Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/rvglM1D2OTp8FQe06Pw08v-6aMA.roa
File:                     rvglM1D2OTp8FQe06Pw08v-6aMA.roa (raw, json)
Hash identifier:          k7myqeDi+UyhgqVPrQeAPWPAH20cvWbKWm6bY/IGRmc=
Subject key identifier:   AE:F8:25:33:50:F6:39:3A:7C:15:07:B4:E8:FC:34:F2:FF:BA:68:C0
Certificate issuer:       /CN=f030658f16d2d88d34164592fcd4de13131f1695
Certificate serial:       0194221FA62CEAE5430C80876C51AD687263
Authority key identifier: F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/rvglM1D2OTp8FQe06Pw08v-6aMA.roa
Signing time:             Wed 01 Jan 2025 13:48:07 +0000
ROA not before:           Wed 01 Jan 2025 13:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202973
IP address blocks:        45.15.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:a6:2c:ea:e5:43:0c:80:87:6c:51:ad:68:72:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f030658f16d2d88d34164592fcd4de13131f1695
        Validity
            Not Before: Jan  1 13:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aef8253350f6393a7c1507b4e8fc34f2ffba68c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c6:79:1e:67:15:d0:5f:fe:66:1f:62:6e:ca:
                    9b:1c:2f:e1:2a:5d:3f:cb:2a:7a:6a:4b:61:de:9b:
                    ee:b3:ff:e3:54:3c:bd:45:98:08:54:a9:73:de:44:
                    9b:d4:8c:99:80:22:71:f9:14:48:c0:1e:2d:0b:fa:
                    9c:21:b6:ab:0d:3a:a8:c2:7d:b0:b7:cd:68:3a:6a:
                    76:32:fb:25:37:d0:51:2c:42:c3:03:86:45:21:43:
                    2b:d9:14:52:fa:28:cb:6a:00:f0:e4:6b:61:19:dd:
                    91:21:02:7e:5d:21:19:47:4e:01:52:e5:5c:eb:e4:
                    c0:dc:f5:ef:16:fc:8c:e2:dc:52:98:a9:ef:b2:a3:
                    0a:fb:82:3f:45:08:f7:1f:84:98:e5:e2:15:8c:89:
                    d6:80:38:26:eb:2d:fc:be:e0:de:9c:50:78:2d:9a:
                    3e:7d:bd:61:06:65:40:15:6b:e2:13:f6:3d:c0:f0:
                    ac:bd:2b:48:e7:86:c3:a8:4a:fd:f1:83:70:37:1b:
                    31:ba:7b:81:f7:7a:90:fc:91:d0:6f:72:f2:cb:9d:
                    e5:a4:4c:34:59:0a:6f:d7:93:92:5b:7e:0f:8d:b8:
                    46:60:ef:60:20:57:3e:ba:f5:24:25:ed:4e:c9:a8:
                    6d:31:f8:c2:56:2c:8b:b4:63:f1:23:ed:85:97:b7:
                    23:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:F8:25:33:50:F6:39:3A:7C:15:07:B4:E8:FC:34:F2:FF:BA:68:C0
            X509v3 Authority Key Identifier:
                keyid:F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/rvglM1D2OTp8FQe06Pw08v-6aMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:a0:f8:ad:af:86:43:29:cc:5d:c0:e4:28:61:bc:ee:fe:d6:
         79:e1:82:06:b0:54:10:72:11:4d:bf:f5:3c:94:a8:dd:7a:93:
         8b:4f:46:02:11:64:77:03:a3:55:60:54:03:c0:0e:2c:dc:8a:
         64:d3:90:bb:e3:c8:fd:a0:4d:f4:1a:11:21:2c:54:84:a3:1a:
         8a:c5:bb:ae:b5:1b:27:28:d4:d9:8c:ab:cc:12:c1:53:8a:fd:
         79:ca:14:3a:64:89:40:68:a9:47:21:1a:a6:c4:7a:d4:fc:c5:
         21:3b:ff:26:42:1b:a6:a1:7a:c9:b5:03:bf:ac:e6:74:b5:60:
         25:9b:ea:72:76:23:d2:63:68:02:0f:a7:ec:c2:33:b9:48:c4:
         e2:d2:60:c9:7a:14:41:21:6c:e0:4c:f9:92:6f:b7:bb:8f:e4:
         95:78:41:d5:9b:71:44:9c:5b:ac:d0:3f:4d:b8:16:42:19:da:
         67:e6:f8:e2:8a:23:e5:78:9a:f2:d3:51:80:02:05:f2:39:bf:
         ae:6c:6c:46:6e:e4:62:21:85:84:6a:fa:17:dd:17:a6:b0:d8:
         04:e1:95:93:01:b7:29:1c:72:79:e6:14:fc:be:c3:e9:a4:4e:
         28:1b:ba:7c:db:c4:bc:87:51:87:77:14:eb:48:d2:08:d9:c8:
         ea:1f:1d:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH6Ys6uVDDICHbFGtaHJjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMzA2NThmMTZkMmQ4OGQzNDE2NDU5MmZjZDRkZTEzMTMx
ZjE2OTUwHhcNMjUwMTAxMTM0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWY4MjUzMzUwZjYzOTNhN2MxNTA3YjRlOGZjMzRmMmZmYmE2OGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMZ5HmcV0F/+Zh9ibsqbHC/hKl0/
yyp6akth3pvus//jVDy9RZgIVKlz3kSb1IyZgCJx+RRIwB4tC/qcIbarDTqown2w
t81oOmp2MvslN9BRLELDA4ZFIUMr2RRS+ijLagDw5GthGd2RIQJ+XSEZR04BUuVc
6+TA3PXvFvyM4txSmKnvsqMK+4I/RQj3H4SY5eIVjInWgDgm6y38vuDenFB4LZo+
fb1hBmVAFWviE/Y9wPCsvStI54bDqEr98YNwNxsxunuB93qQ/JHQb3Lyy53lpEw0
WQpv15OSW34PjbhGYO9gIFc+uvUkJe1OyahtMfjCViyLtGPxI+2Fl7cjowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK74JTNQ9jk6fBUHtOj8NPL/umjAMB8GA1UdIwQY
MBaAFPAwZY8W0tiNNBZFkvzU3hMTHxaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYt
ODk0ODA1Mjg5Y2MwLzEvcnZnbE0xRDJPVHA4RlFlMDZQdzA4di02YU1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYtODk0ODA1Mjg5Y2Mw
LzEvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ+dMA0G
CSqGSIb3DQEBCwUAA4IBAQAkoPitr4ZDKcxdwOQoYbzu/tZ54YIGsFQQchFNv/U8
lKjdepOLT0YCEWR3A6NVYFQDwA4s3Ipk05C748j9oE30GhEhLFSEoxqKxbuutRsn
KNTZjKvMEsFTiv15yhQ6ZIlAaKlHIRqmxHrU/MUhO/8mQhumoXrJtQO/rOZ0tWAl
m+pydiPSY2gCD6fswjO5SMTi0mDJehRBIWzgTPmSb7e7j+SVeEHVm3FEnFus0D9N
uBZCGdpn5vjiiiPleJry01GAAgXyOb+ubGxGbuRiIYWEavoX3RemsNgE4ZWTAbcp
HHJ55hT8vsPppE4oG7p828S8h1GHdxTrSNII2cjqHx1Z
-----END CERTIFICATE-----