Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/1Au5Z5nGoqTJTIUg3MEmF0l6qLQ.roa
File:                     1Au5Z5nGoqTJTIUg3MEmF0l6qLQ.roa (raw, json)
Hash identifier:          IvdLtqnBMyGRWSVQH7Ip2GpcjvgrFZiBYsuGVCM6qKU=
Subject key identifier:   D4:0B:B9:67:99:C6:A2:A4:C9:4C:85:20:DC:C1:26:17:49:7A:A8:B4
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019427B5B442049FD2B81DD2255D60686C13
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/1Au5Z5nGoqTJTIUg3MEmF0l6qLQ.roa
Signing time:             Thu 02 Jan 2025 15:50:07 +0000
ROA not before:           Thu 02 Jan 2025 15:50:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215238
IP address blocks:        45.150.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:b4:42:04:9f:d2:b8:1d:d2:25:5d:60:68:6c:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  2 15:50:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d40bb96799c6a2a4c94c8520dcc12617497aa8b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:9e:5f:aa:8c:42:60:6a:e7:d3:ee:b5:09:44:
                    06:58:10:a9:16:a0:d2:db:c4:4c:f9:db:a8:9b:b0:
                    37:39:a0:86:f9:88:5f:cd:d8:7b:d0:a9:e6:3a:09:
                    3b:76:13:21:72:b3:3d:ac:96:aa:ed:f1:d9:5b:90:
                    50:1f:54:9b:ec:10:e5:39:75:b5:61:cf:2d:a9:33:
                    95:9a:30:86:39:1e:ac:60:ac:26:02:0b:65:73:e3:
                    14:8d:65:ba:7b:77:79:8a:1f:db:0d:a6:75:ec:e9:
                    c4:96:90:85:69:dd:47:d5:93:c0:f6:90:e2:2e:48:
                    0c:8f:c6:3a:dc:21:68:50:6a:57:ef:a5:58:6f:12:
                    17:46:5b:90:37:c0:0d:5e:83:c2:47:b1:c9:17:53:
                    1f:e1:86:92:e8:8c:29:82:12:c0:5f:48:30:cd:d5:
                    42:bf:a5:ed:e2:4f:7e:44:35:dd:72:5a:64:56:c8:
                    75:92:58:3d:13:57:93:d6:ab:fb:86:35:8e:b5:fb:
                    be:bc:df:ee:06:bd:3e:42:57:b5:12:84:64:6d:d4:
                    4b:80:69:3a:ea:3b:0b:33:c7:18:5e:80:68:9b:64:
                    b9:48:fe:23:39:b5:1b:0a:dd:e4:d6:9d:4b:19:dd:
                    f4:0c:d8:e3:da:a5:de:19:80:14:71:6b:45:74:ba:
                    d0:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:0B:B9:67:99:C6:A2:A4:C9:4C:85:20:DC:C1:26:17:49:7A:A8:B4
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/1Au5Z5nGoqTJTIUg3MEmF0l6qLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:45:04:a5:e6:dc:df:97:44:3f:31:66:ff:15:cf:6d:d9:6f:
         46:2a:da:64:16:90:ba:a2:7e:01:26:0a:44:d7:30:00:63:54:
         58:c4:fd:42:00:9b:20:84:85:ed:cf:a7:28:c6:00:48:d0:f9:
         76:88:8b:e2:56:6b:3d:a9:12:f9:a3:4b:e9:44:f1:15:70:42:
         f5:34:2f:26:f4:dc:ff:b3:53:e8:09:4d:ba:3f:5b:cc:d6:6d:
         fb:37:c3:0e:64:9e:a0:0b:18:d8:76:91:bd:e6:20:5b:9e:3b:
         87:05:6c:da:f6:5e:58:2e:a7:ad:6f:78:82:40:bb:44:6f:9b:
         56:53:c8:92:4a:9c:41:74:84:08:ac:fd:5b:3c:ba:1f:b7:d2:
         a1:58:39:ef:aa:5a:82:92:d1:09:2b:da:19:12:da:1b:d9:63:
         05:34:d5:b3:a0:f1:59:ac:00:03:02:4b:2c:90:dd:99:ab:01:
         96:3e:3f:38:0d:32:2f:c8:f4:d7:1f:12:b3:cd:cd:9a:66:87:
         f0:6f:72:01:25:5c:fb:4d:20:fe:da:93:4e:48:41:d7:0d:2a:
         e5:0f:69:8b:ca:60:9b:4c:f8:4b:aa:f6:b4:2d:93:b4:8d:3b:
         c6:c9:37:57:4f:5b:6f:80:76:5d:94:af:02:26:cd:56:ab:e1:
         78:f9:2b:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntbRCBJ/SuB3SJV1gaGwTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwMTAyMTU1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDBiYjk2Nzk5YzZhMmE0Yzk0Yzg1MjBkY2MxMjYxNzQ5N2FhOGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5J5fqoxCYGrn0+61CUQGWBCpFqDS
28RM+duom7A3OaCG+Yhfzdh70KnmOgk7dhMhcrM9rJaq7fHZW5BQH1Sb7BDlOXW1
Yc8tqTOVmjCGOR6sYKwmAgtlc+MUjWW6e3d5ih/bDaZ17OnElpCFad1H1ZPA9pDi
LkgMj8Y63CFoUGpX76VYbxIXRluQN8ANXoPCR7HJF1Mf4YaS6IwpghLAX0gwzdVC
v6Xt4k9+RDXdclpkVsh1klg9E1eT1qv7hjWOtfu+vN/uBr0+Qle1EoRkbdRLgGk6
6jsLM8cYXoBom2S5SP4jObUbCt3k1p1LGd30DNjj2qXeGYAUcWtFdLrQCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQLuWeZxqKkyUyFINzBJhdJeqi0MB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvMUF1NVo1bkdvcVRKVElVZzNNRW1GMGw2cUxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZaVMA0G
CSqGSIb3DQEBCwUAA4IBAQCPRQSl5tzfl0Q/MWb/Fc9t2W9GKtpkFpC6on4BJgpE
1zAAY1RYxP1CAJsghIXtz6coxgBI0Pl2iIviVms9qRL5o0vpRPEVcEL1NC8m9Nz/
s1PoCU26P1vM1m37N8MOZJ6gCxjYdpG95iBbnjuHBWza9l5YLqetb3iCQLtEb5tW
U8iSSpxBdIQIrP1bPLoft9KhWDnvqlqCktEJK9oZEtob2WMFNNWzoPFZrAADAkss
kN2ZqwGWPj84DTIvyPTXHxKzzc2aZofwb3IBJVz7TSD+2pNOSEHXDSrlD2mLymCb
TPhLqva0LZO0jTvGyTdXT1tvgHZdlK8CJs1Wq+F4+StA
-----END CERTIFICATE-----