Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/D3HyRH4gt8I3AVc_11aVtLDHXXs.roa
File:                     D3HyRH4gt8I3AVc_11aVtLDHXXs.roa (raw, json)
Hash identifier:          LthCRx/kLSoC/Gm2fuPju175Bc+44KoK1FGNtCDpOFQ=
Subject key identifier:   0F:71:F2:44:7E:20:B7:C2:37:01:57:3F:D7:56:95:B4:B0:C7:5D:7B
Certificate issuer:       /CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
Certificate serial:       019568377599EFB89F686E564A2E8BAEEAF2
Authority key identifier: 65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/D3HyRH4gt8I3AVc_11aVtLDHXXs.roa
Signing time:             Wed 05 Mar 2025 21:30:19 +0000
ROA not before:           Wed 05 Mar 2025 21:30:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212500
IP address blocks:        45.152.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 22:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:68:37:75:99:ef:b8:9f:68:6e:56:4a:2e:8b:ae:ea:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
        Validity
            Not Before: Mar  5 21:30:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f71f2447e20b7c23701573fd75695b4b0c75d7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6d:85:62:f2:2d:d5:60:4f:b8:ff:8b:aa:69:
                    9a:db:a3:8c:54:29:c1:4b:42:76:12:2e:de:cc:61:
                    d1:05:e9:a0:d2:0b:0a:39:33:e0:16:99:c4:7b:e0:
                    64:d2:d3:bc:21:57:e6:b4:85:b4:00:9a:b1:30:69:
                    07:e8:c6:e9:fc:ee:c0:c8:2d:6e:2e:e7:1f:25:c1:
                    ed:6e:16:ec:63:c4:44:b8:a7:3e:7f:86:f5:43:90:
                    55:e9:93:da:cc:89:b9:0e:6b:20:6d:49:66:9f:a9:
                    8f:ab:db:2f:33:9c:86:ba:89:06:1b:40:e8:07:a2:
                    fe:73:d3:50:66:4a:b0:ac:c2:c9:e1:b6:63:ed:21:
                    71:99:16:3d:0f:c9:bc:be:61:08:c4:b3:51:d9:84:
                    80:94:b4:88:71:b4:3c:44:ec:4d:df:86:e3:15:75:
                    18:c5:55:4e:63:63:f1:7b:b8:d6:c3:36:b9:ae:74:
                    18:69:ad:f5:f2:00:fe:7c:22:d8:a7:07:69:38:58:
                    51:67:0c:b8:42:c1:d6:dd:ab:a2:38:8c:e3:b1:d3:
                    d0:bb:90:39:e5:c6:55:97:ba:a2:22:92:a5:06:ab:
                    5a:12:5b:94:ce:9a:64:d2:62:f6:d7:7c:5c:2d:94:
                    55:25:cc:70:eb:79:20:39:ff:52:9b:93:9e:f7:b4:
                    76:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:71:F2:44:7E:20:B7:C2:37:01:57:3F:D7:56:95:B4:B0:C7:5D:7B
            X509v3 Authority Key Identifier:
                keyid:65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/D3HyRH4gt8I3AVc_11aVtLDHXXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:ef:3e:58:19:91:0d:82:8a:01:15:63:5f:06:41:41:7f:fd:
         41:a7:d6:db:95:43:9e:bd:8a:4d:80:d1:c4:4b:29:16:8d:d5:
         ad:b1:9f:c7:89:6f:86:3f:bf:35:7e:46:6c:a0:11:d1:f0:40:
         1a:3d:55:67:96:3f:9e:5a:49:19:b2:ee:87:ce:88:ff:cd:fe:
         ff:91:18:46:5f:38:12:6e:66:c8:f7:7c:12:53:10:d2:d3:f6:
         4a:14:0d:3b:cf:e3:68:2b:d4:ed:d8:d6:60:af:15:61:fe:c9:
         02:2d:7b:75:55:72:8e:75:b4:6c:54:d8:9b:aa:55:1c:90:7f:
         7b:b4:ec:0f:90:eb:13:f5:e2:16:fb:e3:7a:7f:b1:a7:4d:b4:
         1e:00:1c:fe:43:6e:ce:29:70:3c:58:f4:42:78:bc:d0:2d:dd:
         fe:36:31:5a:b8:c7:7e:60:ee:5c:92:58:c9:01:41:75:77:43:
         43:a4:20:d3:63:dc:11:56:bd:db:bc:95:ce:f2:6c:90:b7:f8:
         69:cf:b1:c7:8d:75:dc:79:af:d3:34:3b:bb:fd:b5:8f:22:74:
         56:fe:1d:43:0c:7a:b0:57:51:dd:68:e3:94:46:b2:6d:ed:2a:
         32:6a:05:65:e4:12:47:ef:de:b3:62:e8:1d:af:38:fb:e5:ef:
         52:f5:e3:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVoN3WZ77ifaG5WSi6LruryMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YmRjZmY3N2JmMDYwZDVkYTEyZGU0NWUyMDcyZTFjZmY0
NTYwYTcwHhcNMjUwMzA1MjEzMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjcxZjI0NDdlMjBiN2MyMzcwMTU3M2ZkNzU2OTViNGIwYzc1ZDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt22FYvIt1WBPuP+Lqmma26OMVCnB
S0J2Ei7ezGHRBemg0gsKOTPgFpnEe+Bk0tO8IVfmtIW0AJqxMGkH6Mbp/O7AyC1u
LucfJcHtbhbsY8REuKc+f4b1Q5BV6ZPazIm5DmsgbUlmn6mPq9svM5yGuokGG0Do
B6L+c9NQZkqwrMLJ4bZj7SFxmRY9D8m8vmEIxLNR2YSAlLSIcbQ8ROxN34bjFXUY
xVVOY2Pxe7jWwza5rnQYaa318gD+fCLYpwdpOFhRZwy4QsHW3auiOIzjsdPQu5A5
5cZVl7qiIpKlBqtaEluUzppk0mL213xcLZRVJcxw63kgOf9Sm5Oe97R2KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9x8kR+ILfCNwFXP9dWlbSwx117MB8GA1UdIwQY
MBaAFGW9z/d78GDV2hLeReIHLhz/RWCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYt
ZDcwY2Q5N2Y0ODU3LzEvRDNIeVJINGd0OEkzQVZjXzExYVZ0TERIWFhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYtZDcwY2Q5N2Y0ODU3
LzEvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZgzMA0G
CSqGSIb3DQEBCwUAA4IBAQBV7z5YGZENgooBFWNfBkFBf/1Bp9bblUOevYpNgNHE
SykWjdWtsZ/HiW+GP781fkZsoBHR8EAaPVVnlj+eWkkZsu6Hzoj/zf7/kRhGXzgS
bmbI93wSUxDS0/ZKFA07z+NoK9Tt2NZgrxVh/skCLXt1VXKOdbRsVNibqlUckH97
tOwPkOsT9eIW++N6f7GnTbQeABz+Q27OKXA8WPRCeLzQLd3+NjFauMd+YO5ckljJ
AUF1d0NDpCDTY9wRVr3bvJXO8myQt/hpz7HHjXXcea/TNDu7/bWPInRW/h1DDHqw
V1HdaOOURrJt7SoyagVl5BJH796zYugdrzj75e9S9eO0
-----END CERTIFICATE-----