Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/V9sS3pqOcjzXFdDtr6kIKPTD-sk.roa
File:                     V9sS3pqOcjzXFdDtr6kIKPTD-sk.roa (raw, json)
Hash identifier:          9/HHrDZtJ7hP25ftWEfw3G92Wh/c7nhfeYwr2SxY+vI=
Subject key identifier:   57:DB:12:DE:9A:8E:72:3C:D7:15:D0:ED:AF:A9:08:28:F4:C3:FA:C9
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019427B39A4AF628C4455DF4F7CC3B4E876F
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/V9sS3pqOcjzXFdDtr6kIKPTD-sk.roa
Signing time:             Thu 02 Jan 2025 15:47:49 +0000
ROA not before:           Thu 02 Jan 2025 15:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42708
IP address blocks:        45.91.21.0/24 maxlen: 24
                          45.92.228.0/24 maxlen: 24
                          45.150.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:9a:4a:f6:28:c4:45:5d:f4:f7:cc:3b:4e:87:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 15:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57db12de9a8e723cd715d0edafa90828f4c3fac9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:a3:ce:dd:7e:9f:60:1b:47:77:b4:d0:ea:f2:
                    a5:0b:67:f4:68:7c:c6:7b:cd:24:88:05:cb:4c:9e:
                    42:68:7d:53:59:73:6e:1c:f4:ee:87:b7:73:a0:85:
                    00:a4:06:1e:31:a8:d7:c9:20:b4:f1:91:77:08:9f:
                    67:14:5f:04:e0:33:d5:58:49:e9:8d:ee:b4:f8:7e:
                    48:1d:27:ba:3f:23:38:39:37:86:aa:ed:0e:ae:99:
                    00:5e:0a:fe:24:b8:84:09:11:66:fa:30:0a:30:20:
                    8e:f0:31:97:fa:4a:ea:b6:75:76:bb:fc:84:cf:41:
                    c6:99:99:fe:03:d4:bb:da:fa:e4:ba:11:e1:aa:72:
                    93:4c:15:f1:95:50:d7:8f:53:56:b8:09:7d:74:2e:
                    e3:13:0d:88:9e:ad:70:4c:bc:cc:c3:49:8a:82:78:
                    f9:e4:13:51:e5:e5:2d:01:72:66:9a:60:d4:79:00:
                    5e:1d:26:3d:5d:1f:c7:87:b9:5c:ce:1d:f7:a0:92:
                    42:b3:ce:95:bb:26:a4:19:04:8b:53:64:8a:e3:65:
                    7b:cf:b7:eb:0e:79:ff:9d:e1:42:09:d6:f1:c6:99:
                    18:7b:ec:41:a5:de:b3:0f:3d:76:41:2a:1d:01:72:
                    21:93:d9:b9:57:2d:07:b7:bd:a1:65:a0:64:91:4d:
                    3a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:DB:12:DE:9A:8E:72:3C:D7:15:D0:ED:AF:A9:08:28:F4:C3:FA:C9
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/V9sS3pqOcjzXFdDtr6kIKPTD-sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.21.0/24
                  45.92.228.0/24
                  45.150.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:a2:de:d5:80:03:94:24:e6:3c:d2:3d:14:13:9d:b3:98:92:
         1c:1a:28:81:27:4d:70:9c:f4:f2:6f:c9:b0:74:58:0c:03:6b:
         f7:1a:ec:79:95:23:be:c1:37:b0:13:74:c1:37:27:8e:00:dd:
         ae:85:d9:c2:10:6b:e6:a6:84:ec:83:bf:d8:af:fe:76:79:ff:
         91:8d:42:4c:0d:de:ae:5e:51:79:80:1c:65:55:19:ab:d2:ed:
         49:6c:d4:74:cb:04:99:e5:be:79:b4:ba:58:2e:c0:3d:c2:94:
         a3:f3:cd:7a:42:9c:da:d7:a5:d3:5e:38:2f:af:60:0b:38:37:
         70:5f:dd:8e:b7:36:34:86:0f:01:42:1e:c3:80:30:00:be:dd:
         b1:13:51:b4:de:ba:eb:5e:24:f8:18:04:7e:81:2c:bd:3c:45:
         71:51:6f:cb:48:79:10:1f:c7:e2:49:ad:02:41:d3:3e:80:44:
         4b:fc:b5:69:f6:fa:b0:f3:06:c4:89:57:2b:9c:9e:6e:9a:a3:
         da:c6:0c:41:46:db:37:3d:7b:5e:3e:b6:c8:0a:2f:9f:3e:a2:
         fb:06:a3:5d:0c:58:38:d8:4e:e0:7e:a8:b6:3a:29:21:5d:ca:
         af:c0:70:0f:24:ee:28:62:e3:4f:cf:97:28:cd:7c:c1:bb:a0:
         11:24:90:05
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQns5pK9ijERV3098w7TodvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjUwMTAyMTU0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2RiMTJkZTlhOGU3MjNjZDcxNWQwZWRhZmE5MDgyOGY0YzNmYWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4aPO3X6fYBtHd7TQ6vKlC2f0aHzG
e80kiAXLTJ5CaH1TWXNuHPTuh7dzoIUApAYeMajXySC08ZF3CJ9nFF8E4DPVWEnp
je60+H5IHSe6PyM4OTeGqu0OrpkAXgr+JLiECRFm+jAKMCCO8DGX+krqtnV2u/yE
z0HGmZn+A9S72vrkuhHhqnKTTBXxlVDXj1NWuAl9dC7jEw2Inq1wTLzMw0mKgnj5
5BNR5eUtAXJmmmDUeQBeHSY9XR/Hh7lczh33oJJCs86VuyakGQSLU2SK42V7z7fr
Dnn/neFCCdbxxpkYe+xBpd6zDz12QSodAXIhk9m5Vy0Ht72hZaBkkU060QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFfbEt6ajnI81xXQ7a+pCCj0w/rJMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvVjlzUzNwcU9janpYRmREdHI2a0lLUFRELXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVsVAwQA
LVzkAwQALZZdMA0GCSqGSIb3DQEBCwUAA4IBAQAgot7VgAOUJOY80j0UE52zmJIc
GiiBJ01wnPTyb8mwdFgMA2v3Gux5lSO+wTewE3TBNyeOAN2uhdnCEGvmpoTsg7/Y
r/52ef+RjUJMDd6uXlF5gBxlVRmr0u1JbNR0ywSZ5b55tLpYLsA9wpSj8816Qpza
16XTXjgvr2ALODdwX92OtzY0hg8BQh7DgDAAvt2xE1G03rrrXiT4GAR+gSy9PEVx
UW/LSHkQH8fiSa0CQdM+gERL/LVp9vqw8wbEiVcrnJ5umqPaxgxBRts3PXtePrbI
Ci+fPqL7BqNdDFg42E7gfqi2OikhXcqvwHAPJO4oYuNPz5cozXzBu6ARJJAF
-----END CERTIFICATE-----