Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/08f671-3c35-450a-a90e-2cce9600660f/1/wEf4V0fjRLwMdiaytYSjwCEyTHU.roa
File:                     wEf4V0fjRLwMdiaytYSjwCEyTHU.roa (raw, json)
Hash identifier:          lUa2DLkPGwF47ayLCrKzv9wyplQdvB6BMfu9nJfZZtA=
Subject key identifier:   C0:47:F8:57:47:E3:44:BC:0C:76:26:B2:B5:84:A3:C0:21:32:4C:75
Certificate issuer:       /CN=4bcd72d6cb385a3a33c6c8fe5459c686a6849509
Certificate serial:       019566405F75FCF2BC56FFA012CA4A36FB66
Authority key identifier: 4B:CD:72:D6:CB:38:5A:3A:33:C6:C8:FE:54:59:C6:86:A6:84:95:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S81y1ss4Wjozxsj-VFnGhqaElQk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/08f671-3c35-450a-a90e-2cce9600660f/1/wEf4V0fjRLwMdiaytYSjwCEyTHU.roa
Signing time:             Wed 05 Mar 2025 12:20:49 +0000
ROA not before:           Wed 05 Mar 2025 12:20:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5398
IP address blocks:        45.91.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/08f671-3c35-450a-a90e-2cce9600660f/1/S81y1ss4Wjozxsj-VFnGhqaElQk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/08f671-3c35-450a-a90e-2cce9600660f/1/S81y1ss4Wjozxsj-VFnGhqaElQk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S81y1ss4Wjozxsj-VFnGhqaElQk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:66:40:5f:75:fc:f2:bc:56:ff:a0:12:ca:4a:36:fb:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4bcd72d6cb385a3a33c6c8fe5459c686a6849509
        Validity
            Not Before: Mar  5 12:20:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c047f85747e344bc0c7626b2b584a3c021324c75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e8:59:d5:5a:57:93:96:71:9b:a7:a2:b2:8e:
                    d5:5e:e7:c6:0b:c0:99:28:4f:28:3f:6f:f1:8e:ad:
                    69:b7:9a:da:ad:6f:5a:56:84:90:26:b3:8e:ca:97:
                    b6:5e:7e:22:93:43:0c:2a:82:eb:fa:bb:cd:74:19:
                    53:1b:2e:86:7d:63:b6:84:ce:ba:c0:34:7a:6a:31:
                    3f:71:11:8d:8a:f6:99:76:7b:d4:5a:82:17:69:75:
                    b0:bd:84:19:9e:22:ff:a2:ef:d1:39:7c:ac:18:24:
                    2a:5e:0f:31:5c:fa:d3:be:8a:a0:8a:7b:c9:e2:dd:
                    e7:7d:ec:93:97:7a:8f:11:45:1e:3a:de:2f:b8:17:
                    79:ce:14:e7:67:e5:70:ee:0d:a1:eb:85:09:c1:a9:
                    57:12:4a:08:1f:4a:d6:2c:dd:0c:c8:d6:d1:11:a0:
                    f9:e0:68:d7:9d:b3:03:d6:6a:b3:38:1b:64:43:d4:
                    77:dd:90:69:3d:b4:b2:cd:5d:90:06:d7:2e:33:ff:
                    a4:3d:ee:50:ba:5f:04:0a:ed:bd:67:34:4e:56:20:
                    ff:68:d7:8f:be:0d:5f:fd:c8:da:12:a4:ea:fe:dd:
                    6e:2b:b5:8a:f3:d8:3d:5d:e1:c3:29:c8:01:7f:44:
                    4b:bb:a8:85:74:9e:77:f8:06:cb:d7:1a:08:d1:10:
                    23:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:47:F8:57:47:E3:44:BC:0C:76:26:B2:B5:84:A3:C0:21:32:4C:75
            X509v3 Authority Key Identifier:
