Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/wvlIJaBXdAerQ4c5dRBxRunJgjQ.roa
File:                     wvlIJaBXdAerQ4c5dRBxRunJgjQ.roa (raw, json)
Hash identifier:          JyQWbotgOXPXDAJ2gTdNj+PiW7DZmyYe59ktU38Qs6o=
Subject key identifier:   C2:F9:48:25:A0:57:74:07:AB:43:87:39:75:10:71:46:E9:C9:82:34
Certificate issuer:       /CN=ff44dbaca56dac319401f68a50d917f5424611ad
Certificate serial:       0195F2FD2043129D1C9CA14CC068A337B565
Authority key identifier: FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/wvlIJaBXdAerQ4c5dRBxRunJgjQ.roa
Signing time:             Tue 01 Apr 2025 20:13:49 +0000
ROA not before:           Tue 01 Apr 2025 20:13:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25693
IP address blocks:        45.143.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 20:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f2:fd:20:43:12:9d:1c:9c:a1:4c:c0:68:a3:37:b5:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff44dbaca56dac319401f68a50d917f5424611ad
        Validity
            Not Before: Apr  1 20:13:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2f94825a0577407ab43873975107146e9c98234
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:77:42:56:e8:cd:75:c8:fd:ef:49:de:22:8a:
                    b7:ad:69:fe:ee:50:37:3b:0d:0c:f3:62:f9:6c:6b:
                    1f:17:be:91:eb:40:2d:b4:86:c0:24:f9:6b:12:7c:
                    d8:8d:06:28:ff:6f:8f:9a:c1:7a:ad:cb:e5:3e:b5:
                    68:e6:9b:d5:d8:5c:89:34:87:02:a6:9d:67:34:a5:
                    ee:a4:8d:c5:aa:23:56:69:1a:79:50:fe:18:ff:b1:
                    02:bb:80:f1:8d:e2:31:e2:e6:f2:95:e5:0b:6c:71:
                    96:92:63:f1:d9:d5:75:ba:a0:be:60:de:92:2b:64:
                    7c:69:b6:df:c0:ed:fc:44:e3:06:d0:db:1e:3d:83:
                    38:99:3a:78:f7:e0:80:f5:9a:4c:12:a8:3b:c1:21:
                    dd:bc:c5:45:59:51:8b:e2:6b:9b:c0:bb:f4:dd:46:
                    ec:9a:62:d8:20:74:4e:82:2c:28:b3:54:31:51:85:
                    e4:09:dc:d0:55:68:b7:e6:ca:7a:93:e3:46:07:b0:
                    96:9d:bf:a1:14:8c:79:99:9c:ca:0e:b5:6c:c9:53:
                    89:ab:a0:43:10:e0:84:f8:87:37:86:b8:e9:fd:aa:
                    a9:83:25:e7:ba:b8:1a:8c:e1:bb:77:dd:5f:8e:33:
                    08:88:27:21:9d:82:20:36:2d:79:82:85:e4:fd:71:
                    29:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:F9:48:25:A0:57:74:07:AB:43:87:39:75:10:71:46:E9:C9:82:34
            X509v3 Authority Key Identifier:
                keyid:FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/wvlIJaBXdAerQ4c5dRBxRunJgjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:0f:a4:3a:51:fa:b0:10:db:b2:f9:29:30:45:53:58:b5:e2:
         45:3b:08:7e:85:11:03:4f:de:fb:cb:a4:84:fb:86:6f:46:4e:
         b0:cc:25:61:15:17:9f:e6:2b:ad:4c:e5:bd:e6:93:10:4c:2c:
         df:97:0b:33:30:43:42:2d:cc:8b:01:8d:77:f9:1c:dc:31:26:
         b6:92:0b:64:8a:e6:e5:93:a4:ef:6e:6b:4b:8e:a2:d1:ce:48:
         52:4d:c8:53:14:91:6d:81:63:b8:44:86:7c:75:c0:cc:d8:df:
         10:d9:c4:c1:e9:31:e9:1d:56:fa:ef:8b:40:8c:a1:cf:32:31:
         80:1f:2f:64:bc:ee:cf:50:0f:28:a3:dd:37:e2:5f:68:2a:58:
         f9:52:97:50:15:bb:d8:c5:4c:4d:9a:7e:61:a6:15:f6:43:6f:
         13:7c:e8:ae:77:4b:78:9d:97:96:8d:eb:4b:3a:2b:e2:8d:35:
         29:44:c0:24:95:e7:5a:f6:e0:d9:d1:ca:ba:2a:58:94:55:f3:
         d7:a3:fa:b5:ed:d3:08:98:f0:48:50:c4:aa:f4:72:45:62:aa:
         56:93:42:6f:f0:0a:71:ec:7b:63:0e:79:e8:34:d5:c4:cd:07:
         4d:f0:0e:8a:58:3d:0f:ce:60:4d:b1:47:04:e7:4f:df:4c:33:
         57:d4:26:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXy/SBDEp0cnKFMwGijN7VlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNDRkYmFjYTU2ZGFjMzE5NDAxZjY4YTUwZDkxN2Y1NDI0
NjExYWQwHhcNMjUwNDAxMjAxMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmY5NDgyNWEwNTc3NDA3YWI0Mzg3Mzk3NTEwNzE0NmU5Yzk4MjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAundCVujNdcj970neIoq3rWn+7lA3
Ow0M82L5bGsfF76R60AttIbAJPlrEnzYjQYo/2+PmsF6rcvlPrVo5pvV2FyJNIcC
pp1nNKXupI3FqiNWaRp5UP4Y/7ECu4DxjeIx4ubyleULbHGWkmPx2dV1uqC+YN6S
K2R8abbfwO38ROMG0NsePYM4mTp49+CA9ZpMEqg7wSHdvMVFWVGL4mubwLv03Ubs
mmLYIHROgiwos1QxUYXkCdzQVWi35sp6k+NGB7CWnb+hFIx5mZzKDrVsyVOJq6BD
EOCE+Ic3hrjp/aqpgyXnurgajOG7d91fjjMIiCchnYIgNi15goXk/XEpewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFML5SCWgV3QHq0OHOXUQcUbpyYI0MB8GA1UdIwQY
MBaAFP9E26ylbawxlAH2ilDZF/VCRhGtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4Mjct
YzVkODk1MDgxOGVjLzEvd3ZsSUphQlhkQWVyUTRjNWRSQnhSdW5KZ2pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4MjctYzVkODk1MDgxOGVj
LzEvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY8LMA0G
CSqGSIb3DQEBCwUAA4IBAQA3D6Q6UfqwENuy+SkwRVNYteJFOwh+hREDT977y6SE
+4ZvRk6wzCVhFRef5iutTOW95pMQTCzflwszMENCLcyLAY13+RzcMSa2kgtkiubl
k6TvbmtLjqLRzkhSTchTFJFtgWO4RIZ8dcDM2N8Q2cTB6THpHVb674tAjKHPMjGA
Hy9kvO7PUA8oo9034l9oKlj5UpdQFbvYxUxNmn5hphX2Q28TfOiud0t4nZeWjetL
OivijTUpRMAkleda9uDZ0cq6KliUVfPXo/q17dMImPBIUMSq9HJFYqpWk0Jv8Apx
7HtjDnnoNNXEzQdN8A6KWD0PzmBNsUcE50/fTDNX1CbL
-----END CERTIFICATE-----