Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/ruY7n1D9cAaf_aNsuAFKpSkEn90.roa
File:                     ruY7n1D9cAaf_aNsuAFKpSkEn90.roa (raw, json)
Hash identifier:          iF7yWJ9yULuaJcnv62fja14BHo/HkbBE43s+ysMeZAE=
Subject key identifier:   AE:E6:3B:9F:50:FD:70:06:9F:FD:A3:6C:B8:01:4A:A5:29:04:9F:DD
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       01942825A9AB45E621CA15040E2D48B0E0CF
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/ruY7n1D9cAaf_aNsuAFKpSkEn90.roa
Signing time:             Thu 02 Jan 2025 17:52:24 +0000
ROA not before:           Thu 02 Jan 2025 17:52:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        45.145.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:a9:ab:45:e6:21:ca:15:04:0e:2d:48:b0:e0:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jan  2 17:52:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aee63b9f50fd70069ffda36cb8014aa529049fdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:1d:75:ce:50:f6:3e:fd:03:be:a3:43:0f:bf:
                    aa:56:00:14:91:a4:9d:1e:1e:3d:ac:d3:33:d9:53:
                    3d:81:06:ce:38:b6:a3:ac:73:7e:3e:9b:8d:6b:df:
                    27:07:ad:a4:57:32:3c:a2:eb:4d:d9:68:3b:1b:6e:
                    25:13:ea:42:f7:d0:1f:51:c2:05:0e:f8:05:10:ea:
                    93:de:c6:54:56:22:5b:26:38:ca:c3:9a:67:a1:eb:
                    ac:07:a8:1e:f2:9a:cf:4c:fd:04:dd:ab:4e:39:4c:
                    a2:b0:f6:85:78:e2:fb:83:09:28:73:04:a8:7c:ea:
                    a3:c0:4c:8a:a4:c3:db:cb:18:fd:7f:85:27:b0:0f:
                    59:b6:aa:c7:79:cd:0b:24:51:ef:71:3a:ce:21:c0:
                    52:d3:6b:52:71:44:d2:9f:b9:e9:b0:c3:8f:2e:92:
                    41:75:c8:90:a8:7f:8a:8e:4e:db:eb:ac:13:fe:4a:
                    b9:e5:36:c7:f2:14:31:d6:d0:f5:f7:83:4b:56:70:
                    09:79:e4:0e:b5:9a:5c:1c:b3:e5:52:68:3f:7a:8e:
                    73:e3:61:1f:47:48:c9:a4:e1:e6:98:3e:2d:e8:6b:
                    af:0a:b3:76:fd:56:c5:29:5b:b0:57:77:06:cc:74:
                    6c:ff:50:f9:8a:80:7f:16:35:57:cc:90:48:a4:4a:
                    88:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:E6:3B:9F:50:FD:70:06:9F:FD:A3:6C:B8:01:4A:A5:29:04:9F:DD
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/ruY7n1D9cAaf_aNsuAFKpSkEn90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:39:6b:9c:2c:9f:85:41:4c:04:70:2a:d4:97:72:91:ba:b9:
         3c:80:69:b1:6d:ad:16:68:fc:15:2b:76:8b:e6:84:fb:1b:60:
         66:e1:63:c3:a7:48:15:e7:65:41:62:91:e8:21:3e:64:ce:bc:
         4f:4c:76:a3:30:a6:9f:9e:d4:f3:4e:40:36:80:55:8b:2b:6c:
         13:1e:79:0d:39:f6:14:61:ab:fa:6b:88:69:4c:3b:26:6d:54:
         17:48:fb:6a:e9:6c:fa:73:92:f1:eb:57:ae:9c:31:8c:87:15:
         4d:73:b6:46:49:06:7f:17:2e:7f:a8:68:b4:95:02:2f:6f:bd:
         dd:9a:7a:2e:46:f3:3d:66:4c:af:39:dd:b6:05:80:65:2d:71:
         16:05:30:e3:83:34:e3:1d:d7:45:e7:e0:23:6f:e3:3c:d2:e4:
         ba:46:7e:a1:14:77:2c:3c:32:39:0e:6f:68:29:9e:40:04:d8:
         fb:1e:b6:80:b7:62:bc:1d:99:8b:d9:56:1e:6a:33:cd:50:bc:
         54:96:5f:15:a6:9a:47:a1:cb:d7:27:b8:33:1a:3f:4f:46:ea:
         ab:ef:8b:9d:a6:0a:9b:d6:69:d1:39:65:2f:7f:ab:98:b5:6b:
         81:15:10:30:a4:1d:21:42:9a:17:99:0d:af:ce:44:b9:d4:67:
         a0:ff:43:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJamrReYhyhUEDi1IsODPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjUwMTAyMTc1MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWU2M2I5ZjUwZmQ3MDA2OWZmZGEzNmNiODAxNGFhNTI5MDQ5ZmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1x11zlD2Pv0DvqNDD7+qVgAUkaSd
Hh49rNMz2VM9gQbOOLajrHN+PpuNa98nB62kVzI8outN2Wg7G24lE+pC99AfUcIF
DvgFEOqT3sZUViJbJjjKw5pnoeusB6ge8prPTP0E3atOOUyisPaFeOL7gwkocwSo
fOqjwEyKpMPbyxj9f4UnsA9ZtqrHec0LJFHvcTrOIcBS02tScUTSn7npsMOPLpJB
dciQqH+Kjk7b66wT/kq55TbH8hQx1tD194NLVnAJeeQOtZpcHLPlUmg/eo5z42Ef
R0jJpOHmmD4t6GuvCrN2/VbFKVuwV3cGzHRs/1D5ioB/FjVXzJBIpEqIIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK7mO59Q/XAGn/2jbLgBSqUpBJ/dMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvcnVZN24xRDljQWFmX2FOc3VBRktwU2tFbjkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGYMA0G
CSqGSIb3DQEBCwUAA4IBAQB0OWucLJ+FQUwEcCrUl3KRurk8gGmxba0WaPwVK3aL
5oT7G2Bm4WPDp0gV52VBYpHoIT5kzrxPTHajMKafntTzTkA2gFWLK2wTHnkNOfYU
Yav6a4hpTDsmbVQXSPtq6Wz6c5Lx61eunDGMhxVNc7ZGSQZ/Fy5/qGi0lQIvb73d
mnouRvM9ZkyvOd22BYBlLXEWBTDjgzTjHddF5+Ajb+M80uS6Rn6hFHcsPDI5Dm9o
KZ5ABNj7HraAt2K8HZmL2VYeajPNULxUll8VpppHocvXJ7gzGj9PRuqr74udpgqb
1mnROWUvf6uYtWuBFRAwpB0hQpoXmQ2vzkS51Geg/0O9
-----END CERTIFICATE-----