Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/zg3nFQ0Sg8cWpJOYqLKRP35LJU8.roa
File:                     zg3nFQ0Sg8cWpJOYqLKRP35LJU8.roa (raw, json)
Hash identifier:          2J2iLBS4crA0QUVX97KQglPfQbj/gfi5p+BnPc66cJw=
Subject key identifier:   CE:0D:E7:15:0D:12:83:C7:16:A4:93:98:A8:B2:91:3F:7E:4B:25:4F
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       0196C5F0BCBA7CA2C49F6BE6FA340E6FBE84
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/zg3nFQ0Sg8cWpJOYqLKRP35LJU8.roa
Signing time:             Mon 12 May 2025 19:20:10 +0000
ROA not before:           Mon 12 May 2025 19:20:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32043
IP address blocks:        45.157.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c5:f0:bc:ba:7c:a2:c4:9f:6b:e6:fa:34:0e:6f:be:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: May 12 19:20:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce0de7150d1283c716a49398a8b2913f7e4b254f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d3:aa:66:a5:57:10:53:19:4f:77:48:d9:8a:
                    a7:a0:97:bc:cb:ee:b2:b1:89:d7:53:10:84:00:7b:
                    84:f2:98:88:b8:0b:10:7c:ad:43:d9:c0:9e:c6:aa:
                    32:d5:90:b2:79:d0:35:14:96:1f:cf:9c:da:97:24:
                    2c:b0:ea:fc:9c:4b:51:a0:d3:02:d0:95:e5:fb:79:
                    34:4a:31:6d:cc:40:c4:dd:94:eb:60:95:9b:62:7e:
                    22:2c:1a:1a:f4:ab:29:04:24:6a:d9:32:35:aa:4a:
                    d1:df:1f:60:ba:e8:d7:95:b5:a5:11:47:37:e5:6c:
                    b6:1f:73:d8:0a:5e:cb:06:89:47:72:4b:fc:99:48:
                    da:be:5a:fa:ac:2c:19:69:08:09:04:6f:3d:d8:1d:
                    6f:7d:c6:9d:ab:db:34:dc:71:99:bf:eb:47:45:fd:
                    8c:dc:e5:6a:12:6c:c7:8d:fb:b3:c1:dd:f7:ec:0b:
                    aa:c8:b2:a2:19:1b:2e:5a:5c:1f:3f:5c:a1:e2:0f:
                    c3:88:6f:cc:2f:4f:58:67:f0:2a:b7:9a:25:ad:06:
                    e1:6f:06:42:41:8d:cb:33:37:b9:2c:6f:55:0d:4d:
                    93:c7:36:5c:72:50:9c:86:40:af:ac:bd:58:be:a1:
                    d2:e6:0e:7e:09:ea:1f:c4:00:c2:b6:99:a6:6b:a0:
                    03:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:0D:E7:15:0D:12:83:C7:16:A4:93:98:A8:B2:91:3F:7E:4B:25:4F
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/zg3nFQ0Sg8cWpJOYqLKRP35LJU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:80:b9:c0:08:58:58:1c:16:fa:89:25:c1:cd:be:cc:48:c3:
         e0:39:60:56:58:2b:9d:ab:ab:82:c1:46:c2:15:92:1f:f2:8f:
         57:c4:1c:2c:79:7c:91:69:bc:b4:2e:82:08:01:f3:b1:03:59:
         0e:71:3e:d0:ae:d2:07:bc:99:8c:0a:f9:f1:82:dd:11:b1:df:
         ef:84:a4:17:c6:c1:b7:1a:a9:20:85:47:11:a3:2e:d1:66:bb:
         d7:aa:90:c0:90:d7:3f:90:75:ac:c0:01:31:5a:cc:32:0b:34:
         59:20:13:94:e6:e9:e1:5f:99:97:1e:98:bc:38:44:91:90:fb:
         e1:68:a9:d1:9e:04:9e:3f:c3:02:50:0a:1f:03:ef:92:00:0e:
         53:36:08:fa:04:c1:ee:aa:b7:7a:73:38:79:ef:c8:7f:e2:e3:
         ef:96:23:41:d3:0a:b6:86:d5:ec:29:ca:14:7a:ef:c1:3d:46:
         f6:56:ff:29:e9:ca:3d:e4:31:33:ec:af:e5:ef:0c:ae:bb:12:
         0b:96:5d:24:df:90:ba:1f:70:6c:e5:7b:3e:82:17:2a:81:f7:
         66:09:8c:aa:c1:97:41:bd:6c:8a:34:62:57:5e:8b:97:47:75:
         7f:b0:11:e2:40:75:4d:7d:d3:d2:08:90:c3:2b:3f:9e:79:e1:
         bd:13:e6:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbF8Ly6fKLEn2vm+jQOb76EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjUwNTEyMTkyMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTBkZTcxNTBkMTI4M2M3MTZhNDkzOThhOGIyOTEzZjdlNGIyNTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNOqZqVXEFMZT3dI2YqnoJe8y+6y
sYnXUxCEAHuE8piIuAsQfK1D2cCexqoy1ZCyedA1FJYfz5zalyQssOr8nEtRoNMC
0JXl+3k0SjFtzEDE3ZTrYJWbYn4iLBoa9KspBCRq2TI1qkrR3x9guujXlbWlEUc3
5Wy2H3PYCl7LBolHckv8mUjavlr6rCwZaQgJBG892B1vfcadq9s03HGZv+tHRf2M
3OVqEmzHjfuzwd337AuqyLKiGRsuWlwfP1yh4g/DiG/ML09YZ/Aqt5olrQbhbwZC
QY3LMze5LG9VDU2TxzZcclCchkCvrL1YvqHS5g5+CeofxADCtpmma6ADUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4N5xUNEoPHFqSTmKiykT9+SyVPMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvemczbkZRMFNnOGNXcEpPWXFMS1JQMzVMSlU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ2JMA0G
CSqGSIb3DQEBCwUAA4IBAQALgLnACFhYHBb6iSXBzb7MSMPgOWBWWCudq6uCwUbC
FZIf8o9XxBwseXyRaby0LoIIAfOxA1kOcT7QrtIHvJmMCvnxgt0Rsd/vhKQXxsG3
GqkghUcRoy7RZrvXqpDAkNc/kHWswAExWswyCzRZIBOU5unhX5mXHpi8OESRkPvh
aKnRngSeP8MCUAofA++SAA5TNgj6BMHuqrd6czh578h/4uPvliNB0wq2htXsKcoU
eu/BPUb2Vv8p6co95DEz7K/l7wyuuxILll0k35C6H3Bs5Xs+ghcqgfdmCYyqwZdB
vWyKNGJXXouXR3V/sBHiQHVNfdPSCJDDKz+eeeG9E+Yz
-----END CERTIFICATE-----