Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/p_-2LRJT-n9yo2P0iTcZXfHP8hY.roa
File:                     p_-2LRJT-n9yo2P0iTcZXfHP8hY.roa (raw, json)
Hash identifier:          SE2mVBRY6QTTS2fRPv5Fxi4HtlMSW0YEJmExzyBWATQ=
Subject key identifier:   A7:FF:B6:2D:12:53:FA:7F:72:A3:63:F4:89:37:19:5D:F1:CF:F2:16
Certificate issuer:       /CN=07feb9ae0fa8927045f83423743c4a73a27a74a7
Certificate serial:       0196862FA2617915A03AF35B27429C43870B
Authority key identifier: 07:FE:B9:AE:0F:A8:92:70:45:F8:34:23:74:3C:4A:73:A2:7A:74:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_65rg-oknBF-DQjdDxKc6J6dKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/p_-2LRJT-n9yo2P0iTcZXfHP8hY.roa
Signing time:             Wed 30 Apr 2025 10:13:10 +0000
ROA not before:           Wed 30 Apr 2025 10:13:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15510
IP address blocks:        45.158.164.0/22 maxlen: 24
                          45.158.164.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/B_65rg-oknBF-DQjdDxKc6J6dKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/B_65rg-oknBF-DQjdDxKc6J6dKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_65rg-oknBF-DQjdDxKc6J6dKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:86:2f:a2:61:79:15:a0:3a:f3:5b:27:42:9c:43:87:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07feb9ae0fa8927045f83423743c4a73a27a74a7
        Validity
            Not Before: Apr 30 10:13:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7ffb62d1253fa7f72a363f48937195df1cff216
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:24:dd:d1:0f:1d:74:84:07:d5:ee:b6:55:60:
                    5f:c3:da:04:bf:ca:fb:fe:59:0e:e0:de:24:4f:da:
                    61:c1:9f:4a:8f:3e:92:7f:19:9b:c1:1d:40:d4:53:
                    64:f6:34:3c:47:03:81:99:e2:41:5a:52:a8:fc:fe:
                    ce:72:67:5f:42:59:c2:37:cb:52:be:23:12:f6:aa:
                    a6:6f:7f:ef:e9:30:67:b3:8e:17:b2:76:fb:0f:00:
                    c9:3a:54:10:8e:ec:fa:ad:f7:61:87:55:25:26:43:
                    ed:b2:d0:14:1c:f2:46:11:5d:55:ec:ec:6c:e5:c6:
                    53:e4:fa:99:9d:36:f4:6b:81:e5:32:8d:bc:64:96:
                    20:d4:83:8d:6c:0d:d0:5a:73:20:f1:4a:5f:4c:a1:
                    9b:fc:62:47:e5:1b:d8:62:53:fc:00:5d:e5:cf:e9:
                    dc:7b:ad:5c:47:0d:36:fd:3f:c3:2e:36:14:1b:49:
                    ff:dc:db:ae:be:de:27:37:7d:b8:50:ef:90:81:46:
                    4c:60:8e:5b:28:77:3e:b3:8c:9d:42:d4:91:92:29:
                    62:88:f6:3c:e7:49:2a:4e:18:07:c5:18:d2:5c:5d:
                    bd:af:3c:cd:42:7c:1c:59:ab:38:4a:82:59:fc:31:
                    f3:b4:49:b6:b9:f3:59:c0:71:3e:52:6e:96:05:5b:
                    83:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:FF:B6:2D:12:53:FA:7F:72:A3:63:F4:89:37:19:5D:F1:CF:F2:16
            X509v3 Authority Key Identifier:
