Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/1cfce6-35f5-4c6e-882a-6eb14e5d0f85/1/kq5SAmqmeMe2Ig4Z9dIqFH8w6Z8.roa
File:                     kq5SAmqmeMe2Ig4Z9dIqFH8w6Z8.roa (raw, json)
Hash identifier:          /yqMmM+b3VZsmMvFSwqkiYcIhW0KAVXfHmCiSWci3G4=
Subject key identifier:   92:AE:52:02:6A:A6:78:C7:B6:22:0E:19:F5:D2:2A:14:7F:30:E9:9F
Certificate issuer:       /CN=269580771c1f1b22292d771cd12fcfbbf621baf1
Certificate serial:       019425FC329DEF3FADB04C424B64E016E19B
Authority key identifier: 26:95:80:77:1C:1F:1B:22:29:2D:77:1C:D1:2F:CF:BB:F6:21:BA:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JpWAdxwfGyIpLXcc0S_Pu_YhuvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/1cfce6-35f5-4c6e-882a-6eb14e5d0f85/1/kq5SAmqmeMe2Ig4Z9dIqFH8w6Z8.roa
Signing time:             Thu 02 Jan 2025 07:47:52 +0000
ROA not before:           Thu 02 Jan 2025 07:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        45.154.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/1cfce6-35f5-4c6e-882a-6eb14e5d0f85/1/JpWAdxwfGyIpLXcc0S_Pu_YhuvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/1cfce6-35f5-4c6e-882a-6eb14e5d0f85/1/JpWAdxwfGyIpLXcc0S_Pu_YhuvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JpWAdxwfGyIpLXcc0S_Pu_YhuvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:32:9d:ef:3f:ad:b0:4c:42:4b:64:e0:16:e1:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=269580771c1f1b22292d771cd12fcfbbf621baf1
        Validity
            Not Before: Jan  2 07:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92ae52026aa678c7b6220e19f5d22a147f30e99f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:df:22:9a:74:4d:9b:aa:d4:3a:3d:c4:f3:f7:
                    02:0f:03:1c:6c:b3:b9:a4:ef:24:14:54:ec:a9:9d:
                    43:50:23:d1:69:d0:38:59:29:79:e2:ba:b1:87:dd:
                    2b:7f:f9:0d:5b:61:ff:bd:55:aa:08:f5:17:64:fb:
                    a0:7c:7e:f8:d4:ea:fd:02:62:06:af:5b:68:6c:87:
                    94:f7:c7:67:93:19:f6:a1:0b:e1:07:db:8e:a4:0e:
                    e9:b5:8e:84:20:3f:71:a6:6a:b4:07:e8:a3:f7:38:
                    07:fc:06:1f:cc:62:c9:cd:f5:cb:ed:16:b3:ff:88:
                    3c:ce:14:7a:e8:1d:2f:9f:ae:91:f3:f4:a9:68:f9:
                    ff:7e:14:7a:15:81:6a:54:de:e6:c4:7c:15:e7:b0:
                    1b:93:44:60:fc:78:5d:e7:e8:62:39:ec:66:12:c5:
                    13:2c:00:83:9e:d1:4d:ad:03:43:00:47:6d:c0:51:
                    d5:78:4c:de:e5:eb:9e:4f:b5:e2:66:8d:69:76:53:
                    69:a4:c3:2e:49:ff:93:98:3d:6e:56:5f:a8:13:65:
                    7a:8e:80:39:80:e5:c8:2a:f2:0c:c3:1b:60:a6:8f:
                    c3:4b:02:d8:da:00:bd:f1:6c:e5:84:41:fa:77:0f:
                    eb:21:db:9b:1b:a0:f4:fa:31:3b:f6:4a:cb:0b:d8:
                    6e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:AE:52:02:6A:A6:78:C7:B6:22:0E:19:F5:D2:2A:14:7F:30:E9:9F
            X509v3 Authority Key Identifier:
