Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/odu_cE6nPid9mTtdeynLn3Tm0LI.roa
File:                     odu_cE6nPid9mTtdeynLn3Tm0LI.roa (raw, json)
Hash identifier:          t/tnuabvUXprLV1nfI7C0+QM/zgYQu0v/clGVZKqTgc=
Subject key identifier:   A1:DB:BF:70:4E:A7:3E:27:7D:99:3B:5D:7B:29:CB:9F:74:E6:D0:B2
Certificate issuer:       /CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
Certificate serial:       019485D2B5FA3398E856D3E92712A8544497
Authority key identifier: D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/odu_cE6nPid9mTtdeynLn3Tm0LI.roa
Signing time:             Mon 20 Jan 2025 22:26:06 +0000
ROA not before:           Mon 20 Jan 2025 22:26:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.140.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 18:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:85:d2:b5:fa:33:98:e8:56:d3:e9:27:12:a8:54:44:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
        Validity
            Not Before: Jan 20 22:26:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1dbbf704ea73e277d993b5d7b29cb9f74e6d0b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:5a:00:e8:1d:6b:6a:4b:00:57:10:37:6a:fd:
                    49:7f:7c:bf:50:e1:32:87:de:55:25:4a:6a:70:17:
                    d9:18:78:40:26:ce:aa:f6:42:2c:4b:51:f5:76:1e:
                    18:84:ac:91:59:5d:23:eb:ba:18:4b:43:11:3c:71:
                    45:b4:5e:93:aa:0d:ab:4b:6f:34:33:7d:2e:fc:99:
                    03:83:0d:cb:0f:4f:28:03:78:69:0d:07:1b:6a:b7:
                    5b:ee:63:b8:6d:dc:05:db:fc:48:69:51:27:9c:76:
                    42:16:e1:07:2e:d8:a7:84:b9:31:81:35:e1:95:31:
                    61:47:d3:90:81:2a:d4:c5:e1:d7:ab:cb:3f:ad:fb:
                    17:c3:d8:7b:83:76:06:8f:6a:01:8c:f8:45:66:bf:
                    f4:a3:b2:64:3e:60:75:ec:16:f8:e4:d3:3a:8a:8b:
                    47:94:78:2b:aa:47:07:4b:22:01:19:b7:d6:72:94:
                    d1:66:ac:af:0e:1f:83:2d:72:d2:ea:ce:14:79:44:
                    24:31:ed:4e:75:e1:9e:39:7a:d8:ec:2e:de:6e:71:
                    3a:5a:aa:72:02:25:b2:01:24:c5:36:a6:70:3e:a4:
                    fe:99:4e:48:8f:36:a5:cd:07:14:24:7a:82:06:bb:
                    4f:8d:18:54:cd:b2:aa:ef:fb:c9:bd:c3:d3:56:a0:
                    75:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:DB:BF:70:4E:A7:3E:27:7D:99:3B:5D:7B:29:CB:9F:74:E6:D0:B2
            X509v3 Authority Key Identifier:
                keyid:D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/odu_cE6nPid9mTtdeynLn3Tm0LI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:6d:ff:7b:1c:83:bf:c1:2d:f5:f0:12:c1:17:a0:6a:fe:d2:
         9a:72:fa:e9:43:ae:75:45:f6:73:05:b5:4b:0d:d5:66:a0:46:
         4b:8f:c2:20:8a:47:60:e4:60:59:32:ac:45:d4:65:09:8d:48:
         bb:ee:65:3b:20:41:b2:47:e7:dd:1e:d0:5f:a6:05:14:e6:83:
         6a:37:1d:cb:2e:ed:3d:5b:d6:b3:d9:aa:40:ae:1c:f7:e6:09:
         ca:03:6c:84:d8:45:12:7d:1a:16:24:2c:2b:4f:2a:fc:3e:9a:
         ba:bd:e4:25:c2:d6:b0:c6:5d:25:95:1e:4b:e1:e9:b8:79:c3:
         05:39:f3:86:df:15:2b:34:56:34:b4:1e:4e:0e:6e:0a:f4:1d:
         6c:d2:35:c1:5a:50:8b:27:8a:23:71:7f:3b:28:34:92:e4:4f:
         40:10:df:2f:19:0d:8c:f0:ff:c2:2d:b3:2f:5a:ca:7e:50:60:
         0d:3d:62:94:1f:30:89:1e:e3:d3:c8:0a:9f:d9:4a:25:2a:95:
         3f:04:77:11:ac:dc:72:fe:c3:2e:a5:96:13:97:92:41:1a:4b:
         c0:72:b7:f7:b1:4a:e8:f2:ba:ed:25:ce:90:2e:48:57:b0:ca:
         59:77:7c:8b:d0:a4:ae:cc:60:b4:27:9c:07:3b:2d:c8:1b:03:
         35:63:e2:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSF0rX6M5joVtPpJxKoVESXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGUxMjRlMGY4YWRiNGU3ZDk1NzZjZWFlMzI1ZjY2OGRk
MjI0YjEwHhcNMjUwMTIwMjIyNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWRiYmY3MDRlYTczZTI3N2Q5OTNiNWQ3YjI5Y2I5Zjc0ZTZkMGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVoA6B1raksAVxA3av1Jf3y/UOEy
h95VJUpqcBfZGHhAJs6q9kIsS1H1dh4YhKyRWV0j67oYS0MRPHFFtF6Tqg2rS280
M30u/JkDgw3LD08oA3hpDQcbardb7mO4bdwF2/xIaVEnnHZCFuEHLtinhLkxgTXh
lTFhR9OQgSrUxeHXq8s/rfsXw9h7g3YGj2oBjPhFZr/0o7JkPmB17Bb45NM6iotH
lHgrqkcHSyIBGbfWcpTRZqyvDh+DLXLS6s4UeUQkMe1OdeGeOXrY7C7ebnE6Wqpy
AiWyASTFNqZwPqT+mU5IjzalzQcUJHqCBrtPjRhUzbKq7/vJvcPTVqB1UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKHbv3BOpz4nfZk7XXspy5905tCyMB8GA1UdIwQY
MBaAFNHeEk4PittOfZV2zq4yX2aN0iSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTct
NGY0YzliMzQzZTkwLzEvb2R1X2NFNm5QaWQ5bVR0ZGV5bkxuM1RtMExJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTctNGY0YzliMzQzZTkw
LzEvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYz3MA0G
CSqGSIb3DQEBCwUAA4IBAQABbf97HIO/wS318BLBF6Bq/tKacvrpQ651RfZzBbVL
DdVmoEZLj8Igikdg5GBZMqxF1GUJjUi77mU7IEGyR+fdHtBfpgUU5oNqNx3LLu09
W9az2apArhz35gnKA2yE2EUSfRoWJCwrTyr8Ppq6veQlwtawxl0llR5L4em4ecMF
OfOG3xUrNFY0tB5ODm4K9B1s0jXBWlCLJ4ojcX87KDSS5E9AEN8vGQ2M8P/CLbMv
Wsp+UGANPWKUHzCJHuPTyAqf2UolKpU/BHcRrNxy/sMupZYTl5JBGkvAcrf3sUro
8rrtJc6QLkhXsMpZd3yL0KSuzGC0J5wHOy3IGwM1Y+Je
-----END CERTIFICATE-----