Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/1-IWmPGtJ5CTq3OMRiJwJOr0g26I.roa
File:                     1-IWmPGtJ5CTq3OMRiJwJOr0g26I.roa (raw, json)
Hash identifier:          I9qlf/NVdWHCcUFphZpTAjHqHpTV98ZokV5i2bE0ieg=
Subject key identifier:   F8:85:A6:3C:6B:49:E4:24:EA:DC:E3:11:88:9C:09:3A:BD:20:DB:A2
Certificate issuer:       /CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Certificate serial:       01941F8C87F8AD7691CC202C7AE222133A2C
Authority key identifier: 2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/1-IWmPGtJ5CTq3OMRiJwJOr0g26I.roa
Signing time:             Wed 01 Jan 2025 01:48:11 +0000
ROA not before:           Wed 01 Jan 2025 01:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49981
IP address blocks:        45.145.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:87:f8:ad:76:91:cc:20:2c:7a:e2:22:13:3a:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
        Validity
            Not Before: Jan  1 01:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f885a63c6b49e424eadce311889c093abd20dba2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:33:a1:d6:1e:50:d7:7a:9e:30:9a:ab:5b:63:
                    11:fe:9d:3e:a2:36:89:8f:f8:42:4b:f0:85:36:fe:
                    fa:93:02:83:ad:c8:0e:76:a3:7d:cb:18:3d:5f:c7:
                    f1:be:3a:47:f0:8b:ea:2d:37:14:7b:52:f0:6a:a3:
                    d1:9c:40:14:c0:0c:1f:ac:eb:df:53:9c:c0:f3:bd:
                    39:b1:66:4b:ca:8b:fc:e1:34:f5:33:9b:0b:57:f4:
                    65:10:5d:ea:d0:7c:e3:5c:22:ad:0d:56:48:65:79:
                    03:b5:2b:e6:4d:49:8d:cc:ed:83:a1:4d:61:88:2e:
                    c2:fa:ad:d8:da:f4:71:9a:5b:7e:40:60:e1:b4:a5:
                    43:48:2a:71:da:0a:bb:ca:c4:95:37:25:9a:b6:1f:
                    bb:a7:fa:ca:58:ba:64:d0:1a:61:35:ae:86:41:74:
                    4f:2f:c6:e5:68:b0:45:1d:76:c3:83:62:31:d3:fc:
                    9c:e6:96:98:57:13:a2:51:59:2c:df:6c:e8:46:cf:
                    8a:0c:62:8d:53:34:38:7a:be:7f:35:42:1f:51:a8:
                    74:1a:6e:7b:f4:1e:58:27:eb:0f:3f:c2:37:86:c1:
                    ec:64:7d:9e:a5:a0:e0:ff:02:52:71:7a:c2:b0:26:
                    1e:8e:b9:90:68:3b:f7:a6:8a:9f:e6:51:1d:18:ee:
                    66:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:85:A6:3C:6B:49:E4:24:EA:DC:E3:11:88:9C:09:3A:BD:20:DB:A2
            X509v3 Authority Key Identifier:
                keyid:2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/1-IWmPGtJ5CTq3OMRiJwJOr0g26I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:65:0b:62:c0:ce:9d:b5:e3:bb:0e:25:47:5e:ed:50:6b:dd:
         de:9b:5f:42:c8:bb:44:79:b7:11:76:80:0e:d7:19:aa:00:64:
         f6:d2:28:e0:c6:b9:69:47:14:22:32:91:3d:ed:96:9f:55:df:
         11:5b:62:4c:88:03:b0:86:38:b9:e5:53:b8:24:00:bd:1d:09:
         fb:92:78:02:01:d7:f1:8f:f8:4a:ea:3a:ac:bc:b2:cc:c7:0b:
         13:b2:7c:85:50:07:57:48:99:9f:44:82:03:64:82:0c:d4:fa:
         c3:f7:52:aa:64:76:f3:b8:2d:de:df:56:f7:6a:72:89:f1:8d:
         fb:15:3c:b8:95:ec:b6:a9:2a:91:c5:75:e0:5e:e7:23:49:e9:
         d6:fb:ab:c2:cd:15:dd:09:17:7f:50:da:bd:62:93:40:81:07:
         5c:0c:0d:69:57:74:cf:dd:f3:c4:3d:7b:ee:92:46:6c:f9:d0:
         a6:71:21:3a:cd:38:65:82:e9:3c:d4:7d:73:c8:36:a1:4e:d8:
         6e:05:88:a6:38:fd:5e:2a:bf:8c:91:7f:51:3a:af:6c:c9:10:
         ce:c2:b9:59:6b:9f:e2:f9:89:7d:4b:da:67:5d:32:8b:17:4b:
         95:f4:ba:ff:a0:9b:d8:f4:61:ec:e1:aa:8f:b0:d5:a0:fe:4e:
         f7:cb:4c:99
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQfjIf4rXaRzCAseuIiEzosMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMTE2NGE5YjUwMTNkNjJmMDUxMzQ0ZjZkZjkxZjEzYmM3
ZWNiMGYwHhcNMjUwMTAxMDE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODg1YTYzYzZiNDllNDI0ZWFkY2UzMTE4ODljMDkzYWJkMjBkYmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDOh1h5Q13qeMJqrW2MR/p0+ojaJ
j/hCS/CFNv76kwKDrcgOdqN9yxg9X8fxvjpH8IvqLTcUe1LwaqPRnEAUwAwfrOvf
U5zA8705sWZLyov84TT1M5sLV/RlEF3q0HzjXCKtDVZIZXkDtSvmTUmNzO2DoU1h
iC7C+q3Y2vRxmlt+QGDhtKVDSCpx2gq7ysSVNyWath+7p/rKWLpk0BphNa6GQXRP
L8blaLBFHXbDg2Ix0/yc5paYVxOiUVks32zoRs+KDGKNUzQ4er5/NUIfUah0Gm57
9B5YJ+sPP8I3hsHsZH2epaDg/wJScXrCsCYejrmQaDv3poqf5lEdGO5mBQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPiFpjxrSeQk6tzjEYicCTq9INuiMB8GA1UdIwQY
MBaAFC4RZKm1AT1i8FE0T235HxO8fssPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEt
ZmQ3ZjE3YmIxYTVjLzEvMS1JV21QR3RKNUNUcTNPTVJpSndKT3IwZzI2SS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTQvZmI0Njk2LTY3OGYtNGQ0NS1hMDkxLWZkN2YxN2JiMWE1
Yy8xL0xoRmtxYlVCUFdMd1VUUlBiZmtmRTd4LXl3OC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2RNDAN
BgkqhkiG9w0BAQsFAAOCAQEAiGULYsDOnbXjuw4lR17tUGvd3ptfQsi7RHm3EXaA
DtcZqgBk9tIo4Ma5aUcUIjKRPe2Wn1XfEVtiTIgDsIY4ueVTuCQAvR0J+5J4AgHX
8Y/4Suo6rLyyzMcLE7J8hVAHV0iZn0SCA2SCDNT6w/dSqmR287gt3t9W92pyifGN
+xU8uJXstqkqkcV14F7nI0np1vurws0V3QkXf1DavWKTQIEHXAwNaVd0z93zxD17
7pJGbPnQpnEhOs04ZYLpPNR9c8g2oU7YbgWIpjj9Xiq/jJF/UTqvbMkQzsK5WWuf
4vmJfUvaZ10yixdLlfS6/6Cb2PRh7OGqj7DVoP5O98tMmQ==
-----END CERTIFICATE-----