Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/DPety_jnIlz1JoKIkUOdvSdzlkA.roa
File:                     DPety_jnIlz1JoKIkUOdvSdzlkA.roa (raw, json)
Hash identifier:          8Qo2m3ff3vX5xCcQXsmVD5nJfQNAALizPwwsueUp9rc=
Subject key identifier:   0C:F7:AD:CB:F8:E7:22:5C:F5:26:82:88:91:43:9D:BD:27:73:96:40
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       0196F4B3044DB15847CEA5614DA56BF43598
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/DPety_jnIlz1JoKIkUOdvSdzlkA.roa
Signing time:             Wed 21 May 2025 21:14:54 +0000
ROA not before:           Wed 21 May 2025 21:14:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57844
IP address blocks:        45.141.208.0/22 maxlen: 24
                          45.150.8.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f4:b3:04:4d:b1:58:47:ce:a5:61:4d:a5:6b:f4:35:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: May 21 21:14:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0cf7adcbf8e7225cf526828891439dbd27739640
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2b:7d:aa:86:c7:26:12:ac:1e:fa:75:6d:10:
                    57:50:92:be:73:d3:72:e4:17:8b:29:87:6a:33:19:
                    90:6a:d3:72:f1:76:88:cd:f6:10:ad:c6:4b:43:db:
                    88:48:f6:ce:ef:e0:ee:6d:33:7d:ab:6e:6c:f6:0a:
                    58:1b:a6:98:9a:b8:57:72:df:d3:f9:36:fc:85:6a:
                    32:8b:25:7c:de:8f:20:eb:a6:06:34:7d:c6:31:a7:
                    70:49:b7:44:b0:d3:62:43:0a:8b:70:8d:10:2c:a3:
                    fb:63:22:62:54:68:f6:09:80:79:09:4d:a7:c6:e9:
                    d5:a9:25:0b:b1:ec:c6:b8:30:4b:d6:1b:ba:de:8d:
                    f5:cf:1d:92:03:48:f2:35:91:7f:0a:a5:99:73:dd:
                    bb:4d:f5:75:85:1b:ae:18:a2:5b:4c:75:45:da:bb:
                    28:eb:9a:a4:63:7c:d8:05:9c:dd:f0:fe:0e:6e:44:
                    27:02:33:a7:44:4c:f2:96:01:c5:ee:9e:bf:61:5b:
                    81:f3:02:2c:42:2f:f2:1d:5c:18:94:40:c8:da:53:
                    28:ea:37:d6:f3:00:40:e0:7d:e0:11:c2:d9:e5:f6:
                    ee:e4:fd:96:18:df:eb:da:c8:df:a2:92:3b:9b:68:
                    dd:31:53:02:a5:f7:31:fe:a7:f6:71:3f:61:2c:82:
                    72:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:F7:AD:CB:F8:E7:22:5C:F5:26:82:88:91:43:9D:BD:27:73:96:40
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/DPety_jnIlz1JoKIkUOdvSdzlkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.208.0/22
                  45.150.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:43:c2:51:e0:5f:39:00:01:d0:f9:13:a8:84:ab:ad:f2:1d:
         44:c5:0e:2e:c4:df:d8:52:10:d1:13:d2:10:45:61:ae:98:1b:
         04:5a:c9:c9:23:f4:2f:44:69:dd:ce:2e:98:89:4a:ac:80:5d:
         8f:47:0c:9f:17:e0:e1:6c:f9:f2:f8:3f:ea:a6:4e:87:71:7f:
         19:cf:16:68:c4:2b:1c:cf:01:70:e3:61:a7:75:84:f5:a7:40:
         e6:ec:cd:f6:85:7f:5f:e6:f3:cd:12:9f:a5:38:f1:ec:d1:ea:
         05:95:7f:80:8b:c2:18:e3:a2:d7:63:e5:b5:d5:55:f9:c5:bd:
         d4:d9:b1:17:37:0a:f5:28:4b:d4:82:e3:2c:36:d3:ed:bd:10:
         7e:9a:54:c5:28:bd:83:df:0e:b3:f0:da:a8:5b:d6:d0:3e:1f:
         c8:90:9c:6d:a2:26:31:1f:a0:25:43:96:8e:f6:2b:90:19:dd:
         cf:76:99:83:3c:d8:6c:33:d5:d1:31:19:8d:60:df:ef:8b:9e:
         17:2b:10:0a:ea:cd:d7:91:69:6b:60:0d:2c:2a:db:4e:88:29:
         9c:52:a6:fe:25:9e:b7:81:d3:2a:c5:c1:07:79:52:f6:55:4b:
         15:26:c2:ac:ff:21:d3:5c:29:55:cc:3a:43:e7:25:72:40:a4:
         4c:9f:e5:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZb0swRNsVhHzqVhTaVr9DWYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjUwNTIxMjExNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2Y3YWRjYmY4ZTcyMjVjZjUyNjgyODg5MTQzOWRiZDI3NzM5NjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyt9qobHJhKsHvp1bRBXUJK+c9Ny
5BeLKYdqMxmQatNy8XaIzfYQrcZLQ9uISPbO7+DubTN9q25s9gpYG6aYmrhXct/T
+Tb8hWoyiyV83o8g66YGNH3GMadwSbdEsNNiQwqLcI0QLKP7YyJiVGj2CYB5CU2n
xunVqSULsezGuDBL1hu63o31zx2SA0jyNZF/CqWZc927TfV1hRuuGKJbTHVF2rso
65qkY3zYBZzd8P4ObkQnAjOnREzylgHF7p6/YVuB8wIsQi/yHVwYlEDI2lMo6jfW
8wBA4H3gEcLZ5fbu5P2WGN/r2sjfopI7m2jdMVMCpfcx/qf2cT9hLIJyTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAz3rcv45yJc9SaCiJFDnb0nc5ZAMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvRFBldHlfam5JbHoxSm9LSWtVT2R2U2R6bGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLY3QAwQC
LZYIMA0GCSqGSIb3DQEBCwUAA4IBAQBdQ8JR4F85AAHQ+ROohKut8h1ExQ4uxN/Y
UhDRE9IQRWGumBsEWsnJI/QvRGndzi6YiUqsgF2PRwyfF+DhbPny+D/qpk6HcX8Z
zxZoxCsczwFw42GndYT1p0Dm7M32hX9f5vPNEp+lOPHs0eoFlX+Ai8IY46LXY+W1
1VX5xb3U2bEXNwr1KEvUguMsNtPtvRB+mlTFKL2D3w6z8NqoW9bQPh/IkJxtoiYx
H6AlQ5aO9iuQGd3PdpmDPNhsM9XRMRmNYN/vi54XKxAK6s3XkWlrYA0sKttOiCmc
Uqb+JZ63gdMqxcEHeVL2VUsVJsKs/yHTXClVzDpD5yVyQKRMn+W/
-----END CERTIFICATE-----