Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/oTdRqWCGB_YZL-zzysNmCsUI8OU.roa
File:                     oTdRqWCGB_YZL-zzysNmCsUI8OU.roa (raw, json)
Hash identifier:          Z3CxIW13t+FC0u78Ynw/b8NpKjP4IiiiZzM5isLuBQ4=
Subject key identifier:   A1:37:51:A9:60:86:07:F6:19:2F:EC:F3:CA:C3:66:0A:C5:08:F0:E5
Certificate issuer:       /CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
Certificate serial:       01942368F8CE5FC835F862D280369B855B02
Authority key identifier: B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/oTdRqWCGB_YZL-zzysNmCsUI8OU.roa
Signing time:             Wed 01 Jan 2025 19:47:49 +0000
ROA not before:           Wed 01 Jan 2025 19:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210950
IP address blocks:        45.143.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:f8:ce:5f:c8:35:f8:62:d2:80:36:9b:85:5b:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
        Validity
            Not Before: Jan  1 19:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a13751a9608607f6192fecf3cac3660ac508f0e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:0c:2c:e4:a8:72:88:96:e3:d9:69:f4:ca:e5:
                    43:01:cc:d4:dc:2c:1d:f5:b7:b6:84:f6:ae:ae:09:
                    3c:7f:eb:59:3b:74:b5:0a:f5:2e:ae:74:80:0e:8b:
                    e6:f8:8c:d9:bd:a2:f9:be:7b:b1:a4:31:bb:4a:d4:
                    a5:15:4a:50:a8:3f:36:1f:f8:e4:ea:eb:41:45:97:
                    c3:57:6a:a2:f9:bb:f7:b6:cc:42:c1:d4:2c:bd:68:
                    6c:03:97:e9:3b:9e:a6:2a:74:56:fe:3c:71:62:38:
                    ce:de:be:26:f4:b5:43:26:c5:a1:86:02:9e:98:a0:
                    de:72:0d:62:bb:eb:4a:a9:1c:71:87:58:9b:31:bc:
                    a8:c5:6b:f2:5d:d3:8a:d1:e9:5c:dd:c1:2e:24:77:
                    d4:b2:45:c0:0e:e9:d2:01:2e:2d:bc:83:07:24:fd:
                    39:30:cb:1e:c2:19:51:c2:50:7c:d3:00:75:30:81:
                    6f:c3:af:23:d2:67:af:3d:cc:14:b0:d9:91:97:a1:
                    15:1a:96:54:d6:d3:55:a5:59:9b:c7:89:00:a8:a6:
                    86:92:f4:9a:dd:2b:aa:ce:26:1d:0d:29:4e:e6:9c:
                    24:7b:22:cf:0d:26:ae:9f:e1:6a:e9:88:5e:07:b9:
                    38:a8:51:c7:a9:b9:e5:d1:e2:2a:f7:4e:36:55:ed:
                    31:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:37:51:A9:60:86:07:F6:19:2F:EC:F3:CA:C3:66:0A:C5:08:F0:E5
            X509v3 Authority Key Identifier:
                keyid:B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/oTdRqWCGB_YZL-zzysNmCsUI8OU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:4c:23:e8:77:20:fa:8f:3c:48:64:79:11:2b:e4:7f:f3:d0:
         74:87:78:71:58:52:e7:fc:d9:73:11:b0:4c:a8:7f:3d:49:9b:
         0c:dc:ba:2d:c1:4b:2e:2f:b4:d6:f7:e8:4a:62:2e:68:8a:02:
         c7:13:3e:76:b2:ce:40:bf:8e:55:75:c9:ba:63:d0:47:05:c4:
         b5:35:24:f3:8b:59:c5:8b:1c:50:4f:3d:5f:50:57:91:3a:0d:
         e2:e4:c2:3f:11:96:a0:5e:5b:37:27:98:86:72:aa:4e:a6:a4:
         e7:1c:41:d0:55:44:49:85:9c:0c:e4:2d:b8:de:a4:6f:f5:a8:
         5a:1e:27:b8:95:b3:ba:10:fd:69:be:20:8b:d3:2d:55:9c:db:
         33:0d:0f:ab:af:a8:0a:1e:a1:51:94:a8:a4:e7:8c:f6:68:71:
         64:f2:b1:1d:31:4d:6a:26:fb:45:9c:02:4f:1f:6c:ba:35:67:
         3f:5d:9a:c7:9f:1e:42:48:15:75:78:19:cc:96:41:73:fc:23:
         eb:d0:a1:9a:fd:a9:ce:67:c1:4f:6a:5f:11:a2:8f:8a:20:ae:
         aa:67:d9:be:13:af:f6:a4:7a:dd:e1:f5:2b:d4:38:ef:ba:50:
         20:05:b0:45:61:66:85:21:44:98:f1:3d:3f:c9:7b:76:89:de:
         fb:95:5a:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaPjOX8g1+GLSgDabhVsCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYWYxMmY1Y2E3NWM5MjJhNGFhNWRhY2I0OWMwNGE5MzIz
N2Y0ZWQwHhcNMjUwMTAxMTk0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTM3NTFhOTYwODYwN2Y2MTkyZmVjZjNjYWMzNjYwYWM1MDhmMGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5wws5KhyiJbj2Wn0yuVDAczU3Cwd
9be2hPaurgk8f+tZO3S1CvUurnSADovm+IzZvaL5vnuxpDG7StSlFUpQqD82H/jk
6utBRZfDV2qi+bv3tsxCwdQsvWhsA5fpO56mKnRW/jxxYjjO3r4m9LVDJsWhhgKe
mKDecg1iu+tKqRxxh1ibMbyoxWvyXdOK0elc3cEuJHfUskXADunSAS4tvIMHJP05
MMsewhlRwlB80wB1MIFvw68j0mevPcwUsNmRl6EVGpZU1tNVpVmbx4kAqKaGkvSa
3SuqziYdDSlO5pwkeyLPDSaun+Fq6YheB7k4qFHHqbnl0eIq9042Ve0xQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKE3Ualghgf2GS/s88rDZgrFCPDlMB8GA1UdIwQY
MBaAFLGvEvXKdckipKpdrLScBKkyN/TtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUt
NTc2MGVmYmNjNjU0LzEvb1RkUnFXQ0dCX1laTC16enlzTm1Dc1VJOE9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUtNTc2MGVmYmNjNjU0
LzEvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY/JMA0G
CSqGSIb3DQEBCwUAA4IBAQBqTCPodyD6jzxIZHkRK+R/89B0h3hxWFLn/NlzEbBM
qH89SZsM3LotwUsuL7TW9+hKYi5oigLHEz52ss5Av45Vdcm6Y9BHBcS1NSTzi1nF
ixxQTz1fUFeROg3i5MI/EZagXls3J5iGcqpOpqTnHEHQVURJhZwM5C243qRv9aha
Hie4lbO6EP1pviCL0y1VnNszDQ+rr6gKHqFRlKik54z2aHFk8rEdMU1qJvtFnAJP
H2y6NWc/XZrHnx5CSBV1eBnMlkFz/CPr0KGa/anOZ8FPal8Roo+KIK6qZ9m+E6/2
pHrd4fUr1DjvulAgBbBFYWaFIUSY8T0/yXt2id77lVr8
-----END CERTIFICATE-----