Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/vIPavSA0ye-zqylLLKxuIsQzJlk.roa
File:                     vIPavSA0ye-zqylLLKxuIsQzJlk.roa (raw, json)
Hash identifier:          WLpp8QSnmENV9oktAVzwuB3DYwRGQDk/gj7PT0BkAQY=
Subject key identifier:   BC:83:DA:BD:20:34:C9:EF:B3:AB:29:4B:2C:AC:6E:22:C4:33:26:59
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01957F975ECA1E5AAF384A0995DFD04B4094
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/vIPavSA0ye-zqylLLKxuIsQzJlk.roa
Signing time:             Mon 10 Mar 2025 10:26:21 +0000
ROA not before:           Mon 10 Mar 2025 10:26:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198037
IP address blocks:        45.148.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 21:50:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:7f:97:5e:ca:1e:5a:af:38:4a:09:95:df:d0:4b:40:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Mar 10 10:26:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc83dabd2034c9efb3ab294b2cac6e22c4332659
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:fb:4c:a3:b6:31:f8:90:82:d4:5e:b4:78:ca:
                    4d:96:2f:02:94:ca:41:a9:e0:83:13:e3:62:41:5f:
                    ec:98:55:86:33:e7:4d:7d:78:b6:64:a6:66:b8:68:
                    5a:2d:96:8b:86:e6:ba:ed:f8:80:ca:c4:bc:79:0f:
                    eb:2d:65:67:e9:dc:54:be:f2:e4:a0:ef:c9:05:3c:
                    ca:c6:48:8c:b7:7e:7d:c1:e3:80:d6:88:47:93:77:
                    98:e3:e1:83:9b:05:d0:6a:15:3c:ed:04:54:d5:aa:
                    43:6e:9d:7f:77:58:62:99:39:43:5c:00:91:3d:ff:
                    c1:0f:4c:ed:49:57:e8:25:87:25:01:57:54:17:3e:
                    b9:b0:33:30:d4:16:5d:08:01:9a:5d:e6:02:90:ab:
                    86:88:69:8a:4c:c7:7e:6e:df:60:f6:72:4a:45:8f:
                    1e:89:26:e1:0a:9f:c8:99:04:15:66:57:a9:a9:5e:
                    30:5f:ed:fb:ca:ae:94:da:f7:22:d6:63:4e:7b:1f:
                    50:70:14:5b:0f:67:7b:ee:a7:00:42:10:54:7a:34:
                    35:25:2e:56:bb:fc:e0:9f:4f:4a:ca:57:a4:82:b5:
                    dd:b1:57:c8:85:8f:bf:00:32:cb:05:54:67:1a:81:
                    69:e7:65:06:51:96:8f:3c:3e:be:d9:9f:88:d4:e3:
                    13:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:83:DA:BD:20:34:C9:EF:B3:AB:29:4B:2C:AC:6E:22:C4:33:26:59
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/vIPavSA0ye-zqylLLKxuIsQzJlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:d5:12:7d:58:06:34:4f:2c:88:e9:cf:4b:9d:06:35:56:bd:
         12:62:e3:e5:79:5f:ae:79:f4:44:19:8d:10:4f:55:ce:f8:7f:
         59:2f:23:20:0b:11:70:f8:62:0e:89:75:1d:b1:d6:7b:2a:8e:
         bb:c2:00:d0:d6:98:0b:c4:d7:47:86:a7:62:43:5c:b7:e5:ac:
         54:6f:1d:c2:eb:ea:99:2c:68:d9:a5:59:22:33:b6:e2:a3:21:
         4b:ee:2d:53:52:80:3c:68:69:19:d9:65:e8:49:ba:18:e3:50:
         df:49:a7:b5:a6:09:ca:bd:30:56:4e:de:df:e6:ca:68:83:36:
         cd:17:9b:76:66:14:d6:69:2c:12:5d:b7:6c:66:24:5a:a3:04:
         68:d9:36:ff:bc:4d:54:48:e6:4b:76:23:70:c8:df:84:b4:4d:
         5a:77:7a:0d:6d:a2:c9:8c:e4:d5:25:35:ec:84:4a:d9:17:ac:
         39:74:2a:bf:2b:4e:f0:2c:c7:0d:44:0d:7c:26:d5:b9:b8:5d:
         99:97:8b:0b:e5:0c:1d:64:40:1f:bf:a5:85:10:20:25:e3:2e:
         f8:6a:ef:e6:6a:f7:b0:e6:bb:dd:d2:e2:b9:96:58:6c:1d:49:
         ca:6c:8b:60:75:4b:7d:99:ca:5d:47:6f:57:d8:44:2d:6c:9c:
         db:7b:ea:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZV/l17KHlqvOEoJld/QS0CUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMzEwMTAyNjIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzgzZGFiZDIwMzRjOWVmYjNhYjI5NGIyY2FjNmUyMmM0MzMyNjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/tMo7Yx+JCC1F60eMpNli8ClMpB
qeCDE+NiQV/smFWGM+dNfXi2ZKZmuGhaLZaLhua67fiAysS8eQ/rLWVn6dxUvvLk
oO/JBTzKxkiMt359weOA1ohHk3eY4+GDmwXQahU87QRU1apDbp1/d1himTlDXACR
Pf/BD0ztSVfoJYclAVdUFz65sDMw1BZdCAGaXeYCkKuGiGmKTMd+bt9g9nJKRY8e
iSbhCp/ImQQVZlepqV4wX+37yq6U2vci1mNOex9QcBRbD2d77qcAQhBUejQ1JS5W
u/zgn09KylekgrXdsVfIhY+/ADLLBVRnGoFp52UGUZaPPD6+2Z+I1OMT+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyD2r0gNMnvs6spSyysbiLEMyZZMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdklQYXZTQTB5ZS16cXlsTExLeHVJc1F6SmxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZR1MA0G
CSqGSIb3DQEBCwUAA4IBAQAb1RJ9WAY0TyyI6c9LnQY1Vr0SYuPleV+uefREGY0Q
T1XO+H9ZLyMgCxFw+GIOiXUdsdZ7Ko67wgDQ1pgLxNdHhqdiQ1y35axUbx3C6+qZ
LGjZpVkiM7bioyFL7i1TUoA8aGkZ2WXoSboY41DfSae1pgnKvTBWTt7f5spogzbN
F5t2ZhTWaSwSXbdsZiRaowRo2Tb/vE1USOZLdiNwyN+EtE1ad3oNbaLJjOTVJTXs
hErZF6w5dCq/K07wLMcNRA18JtW5uF2Zl4sL5QwdZEAfv6WFECAl4y74au/mavew
5rvd0uK5llhsHUnKbItgdUt9mcpdR29X2EQtbJzbe+rn
-----END CERTIFICATE-----