Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/C4Wnra33s7vzTKpZqkw-dbYY55M.roa
File:                     C4Wnra33s7vzTKpZqkw-dbYY55M.roa (raw, json)
Hash identifier:          hVOornvwVn2Bg/Fh05dDWBnBXCHA01Bg7itlOVetmo0=
Subject key identifier:   0B:85:A7:AD:AD:F7:B3:BB:F3:4C:AA:59:AA:4C:3E:75:B6:18:E7:93
Certificate issuer:       /CN=3d0483538737453e2f57ffb57499c3922e83636d
Certificate serial:       01974A7FC84216B145C89B72DFD1E7B09B8D
Authority key identifier: 3D:04:83:53:87:37:45:3E:2F:57:FF:B5:74:99:C3:92:2E:83:63:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/C4Wnra33s7vzTKpZqkw-dbYY55M.roa
Signing time:             Sat 07 Jun 2025 13:06:17 +0000
ROA not before:           Sat 07 Jun 2025 13:06:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51396
IP address blocks:        45.156.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4a:7f:c8:42:16:b1:45:c8:9b:72:df:d1:e7:b0:9b:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d0483538737453e2f57ffb57499c3922e83636d
        Validity
            Not Before: Jun  7 13:06:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b85a7adadf7b3bbf34caa59aa4c3e75b618e793
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:98:c6:07:2d:87:c0:54:57:21:f0:1d:0d:20:
                    a4:80:d4:c8:f0:b7:1b:12:dc:af:54:51:cc:46:49:
                    09:e2:0d:85:f6:01:26:b6:05:d8:ff:09:89:04:5f:
                    4c:15:e9:61:da:5d:52:ee:b8:10:38:a2:fd:5a:07:
                    fd:bb:e7:3f:80:97:e7:0c:a7:06:d6:75:71:c8:08:
                    f9:7b:fb:a0:69:db:f1:47:b8:df:33:5a:48:84:e0:
                    a5:92:93:15:fa:9d:56:6c:e9:b0:93:0a:cc:a5:4d:
                    cd:fe:1e:82:54:87:53:b8:c4:23:36:c1:63:a4:e3:
                    d1:54:93:5a:e5:58:04:ed:f0:17:69:a2:81:35:37:
                    27:42:67:c5:f0:a3:8a:ec:52:5b:24:6b:d4:bf:65:
                    dd:e9:c0:0d:7e:45:4f:26:8f:a4:69:17:1b:b2:94:
                    0a:1d:a4:35:08:d6:95:6a:3a:1a:e2:e3:f8:db:c1:
                    ae:23:b8:7c:f7:96:36:b3:c9:5f:e8:f2:09:6c:03:
                    7e:96:b9:7f:62:7a:c4:a1:a3:57:d2:30:60:44:56:
                    33:ef:31:58:73:5c:2c:44:a7:97:72:31:ed:d6:48:
                    f2:b7:eb:ee:3e:17:02:9d:ac:04:d8:ce:d3:f2:92:
                    d4:88:61:47:50:31:3c:a7:e3:a4:31:f1:2b:0f:2e:
                    a8:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:85:A7:AD:AD:F7:B3:BB:F3:4C:AA:59:AA:4C:3E:75:B6:18:E7:93
            X509v3 Authority Key Identifier:
                keyid:3D:04:83:53:87:37:45:3E:2F:57:FF:B5:74:99:C3:92:2E:83:63:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/C4Wnra33s7vzTKpZqkw-dbYY55M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:87:eb:47:95:71:6f:9a:fb:64:e9:30:f4:59:25:42:3c:35:
