Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/1d0f41-519a-4c42-aa6f-c71d2b92c397/1/s0bJG6Qp94T0ozPjLlAbRCJfTFs.roa
File:                     s0bJG6Qp94T0ozPjLlAbRCJfTFs.roa (raw, json)
Hash identifier:          qwFiBqb0rHrSmTwD9b+7ecXoNWtZfg8qRArEug26wV4=
Subject key identifier:   B3:46:C9:1B:A4:29:F7:84:F4:A3:33:E3:2E:50:1B:44:22:5F:4C:5B
Certificate issuer:       /CN=1f26ce92c2cd83b5eccf49733f3a7be77add49a0
Certificate serial:       019427B554D1F16DD3CD6FD53CBE91DBD8E3
Authority key identifier: 1F:26:CE:92:C2:CD:83:B5:EC:CF:49:73:3F:3A:7B:E7:7A:DD:49:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HybOksLNg7Xsz0lzPzp753rdSaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/1d0f41-519a-4c42-aa6f-c71d2b92c397/1/s0bJG6Qp94T0ozPjLlAbRCJfTFs.roa
Signing time:             Thu 02 Jan 2025 15:49:42 +0000
ROA not before:           Thu 02 Jan 2025 15:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25506
IP address blocks:        45.154.222.0/24 maxlen: 24
                          45.154.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/1d0f41-519a-4c42-aa6f-c71d2b92c397/1/HybOksLNg7Xsz0lzPzp753rdSaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/1d0f41-519a-4c42-aa6f-c71d2b92c397/1/HybOksLNg7Xsz0lzPzp753rdSaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HybOksLNg7Xsz0lzPzp753rdSaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:54:d1:f1:6d:d3:cd:6f:d5:3c:be:91:db:d8:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f26ce92c2cd83b5eccf49733f3a7be77add49a0
        Validity
            Not Before: Jan  2 15:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b346c91ba429f784f4a333e32e501b44225f4c5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:12:47:63:c2:df:f2:bb:45:3d:05:b1:53:01:
                    dd:76:e5:89:3a:6d:c7:8f:de:6f:8f:72:6c:d0:f1:
                    68:c2:9f:51:f4:67:c1:82:27:72:6c:25:7d:e3:d2:
                    1d:bd:bc:3a:86:54:04:c1:e3:81:33:9e:63:a5:0a:
                    17:56:5a:d0:18:3d:2a:5a:26:cc:7f:69:22:dc:b1:
                    27:9e:f5:19:ae:af:27:ce:96:35:8e:67:2b:b0:b4:
                    46:a0:ad:c2:e4:6d:6c:65:37:61:e5:d4:fd:c2:bb:
                    97:66:e1:3e:9d:bf:4d:93:cf:04:02:d5:c4:da:8e:
                    48:e9:86:a9:e4:1c:d5:e8:f5:8f:e0:37:ba:dc:93:
                    c4:f4:27:77:da:a2:28:55:70:58:08:36:24:ed:ee:
                    0b:d8:39:f2:5c:47:ef:47:39:c3:9d:ff:7a:d6:fb:
                    d2:8f:b5:b5:62:45:2b:d4:7e:6d:89:95:6c:9e:6b:
                    cb:3f:f4:6a:51:c7:58:79:82:89:b6:68:cd:d6:4e:
                    5a:95:5c:a0:f9:c4:8b:59:ae:fd:18:64:66:3a:f4:
                    9e:aa:76:2d:e6:31:5a:66:87:48:39:9a:a1:36:79:
                    f7:0a:83:b6:0a:be:d3:fe:cf:16:6d:e7:19:80:14:
                    da:50:de:f9:a9:e9:6f:01:97:b7:c1:77:4c:b0:35:
                    79:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:46:C9:1B:A4:29:F7:84:F4:A3:33:E3:2E:50:1B:44:22:5F:4C:5B
            X509v3 Authority Key Identifier:
