Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/hZftEdJ1i62Ff0o-eHl2JY1ihH0.roa
File:                     hZftEdJ1i62Ff0o-eHl2JY1ihH0.roa (raw, json)
Hash identifier:          w0uiSPz/sQM+Jk9yJimBEk2uQ4kCzCXX1QVlpDxUdak=
Subject key identifier:   85:97:ED:11:D2:75:8B:AD:85:7F:4A:3E:78:79:76:25:8D:62:84:7D
Certificate issuer:       /CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Certificate serial:       019566F2D059F9A3D920FEC1ED9AA1073BC7
Authority key identifier: 2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/hZftEdJ1i62Ff0o-eHl2JY1ihH0.roa
Signing time:             Wed 05 Mar 2025 15:35:43 +0000
ROA not before:           Wed 05 Mar 2025 15:35:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8100
IP address blocks:        45.145.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:66:f2:d0:59:f9:a3:d9:20:fe:c1:ed:9a:a1:07:3b:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
        Validity
            Not Before: Mar  5 15:35:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8597ed11d2758bad857f4a3e787976258d62847d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f1:7b:18:31:0d:82:41:b0:84:c0:d5:cc:58:
                    86:82:df:b2:b2:d5:64:d0:96:1e:9b:8d:e8:1b:f5:
                    75:75:48:10:e9:c9:63:47:0b:4d:a8:5d:f6:21:fc:
                    1b:cb:e2:8c:50:89:f0:8d:62:15:f2:4b:f0:04:6d:
                    d8:f3:67:3f:5c:6c:5b:5c:54:18:7a:18:84:13:b3:
                    27:04:fd:60:aa:c3:0c:37:1d:24:11:72:ff:f9:08:
                    21:0c:79:5f:b2:2c:c8:f2:d1:b7:0f:c7:87:d0:90:
                    52:74:97:29:8f:5a:0c:02:21:12:4c:85:61:61:fa:
                    d2:32:a0:34:f8:30:f1:b3:93:23:d2:92:44:a8:37:
                    10:db:d9:4f:42:44:30:0e:3f:ab:c1:46:95:9c:4d:
                    fa:54:3f:b6:22:51:ae:e0:8d:f8:ce:93:31:07:85:
                    41:d9:00:00:7c:d0:dc:e8:04:66:48:12:ea:c7:e2:
                    f3:fb:1c:10:5d:40:2e:2d:22:de:67:be:01:86:6d:
                    ee:16:cf:0d:89:be:d2:66:fe:57:c3:ad:7a:72:54:
                    5a:98:47:cd:0c:f9:c2:c8:fb:f9:34:bd:2b:51:ae:
                    fa:10:eb:7f:7e:fe:bb:d7:2e:05:9a:5e:d7:10:b2:
                    0c:da:38:a4:09:8b:74:83:32:7b:e6:48:2a:28:62:
                    89:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:97:ED:11:D2:75:8B:AD:85:7F:4A:3E:78:79:76:25:8D:62:84:7D
            X509v3 Authority Key Identifier:
                keyid:2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/hZftEdJ1i62Ff0o-eHl2JY1ihH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:86:bc:4f:c2:98:c5:f9:d3:bc:a7:a0:f9:94:8b:c4:3a:92:
         fc:26:49:92:c8:ba:47:7b:e9:89:89:54:65:de:6f:34:fb:b3:
         09:21:67:e1:13:97:fd:d3:c8:27:c0:47:f5:2d:ff:62:12:a3:
         da:af:aa:de:fa:09:6e:dd:9d:3c:d2:77:c4:30:08:b7:5b:a6:
         3a:33:84:d6:b1:b7:7b:78:f8:27:93:0b:c5:53:17:a3:4c:9c:
         9b:de:7b:c7:2c:51:c1:53:6f:0f:95:52:f8:86:54:2e:46:1b:
         b9:a0:fd:53:bb:b8:0e:56:d4:17:08:07:af:ed:f5:83:44:23:
         09:6d:64:b3:ae:c2:f8:6c:d7:27:ef:92:e3:ad:64:ce:ac:4c:
         02:59:d3:c9:c0:eb:f4:3e:1b:d5:3f:69:78:14:d3:cf:e3:7f:
         ff:f5:0c:b1:83:81:bb:6c:11:6f:aa:51:fe:5b:8f:47:89:3d:
         f2:6e:30:26:16:2b:11:2d:9b:f4:7a:18:a7:d8:37:5f:b3:98:
         5b:e1:25:42:15:61:c9:97:81:c2:43:07:73:5f:52:37:b5:ab:
         e4:12:b3:68:c0:56:ad:be:7a:2c:25:3a:5b:29:d7:dc:e3:c0:
         ad:10:42:27:cd:3d:76:3b:97:a0:d7:21:4f:07:b9:5d:31:70:
         b8:f0:d4:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVm8tBZ+aPZIP7B7ZqhBzvHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMTE2NGE5YjUwMTNkNjJmMDUxMzQ0ZjZkZjkxZjEzYmM3
ZWNiMGYwHhcNMjUwMzA1MTUzNTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTk3ZWQxMWQyNzU4YmFkODU3ZjRhM2U3ODc5NzYyNThkNjI4NDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/F7GDENgkGwhMDVzFiGgt+ystVk
0JYem43oG/V1dUgQ6cljRwtNqF32Ifwby+KMUInwjWIV8kvwBG3Y82c/XGxbXFQY
ehiEE7MnBP1gqsMMNx0kEXL/+QghDHlfsizI8tG3D8eH0JBSdJcpj1oMAiESTIVh
YfrSMqA0+DDxs5Mj0pJEqDcQ29lPQkQwDj+rwUaVnE36VD+2IlGu4I34zpMxB4VB
2QAAfNDc6ARmSBLqx+Lz+xwQXUAuLSLeZ74Bhm3uFs8Nib7SZv5Xw616clRamEfN
DPnCyPv5NL0rUa76EOt/fv671y4Fml7XELIM2jikCYt0gzJ75kgqKGKJkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWX7RHSdYuthX9KPnh5diWNYoR9MB8GA1UdIwQY
MBaAFC4RZKm1AT1i8FE0T235HxO8fssPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEt
ZmQ3ZjE3YmIxYTVjLzEvaFpmdEVkSjFpNjJGZjBvLWVIbDJKWTFpaEgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEtZmQ3ZjE3YmIxYTVj
LzEvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZE3MA0G
CSqGSIb3DQEBCwUAA4IBAQA1hrxPwpjF+dO8p6D5lIvEOpL8JkmSyLpHe+mJiVRl
3m80+7MJIWfhE5f908gnwEf1Lf9iEqPar6re+glu3Z080nfEMAi3W6Y6M4TWsbd7
ePgnkwvFUxejTJyb3nvHLFHBU28PlVL4hlQuRhu5oP1Tu7gOVtQXCAev7fWDRCMJ
bWSzrsL4bNcn75LjrWTOrEwCWdPJwOv0PhvVP2l4FNPP43//9Qyxg4G7bBFvqlH+
W49HiT3ybjAmFisRLZv0ehin2Ddfs5hb4SVCFWHJl4HCQwdzX1I3tavkErNowFat
vnosJTpbKdfc48CtEEInzT12O5eg1yFPB7ldMXC48NSI
-----END CERTIFICATE-----