Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/D2HSpId2VYXPjhlDPg7eWeC18Pw.roa
File:                     D2HSpId2VYXPjhlDPg7eWeC18Pw.roa (raw, json)
Hash identifier:          UXPvVbmh0MzKjV4UFrcu58vEq8RZqO0eg1YthASI72I=
Subject key identifier:   0F:61:D2:A4:87:76:55:85:CF:8E:19:43:3E:0E:DE:59:E0:B5:F0:FC
Certificate issuer:       /CN=9e42ca46688a837b575234ce6a1a326587d6c204
Certificate serial:       019420D625254715FF84263D9562C1087F42
Authority key identifier: 9E:42:CA:46:68:8A:83:7B:57:52:34:CE:6A:1A:32:65:87:D6:C2:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/D2HSpId2VYXPjhlDPg7eWeC18Pw.roa
Signing time:             Wed 01 Jan 2025 07:48:12 +0000
ROA not before:           Wed 01 Jan 2025 07:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8881
IP address blocks:        45.13.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:25:25:47:15:ff:84:26:3d:95:62:c1:08:7f:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e42ca46688a837b575234ce6a1a326587d6c204
        Validity
            Not Before: Jan  1 07:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f61d2a487765585cf8e19433e0ede59e0b5f0fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:96:e3:08:97:42:6a:b9:31:5f:b9:31:5b:66:
                    77:7d:02:f7:56:d2:54:f3:c9:3b:60:9b:2f:72:5b:
                    cf:7a:19:12:0c:bf:68:60:00:33:18:a3:65:c5:cf:
                    4a:0a:8f:13:3c:86:09:02:be:eb:46:03:26:47:94:
                    a9:85:5b:e8:20:b7:76:ad:1a:c4:22:e0:3a:28:6e:
                    d7:41:25:20:1c:cf:3a:8b:d1:fe:11:0d:79:5e:f4:
                    72:85:6f:9a:6b:07:8f:8a:0c:ed:32:09:02:61:de:
                    30:39:6e:b2:e0:65:a0:fd:3d:70:5e:61:4c:8f:3e:
                    b1:03:96:d6:0f:fe:1a:6f:b8:e9:de:f0:89:4b:ec:
                    23:61:ee:7a:47:72:d1:c3:b9:ad:4b:6a:3c:45:03:
                    78:a5:b3:94:f0:cb:cf:2f:1f:3d:41:9f:53:31:e9:
                    9c:cc:16:27:77:04:9d:ae:cf:db:2a:4e:5a:d9:af:
                    e0:8c:a7:33:72:fc:e6:58:63:68:6a:91:80:08:19:
                    35:34:cf:5b:71:6a:07:e5:3a:ac:03:d8:9e:a5:5e:
                    5b:0d:27:0f:f8:be:1e:18:a5:78:4d:43:c5:6b:98:
                    8d:b2:82:fb:f3:71:55:80:8f:5c:04:e6:79:1e:18:
                    ce:68:a3:e7:cf:32:3f:ac:ef:4e:a5:25:33:17:bd:
                    0a:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:61:D2:A4:87:76:55:85:CF:8E:19:43:3E:0E:DE:59:E0:B5:F0:FC
            X509v3 Authority Key Identifier:
                keyid:9E:42:CA:46:68:8A:83:7B:57:52:34:CE:6A:1A:32:65:87:D6:C2:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/D2HSpId2VYXPjhlDPg7eWeC18Pw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:7e:e8:91:de:b3:35:68:60:0b:dc:ae:bb:fe:51:bb:87:78:
