Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/15326f-c174-493a-999c-cf0099e072c3/1/JYHlFaw4wOmIWR_77ywpgSBNK2k.roa
File:                     JYHlFaw4wOmIWR_77ywpgSBNK2k.roa (raw, json)
Hash identifier:          OvZXgWODCQ+eoxv2l2YqNiIKjAuMYd6ZKeSQVCi/uJE=
Subject key identifier:   25:81:E5:15:AC:38:C0:E9:88:59:1F:FB:EF:2C:29:81:20:4D:2B:69
Certificate issuer:       /CN=587f5478d1e94f240705722c3789076daf553757
Certificate serial:       019685CF7F9CD3ED3F04C15EC6CEE35B8E6C
Authority key identifier: 58:7F:54:78:D1:E9:4F:24:07:05:72:2C:37:89:07:6D:AF:55:37:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WH9UeNHpTyQHBXIsN4kHba9VN1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/15326f-c174-493a-999c-cf0099e072c3/1/JYHlFaw4wOmIWR_77ywpgSBNK2k.roa
Signing time:             Wed 30 Apr 2025 08:28:10 +0000
ROA not before:           Wed 30 Apr 2025 08:28:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199933
IP address blocks:        45.144.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/15326f-c174-493a-999c-cf0099e072c3/1/WH9UeNHpTyQHBXIsN4kHba9VN1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/15326f-c174-493a-999c-cf0099e072c3/1/WH9UeNHpTyQHBXIsN4kHba9VN1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WH9UeNHpTyQHBXIsN4kHba9VN1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 07:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:85:cf:7f:9c:d3:ed:3f:04:c1:5e:c6:ce:e3:5b:8e:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=587f5478d1e94f240705722c3789076daf553757
        Validity
            Not Before: Apr 30 08:28:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2581e515ac38c0e988591ffbef2c2981204d2b69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:30:85:0d:60:b0:28:84:82:bd:2b:97:e5:ae:
                    c8:9f:e3:ff:b4:ea:f7:94:b2:29:4c:60:a9:b9:3a:
                    76:e0:b4:08:01:fa:2a:70:97:3a:da:62:f9:b8:00:
                    d8:22:d1:0a:36:41:e5:03:26:a5:18:64:cc:c3:83:
                    56:c0:c2:0c:59:7b:c7:78:b2:1b:b9:b3:05:02:f4:
                    e6:c8:ba:4f:12:96:e7:4d:26:1d:8f:9c:d4:74:c9:
                    2d:ff:ea:ed:18:33:e0:bb:a2:e2:d1:33:b5:05:b9:
                    43:52:a4:86:17:8c:cd:54:7a:13:99:3d:91:71:de:
                    ab:1b:c7:2d:14:6d:da:7f:b5:ec:a2:04:7d:52:6c:
                    5f:92:65:db:e2:15:24:4a:61:c4:c2:3f:f2:f9:00:
                    aa:52:21:76:f4:17:a4:6e:7e:16:40:95:90:22:af:
                    f3:23:01:c9:57:f0:67:ea:52:95:e9:33:1d:31:fd:
                    c2:c0:dd:8a:4c:21:69:ff:8f:12:0f:02:5c:f3:b8:
                    89:04:51:73:67:5e:62:f6:98:08:14:06:43:8d:2b:
                    5b:49:ff:75:aa:21:74:dd:4e:38:99:25:ca:3c:fd:
                    73:0c:ea:44:86:48:2f:03:5c:3a:9f:7f:ec:66:2d:
                    cd:20:64:d0:ba:79:12:4d:e5:8d:94:79:d2:96:63:
                    58:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:81:E5:15:AC:38:C0:E9:88:59:1F:FB:EF:2C:29:81:20:4D:2B:69
            X509v3 Authority Key Identifier:
