Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/L_rUXXSN_zqShxWywnD20NZlk1Y.roa
File:                     L_rUXXSN_zqShxWywnD20NZlk1Y.roa (raw, json)
Hash identifier:          GkeNzl5HNVBZCFBgPSydRAFh9KZUyoYbQV0fJh3pEEc=
Subject key identifier:   2F:FA:D4:5D:74:8D:FF:3A:92:87:15:B2:C2:70:F6:D0:D6:65:93:56
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0195A92AD03BECDCBD410867175954247752
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/L_rUXXSN_zqShxWywnD20NZlk1Y.roa
Signing time:             Tue 18 Mar 2025 12:11:50 +0000
ROA not before:           Tue 18 Mar 2025 12:11:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207136
IP address blocks:        45.137.138.0/24 maxlen: 24
                          94.198.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a9:2a:d0:3b:ec:dc:bd:41:08:67:17:59:54:24:77:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Mar 18 12:11:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ffad45d748dff3a928715b2c270f6d0d6659356
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:0f:47:4e:c1:b6:aa:1d:4e:c2:e2:94:2c:9a:
                    04:1f:24:01:0c:36:fd:7b:11:5e:12:1c:84:a4:3e:
                    21:c0:83:8e:89:64:8e:37:37:db:e7:4e:4c:5e:60:
                    26:5b:7f:e6:24:95:d8:0d:4d:bd:27:05:f2:2c:5e:
                    e2:cf:32:97:41:d7:30:0a:31:96:a2:4d:dc:75:6d:
                    8e:bd:79:e5:a4:01:a4:78:81:14:da:4b:23:2b:a9:
                    d6:0c:d3:74:01:f5:37:53:8e:76:a0:6c:d6:2f:58:
                    49:42:27:5b:f3:63:bc:c6:ba:41:ff:b8:31:e5:80:
                    cb:58:0a:f2:84:ec:05:61:ce:c4:c0:16:23:9b:64:
                    32:41:d0:45:25:29:28:25:01:af:54:c2:af:23:40:
                    72:6a:c1:59:84:8a:6d:83:51:c5:bb:4d:0e:95:9d:
                    4e:46:b1:63:db:13:02:7f:ec:ea:93:2a:e0:01:06:
                    c0:90:d1:5a:10:28:e5:7f:33:40:e1:a2:93:fd:a2:
                    d8:3a:b3:64:35:c9:fe:20:9c:f5:8f:e4:6b:16:01:
                    37:a3:10:b5:68:b4:78:6c:8a:df:98:67:70:49:ed:
                    ee:81:74:ca:90:1d:e2:5e:6a:94:57:7e:99:ad:8d:
                    4f:4d:bb:bc:8b:85:98:33:64:41:c2:7b:85:cf:7f:
                    9c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:FA:D4:5D:74:8D:FF:3A:92:87:15:B2:C2:70:F6:D0:D6:65:93:56
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/L_rUXXSN_zqShxWywnD20NZlk1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.138.0/24
                  94.198.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:c9:ce:76:a0:5b:6e:14:05:6c:d2:d9:a2:1c:da:ca:be:e3:
         b6:28:1c:36:ef:44:2c:f1:21:84:5e:b6:dc:53:ea:d2:04:d4:
         72:9c:00:16:e2:f8:34:bb:6a:08:fc:db:48:b6:92:59:30:f7:
         1c:76:c1:86:c3:15:09:38:6a:db:50:b2:5b:00:96:2a:d5:f5:
         2f:0e:75:70:d6:06:15:1b:67:b3:fd:f8:27:d6:86:15:1e:2f:
         df:7c:31:62:fb:19:ad:f8:0d:66:84:b6:78:ee:98:3c:8f:e4:
         98:ea:4f:f1:64:7f:74:a4:6b:38:3f:e8:6d:df:d0:2c:d0:52:
         1f:e6:ec:89:4c:1a:46:f4:08:83:96:5b:ac:67:fc:ac:4a:cd:
         36:1f:f8:a8:7c:f1:a1:80:c5:ae:73:19:8c:8a:48:ea:df:bf:
         ab:a1:70:d6:87:3a:15:22:90:9a:08:98:07:b8:8f:11:5a:15:
         77:29:da:86:6a:85:00:ea:a3:80:d8:b1:05:d0:05:28:1e:8c:
         36:3d:50:41:04:d0:0b:26:86:80:ed:8b:85:07:be:33:d0:d2:
         df:69:a7:a1:b4:97:8b:0d:42:81:19:ac:f7:c2:d9:ca:b4:fe:
         81:d3:9c:87:24:3a:2d:98:63:a7:84:4e:ae:1c:9e:11:82:4d:
         48:b0:c6:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWpKtA77Ny9QQhnF1lUJHdSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwMzE4MTIxMTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmZhZDQ1ZDc0OGRmZjNhOTI4NzE1YjJjMjcwZjZkMGQ2NjU5MzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAng9HTsG2qh1OwuKULJoEHyQBDDb9
exFeEhyEpD4hwIOOiWSONzfb505MXmAmW3/mJJXYDU29JwXyLF7izzKXQdcwCjGW
ok3cdW2OvXnlpAGkeIEU2ksjK6nWDNN0AfU3U452oGzWL1hJQidb82O8xrpB/7gx
5YDLWAryhOwFYc7EwBYjm2QyQdBFJSkoJQGvVMKvI0ByasFZhIptg1HFu00OlZ1O
RrFj2xMCf+zqkyrgAQbAkNFaECjlfzNA4aKT/aLYOrNkNcn+IJz1j+RrFgE3oxC1
aLR4bIrfmGdwSe3ugXTKkB3iXmqUV36ZrY1PTbu8i4WYM2RBwnuFz3+clQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC/61F10jf86kocVssJw9tDWZZNWMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvTF9yVVhYU05fenFTaHhXeXduRDIwTlpsazFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYmKAwQA
XsYsMA0GCSqGSIb3DQEBCwUAA4IBAQBsyc52oFtuFAVs0tmiHNrKvuO2KBw270Qs
8SGEXrbcU+rSBNRynAAW4vg0u2oI/NtItpJZMPccdsGGwxUJOGrbULJbAJYq1fUv
DnVw1gYVG2ez/fgn1oYVHi/ffDFi+xmt+A1mhLZ47pg8j+SY6k/xZH90pGs4P+ht
39As0FIf5uyJTBpG9AiDllusZ/ysSs02H/iofPGhgMWucxmMikjq37+roXDWhzoV
IpCaCJgHuI8RWhV3KdqGaoUA6qOA2LEF0AUoHow2PVBBBNALJoaA7YuFB74z0NLf
aaehtJeLDUKBGaz3wtnKtP6B05yHJDotmGOnhE6uHJ4Rgk1IsMbR
-----END CERTIFICATE-----