Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/NiDlxsWHuFCaO_ae7ojuGBM3VYg.roa
File:                     NiDlxsWHuFCaO_ae7ojuGBM3VYg.roa (raw, json)
Hash identifier:          hw9LZJbR03B/uu8HlZ2G9o1ylvHNaLuOAdgCzkL5ruQ=
Subject key identifier:   36:20:E5:C6:C5:87:B8:50:9A:3B:F6:9E:EE:88:EE:18:13:37:55:88
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01961BD8C08785AE832590BBA40E68D87C5A
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/NiDlxsWHuFCaO_ae7ojuGBM3VYg.roa
Signing time:             Wed 09 Apr 2025 18:38:32 +0000
ROA not before:           Wed 09 Apr 2025 18:38:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33993
IP address blocks:        45.153.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1b:d8:c0:87:85:ae:83:25:90:bb:a4:0e:68:d8:7c:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Apr  9 18:38:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3620e5c6c587b8509a3bf69eee88ee1813375588
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:4c:40:5e:c7:61:2d:5a:cd:70:58:93:78:74:
                    3f:d5:63:73:0b:1d:e8:e9:14:1d:43:93:47:32:53:
                    90:c2:ec:b5:a7:76:d7:14:50:24:d4:c2:ee:91:da:
                    ec:e9:bd:22:16:79:7e:43:3a:27:27:65:f2:fb:3c:
                    bd:eb:ef:9d:33:c4:db:9a:10:d7:c8:80:8e:06:e7:
                    c5:05:b0:f9:69:b9:fe:a2:b9:7c:55:a2:ab:85:80:
                    71:ad:08:5b:cf:12:18:d2:88:65:8e:7c:63:24:2b:
                    59:75:dc:cb:dd:47:68:5b:fa:e3:cc:de:43:88:b4:
                    61:18:fe:4a:53:fe:d9:47:48:12:d6:f6:5d:71:0f:
                    9f:c0:78:aa:9f:05:eb:33:8d:76:db:d5:d9:5c:cc:
                    2d:6e:cf:ba:3b:d5:ef:2d:0d:83:cc:52:0f:22:31:
                    ac:a4:bb:7d:2b:94:8f:f7:6a:d6:c8:9c:7a:df:cb:
                    9f:c6:1f:ef:cd:a7:61:4a:96:a2:03:e4:00:27:eb:
                    6c:fe:ce:46:99:17:c8:31:9e:0e:64:c8:7c:57:d0:
                    66:45:e7:ed:f9:8c:c4:07:aa:57:9d:5a:00:2f:cc:
                    8c:6b:15:9b:69:d6:75:fe:74:d7:9b:e9:88:ba:04:
                    56:ac:5f:a1:cc:20:dd:f3:3e:52:fc:16:ee:d5:ad:
                    ae:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:20:E5:C6:C5:87:B8:50:9A:3B:F6:9E:EE:88:EE:18:13:37:55:88
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/NiDlxsWHuFCaO_ae7ojuGBM3VYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:52:b1:00:0f:22:0f:a4:29:fe:e0:a8:b5:2d:82:7a:a5:85:
         ed:ee:b2:b7:20:eb:6d:31:69:d2:48:ef:ae:4e:88:41:f3:9c:
         6b:28:11:18:7a:40:61:b9:ab:0b:2e:6c:84:5c:00:c2:f5:00:
         89:e4:5f:14:38:97:bd:d2:41:59:4e:7d:ea:70:6d:a2:55:65:
         11:b2:c5:cd:88:1d:90:71:61:66:3e:c1:1d:71:73:97:e3:6d:
         c9:b2:c9:5b:ce:04:7b:5c:87:b2:f9:f1:e0:5b:01:85:42:40:
         e8:3c:4f:c2:e3:d6:82:04:d0:2a:f8:70:b6:5c:04:40:d0:f8:
         c9:82:a3:f5:b3:3d:94:fb:03:76:4c:e0:d6:43:bb:12:b1:1b:
         3b:9d:09:b3:dc:a9:da:4d:43:40:da:b2:e4:1c:e1:8c:6d:6e:
         8a:a9:18:6b:68:fe:cd:35:45:e7:0a:23:53:b3:10:40:6a:38:
         dd:a5:00:dd:27:ff:d0:b7:67:fe:31:22:2e:e5:a3:1b:91:b4:
         bd:6e:6c:f0:1f:bc:77:c4:c6:58:b4:5f:46:f2:c9:a4:9f:71:
         c5:33:26:35:e1:94:10:2f:01:a5:f0:96:de:9a:ca:2c:ad:a5:
         40:ef:b5:bc:e9:23:92:58:9d:17:01:2c:c4:dc:a0:bb:79:ce:
         8d:79:c0:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYb2MCHha6DJZC7pA5o2HxaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwNDA5MTgzODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjIwZTVjNmM1ODdiODUwOWEzYmY2OWVlZTg4ZWUxODEzMzc1NTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoExAXsdhLVrNcFiTeHQ/1WNzCx3o
6RQdQ5NHMlOQwuy1p3bXFFAk1MLukdrs6b0iFnl+QzonJ2Xy+zy96++dM8TbmhDX
yICOBufFBbD5abn+orl8VaKrhYBxrQhbzxIY0ohljnxjJCtZddzL3UdoW/rjzN5D
iLRhGP5KU/7ZR0gS1vZdcQ+fwHiqnwXrM41229XZXMwtbs+6O9XvLQ2DzFIPIjGs
pLt9K5SP92rWyJx638ufxh/vzadhSpaiA+QAJ+ts/s5GmRfIMZ4OZMh8V9BmReft
+YzEB6pXnVoAL8yMaxWbadZ1/nTXm+mIugRWrF+hzCDd8z5S/Bbu1a2udQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYg5cbFh7hQmjv2nu6I7hgTN1WIMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvTmlEbHhzV0h1RkNhT19hZTdvanVHQk0zVllnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZnnMA0G
CSqGSIb3DQEBCwUAA4IBAQBgUrEADyIPpCn+4Ki1LYJ6pYXt7rK3IOttMWnSSO+u
TohB85xrKBEYekBhuasLLmyEXADC9QCJ5F8UOJe90kFZTn3qcG2iVWURssXNiB2Q
cWFmPsEdcXOX423JsslbzgR7XIey+fHgWwGFQkDoPE/C49aCBNAq+HC2XARA0PjJ
gqP1sz2U+wN2TODWQ7sSsRs7nQmz3KnaTUNA2rLkHOGMbW6KqRhraP7NNUXnCiNT
sxBAajjdpQDdJ//Qt2f+MSIu5aMbkbS9bmzwH7x3xMZYtF9G8smkn3HFMyY14ZQQ
LwGl8JbemsosraVA77W86SOSWJ0XASzE3KC7ec6NecBI
-----END CERTIFICATE-----