Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/B7kkBiV21842X9l7dcEqEfT9Zhw.roa
File:                     B7kkBiV21842X9l7dcEqEfT9Zhw.roa (raw, json)
Hash identifier:          eQpICIgwqm0QLmyTmdzGlrlE/hIWTLpGGaUuy7LQL4c=
Subject key identifier:   07:B9:24:06:25:76:D7:CE:36:5F:D9:7B:75:C1:2A:11:F4:FD:66:1C
Certificate issuer:       /CN=ba4d0e69ab769f65bb2b155bdfa83a7186eeac44
Certificate serial:       0194228E373D8603706E9374C030058D7DC5
Authority key identifier: BA:4D:0E:69:AB:76:9F:65:BB:2B:15:5B:DF:A8:3A:71:86:EE:AC:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/B7kkBiV21842X9l7dcEqEfT9Zhw.roa
Signing time:             Wed 01 Jan 2025 15:48:53 +0000
ROA not before:           Wed 01 Jan 2025 15:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        45.143.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 07:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:37:3d:86:03:70:6e:93:74:c0:30:05:8d:7d:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba4d0e69ab769f65bb2b155bdfa83a7186eeac44
        Validity
            Not Before: Jan  1 15:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07b924062576d7ce365fd97b75c12a11f4fd661c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3d:b6:3e:1a:96:9c:de:74:39:cd:1d:cf:4c:
                    97:68:cc:84:e2:80:0e:04:34:e3:85:db:6b:0f:f0:
                    7d:29:6c:d1:02:49:58:83:b2:d4:cf:f8:38:24:12:
                    45:9c:6b:d2:90:98:8d:98:1a:ef:31:e0:42:9a:7d:
                    dd:a8:3c:9d:64:dc:42:90:f1:7c:46:86:0b:23:ad:
                    79:6f:94:25:ac:69:b8:b8:d7:db:51:44:59:53:e0:
                    0c:f5:8d:ee:75:24:0b:2d:52:e8:5d:a2:48:c8:c3:
                    2e:b9:08:d1:fe:e9:24:ed:c3:5f:6a:ff:42:16:63:
                    12:ce:c5:62:3c:4a:f6:f5:a4:ff:da:a4:af:d0:2a:
                    b3:20:01:68:4d:eb:d8:d5:f3:fb:66:cd:e0:f7:7d:
                    03:45:6a:09:19:c5:a6:21:f7:e2:fb:0f:7b:ab:b9:
                    f8:df:01:90:75:0e:6d:bf:90:92:7a:0a:7e:41:da:
                    f9:da:7d:33:92:17:b4:59:ed:45:be:01:a6:ed:a1:
                    0b:e7:ea:4c:42:a8:f6:58:92:56:53:64:0a:a7:97:
                    c2:10:5e:38:f8:fe:7d:b1:b2:db:74:84:71:59:62:
                    f7:2c:de:42:6f:05:25:3c:57:cd:b5:23:38:db:b4:
                    50:3f:49:b3:67:f8:46:00:d8:39:07:60:9f:aa:32:
                    d9:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:B9:24:06:25:76:D7:CE:36:5F:D9:7B:75:C1:2A:11:F4:FD:66:1C
            X509v3 Authority Key Identifier:
