Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/PvDQaJs3rwqfVhwh7JLmxWdfCnw.roa
File:                     PvDQaJs3rwqfVhwh7JLmxWdfCnw.roa (raw, json)
Hash identifier:          kfowhpPS37erJf8EqX+PtveCKI55Da0bOeynOicoCEs=
Subject key identifier:   3E:F0:D0:68:9B:37:AF:0A:9F:56:1C:21:EC:92:E6:C5:67:5F:0A:7C
Certificate issuer:       /CN=5c892aed3833e6100f5e0cf12271fd80b755c361
Certificate serial:       01970C14BCA7E05B59878EC1CC33C1600AE7
Authority key identifier: 5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/PvDQaJs3rwqfVhwh7JLmxWdfCnw.roa
Signing time:             Mon 26 May 2025 10:12:54 +0000
ROA not before:           Mon 26 May 2025 10:12:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.151.70.0/24 maxlen: 24
                          88.218.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 07:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0c:14:bc:a7:e0:5b:59:87:8e:c1:cc:33:c1:60:0a:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c892aed3833e6100f5e0cf12271fd80b755c361
        Validity
            Not Before: May 26 10:12:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ef0d0689b37af0a9f561c21ec92e6c5675f0a7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4b:d0:5e:23:e8:29:3d:63:47:30:6e:c1:02:
                    2d:99:cc:a4:e9:9f:16:ec:69:69:7a:b3:9c:43:df:
                    7b:e1:d5:fb:43:4c:cb:50:3b:e8:f6:1d:4a:2f:a2:
                    2b:34:08:23:4f:d1:08:45:57:58:0f:ce:09:d1:3b:
                    15:7b:37:48:90:03:8a:73:da:51:47:16:fa:01:12:
                    d3:87:24:c7:aa:97:db:fa:23:65:25:41:71:f7:87:
                    db:d0:76:ec:d1:72:ab:f1:57:46:bd:47:60:9d:7c:
                    07:e1:aa:c1:fd:4f:2f:35:6b:57:14:a6:8d:be:38:
                    fb:d9:f3:b6:30:56:e2:83:7f:9e:e8:cc:d0:3a:49:
                    85:64:3e:b9:6a:42:c4:01:ad:75:96:14:36:14:0c:
                    d4:d1:52:fd:f7:45:32:5c:1c:65:46:ae:61:9d:a1:
                    70:bc:1e:cd:11:45:66:48:76:44:63:98:75:92:e0:
                    e2:be:32:65:8a:bd:e9:97:84:e3:ca:ee:15:2f:01:
                    e3:35:82:66:cc:01:72:ff:7f:2c:a3:4b:e4:6d:35:
                    53:0b:8c:58:44:2e:0e:79:04:3e:fc:7d:0d:d1:0f:
                    70:0e:aa:c7:45:70:df:12:e5:31:20:00:22:3e:e4:
                    81:26:5f:04:11:b7:3c:00:3b:a8:f9:57:f5:59:f4:
                    5d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:F0:D0:68:9B:37:AF:0A:9F:56:1C:21:EC:92:E6:C5:67:5F:0A:7C
            X509v3 Authority Key Identifier:
                keyid:5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/PvDQaJs3rwqfVhwh7JLmxWdfCnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.70.0/24
                  88.218.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d8:0e:46:a3:91:69:7f:16:db:92:3c:e1:1e:dd:65:aa:56:6c:
         21:1f:60:9e:e8:24:b8:9a:0c:c9:a1:48:9e:df:0b:97:73:94:
         97:b5:23:73:ce:fb:c1:b6:ff:e6:80:9f:8e:3f:c7:ee:2e:af:
         65:64:e2:6c:34:9c:82:07:a8:f4:34:92:be:04:e5:60:6d:c7:
         a2:b7:12:6c:51:ee:4a:22:fe:8d:ac:cb:c7:ac:e5:ae:f1:15:
         0e:1c:d2:d2:9a:5f:88:ee:bd:07:13:c3:9a:4e:dd:0a:5e:00:
         94:2d:9e:d4:2e:00:21:dd:ac:9d:51:56:18:9d:2a:ce:ad:7d:
         55:8a:29:d7:d8:e5:14:3d:9f:80:0a:27:e4:61:c6:16:f3:d6:
         4f:70:56:91:d9:6a:41:f5:35:1d:7c:ef:a2:2f:b6:9f:af:f3:
         fd:af:4a:da:b2:58:79:c2:5b:7d:94:22:f3:e7:b0:54:51:82:
         16:19:c1:0a:97:1d:1f:ce:83:d3:94:66:24:e5:2a:32:6a:65:
         99:0e:64:4d:5e:d4:c7:09:33:e9:05:67:46:dc:d7:88:bf:dd:
         36:8f:8a:eb:07:d3:dc:e1:60:4b:de:d8:d1:d3:ff:7d:05:ac:
         fb:a6:ff:4e:4b:c4:a1:55:4d:8c:a0:cb:9d:24:7d:8e:6b:0b:
         29:12:8b:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcMFLyn4FtZh47BzDPBYArnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjODkyYWVkMzgzM2U2MTAwZjVlMGNmMTIyNzFmZDgwYjc1
NWMzNjEwHhcNMjUwNTI2MTAxMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWYwZDA2ODliMzdhZjBhOWY1NjFjMjFlYzkyZTZjNTY3NWYwYTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEvQXiPoKT1jRzBuwQItmcyk6Z8W
7GlperOcQ9974dX7Q0zLUDvo9h1KL6IrNAgjT9EIRVdYD84J0TsVezdIkAOKc9pR
Rxb6ARLThyTHqpfb+iNlJUFx94fb0Hbs0XKr8VdGvUdgnXwH4arB/U8vNWtXFKaN
vjj72fO2MFbig3+e6MzQOkmFZD65akLEAa11lhQ2FAzU0VL990UyXBxlRq5hnaFw
vB7NEUVmSHZEY5h1kuDivjJlir3pl4Tjyu4VLwHjNYJmzAFy/38so0vkbTVTC4xY
RC4OeQQ+/H0N0Q9wDqrHRXDfEuUxIAAiPuSBJl8EEbc8ADuo+Vf1WfRd8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD7w0GibN68Kn1YcIeyS5sVnXwp8MB8GA1UdIwQY
MBaAFFyJKu04M+YQD14M8SJx/YC3VcNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2Ut
M2FhN2RhYTlkM2VjLzEvUHZEUWFKczNyd3FmVmh3aDdKTG14V2RmQ253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2UtM2FhN2RhYTlkM2Vj
LzEvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZdGAwQA
WNoqMA0GCSqGSIb3DQEBCwUAA4IBAQDYDkajkWl/FtuSPOEe3WWqVmwhH2Ce6CS4
mgzJoUie3wuXc5SXtSNzzvvBtv/mgJ+OP8fuLq9lZOJsNJyCB6j0NJK+BOVgbcei
txJsUe5KIv6NrMvHrOWu8RUOHNLSml+I7r0HE8OaTt0KXgCULZ7ULgAh3aydUVYY
nSrOrX1ViinX2OUUPZ+ACifkYcYW89ZPcFaR2WpB9TUdfO+iL7afr/P9r0raslh5
wlt9lCLz57BUUYIWGcEKlx0fzoPTlGYk5SoyamWZDmRNXtTHCTPpBWdG3NeIv902
j4rrB9Pc4WBL3tjR0/99Baz7pv9OS8ShVU2MoMudJH2OawspEotg
-----END CERTIFICATE-----