         c3:9d:e8:0d:a4:0b:e5:11:0d:3e:bf:fc:2d:a8:1b:d6:e7:84:
         de:ad:96:a1:15:c7:32:41:37:15:65:47:3b:58:7f:53:51:cd:
         43:ae:60:95:d0:d3:90:6f:d7:eb:ab:1d:c0:83:72:3b:cc:86:
         63:b3:aa:cd:3e:ae:7d:f5:d1:7c:12:52:6a:a9:14:9c:53:09:
         9f:29:23:fa:b8:27:98:a2:59:27:dc:c2:4d:52:6f:a4:8f:c5:
         4b:bc:43:09:50:58:5f:c9:bf:7c:65:d2:47:a0:2e:ff:df:a3:
         2b:3a:68:0d:12:45:3a:40:3e:2e:58:94:96:67:26:12:97:85:
         25:ac:95:32:fc:18:05:8f:88:e0:7a:15:51:9f:3a:fb:7e:9b:
         46:34:c9:cd:ab:74:76:ec:94:d2:7f:69:a2:32:69:75:f0:1b:
         0d:6a:b2:63:87:bc:90:4a:d8:10:fa:9b:c0:d1:df:18:83:1e:
         fd:64:e3:5c:26:3f:d9:2d:db:55:b9:35:a1:94:b5:36:cf:b1:
         56:27:ff:25:0e:80:22:b7:a8:98:5a:ec:19:02:92:9f:a9:cf:
         88:12:64:77:f9:50:a4:8a:f8:c4:cc:15:1f:e8:50:8d:4c:0a:
         17:b3:e6:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1iUlRxX/hCY9lWLBCH9CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDJjYTQ2Njg4YTgzN2I1NzUyMzRjZTZhMWEzMjY1ODdk
NmMyMDQwHhcNMjUwMTAxMDc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjYxZDJhNDg3NzY1NTg1Y2Y4ZTE5NDMzZTBlZGU1OWUwYjVmMGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJbjCJdCarkxX7kxW2Z3fQL3VtJU
88k7YJsvclvPehkSDL9oYAAzGKNlxc9KCo8TPIYJAr7rRgMmR5SphVvoILd2rRrE
IuA6KG7XQSUgHM86i9H+EQ15XvRyhW+aawePigztMgkCYd4wOW6y4GWg/T1wXmFM
jz6xA5bWD/4ab7jp3vCJS+wjYe56R3LRw7mtS2o8RQN4pbOU8MvPLx89QZ9TMemc
zBYndwSdrs/bKk5a2a/gjKczcvzmWGNoapGACBk1NM9bcWoH5TqsA9iepV5bDScP
+L4eGKV4TUPFa5iNsoL783FVgI9cBOZ5HhjOaKPnzzI/rO9OpSUzF70KRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9h0qSHdlWFz44ZQz4O3lngtfD8MB8GA1UdIwQY
MBaAFJ5CykZoioN7V1I0zmoaMmWH1sIEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtMS1JtaUtnM3RYVWpUT2Fob3laWWZXd2dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9lZTI3OTMtYTBjOS00MmRjLWE2YTIt
MzI5YmEzODhiN2NmLzEvRDJIU3BJZDJWWVhQamhsRFBnN2VXZUMxOFB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9lZTI3OTMtYTBjOS00MmRjLWE2YTItMzI5YmEzODhiN2Nm
LzEvbmtMS1JtaUtnM3RYVWpUT2Fob3laWWZXd2dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ0PMA0G
CSqGSIb3DQEBCwUAA4IBAQBrfuiR3rM1aGAL3K67/lG7h3jDnegNpAvlEQ0+v/wt
qBvW54TerZahFccyQTcVZUc7WH9TUc1DrmCV0NOQb9frqx3Ag3I7zIZjs6rNPq59
9dF8ElJqqRScUwmfKSP6uCeYolkn3MJNUm+kj8VLvEMJUFhfyb98ZdJHoC7/36Mr
OmgNEkU6QD4uWJSWZyYSl4UlrJUy/BgFj4jgehVRnzr7fptGNMnNq3R27JTSf2mi
Mml18BsNarJjh7yQStgQ+pvA0d8Ygx79ZONcJj/ZLdtVuTWhlLU2z7FWJ/8lDoAi
t6iYWuwZApKfqc+IEmR3+VCkivjEzBUf6FCNTAoXs+YJ
-----END CERTIFICATE-----