                keyid:58:7F:54:78:D1:E9:4F:24:07:05:72:2C:37:89:07:6D:AF:55:37:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WH9UeNHpTyQHBXIsN4kHba9VN1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/15326f-c174-493a-999c-cf0099e072c3/1/JYHlFaw4wOmIWR_77ywpgSBNK2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/15326f-c174-493a-999c-cf0099e072c3/1/WH9UeNHpTyQHBXIsN4kHba9VN1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:7d:a7:56:19:a2:57:23:66:5e:5d:45:62:fe:9a:ae:93:37:
         ab:64:74:98:6d:0d:17:25:d4:50:31:d4:23:b1:6d:c8:ae:92:
         2d:34:2c:92:58:12:ff:41:18:e4:9b:47:3f:a0:aa:23:68:18:
         21:13:70:7d:f6:fc:44:b5:d0:43:86:bb:02:2c:1c:de:49:f3:
         9f:52:99:04:ed:ca:9b:bc:65:a8:b3:ba:7b:e3:f7:f7:1a:79:
         fc:e5:5a:47:19:03:76:74:56:60:50:19:42:b8:33:50:9d:a6:
         2a:66:27:a2:4f:73:c7:77:00:f0:70:79:5c:e5:f4:9e:6b:23:
         12:4a:18:8a:b3:46:65:aa:1a:64:ab:f6:d3:3c:59:11:1e:82:
         a6:d4:83:a5:37:03:dd:20:39:52:14:53:f7:fb:41:e1:8f:49:
         e8:a0:ce:d2:23:82:20:dc:95:f7:3d:c4:c0:cb:f8:19:24:4e:
         e5:32:03:b6:86:b4:11:fe:7d:83:37:69:93:42:91:ea:cd:23:
         46:06:74:23:98:de:0b:61:a9:8e:43:69:69:cc:c2:65:a4:00:
         43:a7:ce:5d:59:24:56:0a:0d:38:be:22:c9:d3:3c:ff:81:73:
         62:34:f1:42:c9:ec:46:bf:52:5b:78:29:05:63:c6:8f:f1:96:
         57:6b:ca:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaFz3+c0+0/BMFexs7jW45sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4N2Y1NDc4ZDFlOTRmMjQwNzA1NzIyYzM3ODkwNzZkYWY1
NTM3NTcwHhcNMjUwNDMwMDgyODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTgxZTUxNWFjMzhjMGU5ODg1OTFmZmJlZjJjMjk4MTIwNGQyYjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDCFDWCwKISCvSuX5a7In+P/tOr3
lLIpTGCpuTp24LQIAfoqcJc62mL5uADYItEKNkHlAyalGGTMw4NWwMIMWXvHeLIb
ubMFAvTmyLpPEpbnTSYdj5zUdMkt/+rtGDPgu6Li0TO1BblDUqSGF4zNVHoTmT2R
cd6rG8ctFG3af7XsogR9UmxfkmXb4hUkSmHEwj/y+QCqUiF29Bekbn4WQJWQIq/z
IwHJV/Bn6lKV6TMdMf3CwN2KTCFp/48SDwJc87iJBFFzZ15i9pgIFAZDjStbSf91
qiF03U44mSXKPP1zDOpEhkgvA1w6n3/sZi3NIGTQunkSTeWNlHnSlmNYlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWB5RWsOMDpiFkf++8sKYEgTStpMB8GA1UdIwQY
MBaAFFh/VHjR6U8kBwVyLDeJB22vVTdXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0g5VWVOSHBUeVFIQlhJc040a0hiYTlWTjFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8xNTMyNmYtYzE3NC00OTNhLTk5OWMt
Y2YwMDk5ZTA3MmMzLzEvSllIbEZhdzR3T21JV1JfNzd5d3BnU0JOSzJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8xNTMyNmYtYzE3NC00OTNhLTk5OWMtY2YwMDk5ZTA3MmMz
LzEvV0g5VWVOSHBUeVFIQlhJc040a0hiYTlWTjFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZDfMA0G
CSqGSIb3DQEBCwUAA4IBAQAqfadWGaJXI2ZeXUVi/pqukzerZHSYbQ0XJdRQMdQj
sW3IrpItNCySWBL/QRjkm0c/oKojaBghE3B99vxEtdBDhrsCLBzeSfOfUpkE7cqb
vGWos7p74/f3Gnn85VpHGQN2dFZgUBlCuDNQnaYqZieiT3PHdwDwcHlc5fSeayMS
ShiKs0Zlqhpkq/bTPFkRHoKm1IOlNwPdIDlSFFP3+0Hhj0nooM7SI4Ig3JX3PcTA
y/gZJE7lMgO2hrQR/n2DN2mTQpHqzSNGBnQjmN4LYamOQ2lpzMJlpABDp85dWSRW
Cg04viLJ0zz/gXNiNPFCyexGv1JbeCkFY8aP8ZZXa8qI
-----END CERTIFICATE-----