Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/tNteV-bYipxacIdsneN2kRS27vI.roa
File:                     tNteV-bYipxacIdsneN2kRS27vI.roa (raw, json)
Hash identifier:          DK40xOAWm2KZPWxZ02RGtb+aUbxm0wIjZBTHx/mZzWs=
Subject key identifier:   B4:DB:5E:57:E6:D8:8A:9C:5A:70:87:6C:9D:E3:76:91:14:B6:EE:F2
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       019426D94E52978FF924082F92DF6692D3CC
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/tNteV-bYipxacIdsneN2kRS27vI.roa
Signing time:             Thu 02 Jan 2025 11:49:23 +0000
ROA not before:           Thu 02 Jan 2025 11:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197968
IP address blocks:        45.135.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:4e:52:97:8f:f9:24:08:2f:92:df:66:92:d3:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  2 11:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4db5e57e6d88a9c5a70876c9de3769114b6eef2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:72:38:6e:ac:fa:5e:3a:97:bd:03:7c:9d:e3:
                    96:f4:5c:ba:45:b1:e4:f9:db:d7:31:c6:3d:9e:18:
                    5a:fe:cd:a7:78:6f:57:6f:a2:02:05:96:08:68:6d:
                    49:b6:41:0f:11:88:0d:74:0c:6f:44:8f:e7:88:35:
                    64:c3:ef:d0:8f:e4:43:39:b7:66:ac:97:3c:97:7a:
                    f1:40:0b:f3:cc:aa:77:e4:87:c5:ee:fa:34:ac:6f:
                    11:82:55:4a:bd:d9:4b:e4:38:6b:24:c7:05:02:8b:
                    20:cd:ff:a6:33:7d:17:70:54:d1:33:6e:ab:ed:f0:
                    dc:50:70:b3:d7:06:b4:81:a9:39:81:00:6d:b3:0a:
                    83:6f:cd:b8:48:af:23:f6:18:85:b9:e4:1f:b8:ef:
                    1e:40:16:b7:fa:c4:a8:ec:06:47:3b:b0:e6:42:28:
                    cb:d9:c0:15:28:ed:3b:9a:df:00:0f:19:16:05:57:
                    ca:d3:bf:ee:aa:d5:78:9d:e8:6f:55:06:e4:15:18:
                    a9:f8:fa:6c:61:56:c3:57:5f:87:53:2a:e3:74:d3:
                    48:62:bc:b2:cc:ef:5a:3d:fd:3e:e4:c0:24:f5:04:
                    fb:c0:1f:d8:27:e3:87:bf:3d:e6:37:2c:be:67:7d:
                    4e:73:d0:1f:af:78:ee:4b:b7:5d:eb:09:35:01:83:
                    bc:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:DB:5E:57:E6:D8:8A:9C:5A:70:87:6C:9D:E3:76:91:14:B6:EE:F2
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/tNteV-bYipxacIdsneN2kRS27vI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:fa:d1:0e:bf:bf:cb:b0:82:2f:e0:16:28:f8:b7:95:a9:91:
         e8:8f:17:14:2a:ca:3c:27:90:93:54:89:77:ee:75:11:cf:00:
         e9:09:c1:71:d6:4b:28:b0:51:ed:09:ac:c2:a1:45:30:fd:bc:
         3d:f1:c4:bf:0e:ce:df:fb:90:e6:fe:1f:2c:57:ca:24:b3:16:
         81:63:5b:d3:cd:f3:ab:f1:30:7d:88:84:26:66:8d:dc:36:a1:
         45:2e:0a:2e:9d:e0:72:d5:5c:60:05:50:bc:94:79:bb:72:c3:
         5b:6e:1a:20:21:03:c7:7a:a4:63:39:ef:dd:e8:3f:02:52:63:
         e5:e9:84:c9:20:f4:07:04:ab:19:c1:02:00:73:bb:8f:de:e5:
         13:9c:d7:0c:58:ee:d7:1d:20:8b:a7:41:b5:e2:ee:17:af:bc:
         25:e8:53:6d:a2:d5:73:e4:c1:02:6f:08:2a:4a:b1:c1:29:1c:
         9f:25:75:96:2f:6c:d9:56:59:fe:9b:4a:76:77:86:45:64:c4:
         e7:0d:70:34:db:35:14:f9:3e:8c:85:57:cf:83:c4:75:03:06:
         96:79:60:7f:36:67:41:08:e2:af:ab:63:b4:cd:31:79:49:28:
         0b:f9:80:d1:50:87:06:00:27:90:af:3e:49:0c:d3:e3:c9:8f:
         5d:b7:55:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2U5Sl4/5JAgvkt9mktPMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjUwMTAyMTE0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGRiNWU1N2U2ZDg4YTljNWE3MDg3NmM5ZGUzNzY5MTE0YjZlZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3I4bqz6XjqXvQN8neOW9Fy6RbHk
+dvXMcY9nhha/s2neG9Xb6ICBZYIaG1JtkEPEYgNdAxvRI/niDVkw+/Qj+RDObdm
rJc8l3rxQAvzzKp35IfF7vo0rG8RglVKvdlL5DhrJMcFAosgzf+mM30XcFTRM26r
7fDcUHCz1wa0gak5gQBtswqDb824SK8j9hiFueQfuO8eQBa3+sSo7AZHO7DmQijL
2cAVKO07mt8ADxkWBVfK07/uqtV4nehvVQbkFRip+PpsYVbDV1+HUyrjdNNIYryy
zO9aPf0+5MAk9QT7wB/YJ+OHvz3mNyy+Z31Oc9Afr3juS7dd6wk1AYO81wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTbXlfm2IqcWnCHbJ3jdpEUtu7yMB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvdE50ZVYtYllpcHhhY0lkc25lTjJrUlMyN3ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYfXMA0G
CSqGSIb3DQEBCwUAA4IBAQA9+tEOv7/LsIIv4BYo+LeVqZHojxcUKso8J5CTVIl3
7nURzwDpCcFx1ksosFHtCazCoUUw/bw98cS/Ds7f+5Dm/h8sV8oksxaBY1vTzfOr
8TB9iIQmZo3cNqFFLgouneBy1VxgBVC8lHm7csNbbhogIQPHeqRjOe/d6D8CUmPl
6YTJIPQHBKsZwQIAc7uP3uUTnNcMWO7XHSCLp0G14u4Xr7wl6FNtotVz5MECbwgq
SrHBKRyfJXWWL2zZVln+m0p2d4ZFZMTnDXA02zUU+T6MhVfPg8R1AwaWeWB/NmdB
COKvq2O0zTF5SSgL+YDRUIcGACeQrz5JDNPjyY9dt1Vd
-----END CERTIFICATE-----