Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/JaMjI6MRt61i-U8Ah9BL2hXtGtw.roa
File:                     JaMjI6MRt61i-U8Ah9BL2hXtGtw.roa (raw, json)
Hash identifier:          g4r9CmK95RqjuD6erF1cr+enD7qzkF1W+ljOaYvHdu8=
Subject key identifier:   25:A3:23:23:A3:11:B7:AD:62:F9:4F:00:87:D0:4B:DA:15:ED:1A:DC
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       0192E7E3D7A90CCE9340BCFE9BFCB68FCE17
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/JaMjI6MRt61i-U8Ah9BL2hXtGtw.roa
Signing time:             Fri 01 Nov 2024 13:22:01 +0000
ROA not before:           Fri 01 Nov 2024 13:22:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        45.137.196.0/24 maxlen: 24
                          45.137.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e7:e3:d7:a9:0c:ce:93:40:bc:fe:9b:fc:b6:8f:ce:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Nov  1 13:22:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25a32323a311b7ad62f94f0087d04bda15ed1adc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f6:a5:8f:38:7c:10:d9:fd:0b:a0:7a:2d:ad:
                    83:ed:15:a9:ae:7b:56:f4:83:ae:b4:d5:d3:ea:de:
                    cd:86:4a:76:12:60:37:ef:1d:0c:e2:88:83:b4:1c:
                    1f:8e:93:04:a7:08:e3:83:5d:1f:3c:f6:d9:a8:2f:
                    ca:88:dd:b2:2d:de:d6:40:37:1f:fd:29:1f:6f:fd:
                    1c:1d:72:d5:4e:94:9f:f5:2e:25:7a:b4:c5:6c:6a:
                    bb:d7:8a:7c:63:98:38:ad:81:b7:7e:89:91:a7:56:
                    36:d4:9e:cc:fd:26:61:51:c7:17:19:31:fb:48:80:
                    21:1a:e8:a0:9a:59:f2:dc:d8:c7:a5:5c:a7:89:c4:
                    a1:ea:7f:02:75:03:0d:04:b0:0e:ec:1d:ff:30:03:
                    65:f4:c7:e4:a8:a7:41:55:83:5e:f9:43:ba:27:cd:
                    b8:84:5a:71:b1:cf:ce:08:6c:04:d3:e0:0e:7e:b2:
                    43:8f:6a:3e:13:4c:9c:55:10:8a:21:1a:be:99:c7:
                    4e:45:94:ff:ef:70:be:8b:15:50:de:6e:d0:ea:08:
                    8d:de:3f:e2:62:b1:34:d0:ca:fd:7d:d6:b3:2e:02:
                    f7:4e:f4:8f:36:78:4f:93:14:da:84:1a:9a:88:c5:
                    7f:3d:ca:63:8c:4a:4f:d2:89:67:02:67:5e:59:96:
                    bb:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:A3:23:23:A3:11:B7:AD:62:F9:4F:00:87:D0:4B:DA:15:ED:1A:DC
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/JaMjI6MRt61i-U8Ah9BL2hXtGtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:ea:77:b1:f1:73:04:93:3f:28:11:14:1e:5d:27:8e:24:46:
         fa:51:0b:5f:54:3b:96:81:48:a6:21:36:10:1b:48:52:f3:76:
         28:20:15:19:0b:5f:5e:e3:6d:62:7a:f0:98:ea:96:9e:be:ab:
         47:1c:00:75:82:cc:07:74:ca:02:1f:48:3e:36:bc:31:f7:1b:
         8e:37:40:ab:14:d8:1c:ca:51:b1:e1:a0:8d:da:78:ac:2a:e1:
         55:cf:c9:0b:da:bd:50:00:7f:41:d7:fa:75:29:9a:64:6a:24:
         8d:4f:9d:ae:c4:c9:40:6a:b7:11:7d:9f:1e:4d:b6:bb:d3:f8:
         4e:66:af:8b:f3:5a:29:b7:24:e9:d6:1d:bb:e2:e8:b1:80:60:
         a3:b0:04:fb:b4:48:2c:58:6c:9c:ca:34:13:49:24:68:d9:f5:
         05:f0:02:42:2a:35:45:d7:e5:e8:78:e1:2f:13:7e:9a:f5:b3:
         a3:27:31:2b:20:37:29:39:7b:1e:2b:81:b1:9a:10:0e:63:b3:
         a1:89:27:c2:1e:c5:a2:9f:2a:ac:7d:3e:ed:b1:07:17:c7:0b:
         69:41:fa:28:ad:4f:c4:b2:e8:25:cc:62:73:ce:13:5d:84:41:
         13:bb:e1:7a:37:00:bd:e9:72:c9:87:3f:94:c8:22:8c:4d:b1:
         0a:92:23:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLn49epDM6TQLz+m/y2j84XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQxMTAxMTMyMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWEzMjMyM2EzMTFiN2FkNjJmOTRmMDA4N2QwNGJkYTE1ZWQxYWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPaljzh8ENn9C6B6La2D7RWprntW
9IOutNXT6t7Nhkp2EmA37x0M4oiDtBwfjpMEpwjjg10fPPbZqC/KiN2yLd7WQDcf
/Skfb/0cHXLVTpSf9S4lerTFbGq714p8Y5g4rYG3fomRp1Y21J7M/SZhUccXGTH7
SIAhGuigmlny3NjHpVynicSh6n8CdQMNBLAO7B3/MANl9MfkqKdBVYNe+UO6J824
hFpxsc/OCGwE0+AOfrJDj2o+E0ycVRCKIRq+mcdORZT/73C+ixVQ3m7Q6giN3j/i
YrE00Mr9fdazLgL3TvSPNnhPkxTahBqaiMV/PcpjjEpP0olnAmdeWZa7EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWjIyOjEbetYvlPAIfQS9oV7RrcMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvSmFNakk2TVJ0NjFpLVU4QWg5QkwyaFh0R3R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYnEMA0G
CSqGSIb3DQEBCwUAA4IBAQAX6nex8XMEkz8oERQeXSeOJEb6UQtfVDuWgUimITYQ
G0hS83YoIBUZC19e421ievCY6paevqtHHAB1gswHdMoCH0g+Nrwx9xuON0CrFNgc
ylGx4aCN2nisKuFVz8kL2r1QAH9B1/p1KZpkaiSNT52uxMlAarcRfZ8eTba70/hO
Zq+L81optyTp1h274uixgGCjsAT7tEgsWGycyjQTSSRo2fUF8AJCKjVF1+XoeOEv
E36a9bOjJzErIDcpOXseK4GxmhAOY7OhiSfCHsWinyqsfT7tsQcXxwtpQfoorU/E
suglzGJzzhNdhEETu+F6NwC96XLJhz+UyCKMTbEKkiOV
-----END CERTIFICATE-----