Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/IvUzmjfbrcAfjWuG5bEXnsKARX0.roa
File:                     IvUzmjfbrcAfjWuG5bEXnsKARX0.roa (raw, json)
Hash identifier:          n6VtpGGacFVSIXviiCkhoox8/pF8W1r+IL34+q5ydvQ=
Subject key identifier:   22:F5:33:9A:37:DB:AD:C0:1F:8D:6B:86:E5:B1:17:9E:C2:80:45:7D
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       01971A9D6FBEE3D5E5778973FD1A6DF3EA9B
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/IvUzmjfbrcAfjWuG5bEXnsKARX0.roa
Signing time:             Thu 29 May 2025 05:56:54 +0000
ROA not before:           Thu 29 May 2025 05:56:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     268624
IP address blocks:        45.143.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1a:9d:6f:be:e3:d5:e5:77:89:73:fd:1a:6d:f3:ea:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: May 29 05:56:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22f5339a37dbadc01f8d6b86e5b1179ec280457d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:6c:12:48:91:ed:2d:cb:c0:02:10:f5:79:91:
                    06:99:e7:bd:76:a7:f8:42:8a:30:8f:9a:39:e2:0c:
                    06:07:43:38:e2:56:81:56:58:bf:b9:f6:bd:45:f0:
                    ee:50:e5:9a:a2:95:e0:5f:57:ce:b7:31:7d:72:cd:
                    45:cd:7e:72:24:66:29:a2:ef:c9:6c:c4:7c:6a:bd:
                    58:9e:9e:55:f1:d8:54:57:dd:cb:4d:ca:7e:e5:3e:
                    a5:a9:29:32:cd:2f:f9:c3:10:3a:4c:36:90:88:53:
                    f7:0f:37:f8:6c:01:a4:5c:2a:92:da:a3:73:92:d1:
                    4d:e1:6e:58:7a:bd:46:80:d1:10:34:99:8e:57:67:
                    81:a4:4b:e7:c0:41:bb:b2:ab:7e:46:1a:1a:19:19:
                    5f:25:81:d3:04:57:3d:35:b6:7c:d5:c2:f8:6f:84:
                    13:04:f0:16:d5:f0:0e:ec:9c:8b:38:8b:69:86:35:
                    a3:97:4e:6c:ef:06:d0:96:d5:07:3d:e2:b9:1f:0a:
                    86:ca:01:50:9b:b9:d8:39:74:38:23:d7:0d:97:ef:
                    e6:b9:52:73:57:45:77:4f:17:cb:04:51:fd:c6:eb:
                    18:71:5c:80:bb:bc:14:2e:52:ba:4c:57:ae:ad:07:
                    35:80:52:b9:ad:52:a4:29:22:e6:1a:cb:2e:cb:36:
                    9d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:F5:33:9A:37:DB:AD:C0:1F:8D:6B:86:E5:B1:17:9E:C2:80:45:7D
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/IvUzmjfbrcAfjWuG5bEXnsKARX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:a1:c5:6e:75:a7:72:d3:66:18:bd:35:2b:1e:c1:18:e7:a3:
         a2:40:64:5f:2d:5e:59:25:44:a5:f2:26:bf:d9:f4:2a:5a:6a:
         78:24:92:7f:70:06:ff:04:39:05:b2:59:aa:26:c6:09:3a:ae:
         cc:2e:a9:1e:04:97:12:72:c6:df:1c:73:d1:d5:be:2c:f4:68:
         a4:a3:38:91:36:f2:54:76:c2:02:c1:c4:ae:ac:5e:58:63:79:
         35:51:b3:76:7a:d8:a9:45:26:6c:de:4f:ab:67:e7:7f:85:a0:
         a9:26:88:0d:69:cc:92:fe:cf:f7:60:0b:de:f9:81:32:8f:d9:
         34:d6:64:60:06:c6:b2:d7:9f:78:9a:3a:36:26:03:04:d1:1a:
         50:91:97:10:10:0e:b3:6f:97:74:c0:19:9c:26:a5:84:2b:01:
         32:9f:49:68:f9:72:a1:13:70:f7:85:87:90:34:6c:fa:b8:8d:
         91:b7:33:e2:65:ad:a5:76:b5:83:26:ca:9d:e6:d1:ae:db:c1:
         cf:5f:a8:ab:fb:d2:09:86:9c:15:3c:a0:6d:c4:a5:58:d5:2d:
         da:fd:cf:71:da:33:66:e1:ed:0f:f9:df:3b:b3:c0:b0:08:97:
         08:76:52:be:8c:5b:95:3c:48:9b:9c:eb:72:63:78:1e:db:03:
         8b:00:c8:b1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZcanW++49Xld4lz/Rpt8+qbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjUwNTI5MDU1NjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmY1MzM5YTM3ZGJhZGMwMWY4ZDZiODZlNWIxMTc5ZWMyODA0NTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGwSSJHtLcvAAhD1eZEGmee9dqf4
Qoowj5o54gwGB0M44laBVli/ufa9RfDuUOWaopXgX1fOtzF9cs1FzX5yJGYpou/J
bMR8ar1Ynp5V8dhUV93LTcp+5T6lqSkyzS/5wxA6TDaQiFP3Dzf4bAGkXCqS2qNz
ktFN4W5Yer1GgNEQNJmOV2eBpEvnwEG7sqt+RhoaGRlfJYHTBFc9NbZ81cL4b4QT
BPAW1fAO7JyLOItphjWjl05s7wbQltUHPeK5HwqGygFQm7nYOXQ4I9cNl+/muVJz
V0V3TxfLBFH9xusYcVyAu7wULlK6TFeurQc1gFK5rVKkKSLmGssuyzadTQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCL1M5o3263AH41rhuWxF57CgEV9MB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xL0l2VXptamZicmNBZmpXdUc1YkVYbnNLQVJYMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtjwcw
DQYJKoZIhvcNAQELBQADggEBAHChxW51p3LTZhi9NSsewRjno6JAZF8tXlklRKXy
Jr/Z9Cpaangkkn9wBv8EOQWyWaomxgk6rswuqR4ElxJyxt8cc9HVviz0aKSjOJE2
8lR2wgLBxK6sXlhjeTVRs3Z62KlFJmzeT6tn53+FoKkmiA1pzJL+z/dgC975gTKP
2TTWZGAGxrLXn3iaOjYmAwTRGlCRlxAQDrNvl3TAGZwmpYQrATKfSWj5cqETcPeF
h5A0bPq4jZG3M+JlraV2tYMmyp3m0a7bwc9fqKv70gmGnBU8oG3EpVjVLdr9z3Ha
M2bh7Q/53zuzwLAIlwh2Ur6MW5U8SJuc63JjeB7bA4sAyLE=
-----END CERTIFICATE-----