                keyid:07:FE:B9:AE:0F:A8:92:70:45:F8:34:23:74:3C:4A:73:A2:7A:74:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_65rg-oknBF-DQjdDxKc6J6dKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/p_-2LRJT-n9yo2P0iTcZXfHP8hY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/B_65rg-oknBF-DQjdDxKc6J6dKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:29:c9:11:9b:9b:42:7f:f0:65:a7:1b:c9:fb:68:0a:5e:2a:
         44:b8:9e:f2:25:40:c2:3a:9f:a2:1a:21:ad:49:6d:68:0c:b1:
         16:5d:68:80:7c:ba:2d:ea:19:cd:f8:f6:78:ba:42:c2:cd:1f:
         ae:ec:d1:a3:36:60:00:86:30:09:a7:ba:cc:1f:cb:aa:4a:e4:
         27:ff:72:db:5f:bd:8d:f2:1b:0e:2b:65:68:2e:56:23:f9:4b:
         b6:6a:1a:4a:47:3c:54:b8:ce:02:8a:4d:8c:91:33:a1:27:06:
         f6:d9:d8:20:6c:02:3d:19:d9:7b:bf:f4:bf:95:89:90:6c:1b:
         85:61:b4:6e:fe:4e:c4:93:20:79:5b:bb:b1:f5:21:a0:86:df:
         2f:93:f3:c6:68:aa:4b:46:d4:9e:6b:99:3a:27:9c:63:61:1a:
         15:51:62:ff:f2:3b:4d:b7:bc:2b:56:20:99:9a:87:5f:f1:26:
         0e:04:3b:61:65:70:09:1a:87:40:72:0a:96:03:24:c5:d2:bc:
         b7:ac:2f:ba:fb:c5:20:3a:f8:55:37:4a:ab:8c:93:fd:bd:3f:
         79:1c:42:7d:22:41:28:6a:f5:c5:6e:75:e2:98:28:bd:f0:0c:
         a4:a2:93:7b:eb:15:f3:18:54:73:0c:69:30:b3:74:da:33:c1:
         01:28:19:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaGL6JheRWgOvNbJ0KcQ4cLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZmViOWFlMGZhODkyNzA0NWY4MzQyMzc0M2M0YTczYTI3
YTc0YTcwHhcNMjUwNDMwMTAxMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2ZmYjYyZDEyNTNmYTdmNzJhMzYzZjQ4OTM3MTk1ZGYxY2ZmMjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiTd0Q8ddIQH1e62VWBfw9oEv8r7
/lkO4N4kT9phwZ9Kjz6SfxmbwR1A1FNk9jQ8RwOBmeJBWlKo/P7OcmdfQlnCN8tS
viMS9qqmb3/v6TBns44Xsnb7DwDJOlQQjuz6rfdhh1UlJkPtstAUHPJGEV1V7Oxs
5cZT5PqZnTb0a4HlMo28ZJYg1IONbA3QWnMg8UpfTKGb/GJH5RvYYlP8AF3lz+nc
e61cRw02/T/DLjYUG0n/3Nuuvt4nN324UO+QgUZMYI5bKHc+s4ydQtSRkiliiPY8
50kqThgHxRjSXF29rzzNQnwcWas4SoJZ/DHztEm2ufNZwHE+Um6WBVuD7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKf/ti0SU/p/cqNj9Ik3GV3xz/IWMB8GA1UdIwQY
MBaAFAf+ua4PqJJwRfg0I3Q8SnOienSnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl82NXJnLW9rbkJGLURRamREeEtjNko2ZEtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy82M2U1YTUtNWQ0Zi00M2VlLWFmNzAt
ZGM3M2Y5ZDliZTI5LzEvcF8tMkxSSlQtbjl5bzJQMGlUY1pYZkhQOGhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy82M2U1YTUtNWQ0Zi00M2VlLWFmNzAtZGM3M2Y5ZDliZTI5
LzEvQl82NXJnLW9rbkJGLURRamREeEtjNko2ZEtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ6kMA0G
CSqGSIb3DQEBCwUAA4IBAQCGKckRm5tCf/BlpxvJ+2gKXipEuJ7yJUDCOp+iGiGt
SW1oDLEWXWiAfLot6hnN+PZ4ukLCzR+u7NGjNmAAhjAJp7rMH8uqSuQn/3LbX72N
8hsOK2VoLlYj+Uu2ahpKRzxUuM4Cik2MkTOhJwb22dggbAI9Gdl7v/S/lYmQbBuF
YbRu/k7EkyB5W7ux9SGght8vk/PGaKpLRtSea5k6J5xjYRoVUWL/8jtNt7wrViCZ
modf8SYOBDthZXAJGodAcgqWAyTF0ry3rC+6+8UgOvhVN0qrjJP9vT95HEJ9IkEo
avXFbnXimCi98AykopN76xXzGFRzDGkws3TaM8EBKBlH
-----END CERTIFICATE-----