Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/r5S-ydArr63Zw0HTZogwZDHaYvQ.roa
File:                     r5S-ydArr63Zw0HTZogwZDHaYvQ.roa (raw, json)
Hash identifier:          SZ15CUAbG/7okIjWK5fb0NUgHkxOTUMNwwLuvHLTw3U=
Subject key identifier:   AF:94:BE:C9:D0:2B:AF:AD:D9:C3:41:D3:66:88:30:64:31:DA:62:F4
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       01972F8A30900B372071D983B452889CF366
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/r5S-ydArr63Zw0HTZogwZDHaYvQ.roa
Signing time:             Mon 02 Jun 2025 07:27:54 +0000
ROA not before:           Mon 02 Jun 2025 07:27:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        45.146.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:2f:8a:30:90:0b:37:20:71:d9:83:b4:52:88:9c:f3:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jun  2 07:27:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af94bec9d02bafadd9c341d36688306431da62f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:48:ff:91:ef:c4:13:64:b4:32:5d:ae:03:17:
                    19:c3:cb:7c:56:56:bf:62:65:5f:33:cd:e8:3a:e3:
                    63:4d:4b:4e:23:77:4b:cc:72:d4:b1:8f:82:7a:84:
                    97:21:ff:33:07:bd:e8:91:e6:e9:6b:b2:fb:0b:9e:
                    39:4c:bb:73:48:66:5b:fd:07:64:f5:16:5b:d6:43:
                    16:85:fb:ee:00:af:6d:fc:cb:84:af:b0:54:94:18:
                    2e:12:24:91:3a:ee:1a:f5:a6:36:02:b6:eb:db:30:
                    14:92:fa:9b:86:4e:89:1e:63:9b:3e:3c:34:6f:ca:
                    3a:c6:2e:65:cc:66:e6:ba:30:3e:19:96:29:28:c5:
                    56:78:27:11:b4:35:74:58:5f:89:9d:5e:1e:2e:1a:
                    52:09:92:a4:47:c7:7f:2f:f6:ce:37:1a:e0:71:43:
                    1a:81:aa:80:f7:fb:31:42:fb:3f:fa:93:f0:5d:41:
                    a3:98:72:6d:ed:d2:5e:cc:58:12:09:82:e5:42:66:
                    f8:fd:06:04:1c:14:8b:06:53:4a:c4:df:6d:ce:8e:
                    5a:6e:e1:b1:94:56:3c:a2:d8:42:5e:ce:e6:d4:1c:
                    a5:0b:cb:c1:1b:59:7f:e1:53:1f:7f:15:cd:2d:39:
                    c7:d1:ae:6a:66:2b:48:6e:74:90:83:75:65:d4:39:
                    d0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:94:BE:C9:D0:2B:AF:AD:D9:C3:41:D3:66:88:30:64:31:DA:62:F4
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/r5S-ydArr63Zw0HTZogwZDHaYvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:c8:c0:ce:66:4a:73:d6:ec:e1:9c:1a:93:f8:bf:7b:31:a3:
         26:a1:aa:b2:8e:6e:77:4f:26:75:ae:6e:00:ba:f5:dc:0e:c2:
         6c:10:2c:25:00:a1:a6:8c:31:06:dc:d3:e2:d2:a8:87:ca:35:
         13:04:45:03:79:59:3f:08:b1:9c:e5:62:f7:94:39:12:3a:bc:
         55:67:f6:42:b4:9e:91:47:61:8c:ec:ba:68:11:14:ce:b2:b9:
         da:f2:bd:94:f5:8f:37:38:f0:6f:9a:e2:3d:e5:9f:d5:3d:1e:
         8a:40:ac:13:3b:0f:71:b3:ab:ea:69:57:3a:8c:6e:52:85:2a:
         56:9c:c4:4c:d5:d4:0b:44:c9:ea:d8:96:75:ce:43:7e:cd:e0:
         ec:96:83:04:61:b5:8a:fd:a6:bf:1a:ac:60:14:b8:aa:6f:c0:
         72:13:0a:f8:34:d1:57:c7:cd:12:36:e5:f0:74:a1:10:86:13:
         3e:dc:b4:2f:64:9e:50:fc:c3:e3:fb:c6:75:20:0b:63:b3:5c:
         0b:0f:e6:10:69:38:b4:d9:2d:50:e5:6f:13:92:a7:7e:73:d6:
         b7:f9:90:d4:a8:31:5e:fc:06:ff:be:c9:2a:61:d2:2a:2a:5c:
         db:6a:4d:18:70:e5:9d:88:69:7f:51:4b:77:d0:39:22:91:07:
         88:2c:e3:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcvijCQCzcgcdmDtFKInPNmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjUwNjAyMDcyNzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjk0YmVjOWQwMmJhZmFkZDljMzQxZDM2Njg4MzA2NDMxZGE2MmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Uj/ke/EE2S0Ml2uAxcZw8t8Vla/
YmVfM83oOuNjTUtOI3dLzHLUsY+CeoSXIf8zB73okebpa7L7C545TLtzSGZb/Qdk
9RZb1kMWhfvuAK9t/MuEr7BUlBguEiSROu4a9aY2Arbr2zAUkvqbhk6JHmObPjw0
b8o6xi5lzGbmujA+GZYpKMVWeCcRtDV0WF+JnV4eLhpSCZKkR8d/L/bONxrgcUMa
gaqA9/sxQvs/+pPwXUGjmHJt7dJezFgSCYLlQmb4/QYEHBSLBlNKxN9tzo5abuGx
lFY8othCXs7m1BylC8vBG1l/4VMffxXNLTnH0a5qZitIbnSQg3Vl1DnQqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK+UvsnQK6+t2cNB02aIMGQx2mL0MB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvcjVTLXlkQXJyNjNadzBIVFpvZ3daREhhWXZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZLLMA0G
CSqGSIb3DQEBCwUAA4IBAQAtyMDOZkpz1uzhnBqT+L97MaMmoaqyjm53TyZ1rm4A
uvXcDsJsECwlAKGmjDEG3NPi0qiHyjUTBEUDeVk/CLGc5WL3lDkSOrxVZ/ZCtJ6R
R2GM7LpoERTOsrna8r2U9Y83OPBvmuI95Z/VPR6KQKwTOw9xs6vqaVc6jG5ShSpW
nMRM1dQLRMnq2JZ1zkN+zeDsloMEYbWK/aa/GqxgFLiqb8ByEwr4NNFXx80SNuXw
dKEQhhM+3LQvZJ5Q/MPj+8Z1IAtjs1wLD+YQaTi02S1Q5W8Tkqd+c9a3+ZDUqDFe
/Ab/vskqYdIqKlzbak0YcOWdiGl/UUt30DkikQeILONP
-----END CERTIFICATE-----