Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ChiHyXpYuV4abivY-PuNHEM1nZo.roa
File:                     ChiHyXpYuV4abivY-PuNHEM1nZo.roa (raw, json)
Hash identifier:          Y86PS5IGyQRRwKJtBd/leRnEfzS6SwGXCThDq5cCxho=
Subject key identifier:   0A:18:87:C9:7A:58:B9:5E:1A:6E:2B:D8:F8:FB:8D:1C:43:35:9D:9A
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0195BE2BB46DA4705B2E9092ABD167B4F3AE
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ChiHyXpYuV4abivY-PuNHEM1nZo.roa
Signing time:             Sat 22 Mar 2025 14:04:50 +0000
ROA not before:           Sat 22 Mar 2025 14:04:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59432
IP address blocks:        45.81.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:be:2b:b4:6d:a4:70:5b:2e:90:92:ab:d1:67:b4:f3:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar 22 14:04:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a1887c97a58b95e1a6e2bd8f8fb8d1c43359d9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:9f:a5:b5:6b:a8:2d:fa:95:a1:b9:19:de:60:
                    5c:90:eb:98:80:36:be:5a:9f:b7:7d:62:f1:f1:03:
                    20:fe:9a:b8:71:38:d5:9e:b9:8a:03:6c:41:c4:1f:
                    9c:ae:dc:ab:5f:e2:7f:ce:f6:55:71:c8:a6:4d:ee:
                    37:09:c4:07:25:8b:23:9b:01:4c:ca:bd:4d:64:37:
                    1d:ea:18:72:60:31:d2:8f:dc:2b:42:43:80:1e:b3:
                    17:55:3c:1d:dd:50:e3:a1:39:c8:0b:05:ba:df:c3:
                    ef:00:1f:72:31:ad:44:e8:4a:43:6b:bd:4c:d4:36:
                    26:ce:db:72:2b:c3:0a:9d:fb:14:af:7b:5b:50:3f:
                    fc:d5:57:49:fe:f5:84:21:7e:f9:52:be:44:f0:d8:
                    4c:0f:5d:f8:4d:e9:cd:5f:08:bb:60:ef:b3:c5:27:
                    be:1e:bf:af:93:30:e0:29:92:1c:65:b1:4a:e6:c0:
                    b2:35:50:49:c9:97:a2:1f:c1:79:84:f9:da:bc:32:
                    e5:f4:b7:be:97:a2:83:33:da:c9:6b:78:77:b1:f0:
                    68:11:5e:dd:7f:bd:c2:44:82:67:5d:aa:22:7d:2c:
                    28:fa:ae:7d:41:3c:d4:a6:22:7e:84:24:ae:bc:13:
                    0a:81:97:73:1c:a5:c3:70:b8:4e:53:4a:e7:cb:bc:
                    bb:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:18:87:C9:7A:58:B9:5E:1A:6E:2B:D8:F8:FB:8D:1C:43:35:9D:9A
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ChiHyXpYuV4abivY-PuNHEM1nZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:e0:ab:cd:77:78:02:b6:15:d7:63:09:29:ba:b6:b5:c4:63:
         80:31:08:1b:f5:32:1d:00:68:49:aa:39:74:bb:45:98:f9:53:
         3b:00:63:41:cc:44:c3:b4:66:fd:80:9f:a7:20:5f:fc:a6:de:
         2c:0c:c7:4b:66:d2:82:28:97:fb:9b:d6:1a:9c:d7:42:9d:d5:
         b5:38:7a:f4:2b:df:bc:ed:c6:9f:84:b4:80:12:fe:a1:97:2d:
         fd:17:de:24:7f:bd:e9:1b:c4:3a:ba:3b:31:cc:0f:74:7c:77:
         3a:66:f7:da:f1:8c:02:5b:82:9d:cb:7e:66:40:37:cb:d7:fe:
         d2:84:06:c5:fc:6a:ca:bb:26:ed:d7:6f:a2:3a:26:28:a2:e4:
         75:e0:a0:9f:e3:9f:04:8b:88:40:6c:49:09:75:9c:f7:17:96:
         0a:a7:76:50:c7:54:fa:3b:81:2b:49:7d:85:9b:a8:cb:8a:d0:
         14:fe:8c:31:91:76:d0:c0:f2:27:42:1a:7a:b5:55:16:ba:42:
         eb:ae:6f:e5:fb:cb:e7:17:02:ac:47:44:94:cc:b6:de:40:12:
         b6:50:e4:9a:d1:d6:f2:82:ff:48:58:7d:ab:2c:19:e0:32:2d:
         76:f9:78:dd:34:14:9c:15:16:2a:3d:16:db:f7:13:39:cd:49:
         30:fc:cc:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZW+K7RtpHBbLpCSq9FntPOuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMzIyMTQwNDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTE4ODdjOTdhNThiOTVlMWE2ZTJiZDhmOGZiOGQxYzQzMzU5ZDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA45+ltWuoLfqVobkZ3mBckOuYgDa+
Wp+3fWLx8QMg/pq4cTjVnrmKA2xBxB+crtyrX+J/zvZVccimTe43CcQHJYsjmwFM
yr1NZDcd6hhyYDHSj9wrQkOAHrMXVTwd3VDjoTnICwW638PvAB9yMa1E6EpDa71M
1DYmzttyK8MKnfsUr3tbUD/81VdJ/vWEIX75Ur5E8NhMD134TenNXwi7YO+zxSe+
Hr+vkzDgKZIcZbFK5sCyNVBJyZeiH8F5hPnavDLl9Le+l6KDM9rJa3h3sfBoEV7d
f73CRIJnXaoifSwo+q59QTzUpiJ+hCSuvBMKgZdzHKXDcLhOU0rny7y7pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAoYh8l6WLleGm4r2Pj7jRxDNZ2aMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvQ2hpSHlYcFl1VjRhYml2WS1QdU5IRU0xblpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVGaMA0G
CSqGSIb3DQEBCwUAA4IBAQCN4KvNd3gCthXXYwkpura1xGOAMQgb9TIdAGhJqjl0
u0WY+VM7AGNBzETDtGb9gJ+nIF/8pt4sDMdLZtKCKJf7m9YanNdCndW1OHr0K9+8
7cafhLSAEv6hly39F94kf73pG8Q6ujsxzA90fHc6Zvfa8YwCW4Kdy35mQDfL1/7S
hAbF/GrKuybt12+iOiYoouR14KCf458Ei4hAbEkJdZz3F5YKp3ZQx1T6O4ErSX2F
m6jLitAU/owxkXbQwPInQhp6tVUWukLrrm/l+8vnFwKsR0SUzLbeQBK2UOSa0dby
gv9IWH2rLBngMi12+XjdNBScFRYqPRbb9xM5zUkw/Mxz
-----END CERTIFICATE-----