Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/hImaNp-5NAvcl_lvcCwLFq7flXU.roa
File:                     hImaNp-5NAvcl_lvcCwLFq7flXU.roa (raw, json)
Hash identifier:          CwhaTYEajLeqcH7msKwc0XWSImSOIveLcR41V9gxc08=
Subject key identifier:   84:89:9A:36:9F:B9:34:0B:DC:97:F9:6F:70:2C:0B:16:AE:DF:95:75
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019427B397DF09634E7CF9C1DDBD4F450F82
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/hImaNp-5NAvcl_lvcCwLFq7flXU.roa
Signing time:             Thu 02 Jan 2025 15:47:48 +0000
ROA not before:           Thu 02 Jan 2025 15:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     37406
IP address blocks:        45.148.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:97:df:09:63:4e:7c:f9:c1:dd:bd:4f:45:0f:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 15:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84899a369fb9340bdc97f96f702c0b16aedf9575
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c3:39:d2:e2:5d:ca:45:84:74:8d:ad:57:bf:
                    a1:d1:38:6b:97:2b:01:64:3f:bb:64:16:da:ec:c8:
                    a4:4d:9d:b9:d4:6d:9b:d4:fa:c3:71:14:f0:9c:1c:
                    13:c4:a3:e1:33:54:a1:df:75:17:d4:21:b5:90:f6:
                    b3:d0:e8:c9:c3:d4:ee:eb:81:ac:e2:d5:d1:22:21:
                    9c:bc:49:0f:0d:8c:83:c9:cc:5a:69:ad:68:c2:2f:
                    29:fe:e2:46:80:fc:3b:ac:c2:e9:f1:27:2c:28:e1:
                    72:26:b8:0d:70:cb:b2:7c:cf:ac:a0:bc:8e:b6:04:
                    b5:80:38:b5:2b:2b:fd:35:dd:ac:6e:1a:83:b9:a3:
                    71:94:a5:c9:bc:74:ce:3f:22:99:db:33:ca:98:47:
                    0c:4b:b7:d9:b1:c7:18:c7:f3:c9:a1:05:52:ae:97:
                    f8:80:6d:00:49:92:5b:fc:8e:38:77:1f:6a:72:4b:
                    33:50:01:bd:f1:42:76:69:18:11:c0:57:b9:51:87:
                    19:99:d3:11:13:94:32:c4:d9:37:20:70:f7:be:9b:
                    c3:92:41:f0:a3:e7:2b:ad:c2:b2:95:c3:06:4b:ff:
                    c6:ae:24:07:4c:78:2a:00:65:58:fc:bb:19:c3:8d:
                    22:7a:9f:46:90:ad:1a:12:16:ab:ae:55:86:74:d0:
                    6b:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:89:9A:36:9F:B9:34:0B:DC:97:F9:6F:70:2C:0B:16:AE:DF:95:75
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/hImaNp-5NAvcl_lvcCwLFq7flXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:4d:3e:c4:1c:8f:42:b8:10:ba:85:9d:7e:62:87:34:09:05:
         aa:4b:5a:89:70:4a:e3:a5:cc:40:bd:14:35:6a:49:b0:b0:f6:
         f3:10:64:33:80:e1:7b:57:d7:de:c3:9e:31:ff:df:8e:d5:db:
         12:e0:d0:47:26:e6:63:60:70:a4:69:cb:bc:f1:d6:93:e4:81:
         af:92:13:28:5e:08:ae:9f:91:dc:44:f5:9f:40:a6:92:97:2f:
         92:7d:3a:a7:ee:4e:8e:cd:84:53:49:dc:9c:47:0e:94:12:51:
         53:22:0e:00:ed:5d:5c:ae:a6:30:23:b7:b0:c1:6a:e1:dd:7d:
         f6:d6:ac:cb:1d:e2:5d:25:69:de:af:9e:c0:f2:6b:76:74:01:
         6e:5a:75:22:ce:75:e1:64:fa:36:b9:1a:17:dc:70:c1:37:17:
         5d:4d:97:6b:d1:a5:a6:91:fe:90:c9:3f:95:61:19:1b:bb:2d:
         1a:83:d3:58:2d:e0:f5:44:b5:4b:f3:d8:95:c1:62:a5:92:00:
         57:a1:79:68:76:56:20:c3:d0:c0:84:be:a1:5c:30:7e:64:80:
         b5:11:8c:e4:97:e7:64:ab:b4:24:38:79:cf:9a:16:8b:cc:60:
         95:6d:4e:85:91:eb:b2:d4:be:bc:79:c8:92:9d:0d:39:4a:df:
         f5:a2:32:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns5ffCWNOfPnB3b1PRQ+CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjUwMTAyMTU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDg5OWEzNjlmYjkzNDBiZGM5N2Y5NmY3MDJjMGIxNmFlZGY5NTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsM50uJdykWEdI2tV7+h0ThrlysB
ZD+7ZBba7MikTZ251G2b1PrDcRTwnBwTxKPhM1Sh33UX1CG1kPaz0OjJw9Tu64Gs
4tXRIiGcvEkPDYyDycxaaa1owi8p/uJGgPw7rMLp8ScsKOFyJrgNcMuyfM+soLyO
tgS1gDi1Kyv9Nd2sbhqDuaNxlKXJvHTOPyKZ2zPKmEcMS7fZsccYx/PJoQVSrpf4
gG0ASZJb/I44dx9qckszUAG98UJ2aRgRwFe5UYcZmdMRE5QyxNk3IHD3vpvDkkHw
o+crrcKylcMGS//GriQHTHgqAGVY/LsZw40iep9GkK0aEharrlWGdNBrZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISJmjafuTQL3Jf5b3AsCxau35V1MB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvaEltYU5wLTVOQXZjbF9sdmNDd0xGcTdmbFhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZQbMA0G
CSqGSIb3DQEBCwUAA4IBAQBbTT7EHI9CuBC6hZ1+Yoc0CQWqS1qJcErjpcxAvRQ1
akmwsPbzEGQzgOF7V9few54x/9+O1dsS4NBHJuZjYHCkacu88daT5IGvkhMoXgiu
n5HcRPWfQKaSly+SfTqn7k6OzYRTSdycRw6UElFTIg4A7V1crqYwI7ewwWrh3X32
1qzLHeJdJWner57A8mt2dAFuWnUiznXhZPo2uRoX3HDBNxddTZdr0aWmkf6QyT+V
YRkbuy0ag9NYLeD1RLVL89iVwWKlkgBXoXlodlYgw9DAhL6hXDB+ZIC1EYzkl+dk
q7QkOHnPmhaLzGCVbU6Fkeuy1L68eciSnQ05St/1ojL2
-----END CERTIFICATE-----