Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/xKARJqa_okDPNZYsEYbBqhi6oaQ.roa
File:                     xKARJqa_okDPNZYsEYbBqhi6oaQ.roa (raw, json)
Hash identifier:          55gOZL5S3KKSH+1WYi46u5J13NnuzjyEmj8BjI7hTlI=
Subject key identifier:   C4:A0:11:26:A6:BF:A2:40:CF:35:96:2C:11:86:C1:AA:18:BA:A1:A4
Certificate issuer:       /CN=3718b734349bf327d9453b96501e44b192e55142
Certificate serial:       0194228E283B88955C9D72A123380C0EA79C
Authority key identifier: 37:18:B7:34:34:9B:F3:27:D9:45:3B:96:50:1E:44:B1:92:E5:51:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/xKARJqa_okDPNZYsEYbBqhi6oaQ.roa
Signing time:             Wed 01 Jan 2025 15:48:49 +0000
ROA not before:           Wed 01 Jan 2025 15:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        45.132.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:28:3b:88:95:5c:9d:72:a1:23:38:0c:0e:a7:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3718b734349bf327d9453b96501e44b192e55142
        Validity
            Not Before: Jan  1 15:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4a01126a6bfa240cf35962c1186c1aa18baa1a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a6:00:e5:71:29:3b:0f:21:d6:18:61:36:62:
                    3f:fa:e2:43:27:c7:9b:24:e4:41:4e:fc:a8:cc:57:
                    c8:54:1f:0b:e1:a1:56:31:93:7b:72:2f:e5:d8:d5:
                    d7:74:60:a8:14:11:d2:5d:ec:a2:70:af:ec:70:3f:
                    f3:47:ef:73:9f:eb:64:19:f3:83:03:5e:9c:a9:57:
                    cb:b9:a9:d8:3b:f7:26:47:54:ac:84:f7:9b:ea:46:
                    11:2b:c9:7d:51:24:24:e6:de:8b:60:3c:e2:00:09:
                    0c:6a:3d:c0:89:36:2f:ea:3c:bc:97:c9:95:02:12:
                    10:89:c5:26:c9:90:fa:f6:0b:93:f0:cc:16:89:74:
                    b0:64:bc:c4:bb:5c:77:09:e0:e5:4b:58:ce:96:fe:
                    4a:1b:4b:45:c2:9c:93:7b:30:4b:bf:e4:85:6b:86:
                    0b:12:7c:96:85:15:47:b9:bf:b1:a8:94:e3:33:fd:
                    54:87:21:4c:e4:65:31:dc:80:13:5f:bd:a2:eb:cf:
                    3d:bc:9f:52:58:f0:a3:f7:ac:de:c1:55:2b:14:27:
                    a4:d8:17:8b:3f:97:37:14:f6:30:8d:48:85:96:59:
                    09:17:70:01:2d:e6:fb:a0:18:0e:37:e7:3d:f5:b0:
                    a2:4d:52:05:c6:86:8c:82:6b:6f:96:02:d7:3b:09:
                    67:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:A0:11:26:A6:BF:A2:40:CF:35:96:2C:11:86:C1:AA:18:BA:A1:A4
            X509v3 Authority Key Identifier:
                keyid:37:18:B7:34:34:9B:F3:27:D9:45:3B:96:50:1E:44:B1:92:E5:51:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/xKARJqa_okDPNZYsEYbBqhi6oaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:79:8e:d6:d4:d0:64:e4:33:78:e1:33:58:d6:64:f0:96:21:
         a8:36:09:99:90:51:48:ab:af:2b:15:93:6d:97:a3:76:7e:a4:
         6f:c1:5f:57:99:e1:67:0e:8a:25:dd:90:1e:91:79:ae:e7:4c:
         5e:1e:38:83:b2:57:00:5b:e8:76:52:86:8d:a4:85:ca:0b:b8:
         d8:45:8c:3d:f5:c4:34:13:48:16:20:05:55:ff:40:cf:59:45:
         d0:c5:b7:63:1b:f2:16:af:86:ed:a5:47:18:c9:9f:bf:b5:43:
         79:cf:c1:b4:c6:96:34:86:0a:bc:28:87:cd:d5:dc:91:97:bd:
         de:00:5b:47:3e:91:81:cb:34:e8:2c:68:43:4d:3c:67:87:86:
         c4:9a:9b:e7:d2:7f:fd:b0:d5:af:56:ac:d7:3c:aa:ea:d1:50:
         78:b6:84:04:95:9e:18:81:08:4f:26:70:7d:ae:54:10:9c:60:
         0b:d6:56:52:66:e8:ec:08:bb:83:c1:88:7d:7a:3f:34:63:a7:
         04:eb:1c:fd:08:ca:4c:5a:10:b3:55:56:e1:72:29:8c:27:e4:
         89:f8:4f:1e:90:16:1f:23:e5:8e:f3:1b:06:f5:66:7e:64:93:
         4e:ae:bd:b9:2b:32:fd:1b:03:af:24:97:a7:f4:91:4b:81:11:
         4c:d3:67:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijig7iJVcnXKhIzgMDqecMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MThiNzM0MzQ5YmYzMjdkOTQ1M2I5NjUwMWU0NGIxOTJl
NTUxNDIwHhcNMjUwMTAxMTU0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGEwMTEyNmE2YmZhMjQwY2YzNTk2MmMxMTg2YzFhYTE4YmFhMWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKYA5XEpOw8h1hhhNmI/+uJDJ8eb
JORBTvyozFfIVB8L4aFWMZN7ci/l2NXXdGCoFBHSXeyicK/scD/zR+9zn+tkGfOD
A16cqVfLuanYO/cmR1SshPeb6kYRK8l9USQk5t6LYDziAAkMaj3AiTYv6jy8l8mV
AhIQicUmyZD69guT8MwWiXSwZLzEu1x3CeDlS1jOlv5KG0tFwpyTezBLv+SFa4YL
EnyWhRVHub+xqJTjM/1UhyFM5GUx3IATX72i6889vJ9SWPCj96zewVUrFCek2BeL
P5c3FPYwjUiFllkJF3ABLeb7oBgON+c99bCiTVIFxoaMgmtvlgLXOwlndwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSgESamv6JAzzWWLBGGwaoYuqGkMB8GA1UdIwQY
MBaAFDcYtzQ0m/Mn2UU7llAeRLGS5VFCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnhpM05EU2I4eWZaUlR1V1VCNUVzWkxsVVVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YmY4YTgtZTQ5Yy00MDZlLThlYjct
YzgyM2NjOGYzODM3LzEveEtBUkpxYV9va0RQTlpZc0VZYkJxaGk2b2FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YmY4YTgtZTQ5Yy00MDZlLThlYjctYzgyM2NjOGYzODM3
LzEvTnhpM05EU2I4eWZaUlR1V1VCNUVzWkxsVVVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYQZMA0G
CSqGSIb3DQEBCwUAA4IBAQBseY7W1NBk5DN44TNY1mTwliGoNgmZkFFIq68rFZNt
l6N2fqRvwV9XmeFnDool3ZAekXmu50xeHjiDslcAW+h2UoaNpIXKC7jYRYw99cQ0
E0gWIAVV/0DPWUXQxbdjG/IWr4btpUcYyZ+/tUN5z8G0xpY0hgq8KIfN1dyRl73e
AFtHPpGByzToLGhDTTxnh4bEmpvn0n/9sNWvVqzXPKrq0VB4toQElZ4YgQhPJnB9
rlQQnGAL1lZSZujsCLuDwYh9ej80Y6cE6xz9CMpMWhCzVVbhcimMJ+SJ+E8ekBYf
I+WO8xsG9WZ+ZJNOrr25KzL9GwOvJJen9JFLgRFM02dF
-----END CERTIFICATE-----