                keyid:4B:CD:72:D6:CB:38:5A:3A:33:C6:C8:FE:54:59:C6:86:A6:84:95:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S81y1ss4Wjozxsj-VFnGhqaElQk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/08f671-3c35-450a-a90e-2cce9600660f/1/wEf4V0fjRLwMdiaytYSjwCEyTHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/08f671-3c35-450a-a90e-2cce9600660f/1/S81y1ss4Wjozxsj-VFnGhqaElQk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:ca:fb:17:d9:53:1e:4d:61:ae:b4:df:f8:49:64:c4:d3:0d:
         ff:68:9e:f2:05:59:5e:17:4b:d6:68:76:81:7c:b8:da:d8:e4:
         f6:45:e8:8a:f1:f8:9d:7f:21:07:d5:b1:a3:7a:ce:57:61:4a:
         a9:30:6f:32:b5:74:bf:6e:a8:43:a5:d5:1f:ff:97:dc:6a:43:
         4b:4b:52:5b:15:fb:d6:d2:a5:76:97:74:86:53:d8:2f:e5:cb:
         18:53:2a:3f:d9:fa:76:1d:0d:dd:78:58:58:20:41:e9:dc:e1:
         41:c6:60:23:89:35:cb:2e:a6:aa:a5:10:f6:1f:a9:3d:d6:39:
         15:80:8f:36:7e:16:6e:a9:ac:0a:42:ab:c1:df:6b:cc:89:19:
         33:ac:e1:19:1c:ae:5f:7c:35:61:04:ee:35:2d:0f:2d:b0:f8:
         58:bc:b3:6e:8c:6c:62:d1:69:63:3e:50:89:20:c2:3d:ab:65:
         e1:64:74:cc:09:66:98:8e:ff:25:48:fd:aa:4b:7a:55:27:3f:
         20:b7:8b:5f:4f:66:ef:34:57:88:88:3d:cf:3e:b6:2f:2d:c7:
         a5:e7:b5:d9:a1:0e:e9:14:4a:6d:1e:bb:8b:82:30:ec:8b:f3:
         b6:4b:19:07:30:b8:9e:07:78:0f:24:ce:a1:fd:61:ba:d8:3d:
         51:b7:d6:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVmQF91/PK8Vv+gEspKNvtmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiY2Q3MmQ2Y2IzODVhM2EzM2M2YzhmZTU0NTljNjg2YTY4
NDk1MDkwHhcNMjUwMzA1MTIyMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDQ3Zjg1NzQ3ZTM0NGJjMGM3NjI2YjJiNTg0YTNjMDIxMzI0Yzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxehZ1VpXk5Zxm6eiso7VXufGC8CZ
KE8oP2/xjq1pt5rarW9aVoSQJrOOype2Xn4ik0MMKoLr+rvNdBlTGy6GfWO2hM66
wDR6ajE/cRGNivaZdnvUWoIXaXWwvYQZniL/ou/ROXysGCQqXg8xXPrTvoqginvJ
4t3nfeyTl3qPEUUeOt4vuBd5zhTnZ+Vw7g2h64UJwalXEkoIH0rWLN0MyNbREaD5
4GjXnbMD1mqzOBtkQ9R33ZBpPbSyzV2QBtcuM/+kPe5Qul8ECu29ZzROViD/aNeP
vg1f/cjaEqTq/t1uK7WK89g9XeHDKcgBf0RLu6iFdJ53+AbL1xoI0RAjGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMBH+FdH40S8DHYmsrWEo8AhMkx1MB8GA1UdIwQY
MBaAFEvNctbLOFo6M8bI/lRZxoamhJUJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzgxeTFzczRXam96eHNqLVZGbkdocWFFbFFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8wOGY2NzEtM2MzNS00NTBhLWE5MGUt
MmNjZTk2MDA2NjBmLzEvd0VmNFYwZmpSTHdNZGlheXRZU2p3Q0V5VEhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8wOGY2NzEtM2MzNS00NTBhLWE5MGUtMmNjZTk2MDA2NjBm
LzEvUzgxeTFzczRXam96eHNqLVZGbkdocWFFbFFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVvkMA0G
CSqGSIb3DQEBCwUAA4IBAQAzyvsX2VMeTWGutN/4SWTE0w3/aJ7yBVleF0vWaHaB
fLja2OT2ReiK8fidfyEH1bGjes5XYUqpMG8ytXS/bqhDpdUf/5fcakNLS1JbFfvW
0qV2l3SGU9gv5csYUyo/2fp2HQ3deFhYIEHp3OFBxmAjiTXLLqaqpRD2H6k91jkV
gI82fhZuqawKQqvB32vMiRkzrOEZHK5ffDVhBO41LQ8tsPhYvLNujGxi0WljPlCJ
IMI9q2XhZHTMCWaYjv8lSP2qS3pVJz8gt4tfT2bvNFeIiD3PPrYvLcel57XZoQ7p
FEptHruLgjDsi/O2SxkHMLieB3gPJM6h/WG62D1Rt9Y1
-----END CERTIFICATE-----