Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/z10me3-6yqryER4MpvIKiLcjNws.roa
File:                     z10me3-6yqryER4MpvIKiLcjNws.roa (raw, json)
Hash identifier:          PjRl12NyPSpVNtUWuutmb/VXRvozChTacSvxqPRianU=
Subject key identifier:   CF:5D:26:7B:7F:BA:CA:AA:F2:11:1E:0C:A6:F2:0A:88:B7:23:37:0B
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       01942521BADE1E2FBDA8058E0A5A0FFFAF3E
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/z10me3-6yqryER4MpvIKiLcjNws.roa
Signing time:             Thu 02 Jan 2025 03:49:15 +0000
ROA not before:           Thu 02 Jan 2025 03:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        45.83.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ba:de:1e:2f:bd:a8:05:8e:0a:5a:0f:ff:af:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  2 03:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf5d267b7fbacaaaf2111e0ca6f20a88b723370b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:50:37:9c:cf:e2:7a:26:ad:88:d7:46:cb:1e:
                    9d:ab:e8:7f:66:60:f8:a5:da:d7:a4:6e:5f:08:7e:
                    7d:a7:f3:36:63:aa:f2:54:ad:63:89:f6:9f:af:fa:
                    a9:f2:a9:42:64:4a:c3:31:16:8d:04:80:da:39:c4:
                    97:58:c1:c6:5e:41:3f:ab:50:1f:4e:0f:c2:c7:32:
                    1f:e9:29:6a:40:35:2a:5c:af:f8:a9:4d:bd:35:8d:
                    d5:7e:7e:44:02:ee:a5:10:51:8b:4a:9c:bf:bf:b9:
                    bc:7d:81:87:47:b8:e2:1b:ca:08:4f:a4:2b:a2:3f:
                    c7:3f:6a:d7:ed:f3:8d:2f:7a:fc:9c:fc:d6:e6:c4:
                    0c:e8:24:93:c2:69:62:34:a8:53:81:af:f0:c7:72:
                    cf:48:81:8f:87:23:5d:d7:38:ca:36:2a:e4:19:08:
                    fb:8b:de:d9:41:91:08:51:87:37:e1:d9:17:eb:55:
                    1e:4f:16:16:e3:61:46:fc:32:ba:23:12:05:73:b3:
                    59:4b:79:fd:de:7c:a0:b0:92:7b:96:fe:d2:1b:5f:
                    7a:c8:23:1f:3b:b7:7c:07:76:f4:fd:02:a1:dd:e6:
                    39:6f:60:a0:01:de:5e:9c:f8:4d:15:16:2c:89:95:
                    ac:9b:85:6b:dd:6f:a8:b8:52:c6:95:aa:d0:34:5d:
                    96:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:5D:26:7B:7F:BA:CA:AA:F2:11:1E:0C:A6:F2:0A:88:B7:23:37:0B
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/z10me3-6yqryER4MpvIKiLcjNws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:0f:85:9a:f7:2a:10:02:51:d1:ef:ad:20:13:eb:07:7c:f7:
         26:cb:eb:94:70:ba:0a:2f:96:8b:12:5d:3c:ed:9c:bc:c5:c1:
         e4:fa:61:00:1c:a4:cc:3f:82:0f:21:3f:dd:99:6d:95:2b:1b:
         a4:ea:2f:9d:b3:79:55:bf:49:6f:bb:cb:7b:e4:c7:fa:80:e1:
         59:55:a4:52:da:36:7b:38:9f:1c:6c:ce:96:b3:37:bc:fd:c0:
         bb:1f:89:a5:8e:20:8e:1e:15:b4:ce:db:e0:b2:2d:bb:a7:35:
         ea:ea:3d:3d:97:d8:d9:f4:0a:53:40:14:99:92:0d:dc:fd:fa:
         fd:db:b9:38:98:27:2f:66:52:ce:58:6c:6b:04:14:29:9e:f0:
         23:d0:82:58:1c:3c:66:c1:57:23:52:c2:ce:d9:ed:9a:ad:37:
         93:11:d8:bb:0e:47:44:a7:68:e2:a1:57:5e:7d:6d:67:2b:3e:
         25:9f:31:bd:b8:74:85:9a:b4:bc:5c:8d:e0:d9:d8:3d:b2:00:
         dc:57:c0:88:cc:89:99:63:bb:7f:51:17:0d:85:2f:df:7e:95:
         bb:e8:b2:ea:b3:ec:04:71:ae:b9:09:67:15:ec:e4:ab:45:c0:
         6d:40:63:2b:3a:9c:81:a9:22:ee:52:7e:de:74:4d:b1:8d:fd:
         08:ce:ef:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIbreHi+9qAWOCloP/68+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjUwMTAyMDM0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjVkMjY3YjdmYmFjYWFhZjIxMTFlMGNhNmYyMGE4OGI3MjMzNzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFA3nM/ieiatiNdGyx6dq+h/ZmD4
pdrXpG5fCH59p/M2Y6ryVK1jifafr/qp8qlCZErDMRaNBIDaOcSXWMHGXkE/q1Af
Tg/CxzIf6SlqQDUqXK/4qU29NY3Vfn5EAu6lEFGLSpy/v7m8fYGHR7jiG8oIT6Qr
oj/HP2rX7fONL3r8nPzW5sQM6CSTwmliNKhTga/wx3LPSIGPhyNd1zjKNirkGQj7
i97ZQZEIUYc34dkX61UeTxYW42FG/DK6IxIFc7NZS3n93nygsJJ7lv7SG196yCMf
O7d8B3b0/QKh3eY5b2CgAd5enPhNFRYsiZWsm4Vr3W+ouFLGlarQNF2WeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9dJnt/usqq8hEeDKbyCoi3IzcLMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvejEwbWUzLTZ5cXJ5RVI0TXB2SUtpTGNqTndzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVPuMA0G
CSqGSIb3DQEBCwUAA4IBAQBRD4Wa9yoQAlHR760gE+sHfPcmy+uUcLoKL5aLEl08
7Zy8xcHk+mEAHKTMP4IPIT/dmW2VKxuk6i+ds3lVv0lvu8t75Mf6gOFZVaRS2jZ7
OJ8cbM6Wsze8/cC7H4mljiCOHhW0ztvgsi27pzXq6j09l9jZ9ApTQBSZkg3c/fr9
27k4mCcvZlLOWGxrBBQpnvAj0IJYHDxmwVcjUsLO2e2arTeTEdi7DkdEp2jioVde
fW1nKz4lnzG9uHSFmrS8XI3g2dg9sgDcV8CIzImZY7t/URcNhS/ffpW76LLqs+wE
ca65CWcV7OSrRcBtQGMrOpyBqSLuUn7edE2xjf0Izu/r
-----END CERTIFICATE-----