Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/4nM4rBv9VVZiBpLQiIbQsg6NSx0.roa
File:                     4nM4rBv9VVZiBpLQiIbQsg6NSx0.roa (raw, json)
Hash identifier:          pcYAXIo8mN5119CAEJXDu1uZ7LPPD2vqAMHmgIZuOWM=
Subject key identifier:   E2:73:38:AC:1B:FD:55:56:62:06:92:D0:88:86:D0:B2:0E:8D:4B:1D
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       01942825AC63C35ACC6A7848A9EF3F03395F
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/4nM4rBv9VVZiBpLQiIbQsg6NSx0.roa
Signing time:             Thu 02 Jan 2025 17:52:25 +0000
ROA not before:           Thu 02 Jan 2025 17:52:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198100
IP address blocks:        45.145.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 09:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:ac:63:c3:5a:cc:6a:78:48:a9:ef:3f:03:39:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jan  2 17:52:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e27338ac1bfd5556620692d08886d0b20e8d4b1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:27:8d:c1:11:6c:db:1b:15:03:17:db:58:41:
                    13:14:55:62:6c:bc:7c:35:68:1b:80:e5:90:de:36:
                    20:a5:51:14:3a:75:c9:73:9d:35:f9:d6:8c:57:6c:
                    1f:54:01:71:d7:1b:06:98:63:df:0c:f8:dd:5a:9a:
                    17:a3:3e:82:13:c8:81:62:2a:4c:3e:92:71:06:73:
                    29:2e:b8:df:9a:98:e0:2f:c6:e5:fd:5e:64:1a:50:
                    d7:c0:10:a0:14:18:2c:c7:64:11:7b:7b:33:40:b3:
                    00:93:5f:fb:76:cb:18:ea:3c:ee:8e:af:48:58:82:
                    02:5c:22:4e:3b:6b:75:be:4c:0f:27:24:f4:61:18:
                    9b:bc:cf:97:92:6d:7e:c9:64:a4:48:3b:eb:16:d5:
                    dd:a0:88:c6:b1:57:7b:f9:03:94:8f:5c:16:43:66:
                    71:26:e8:f5:7a:12:d1:a5:cc:04:8f:18:fe:a0:91:
                    9c:e3:25:ed:41:55:c0:59:4f:b3:1e:a9:3b:b7:9f:
                    11:23:b0:1c:28:aa:74:9b:b9:c6:fc:93:2f:f7:56:
                    a3:7d:2c:2e:9c:2a:8a:a3:f3:9b:8c:ba:6b:6c:ea:
                    32:fa:0e:5e:20:f2:5b:49:12:63:82:3e:fc:bf:8d:
                    b4:10:0e:20:d2:6d:2a:dd:df:4b:51:23:5a:73:80:
                    99:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:73:38:AC:1B:FD:55:56:62:06:92:D0:88:86:D0:B2:0E:8D:4B:1D
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/4nM4rBv9VVZiBpLQiIbQsg6NSx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:72:2a:3a:21:17:68:6d:74:07:14:5d:24:bd:e3:24:03:33:
         63:0e:f5:70:a7:1f:6c:79:7a:cb:b7:4c:7b:2d:aa:10:bf:ef:
         4e:d2:bc:6a:80:ce:f7:cb:4d:42:37:65:ea:b6:92:6e:ee:21:
         ad:67:9e:bf:f1:62:74:27:52:4e:00:e0:32:21:08:67:60:d5:
         4f:29:51:3f:a9:b6:ce:ba:21:30:3e:5e:e9:95:e1:f9:b7:b7:
         a1:9f:1e:3e:85:0a:d9:c0:04:29:a9:62:3f:26:64:05:80:d2:
         05:89:df:49:dc:7a:c9:b0:fe:c7:a6:b9:21:b8:a1:5a:5e:92:
         bc:3c:c0:63:1a:99:7e:d6:2b:14:60:a1:e5:53:35:ad:11:57:
         ae:55:9d:21:32:1e:af:72:c3:66:07:90:37:16:e6:5d:60:83:
         6c:bf:6e:e1:12:b1:0a:58:84:b2:7f:78:3a:f1:8c:28:f0:be:
         fa:f9:22:f0:ba:20:1e:5c:6c:13:d1:88:e3:25:e7:36:89:69:
         66:04:ee:18:1a:bb:6b:1f:41:fb:e9:1b:41:01:14:e2:26:e7:
         10:0b:ea:19:4d:12:04:3d:03:0b:76:a9:89:9e:5f:a5:8e:f0:
         d3:dc:78:5d:af:81:e9:f1:ad:d8:dd:3a:d1:5a:76:b3:ae:31:
         c7:75:fc:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJaxjw1rManhIqe8/AzlfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjUwMTAyMTc1MjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjczMzhhYzFiZmQ1NTU2NjIwNjkyZDA4ODg2ZDBiMjBlOGQ0YjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSeNwRFs2xsVAxfbWEETFFVibLx8
NWgbgOWQ3jYgpVEUOnXJc501+daMV2wfVAFx1xsGmGPfDPjdWpoXoz6CE8iBYipM
PpJxBnMpLrjfmpjgL8bl/V5kGlDXwBCgFBgsx2QRe3szQLMAk1/7dssY6jzujq9I
WIICXCJOO2t1vkwPJyT0YRibvM+Xkm1+yWSkSDvrFtXdoIjGsVd7+QOUj1wWQ2Zx
Juj1ehLRpcwEjxj+oJGc4yXtQVXAWU+zHqk7t58RI7AcKKp0m7nG/JMv91ajfSwu
nCqKo/ObjLprbOoy+g5eIPJbSRJjgj78v420EA4g0m0q3d9LUSNac4CZ1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJzOKwb/VVWYgaS0IiG0LIOjUsdMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvNG5NNHJCdjlWVlppQnBMUWlJYlFzZzZOU3gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGaMA0G
CSqGSIb3DQEBCwUAA4IBAQBucio6IRdobXQHFF0kveMkAzNjDvVwpx9seXrLt0x7
LaoQv+9O0rxqgM73y01CN2XqtpJu7iGtZ56/8WJ0J1JOAOAyIQhnYNVPKVE/qbbO
uiEwPl7pleH5t7ehnx4+hQrZwAQpqWI/JmQFgNIFid9J3HrJsP7HprkhuKFaXpK8
PMBjGpl+1isUYKHlUzWtEVeuVZ0hMh6vcsNmB5A3FuZdYINsv27hErEKWISyf3g6
8Ywo8L76+SLwuiAeXGwT0YjjJec2iWlmBO4YGrtrH0H76RtBARTiJucQC+oZTRIE
PQMLdqmJnl+ljvDT3Hhdr4Hp8a3Y3TrRWnazrjHHdfx5
-----END CERTIFICATE-----