Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/C3s5o6S6iMFqA5kUnPyNkOVDKSM.roa
File:                     C3s5o6S6iMFqA5kUnPyNkOVDKSM.roa (raw, json)
Hash identifier:          H3u9mvJ7SuTZccRd+wWwmhJZK9bvIglyqc2Q2wLWS1o=
Subject key identifier:   0B:7B:39:A3:A4:BA:88:C1:6A:03:99:14:9C:FC:8D:90:E5:43:29:23
Certificate issuer:       /CN=cf9833261697652c35547e98fc05a7e2294edbc7
Certificate serial:       0194228E44D362E1744BF6142DD5CA3D672C
Authority key identifier: CF:98:33:26:16:97:65:2C:35:54:7E:98:FC:05:A7:E2:29:4E:DB:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z5gzJhaXZSw1VH6Y_AWn4ilO28c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/C3s5o6S6iMFqA5kUnPyNkOVDKSM.roa
Signing time:             Wed 01 Jan 2025 15:48:56 +0000
ROA not before:           Wed 01 Jan 2025 15:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5089
IP address blocks:        45.149.168.0/23 maxlen: 24
                          45.149.170.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/z5gzJhaXZSw1VH6Y_AWn4ilO28c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/z5gzJhaXZSw1VH6Y_AWn4ilO28c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z5gzJhaXZSw1VH6Y_AWn4ilO28c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:44:d3:62:e1:74:4b:f6:14:2d:d5:ca:3d:67:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf9833261697652c35547e98fc05a7e2294edbc7
        Validity
            Not Before: Jan  1 15:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b7b39a3a4ba88c16a0399149cfc8d90e5432923
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:2d:53:1a:0b:3a:08:77:0e:b1:b1:02:32:c9:
                    94:91:27:81:55:a4:13:bf:25:7c:0a:3b:c4:ae:ed:
                    bb:75:65:53:87:55:0e:01:8c:82:42:01:18:e7:91:
                    83:51:af:7f:8b:59:ef:c1:46:45:1d:1c:71:0a:91:
                    d5:5d:ea:f4:d9:a0:b5:46:de:6e:1b:f5:72:bc:45:
                    40:7c:3b:b4:ca:53:ad:19:05:22:09:5d:e0:51:ba:
                    8f:01:a9:f7:f5:e4:f1:7c:b0:23:3c:80:5a:db:46:
                    37:e5:01:20:f6:f4:c8:4f:4f:06:8f:73:66:66:be:
                    52:16:4f:e4:26:73:cb:91:31:c5:9d:62:89:f8:c9:
                    a4:64:a6:d8:cf:5f:88:66:3a:a3:bb:2e:45:6b:4e:
                    77:96:b6:e7:d5:81:77:28:19:7f:30:93:fb:4c:a7:
                    83:b2:f0:4f:75:14:4c:cb:dc:73:92:96:18:5a:16:
                    ee:ad:3e:4e:b8:1c:f4:59:a3:94:96:25:a9:4a:90:
                    e1:49:61:50:58:f4:49:ce:9e:84:1b:39:f4:91:5a:
                    e9:8e:b6:cc:06:a5:0a:8c:da:ac:d2:c9:2f:29:67:
                    4a:04:6a:41:5a:9a:74:4c:81:dc:06:07:36:69:8d:
                    ce:40:f3:30:5e:d9:65:0b:43:6d:dd:bc:48:91:e2:
                    90:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:7B:39:A3:A4:BA:88:C1:6A:03:99:14:9C:FC:8D:90:E5:43:29:23
            X509v3 Authority Key Identifier:
