Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/kBsGsKPDw5KOW7ekZNCFpFwFVYw.roa
File:                     kBsGsKPDw5KOW7ekZNCFpFwFVYw.roa (raw, json)
Hash identifier:          /R0T/0RMAuzqIkqwYYYz/q3ulggvCfwcd6sMsiuxOI0=
Subject key identifier:   90:1B:06:B0:A3:C3:C3:92:8E:5B:B7:A4:64:D0:85:A4:5C:05:55:8C
Certificate issuer:       /CN=0b5f8c9447d614b86182763d9333250e2d9412e2
Certificate serial:       0195C3BCD8FE10F278304FE2B93C9DF4AF0D
Authority key identifier: 0B:5F:8C:94:47:D6:14:B8:61:82:76:3D:93:33:25:0E:2D:94:12:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/kBsGsKPDw5KOW7ekZNCFpFwFVYw.roa
Signing time:             Sun 23 Mar 2025 16:01:28 +0000
ROA not before:           Sun 23 Mar 2025 16:01:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25160
IP address blocks:        45.149.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 01:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c3:bc:d8:fe:10:f2:78:30:4f:e2:b9:3c:9d:f4:af:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b5f8c9447d614b86182763d9333250e2d9412e2
        Validity
            Not Before: Mar 23 16:01:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=901b06b0a3c3c3928e5bb7a464d085a45c05558c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:8e:e6:88:e7:9d:f2:ce:f5:69:53:6b:a4:db:
                    bb:7e:a3:c1:4c:56:e8:bb:cb:a5:a3:99:7b:5c:4b:
                    01:68:c2:64:0f:07:e9:54:9a:f4:e3:1d:c3:c5:aa:
                    e6:11:27:45:b2:d9:ac:a5:ec:31:44:1e:a7:d4:09:
                    36:39:55:51:c4:7d:7c:58:f3:fa:d9:06:43:ef:e6:
                    67:a3:c4:1f:dc:eb:13:b0:ab:0b:8f:22:a1:f4:b9:
                    c0:df:68:ff:e3:20:c0:88:cf:bb:80:21:7a:ac:aa:
                    d3:1a:fd:47:65:5e:b9:a7:0a:0b:16:91:f8:a9:7b:
                    b4:15:ff:6c:e0:f7:71:4e:1b:f4:70:9d:2b:a4:8e:
                    9e:de:db:4a:6d:f6:9a:fb:9d:48:ca:63:a9:d3:09:
                    e7:6c:5c:b7:ae:86:95:a5:89:7a:89:a7:56:81:20:
                    f6:db:14:d3:ce:84:1a:70:ad:f3:b1:30:46:7b:80:
                    02:2d:0b:5d:af:fa:46:ee:6c:d7:ac:40:7f:7f:34:
                    0a:8d:47:ed:bd:3f:79:66:96:fb:3c:ad:a6:9d:2f:
                    59:49:00:99:14:c2:6e:ac:8d:e4:9c:00:c2:18:3c:
                    d2:44:f6:a7:e7:68:73:ff:11:c7:3d:32:45:0a:4f:
                    56:5d:a8:90:52:10:39:1a:09:b6:4d:aa:67:ca:9a:
                    7a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:1B:06:B0:A3:C3:C3:92:8E:5B:B7:A4:64:D0:85:A4:5C:05:55:8C
            X509v3 Authority Key Identifier:
                keyid:0B:5F:8C:94:47:D6:14:B8:61:82:76:3D:93:33:25:0E:2D:94:12:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/kBsGsKPDw5KOW7ekZNCFpFwFVYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:ec:c0:47:6e:d8:e6:42:11:e5:35:34:af:86:03:78:64:49:
         34:0d:cc:fc:0f:93:8f:b8:82:29:55:ba:df:a3:0c:82:1c:56:
         64:6a:c2:60:cd:bb:77:fb:a4:82:43:70:c5:02:a7:25:a6:ab:
         71:91:49:c5:0a:7d:c6:4d:bd:14:ee:7f:07:ea:3e:32:69:a7:
         70:22:64:55:f9:9b:26:c1:a8:ec:72:c6:05:3e:c3:91:a8:46:
         d3:91:fa:8c:ff:2c:44:d2:c0:12:15:4d:9b:6c:fd:44:19:f0:
         00:17:a2:a9:8e:62:0a:f7:11:67:57:51:e3:01:85:00:59:c4:
         33:af:35:e0:d7:25:13:51:32:26:31:3b:f1:86:c4:d2:77:12:
         ea:96:6b:58:01:b4:54:4e:ac:52:ae:37:45:ce:13:24:5d:e8:
         c2:66:32:9e:5b:6f:a2:09:ad:a2:47:b4:bf:fd:db:65:ce:f3:
         76:9c:4d:02:ca:0b:48:32:18:34:25:3c:23:29:73:60:ef:0a:
         52:a6:e2:68:71:dd:38:eb:df:73:35:a5:83:1c:9f:75:92:35:
         30:ee:43:31:28:4e:fe:fe:71:0e:26:00:c9:52:19:32:1f:d0:
         8b:47:f2:4b:ad:4b:0f:cf:a3:a4:70:e5:50:01:f0:23:9b:55:
         24:b2:98:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXDvNj+EPJ4ME/iuTyd9K8NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNWY4Yzk0NDdkNjE0Yjg2MTgyNzYzZDkzMzMyNTBlMmQ5
NDEyZTIwHhcNMjUwMzIzMTYwMTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDFiMDZiMGEzYzNjMzkyOGU1YmI3YTQ2NGQwODVhNDVjMDU1NThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2o7miOed8s71aVNrpNu7fqPBTFbo
u8ulo5l7XEsBaMJkDwfpVJr04x3DxarmESdFstmspewxRB6n1Ak2OVVRxH18WPP6
2QZD7+Zno8Qf3OsTsKsLjyKh9LnA32j/4yDAiM+7gCF6rKrTGv1HZV65pwoLFpH4
qXu0Ff9s4PdxThv0cJ0rpI6e3ttKbfaa+51IymOp0wnnbFy3roaVpYl6iadWgSD2
2xTTzoQacK3zsTBGe4ACLQtdr/pG7mzXrEB/fzQKjUftvT95Zpb7PK2mnS9ZSQCZ
FMJurI3knADCGDzSRPan52hz/xHHPTJFCk9WXaiQUhA5Ggm2Tapnypp6ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAbBrCjw8OSjlu3pGTQhaRcBVWMMB8GA1UdIwQY
MBaAFAtfjJRH1hS4YYJ2PZMzJQ4tlBLiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzEtTWxFZldGTGhoZ25ZOWt6TWxEaTJVRXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mN2Y2YzAtMDlkMC00OTJjLTkyZTYt
OGE5NWU2Mzc3MzMyLzEva0JzR3NLUER3NUtPVzdla1pOQ0ZwRndGVll3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mN2Y2YzAtMDlkMC00OTJjLTkyZTYtOGE5NWU2Mzc3MzMy
LzEvQzEtTWxFZldGTGhoZ25ZOWt6TWxEaTJVRXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZWYMA0G
CSqGSIb3DQEBCwUAA4IBAQAl7MBHbtjmQhHlNTSvhgN4ZEk0Dcz8D5OPuIIpVbrf
owyCHFZkasJgzbt3+6SCQ3DFAqclpqtxkUnFCn3GTb0U7n8H6j4yaadwImRV+Zsm
wajscsYFPsORqEbTkfqM/yxE0sASFU2bbP1EGfAAF6KpjmIK9xFnV1HjAYUAWcQz
rzXg1yUTUTImMTvxhsTSdxLqlmtYAbRUTqxSrjdFzhMkXejCZjKeW2+iCa2iR7S/
/dtlzvN2nE0CygtIMhg0JTwjKXNg7wpSpuJocd04699zNaWDHJ91kjUw7kMxKE7+
/nEOJgDJUhkyH9CLR/JLrUsPz6OkcOVQAfAjm1UkspiD
-----END CERTIFICATE-----