Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/aI-_oTt6aFi0rGtdpFFsZSUUhnk.roa
File:                     aI-_oTt6aFi0rGtdpFFsZSUUhnk.roa (raw, json)
Hash identifier:          ZpzPh7grr/BmAU1ND5+d/vIuS1VNGFc3sngZPWDtPBs=
Subject key identifier:   68:8F:BF:A1:3B:7A:68:58:B4:AC:6B:5D:A4:51:6C:65:25:14:86:79
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       01942825AAB037603E1AF008E9B820D9EE8D
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/aI-_oTt6aFi0rGtdpFFsZSUUhnk.roa
Signing time:             Thu 02 Jan 2025 17:52:24 +0000
ROA not before:           Thu 02 Jan 2025 17:52:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51847
IP address blocks:        45.145.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:aa:b0:37:60:3e:1a:f0:08:e9:b8:20:d9:ee:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jan  2 17:52:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=688fbfa13b7a6858b4ac6b5da4516c6525148679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:82:5e:e6:2a:02:07:f3:56:3f:2e:29:bd:66:
                    d6:8d:f5:42:80:7f:78:f1:75:7e:b2:bf:bc:5b:a1:
                    a1:e3:ec:b5:f6:cb:a5:54:7a:2c:34:af:83:34:6c:
                    22:f2:11:55:d5:ee:ae:fd:ef:6b:41:cc:3a:f0:ae:
                    b2:ba:49:28:59:c7:5e:c8:3a:81:95:73:e2:13:49:
                    42:a2:37:48:bf:cc:38:80:48:0d:bb:49:23:0b:f4:
                    b5:c8:20:c6:4c:68:4e:77:ef:21:32:07:48:3f:8a:
                    a0:31:89:7d:9f:34:61:c1:b8:a6:e1:5c:6b:66:27:
                    1b:2d:f3:91:8d:26:cb:1e:cb:0a:18:cf:c7:6d:90:
                    a9:a6:19:97:46:a7:9c:e2:a8:9c:3b:c0:a1:f8:a5:
                    d8:14:87:d2:ef:41:14:ef:e3:7f:50:d3:f8:84:49:
                    75:78:67:2f:45:fe:bc:df:77:07:7c:eb:1d:3a:4f:
                    1e:c8:24:c5:5e:6a:a8:74:0c:72:62:5c:8a:d2:97:
                    b9:3b:a8:0b:de:54:3a:32:4e:08:59:84:b9:7c:52:
                    09:e4:55:64:9e:9b:1c:89:e4:71:db:66:e3:64:ab:
                    bc:26:32:06:87:c0:d1:db:b0:b6:88:70:16:67:1d:
                    dc:8c:e5:72:79:c1:5b:a1:7c:c1:ab:ec:18:3b:b1:
                    88:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:8F:BF:A1:3B:7A:68:58:B4:AC:6B:5D:A4:51:6C:65:25:14:86:79
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/aI-_oTt6aFi0rGtdpFFsZSUUhnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:f7:82:88:fd:49:f9:6b:6d:e2:9b:88:eb:ea:b7:fb:1a:dc:
         78:2b:5c:12:38:90:b4:3a:8a:a4:c6:3f:49:d1:85:1b:2e:aa:
         4b:b5:e1:d0:b4:38:c3:ad:16:0f:60:01:28:28:f4:38:15:4c:
         bd:ff:e0:43:25:d2:72:0b:94:fe:44:1c:f2:63:fc:06:f7:1c:
         09:6b:06:7c:6a:3d:13:30:18:86:47:7e:bb:24:36:52:21:96:
         fe:3b:53:ab:88:78:9f:f5:54:0b:c0:73:57:58:76:07:2b:8a:
         eb:16:0f:66:cf:42:1c:cd:cd:60:9b:07:a9:7c:51:b5:0f:2b:
         9a:a5:86:8b:dd:a9:8f:5c:e5:8a:05:75:2c:28:ce:8f:b7:df:
         44:1c:6c:79:8e:93:fc:90:60:71:7b:79:d5:30:61:aa:2e:19:
         ea:dd:5d:92:ac:e2:9a:61:04:b4:00:18:91:95:58:d3:4d:6b:
         14:db:83:b5:c8:a2:e3:bd:f2:82:dc:81:d7:f6:24:66:bf:de:
         42:cc:b2:86:5e:55:4d:5a:38:38:be:5b:8c:36:71:a4:a0:3e:
         28:f0:f9:a7:30:5a:e6:35:e7:51:ee:f9:0f:d3:b0:1c:00:4a:
         27:ad:fa:7d:81:42:b2:f3:b1:30:a9:88:af:28:69:8a:14:ea:
         26:dc:9d:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJaqwN2A+GvAI6bgg2e6NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjUwMTAyMTc1MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODhmYmZhMTNiN2E2ODU4YjRhYzZiNWRhNDUxNmM2NTI1MTQ4Njc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYJe5ioCB/NWPy4pvWbWjfVCgH94
8XV+sr+8W6Gh4+y19sulVHosNK+DNGwi8hFV1e6u/e9rQcw68K6yukkoWcdeyDqB
lXPiE0lCojdIv8w4gEgNu0kjC/S1yCDGTGhOd+8hMgdIP4qgMYl9nzRhwbim4Vxr
ZicbLfORjSbLHssKGM/HbZCpphmXRqec4qicO8Ch+KXYFIfS70EU7+N/UNP4hEl1
eGcvRf6833cHfOsdOk8eyCTFXmqodAxyYlyK0pe5O6gL3lQ6Mk4IWYS5fFIJ5FVk
npscieRx22bjZKu8JjIGh8DR27C2iHAWZx3cjOVyecFboXzBq+wYO7GI6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGiPv6E7emhYtKxrXaRRbGUlFIZ5MB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvYUktX29UdDZhRmkwckd0ZHBGRnNaU1VVaG5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGaMA0G
CSqGSIb3DQEBCwUAA4IBAQA494KI/Un5a23im4jr6rf7Gtx4K1wSOJC0Ooqkxj9J
0YUbLqpLteHQtDjDrRYPYAEoKPQ4FUy9/+BDJdJyC5T+RBzyY/wG9xwJawZ8aj0T
MBiGR367JDZSIZb+O1OriHif9VQLwHNXWHYHK4rrFg9mz0Iczc1gmwepfFG1Dyua
pYaL3amPXOWKBXUsKM6Pt99EHGx5jpP8kGBxe3nVMGGqLhnq3V2SrOKaYQS0ABiR
lVjTTWsU24O1yKLjvfKC3IHX9iRmv95CzLKGXlVNWjg4vluMNnGkoD4o8PmnMFrm
NedR7vkP07AcAEonrfp9gUKy87EwqYivKGmKFOom3J0v
-----END CERTIFICATE-----