                keyid:1F:26:CE:92:C2:CD:83:B5:EC:CF:49:73:3F:3A:7B:E7:7A:DD:49:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HybOksLNg7Xsz0lzPzp753rdSaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/1d0f41-519a-4c42-aa6f-c71d2b92c397/1/s0bJG6Qp94T0ozPjLlAbRCJfTFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/1d0f41-519a-4c42-aa6f-c71d2b92c397/1/HybOksLNg7Xsz0lzPzp753rdSaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:75:9f:fa:b5:eb:78:72:d3:1a:09:b4:b2:71:be:28:5a:f1:
         d0:65:0f:f8:b1:79:40:81:9c:40:43:44:09:20:69:19:70:bc:
         ba:fe:40:e2:25:f9:50:0b:93:d6:dc:3d:0b:7d:42:a4:47:cb:
         30:5b:4e:a3:22:e1:ff:0f:63:a8:c1:66:ee:12:1c:d0:fe:5c:
         dd:75:9a:b2:93:f5:e2:0a:f6:c0:06:cc:eb:1a:89:1f:61:f1:
         7b:10:71:ff:b7:d1:aa:8b:4a:25:99:55:01:e7:e8:8c:58:06:
         45:2b:09:22:99:8c:41:c9:0e:8d:1c:99:4b:61:e2:9e:6a:e0:
         35:5c:27:e2:fb:53:a9:c0:a9:19:0e:1a:4c:cf:68:a6:8b:fd:
         a5:34:04:64:2d:28:be:fa:8d:99:21:96:52:19:90:02:59:8d:
         04:0c:ef:07:0a:50:f3:8a:a4:7e:db:9e:e5:6f:a1:90:1b:c8:
         78:8b:3d:0c:be:a3:c2:cb:e2:84:e2:f6:ef:87:18:d0:3f:85:
         c4:61:b6:ca:88:70:6b:12:6e:d9:d5:12:d1:31:2e:e5:95:35:
         86:f7:c5:89:aa:a2:39:68:c3:b3:14:3d:33:ce:cf:b2:f0:f3:
         1f:f8:f1:56:39:1b:e7:87:bf:1c:9d:5d:7d:ed:43:fa:b7:bc:
         23:d3:a6:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntVTR8W3TzW/VPL6R29jjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMjZjZTkyYzJjZDgzYjVlY2NmNDk3MzNmM2E3YmU3N2Fk
ZDQ5YTAwHhcNMjUwMTAyMTU0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzQ2YzkxYmE0MjlmNzg0ZjRhMzMzZTMyZTUwMWI0NDIyNWY0YzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhJHY8Lf8rtFPQWxUwHdduWJOm3H
j95vj3Js0PFowp9R9GfBgidybCV949Idvbw6hlQEweOBM55jpQoXVlrQGD0qWibM
f2ki3LEnnvUZrq8nzpY1jmcrsLRGoK3C5G1sZTdh5dT9wruXZuE+nb9Nk88EAtXE
2o5I6Yap5BzV6PWP4De63JPE9Cd32qIoVXBYCDYk7e4L2DnyXEfvRznDnf961vvS
j7W1YkUr1H5tiZVsnmvLP/RqUcdYeYKJtmjN1k5alVyg+cSLWa79GGRmOvSeqnYt
5jFaZodIOZqhNnn3CoO2Cr7T/s8WbecZgBTaUN75qelvAZe3wXdMsDV5uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNGyRukKfeE9KMz4y5QG0QiX0xbMB8GA1UdIwQY
MBaAFB8mzpLCzYO17M9Jcz86e+d63UmgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHliT2tzTE5nN1hzejBselB6cDc1M3JkU2FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8xZDBmNDEtNTE5YS00YzQyLWFhNmYt
YzcxZDJiOTJjMzk3LzEvczBiSkc2UXA5NFQwb3pQakxsQWJSQ0pmVEZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8xZDBmNDEtNTE5YS00YzQyLWFhNmYtYzcxZDJiOTJjMzk3
LzEvSHliT2tzTE5nN1hzejBselB6cDc1M3JkU2FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZreMA0G
CSqGSIb3DQEBCwUAA4IBAQCudZ/6tet4ctMaCbSycb4oWvHQZQ/4sXlAgZxAQ0QJ
IGkZcLy6/kDiJflQC5PW3D0LfUKkR8swW06jIuH/D2OowWbuEhzQ/lzddZqyk/Xi
CvbABszrGokfYfF7EHH/t9Gqi0olmVUB5+iMWAZFKwkimYxByQ6NHJlLYeKeauA1
XCfi+1OpwKkZDhpMz2imi/2lNARkLSi++o2ZIZZSGZACWY0EDO8HClDziqR+257l
b6GQG8h4iz0MvqPCy+KE4vbvhxjQP4XEYbbKiHBrEm7Z1RLRMS7llTWG98WJqqI5
aMOzFD0zzs+y8PMf+PFWORvnh78cnV197UP6t7wj06bG
-----END CERTIFICATE-----