibw9R
G2I0lJzxxo31l7PM9tE9UQXJXBLxJB5CckqFerYRHVB8OMEh9T0YE9JPW6foSOIH
ZFUJ/X0YDMKre56Jw5MhwtGhHJeDSkyGtZ/pZFLSqTW85i3Yhlm4oNqYA3woEbpB
mStcnU1SYl89YtfB0bUfSZzGh4bwG4QGYZxTVFjDcCE3
-----END CERTIFICATE-----