Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/RUzXfADdmFEqEzN6P5KX5DHIcNc.roa
File:                     RUzXfADdmFEqEzN6P5KX5DHIcNc.roa (raw, json)
Hash identifier:          lvZKC/ElUnGRUly3SVoAhCAAMBSnMiGtODQPJGvrDJA=
Subject key identifier:   45:4C:D7:7C:00:DD:98:51:2A:13:33:7A:3F:92:97:E4:31:C8:70:D7
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019423D7601B316D3B80B44B1B534F67BED4
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/RUzXfADdmFEqEzN6P5KX5DHIcNc.roa
Signing time:             Wed 01 Jan 2025 21:48:24 +0000
ROA not before:           Wed 01 Jan 2025 21:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42708
IP address blocks:        45.155.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:60:1b:31:6d:3b:80:b4:4b:1b:53:4f:67:be:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 21:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=454cd77c00dd98512a13337a3f9297e431c870d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f4:f8:b7:96:1a:98:52:7c:d7:98:2a:e5:5e:
                    73:ac:93:1f:62:a8:76:6c:68:62:9f:cd:71:1e:bc:
                    2b:80:f1:3a:f6:53:35:ae:6f:8d:49:e5:e0:ce:5d:
                    c0:50:53:6a:97:96:55:6a:0e:b1:4e:1a:37:37:c2:
                    c2:4d:81:18:e3:41:13:17:7c:79:61:1f:86:61:81:
                    18:fd:91:34:61:6d:b5:43:a0:16:9e:91:fd:1b:35:
                    e9:66:1b:9e:8d:bf:d5:37:b1:dc:65:80:b8:56:66:
                    33:10:f6:dd:ec:3f:45:0e:46:0d:de:bf:22:ff:1d:
                    46:17:ad:02:65:f3:f7:e0:56:32:13:d5:7e:34:d3:
                    98:39:b8:27:61:99:58:a0:68:be:53:69:aa:0d:69:
                    ac:66:56:8d:50:56:04:4d:1b:b0:b7:0b:7b:44:42:
                    98:e7:b0:e7:c6:73:54:5e:96:80:70:53:75:cd:64:
                    3d:0f:aa:81:4f:56:e4:34:63:d1:fe:3e:ab:91:f9:
                    61:6d:c6:1d:90:81:56:71:61:2b:89:69:24:6b:f7:
                    d2:6e:61:32:e5:02:d7:7c:39:ad:72:8a:54:5e:85:
                    48:47:6b:37:21:9c:5b:2a:ad:14:c2:70:c9:3a:b0:
                    90:a4:56:83:11:79:74:d8:64:1a:49:5c:5b:cb:8c:
                    8c:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:4C:D7:7C:00:DD:98:51:2A:13:33:7A:3F:92:97:E4:31:C8:70:D7
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/RUzXfADdmFEqEzN6P5KX5DHIcNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:09:a0:8a:21:84:56:b7:b7:8c:9e:9a:60:46:61:99:56:43:
         fb:ee:1a:a0:5c:6b:e8:f5:bd:fc:77:8e:05:10:a0:b7:45:f4:
         c0:9d:4a:70:97:4b:6c:ad:55:01:29:e0:1f:06:07:72:3f:fc:
         45:b6:51:41:94:01:7c:9d:f4:a7:06:fc:0c:41:55:94:62:03:
         a8:b3:ee:7a:ee:f7:61:50:3c:29:ec:da:20:bf:16:30:d0:21:
         49:4b:02:35:6d:09:4c:bc:a7:d7:a4:ad:c2:40:5c:ff:ea:7c:
         13:86:d2:5e:86:23:77:4b:22:b7:67:9c:16:4a:9e:ed:60:05:
         e6:1d:02:2c:56:86:c1:6a:8f:40:79:55:8b:10:6e:11:2e:81:
         1a:c6:af:f2:8b:31:3d:e6:74:a9:7a:eb:42:9b:d4:44:d6:dc:
         b8:87:e5:0d:39:cf:9e:70:1e:14:77:dd:62:bb:a3:73:f8:b4:
         1f:32:01:0d:4d:5f:83:2b:65:ec:0c:98:ee:c3:58:0a:11:fb:
         bc:49:20:7f:ef:67:a5:45:08:fa:35:54:c8:b1:c1:95:3a:77:
         99:dd:ad:76:70:98:ca:5d:3c:d2:17:5d:46:57:f2:f8:26:29:
         8d:e8:5a:19:7b:a4:3c:5c:1f:cd:c2:3f:29:7e:3f:d8:8e:2b:
         b4:9a:9e:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj12AbMW07gLRLG1NPZ77UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwMTAxMjE0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTRjZDc3YzAwZGQ5ODUxMmExMzMzN2EzZjkyOTdlNDMxYzg3MGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPT4t5YamFJ815gq5V5zrJMfYqh2
bGhin81xHrwrgPE69lM1rm+NSeXgzl3AUFNql5ZVag6xTho3N8LCTYEY40ETF3x5
YR+GYYEY/ZE0YW21Q6AWnpH9GzXpZhuejb/VN7HcZYC4VmYzEPbd7D9FDkYN3r8i
/x1GF60CZfP34FYyE9V+NNOYObgnYZlYoGi+U2mqDWmsZlaNUFYETRuwtwt7REKY
57DnxnNUXpaAcFN1zWQ9D6qBT1bkNGPR/j6rkflhbcYdkIFWcWEriWkka/fSbmEy
5QLXfDmtcopUXoVIR2s3IZxbKq0UwnDJOrCQpFaDEXl02GQaSVxby4yMgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEVM13wA3ZhRKhMzej+Sl+QxyHDXMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvUlV6WGZBRGRtRkVxRXpONlA1S1g1REhJY05jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZv6MA0G
CSqGSIb3DQEBCwUAA4IBAQACCaCKIYRWt7eMnppgRmGZVkP77hqgXGvo9b38d44F
EKC3RfTAnUpwl0tsrVUBKeAfBgdyP/xFtlFBlAF8nfSnBvwMQVWUYgOos+567vdh
UDwp7NogvxYw0CFJSwI1bQlMvKfXpK3CQFz/6nwThtJehiN3SyK3Z5wWSp7tYAXm
HQIsVobBao9AeVWLEG4RLoEaxq/yizE95nSpeutCm9RE1ty4h+UNOc+ecB4Ud91i
u6Nz+LQfMgENTV+DK2XsDJjuw1gKEfu8SSB/72elRQj6NVTIscGVOneZ3a12cJjK
XTzSF11GV/L4JimN6FoZe6Q8XB/Nwj8pfj/Yjiu0mp7h
-----END CERTIFICATE-----