Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/K-bptzEyfSxe5brLutYZPui7KJo.roa
File:                     K-bptzEyfSxe5brLutYZPui7KJo.roa (raw, json)
Hash identifier:          RaMo3W1jAz/KokfzelPm6eQVRrUb/HW8AUWUJAZdGqY=
Subject key identifier:   2B:E6:E9:B7:31:32:7D:2C:5E:E5:BA:CB:BA:D6:19:3E:E8:BB:28:9A
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       01948E29B89B6D6ECB2989258CFC87B7949A
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/K-bptzEyfSxe5brLutYZPui7KJo.roa
Signing time:             Wed 22 Jan 2025 13:18:06 +0000
ROA not before:           Wed 22 Jan 2025 13:18:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152700
IP address blocks:        45.157.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:8e:29:b8:9b:6d:6e:cb:29:89:25:8c:fc:87:b7:94:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Jan 22 13:18:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2be6e9b731327d2c5ee5bacbbad6193ee8bb289a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ce:04:f6:85:9a:67:78:73:b9:1c:b1:ef:b7:
                    eb:01:cb:31:10:e6:54:40:15:9c:46:55:e3:8c:72:
                    38:0a:a2:bd:58:ed:13:95:28:32:02:bf:ec:b8:a2:
                    39:b1:57:79:43:55:64:7c:7d:91:9b:fc:ef:6b:70:
                    7f:51:20:96:c7:b6:c1:9f:1f:21:a3:6d:bf:f3:41:
                    00:9c:b0:5f:7e:7f:b0:06:8e:d5:c2:f3:04:c9:66:
                    51:b1:02:e4:f3:ed:b8:cc:d9:02:65:b9:88:1d:58:
                    fe:af:c7:8e:e8:4b:e6:ac:f9:41:f2:03:10:89:3a:
                    e4:34:69:38:fd:3c:ef:03:21:30:dc:b5:64:e2:36:
                    51:76:fc:94:22:51:f6:c2:30:21:a6:10:e1:a7:a9:
                    79:44:9e:c1:1e:75:fa:e1:52:f4:73:d2:95:85:7b:
                    9e:1c:39:f5:f9:e2:89:05:2e:2d:85:ce:80:a7:7d:
                    3a:80:d3:c2:1b:75:ab:9a:59:b4:b6:52:1a:f5:50:
                    45:e2:e9:40:96:99:d0:e3:ac:d1:fd:bf:6c:94:66:
                    35:04:51:0a:bb:97:e1:6d:e2:36:f1:3d:92:38:80:
                    94:15:29:ed:89:7d:8b:10:3a:a0:3e:52:51:04:f8:
                    81:df:a5:1d:19:9d:8d:83:4c:4c:2f:61:66:0a:18:
                    58:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:E6:E9:B7:31:32:7D:2C:5E:E5:BA:CB:BA:D6:19:3E:E8:BB:28:9A
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/K-bptzEyfSxe5brLutYZPui7KJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:7b:64:05:52:06:15:db:21:cd:6a:80:ad:5c:ed:9b:59:f9:
         12:9a:c5:a2:5b:db:14:38:00:25:e8:93:e2:6b:85:9e:51:c4:
         24:90:de:10:f9:56:63:af:b4:4b:c6:72:20:d7:6a:46:e4:09:
         13:d9:45:d4:16:82:87:55:f6:7b:75:30:96:a9:f2:57:f8:6f:
         3f:ff:98:96:ee:bf:ed:44:06:57:2a:1b:c7:ed:7e:3a:4e:56:
         1d:42:d2:57:eb:00:ed:96:f0:19:07:03:94:5e:63:97:ad:24:
         11:f7:16:cd:1a:bd:1a:91:b7:b8:71:9e:04:cc:31:65:27:c6:
         66:fc:db:86:fe:e3:a6:9f:e7:1f:f7:7c:1c:99:3f:fa:b9:dc:
         96:58:c4:3b:7d:7f:3a:16:38:bc:34:17:c9:e7:7f:9e:0d:5a:
         d5:94:ca:76:b9:e5:99:fb:54:79:4e:e2:b6:0d:37:40:3e:99:
         b2:af:75:c7:7a:65:5a:77:07:79:91:3e:9a:d7:ec:13:38:e8:
         aa:4a:78:0e:97:00:04:bd:22:1c:62:11:a1:f0:3b:cd:7b:21:
         2f:78:76:fc:f1:9a:23:f6:5e:5f:38:95:5e:61:bc:e4:79:fa:
         6d:34:e0:cb:e3:4e:d2:72:c4:68:b9:36:7b:ec:b6:63:49:71:
         3b:5b:62:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSOKbibbW7LKYkljPyHt5SaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjUwMTIyMTMxODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmU2ZTliNzMxMzI3ZDJjNWVlNWJhY2JiYWQ2MTkzZWU4YmIyODlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1c4E9oWaZ3hzuRyx77frAcsxEOZU
QBWcRlXjjHI4CqK9WO0TlSgyAr/suKI5sVd5Q1VkfH2Rm/zva3B/USCWx7bBnx8h
o22/80EAnLBffn+wBo7VwvMEyWZRsQLk8+24zNkCZbmIHVj+r8eO6EvmrPlB8gMQ
iTrkNGk4/TzvAyEw3LVk4jZRdvyUIlH2wjAhphDhp6l5RJ7BHnX64VL0c9KVhXue
HDn1+eKJBS4thc6Ap306gNPCG3Wrmlm0tlIa9VBF4ulAlpnQ46zR/b9slGY1BFEK
u5fhbeI28T2SOICUFSntiX2LEDqgPlJRBPiB36UdGZ2Ng0xML2FmChhYiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCvm6bcxMn0sXuW6y7rWGT7ouyiaMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvSy1icHR6RXlmU3hlNWJyTHV0WVpQdWk3S0pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ2JMA0G
CSqGSIb3DQEBCwUAA4IBAQBYe2QFUgYV2yHNaoCtXO2bWfkSmsWiW9sUOAAl6JPi
a4WeUcQkkN4Q+VZjr7RLxnIg12pG5AkT2UXUFoKHVfZ7dTCWqfJX+G8//5iW7r/t
RAZXKhvH7X46TlYdQtJX6wDtlvAZBwOUXmOXrSQR9xbNGr0akbe4cZ4EzDFlJ8Zm
/NuG/uOmn+cf93wcmT/6udyWWMQ7fX86Fji8NBfJ53+eDVrVlMp2ueWZ+1R5TuK2
DTdAPpmyr3XHemVadwd5kT6a1+wTOOiqSngOlwAEvSIcYhGh8DvNeyEveHb88Zoj
9l5fOJVeYbzkefptNODL407ScsRouTZ77LZjSXE7W2KW
-----END CERTIFICATE-----