                keyid:CF:98:33:26:16:97:65:2C:35:54:7E:98:FC:05:A7:E2:29:4E:DB:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z5gzJhaXZSw1VH6Y_AWn4ilO28c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/C3s5o6S6iMFqA5kUnPyNkOVDKSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/z5gzJhaXZSw1VH6Y_AWn4ilO28c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:64:b1:9d:5a:3b:e6:e7:03:96:6e:f5:10:fd:a4:7b:21:19:
         68:54:ac:0c:0b:86:57:44:9d:01:aa:92:69:12:f2:35:d6:4e:
         ef:72:76:1a:90:80:1d:ad:ed:60:d1:4f:24:a1:18:50:83:6e:
         9a:fa:6f:cf:a9:b0:7d:98:68:47:30:16:6f:99:38:de:f0:5b:
         0e:54:61:e6:c8:14:34:db:f7:8b:85:4a:55:1e:64:1c:9f:fa:
         df:e8:e2:92:bc:b7:87:0f:07:c2:52:e3:f3:de:f2:ad:cb:c6:
         19:b0:99:fb:9d:7c:92:e3:f9:6b:bb:92:f0:b0:84:2c:9d:ed:
         13:d2:81:5b:19:90:39:33:13:bd:23:1c:75:87:9e:c9:a1:b0:
         bf:7b:db:0c:7f:42:9e:75:1d:fe:d8:cf:dd:9d:47:ba:99:73:
         73:a9:d7:18:95:e9:82:09:7c:40:68:a9:4a:8f:02:69:46:93:
         2f:f9:0f:1c:df:00:64:bb:d3:3f:54:68:9e:df:fc:07:6e:fb:
         86:a5:f6:4f:55:da:f6:84:99:95:5d:66:f6:85:14:4c:3d:80:
         9c:62:f1:6e:32:16:90:a0:0d:36:94:73:b0:44:f4:8d:e9:0e:
         c8:9d:d4:a7:bd:2b:5b:b3:91:1f:78:84:0e:70:cb:61:b6:a2:
         27:64:e3:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijkTTYuF0S/YULdXKPWcsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOTgzMzI2MTY5NzY1MmMzNTU0N2U5OGZjMDVhN2UyMjk0
ZWRiYzcwHhcNMjUwMTAxMTU0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjdiMzlhM2E0YmE4OGMxNmEwMzk5MTQ5Y2ZjOGQ5MGU1NDMyOTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4i1TGgs6CHcOsbECMsmUkSeBVaQT
vyV8CjvEru27dWVTh1UOAYyCQgEY55GDUa9/i1nvwUZFHRxxCpHVXer02aC1Rt5u
G/VyvEVAfDu0ylOtGQUiCV3gUbqPAan39eTxfLAjPIBa20Y35QEg9vTIT08Gj3Nm
Zr5SFk/kJnPLkTHFnWKJ+MmkZKbYz1+IZjqjuy5Fa053lrbn1YF3KBl/MJP7TKeD
svBPdRRMy9xzkpYYWhburT5OuBz0WaOUliWpSpDhSWFQWPRJzp6EGzn0kVrpjrbM
BqUKjNqs0skvKWdKBGpBWpp0TIHcBgc2aY3OQPMwXtllC0Nt3bxIkeKQ3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAt7OaOkuojBagOZFJz8jZDlQykjMB8GA1UdIwQY
MBaAFM+YMyYWl2UsNVR+mPwFp+IpTtvHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejVnekpoYVhaU3cxVkg2WV9BV240aWxPMjhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8zNjA2ZjUtMTdlMS00MzE5LTk3MDMt
YWU0MDFhMzdjMDQ0LzEvQzNzNW82UzZpTUZxQTVrVW5QeU5rT1ZES1NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8zNjA2ZjUtMTdlMS00MzE5LTk3MDMtYWU0MDFhMzdjMDQ0
LzEvejVnekpoYVhaU3cxVkg2WV9BV240aWxPMjhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZWoMA0G
CSqGSIb3DQEBCwUAA4IBAQBzZLGdWjvm5wOWbvUQ/aR7IRloVKwMC4ZXRJ0BqpJp
EvI11k7vcnYakIAdre1g0U8koRhQg26a+m/PqbB9mGhHMBZvmTje8FsOVGHmyBQ0
2/eLhUpVHmQcn/rf6OKSvLeHDwfCUuPz3vKty8YZsJn7nXyS4/lru5LwsIQsne0T
0oFbGZA5MxO9Ixx1h57JobC/e9sMf0KedR3+2M/dnUe6mXNzqdcYlemCCXxAaKlK
jwJpRpMv+Q8c3wBku9M/VGie3/wHbvuGpfZPVdr2hJmVXWb2hRRMPYCcYvFuMhaQ
oA02lHOwRPSN6Q7IndSnvStbs5EfeIQOcMthtqInZOOU
-----END CERTIFICATE-----