                keyid:BA:4D:0E:69:AB:76:9F:65:BB:2B:15:5B:DF:A8:3A:71:86:EE:AC:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/B7kkBiV21842X9l7dcEqEfT9Zhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:51:81:78:b7:6d:d1:7f:ae:76:2d:9b:17:01:74:13:e4:37:
         46:77:73:95:c3:97:0c:90:b3:76:5f:e3:26:4b:16:da:0d:5a:
         e4:d5:8c:2e:4d:43:6c:c9:9b:39:51:39:c8:d8:ce:98:19:92:
         a5:c0:51:c5:9c:16:f6:62:ab:ed:b9:01:3f:39:ff:b7:e9:ce:
         79:18:19:35:36:af:b0:7b:fc:fb:6c:0f:7b:6b:7a:c1:d9:6e:
         96:9b:75:81:b4:fe:be:dd:7d:ae:d3:e4:50:4d:8c:7e:5f:dc:
         16:36:24:a6:99:f0:4a:67:6d:3a:34:63:52:9c:0f:98:0b:8f:
         88:36:24:6c:f5:51:e1:db:7a:3d:c8:a5:af:8e:6a:f4:aa:a1:
         5a:9b:dd:f5:50:56:fd:e3:70:61:94:57:a3:56:24:aa:f4:a3:
         22:25:b4:e0:f1:2c:d4:45:f6:6c:de:5d:7e:9e:a0:b9:90:41:
         b1:1e:f0:57:c2:4f:d9:70:5a:38:0c:1e:54:af:7e:96:13:c3:
         4a:62:a5:f9:48:c8:1a:b3:54:b6:5a:44:24:ca:60:3a:a2:77:
         49:32:36:dc:2d:2a:5d:86:e5:90:af:15:1e:3b:cc:ac:ab:65:
         3e:4e:2f:b9:13:56:f1:6f:69:2b:e0:2b:a1:b9:8b:42:0e:aa:
         ab:19:85:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijjc9hgNwbpN0wDAFjX3FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNGQwZTY5YWI3NjlmNjViYjJiMTU1YmRmYTgzYTcxODZl
ZWFjNDQwHhcNMjUwMTAxMTU0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2I5MjQwNjI1NzZkN2NlMzY1ZmQ5N2I3NWMxMmExMWY0ZmQ2NjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwT22PhqWnN50Oc0dz0yXaMyE4oAO
BDTjhdtrD/B9KWzRAklYg7LUz/g4JBJFnGvSkJiNmBrvMeBCmn3dqDydZNxCkPF8
RoYLI615b5QlrGm4uNfbUURZU+AM9Y3udSQLLVLoXaJIyMMuuQjR/ukk7cNfav9C
FmMSzsViPEr29aT/2qSv0CqzIAFoTevY1fP7Zs3g930DRWoJGcWmIffi+w97q7n4
3wGQdQ5tv5CSegp+Qdr52n0zkhe0We1FvgGm7aEL5+pMQqj2WJJWU2QKp5fCEF44
+P59sbLbdIRxWWL3LN5CbwUlPFfNtSM427RQP0mzZ/hGANg5B2CfqjLZmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAe5JAYldtfONl/Ze3XBKhH0/WYcMB8GA1UdIwQY
MBaAFLpNDmmrdp9luysVW9+oOnGG7qxEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWswT2FhdDJuMlc3S3hWYjM2ZzZjWWJ1ckVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC8zZDZkNmMtZjU4ZC00MmU2LWI2ODgt
OGVmZjNmZDNjNDhhLzEvQjdra0JpVjIxODQyWDlsN2RjRXFFZlQ5Wmh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC8zZDZkNmMtZjU4ZC00MmU2LWI2ODgtOGVmZjNmZDNjNDhh
LzEvdWswT2FhdDJuMlc3S3hWYjM2ZzZjWWJ1ckVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY+iMA0G
CSqGSIb3DQEBCwUAA4IBAQCgUYF4t23Rf652LZsXAXQT5DdGd3OVw5cMkLN2X+Mm
SxbaDVrk1YwuTUNsyZs5UTnI2M6YGZKlwFHFnBb2YqvtuQE/Of+36c55GBk1Nq+w
e/z7bA97a3rB2W6Wm3WBtP6+3X2u0+RQTYx+X9wWNiSmmfBKZ206NGNSnA+YC4+I
NiRs9VHh23o9yKWvjmr0qqFam931UFb943BhlFejViSq9KMiJbTg8SzURfZs3l1+
nqC5kEGxHvBXwk/ZcFo4DB5Ur36WE8NKYqX5SMgas1S2WkQkymA6ondJMjbcLSpd
huWQrxUeO8ysq2U+Ti+5E1bxb2kr4CuhuYtCDqqrGYUb
-----END CERTIFICATE-----