Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/Pt1QD7y_iBlmwoiIkgeNIOvpGek.roa
File:                     Pt1QD7y_iBlmwoiIkgeNIOvpGek.roa (raw, json)
Hash identifier:          MofkTC/kzesQYqgQFlEBUQx3qh820YFDnkhw3IlcdSU=
Subject key identifier:   3E:DD:50:0F:BC:BF:88:19:66:C2:88:88:92:07:8D:20:EB:E9:19:E9
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019427B39A7879C34EFFDE266B62105D9163
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/Pt1QD7y_iBlmwoiIkgeNIOvpGek.roa
Signing time:             Thu 02 Jan 2025 15:47:49 +0000
ROA not before:           Thu 02 Jan 2025 15:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        45.86.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:9a:78:79:c3:4e:ff:de:26:6b:62:10:5d:91:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 15:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3edd500fbcbf881966c2888892078d20ebe919e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:51:74:b8:8b:a9:67:84:d7:da:9a:b2:30:6b:
                    c4:8c:09:0a:fe:ff:72:3f:18:68:93:5b:5c:df:e5:
                    15:9e:c3:df:12:54:6c:08:8a:cf:a2:73:14:72:51:
                    a6:4a:cd:bd:47:5d:e7:d2:cc:2e:72:a0:63:83:a8:
                    a0:9c:46:9b:c4:6f:9a:bd:2a:2f:4f:9a:e2:29:3e:
                    72:6e:ba:51:ba:d6:b5:8e:d0:3e:17:3d:d6:cb:d2:
                    6a:a4:5d:38:e3:8a:d8:a0:50:1e:d9:6b:7b:5a:d4:
                    79:dd:5e:7d:99:e7:80:3b:60:a7:c4:d5:43:57:68:
                    78:58:ae:68:a8:d4:e5:27:c5:7b:8f:66:81:e8:04:
                    fb:67:6b:69:ef:65:08:6e:02:0b:f0:03:c0:1d:65:
                    a7:36:a7:cc:4d:e7:07:24:70:90:a6:cb:52:98:20:
                    3b:77:68:38:c7:d6:73:75:2c:9a:d6:09:af:88:43:
                    da:27:4e:ec:f9:bf:3c:be:a5:10:9b:a8:fa:bb:86:
                    f5:2c:e0:c1:c3:94:73:a5:7c:d1:50:14:41:db:47:
                    9c:e8:a1:1d:dd:2c:25:3a:82:ea:5d:d2:b8:ff:8f:
                    f1:e7:ba:ff:6b:ad:dd:ee:7f:ef:da:e0:21:eb:c9:
                    e2:ac:b3:23:43:cf:1b:1c:03:17:b9:ed:4f:fb:92:
                    8a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:DD:50:0F:BC:BF:88:19:66:C2:88:88:92:07:8D:20:EB:E9:19:E9
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/Pt1QD7y_iBlmwoiIkgeNIOvpGek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:ab:59:f0:a1:d7:63:13:0b:41:52:48:46:c8:70:e8:27:96:
         5c:a6:ea:17:5f:c5:ec:82:9b:28:43:ab:f0:4b:44:7e:4b:3e:
         c2:88:a1:f9:4b:93:f2:6e:3d:df:bd:02:17:c3:14:10:12:c0:
         c5:f5:20:c8:ef:dd:26:34:97:a9:0d:c9:5c:16:6b:d0:3a:77:
         9b:d7:01:d2:10:4f:1a:a2:00:dc:34:95:c8:5b:41:51:6e:b5:
         17:f4:c5:b8:67:13:15:74:24:98:32:c5:d6:4f:b6:db:3f:48:
         ec:7c:91:4b:0b:70:f0:ca:91:f6:87:89:c0:d9:9f:79:a2:d1:
         e7:af:18:1e:13:18:50:91:a8:64:c0:22:56:33:bf:93:92:43:
         40:1a:81:72:e5:a9:d0:df:98:6b:4d:29:7f:9e:72:82:ea:08:
         56:74:2a:e7:d2:3c:34:58:9f:04:34:c6:3c:da:fc:31:53:2d:
         84:0b:87:b3:41:08:10:9b:0e:c1:f8:73:8f:df:c1:2f:0a:61:
         ab:8c:40:2d:56:27:40:2a:8c:ea:5c:7e:b7:d1:71:b8:7b:36:
         21:9e:f3:20:3b:fc:b8:97:63:21:50:dc:5d:96:3c:b8:ba:84:
         38:4f:56:35:3d:e5:30:16:6d:d8:e5:03:e9:ad:a8:68:9e:be:
         eb:2c:79:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns5p4ecNO/94ma2IQXZFjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjUwMTAyMTU0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWRkNTAwZmJjYmY4ODE5NjZjMjg4ODg5MjA3OGQyMGViZTkxOWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulF0uIupZ4TX2pqyMGvEjAkK/v9y
Pxhok1tc3+UVnsPfElRsCIrPonMUclGmSs29R13n0swucqBjg6ignEabxG+avSov
T5riKT5ybrpRuta1jtA+Fz3Wy9JqpF0444rYoFAe2Wt7WtR53V59meeAO2CnxNVD
V2h4WK5oqNTlJ8V7j2aB6AT7Z2tp72UIbgIL8APAHWWnNqfMTecHJHCQpstSmCA7
d2g4x9ZzdSya1gmviEPaJ07s+b88vqUQm6j6u4b1LODBw5RzpXzRUBRB20ec6KEd
3SwlOoLqXdK4/4/x57r/a63d7n/v2uAh68nirLMjQ88bHAMXue1P+5KKGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7dUA+8v4gZZsKIiJIHjSDr6RnpMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvUHQxUUQ3eV9pQmxtd29pSWtnZU5JT3ZwR2VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVbLMA0G
CSqGSIb3DQEBCwUAA4IBAQC8q1nwoddjEwtBUkhGyHDoJ5ZcpuoXX8XsgpsoQ6vw
S0R+Sz7CiKH5S5Pybj3fvQIXwxQQEsDF9SDI790mNJepDclcFmvQOneb1wHSEE8a
ogDcNJXIW0FRbrUX9MW4ZxMVdCSYMsXWT7bbP0jsfJFLC3DwypH2h4nA2Z95otHn
rxgeExhQkahkwCJWM7+TkkNAGoFy5anQ35hrTSl/nnKC6ghWdCrn0jw0WJ8ENMY8
2vwxUy2EC4ezQQgQmw7B+HOP38EvCmGrjEAtVidAKozqXH630XG4ezYhnvMgO/y4
l2MhUNxdljy4uoQ4T1Y1PeUwFm3Y5QPprahonr7rLHnP
-----END CERTIFICATE-----