                keyid:26:95:80:77:1C:1F:1B:22:29:2D:77:1C:D1:2F:CF:BB:F6:21:BA:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JpWAdxwfGyIpLXcc0S_Pu_YhuvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1cfce6-35f5-4c6e-882a-6eb14e5d0f85/1/kq5SAmqmeMe2Ig4Z9dIqFH8w6Z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1cfce6-35f5-4c6e-882a-6eb14e5d0f85/1/JpWAdxwfGyIpLXcc0S_Pu_YhuvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:6f:d6:6e:14:7a:c0:0c:ef:ff:b5:c0:34:f7:91:f9:a5:b8:
         7e:a8:30:92:30:90:33:a5:23:c7:2a:16:3d:a3:b8:95:8a:d0:
         89:6f:e7:dd:03:57:01:4b:bf:87:55:f8:fb:cb:31:a8:62:3d:
         5e:0d:c3:68:3a:58:66:91:46:fa:19:7b:48:b1:27:b1:17:65:
         61:40:ce:04:c9:0e:33:77:34:7b:c7:8a:0a:05:15:d6:a0:40:
         52:68:3a:35:44:51:5f:0a:ca:2f:77:e6:37:c0:25:ca:32:11:
         43:c1:c4:8e:08:2c:aa:26:ec:1d:d6:8e:4b:fc:32:a8:37:39:
         49:54:e4:8a:93:e6:16:59:2a:36:0c:63:2b:2a:55:ae:cf:3f:
         df:42:24:60:31:23:f9:31:e9:16:41:ec:35:55:71:df:89:15:
         b7:f7:cc:0d:66:9f:8a:9b:51:ca:1d:5f:fa:a1:21:df:01:08:
         3e:33:96:a9:9a:22:62:57:1a:d8:c2:a0:36:58:bd:3c:87:78:
         4f:ca:66:cd:d0:d2:5f:4a:3b:10:85:45:31:84:48:ed:d5:5c:
         20:ed:1c:cd:0c:60:bd:17:e8:80:fe:22:30:25:21:10:b1:8d:
         8b:04:d0:40:c3:51:c7:5c:e0:f1:71:e9:2a:d6:a8:5b:c8:5e:
         4a:f6:f7:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/DKd7z+tsExCS2TgFuGbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2OTU4MDc3MWMxZjFiMjIyOTJkNzcxY2QxMmZjZmJiZjYy
MWJhZjEwHhcNMjUwMTAyMDc0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmFlNTIwMjZhYTY3OGM3YjYyMjBlMTlmNWQyMmExNDdmMzBlOTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmt8imnRNm6rUOj3E8/cCDwMcbLO5
pO8kFFTsqZ1DUCPRadA4WSl54rqxh90rf/kNW2H/vVWqCPUXZPugfH741Or9AmIG
r1tobIeU98dnkxn2oQvhB9uOpA7ptY6EID9xpmq0B+ij9zgH/AYfzGLJzfXL7Raz
/4g8zhR66B0vn66R8/SpaPn/fhR6FYFqVN7mxHwV57Abk0Rg/Hhd5+hiOexmEsUT
LACDntFNrQNDAEdtwFHVeEze5eueT7XiZo1pdlNppMMuSf+TmD1uVl+oE2V6joA5
gOXIKvIMwxtgpo/DSwLY2gC98WzlhEH6dw/rIdubG6D0+jE79krLC9hu9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKuUgJqpnjHtiIOGfXSKhR/MOmfMB8GA1UdIwQY
MBaAFCaVgHccHxsiKS13HNEvz7v2IbrxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnBXQWR4d2ZHeUlwTFhjYzBTX1B1X1lodXZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8xY2ZjZTYtMzVmNS00YzZlLTg4MmEt
NmViMTRlNWQwZjg1LzEva3E1U0FtcW1lTWUySWc0WjlkSXFGSDh3Nlo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8xY2ZjZTYtMzVmNS00YzZlLTg4MmEtNmViMTRlNWQwZjg1
LzEvSnBXQWR4d2ZHeUlwTFhjYzBTX1B1X1lodXZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZrwMA0G
CSqGSIb3DQEBCwUAA4IBAQAIb9ZuFHrADO//tcA095H5pbh+qDCSMJAzpSPHKhY9
o7iVitCJb+fdA1cBS7+HVfj7yzGoYj1eDcNoOlhmkUb6GXtIsSexF2VhQM4EyQ4z
dzR7x4oKBRXWoEBSaDo1RFFfCsovd+Y3wCXKMhFDwcSOCCyqJuwd1o5L/DKoNzlJ
VOSKk+YWWSo2DGMrKlWuzz/fQiRgMSP5MekWQew1VXHfiRW398wNZp+Km1HKHV/6
oSHfAQg+M5apmiJiVxrYwqA2WL08h3hPymbN0NJfSjsQhUUxhEjt1Vwg7RzNDGC9
F+iA/iIwJSEQsY2LBNBAw1HHXODxcekq1qhbyF5K9vdj
-----END CERTIFICATE-----