         87:8c:a4:b9:e6:7a:bf:e7:aa:4e:25:a6:73:d4:45:40:a6:97:
         d6:56:c9:d7:2d:40:dd:03:04:a6:e3:5b:4f:ed:85:8d:f7:dd:
         8f:3d:e8:b0:19:77:b3:e1:0f:26:b9:87:0b:0d:50:63:9a:a1:
         72:04:05:70:c0:8b:09:75:f8:71:99:b0:18:cd:4a:9e:63:01:
         e3:0d:a1:40:2e:4c:02:4a:88:83:3e:b2:2a:b5:75:d5:07:18:
         5a:d4:7f:e3:a5:f5:3a:16:ce:1e:6e:68:78:69:f6:54:c7:1e:
         3f:85:e4:16:04:b8:77:ac:72:0e:d6:70:e9:5e:96:4d:74:43:
         67:9b:9e:a4:4b:7d:e9:92:7c:fa:b1:89:a7:b6:d0:a2:ae:9a:
         85:e5:1f:0b:f6:62:6e:31:8a:5b:be:e2:9f:ca:c6:02:94:ea:
         e4:c8:32:ed:b3:cf:ab:e4:a8:c1:bc:a3:82:57:16:41:ab:d0:
         31:5d:03:46:80:48:8a:00:3e:79:2b:c1:54:fe:73:00:72:17:
         1d:48:7f:8b:c9:95:a6:10:cd:40:55:c9:70:c2:08:dc:b6:da:
         42:bf:2e:1f:af:d5:d2:a5:1d:58:95:02:51:46:ec:cb:98:36:
         09:3e:cd:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdKf8hCFrFFyJty39HnsJuNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMDQ4MzUzODczNzQ1M2UyZjU3ZmZiNTc0OTljMzkyMmU4
MzYzNmQwHhcNMjUwNjA3MTMwNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjg1YTdhZGFkZjdiM2JiZjM0Y2FhNTlhYTRjM2U3NWI2MThlNzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5jGBy2HwFRXIfAdDSCkgNTI8Lcb
EtyvVFHMRkkJ4g2F9gEmtgXY/wmJBF9MFelh2l1S7rgQOKL9Wgf9u+c/gJfnDKcG
1nVxyAj5e/ugadvxR7jfM1pIhOClkpMV+p1WbOmwkwrMpU3N/h6CVIdTuMQjNsFj
pOPRVJNa5VgE7fAXaaKBNTcnQmfF8KOK7FJbJGvUv2Xd6cANfkVPJo+kaRcbspQK
HaQ1CNaVajoa4uP428GuI7h895Y2s8lf6PIJbAN+lrl/YnrEoaNX0jBgRFYz7zFY
c1wsRKeXcjHt1kjyt+vuPhcCnawE2M7T8pLUiGFHUDE8p+OkMfErDy6oRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAuFp62t97O780yqWapMPnW2GOeTMB8GA1UdIwQY
MBaAFD0Eg1OHN0U+L1f/tXSZw5Iug2NtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFFTRFU0YzNSVDR2Vl8tMWRKbkRraTZEWTIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9lMTA2YzMtMGIxZi00MDEwLTg2ZjEt
NjVhNDZjOGU0MWU5LzEvQzRXbnJhMzNzN3Z6VEtwWnFrdy1kYllZNTVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9lMTA2YzMtMGIxZi00MDEwLTg2ZjEtNjVhNDZjOGU0MWU5
LzEvUFFTRFU0YzNSVDR2Vl8tMWRKbkRraTZEWTIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZxXMA0G
CSqGSIb3DQEBCwUAA4IBAQA8h+tHlXFvmvtk6TD0WSVCPDWHjKS55nq/56pOJaZz
1EVAppfWVsnXLUDdAwSm41tP7YWN992PPeiwGXez4Q8muYcLDVBjmqFyBAVwwIsJ
dfhxmbAYzUqeYwHjDaFALkwCSoiDPrIqtXXVBxha1H/jpfU6Fs4ebmh4afZUxx4/
heQWBLh3rHIO1nDpXpZNdENnm56kS33pknz6sYmnttCirpqF5R8L9mJuMYpbvuKf
ysYClOrkyDLts8+r5KjBvKOCVxZBq9AxXQNGgEiKAD55K8FU/nMAchcdSH+LyZWm
EM1AVclwwgjcttpCvy4fr9XSpR1YlQJRRuzLmDYJPs1c
-----END CERTIFICATE-----