Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/0Ku6hM-uBGPbIB_elC1-63mAMPQ.roa
File:                     0Ku6hM-uBGPbIB_elC1-63mAMPQ.roa (raw, json)
Hash identifier:          COta24brNXG7Hg0yqxT50IIeRD/EU1T0z8f77M/W0Yo=
Subject key identifier:   D0:AB:BA:84:CF:AE:04:63:DB:20:1F:DE:94:2D:7E:EB:79:80:30:F4
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       01955D2F0E402F986C5B5BA3600FE9F736CD
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/0Ku6hM-uBGPbIB_elC1-63mAMPQ.roa
Signing time:             Mon 03 Mar 2025 18:05:19 +0000
ROA not before:           Mon 03 Mar 2025 18:05:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        45.147.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 14:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5d:2f:0e:40:2f:98:6c:5b:5b:a3:60:0f:e9:f7:36:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Mar  3 18:05:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0abba84cfae0463db201fde942d7eeb798030f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:18:0c:a0:00:d0:78:b3:59:45:f3:1b:7b:a0:
                    d0:6a:ad:0b:e9:6b:65:7f:60:d3:3b:c3:5d:7b:a9:
                    65:0e:28:d5:98:76:e0:f8:81:ec:f7:dd:f3:9e:a4:
                    d3:ae:8d:8b:8c:d0:05:03:f2:96:e9:fd:92:be:64:
                    c0:df:06:14:23:0e:d0:b2:b2:be:34:45:e1:60:9d:
                    11:95:87:6c:62:0e:4a:74:fa:93:96:92:5c:81:93:
                    3d:be:00:73:7f:5e:da:52:84:d7:f2:de:fe:9a:c8:
                    76:75:ae:ba:43:d6:d8:81:55:ba:57:cb:ba:f0:4c:
                    54:4b:89:20:8e:2f:0e:11:01:87:9f:b0:da:81:01:
                    86:48:04:10:77:45:37:ef:80:f6:94:44:fa:51:de:
                    cd:15:47:6d:12:43:e0:b2:69:4b:b9:7b:a0:0f:40:
                    ee:0a:03:39:29:98:08:c7:2c:f1:4c:2a:ac:69:2b:
                    69:02:cf:cb:8c:4d:70:41:f6:b0:a6:45:c7:af:30:
                    5e:46:56:c7:10:58:0a:b3:b8:7f:c0:12:8b:15:b5:
                    74:37:dc:f4:62:f9:7e:e4:75:37:15:ba:26:bb:bb:
                    62:e7:8e:7e:f0:4e:36:e5:12:7d:bb:c3:cc:2b:65:
                    8f:36:d6:1c:44:03:1a:25:3a:02:61:3c:02:3e:eb:
                    34:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:AB:BA:84:CF:AE:04:63:DB:20:1F:DE:94:2D:7E:EB:79:80:30:F4
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/0Ku6hM-uBGPbIB_elC1-63mAMPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:8d:e0:a4:c4:9c:5a:0b:6b:a3:b3:85:70:94:fc:29:ea:7b:
         4f:dd:b5:07:41:10:8a:bf:7d:40:17:36:eb:9f:8a:62:f7:75:
         e3:a1:36:0e:63:86:72:a9:db:43:26:9d:43:be:37:6f:71:00:
         04:fb:bd:28:76:e8:76:dc:21:f5:38:88:e9:c7:25:38:b8:e4:
         e5:48:ab:8b:02:5f:d1:a8:ff:36:c1:45:8e:ba:cc:dd:96:68:
         a0:7f:be:ea:08:a2:20:7e:ed:3f:63:4f:40:1b:a3:e6:c3:da:
         ab:c3:f0:81:51:ad:fc:32:99:00:fb:4a:28:ac:0d:1a:16:17:
         15:09:35:de:14:83:a9:ab:97:70:6f:5c:d9:c2:5c:16:13:d7:
         65:ba:a1:f9:d2:d4:b0:f4:1b:33:39:0f:cb:f4:8a:eb:9c:f3:
         99:30:33:8d:20:87:9b:10:96:a1:78:48:7c:26:c1:8a:a9:9f:
         92:a2:28:6b:7f:e7:aa:68:21:64:a6:f1:8f:6d:50:e1:fc:b4:
         dd:66:5a:db:f5:9a:d1:8b:22:e6:63:a5:4d:a6:a5:3c:58:13:
         c8:1a:46:9b:fd:99:08:64:7a:b5:2e:58:d9:76:43:74:42:02:
         d9:0c:1c:bf:f4:8d:ed:2f:bc:fc:0c:6b:f8:11:7c:ae:61:bf:
         33:38:e4:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVdLw5AL5hsW1ujYA/p9zbNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjUwMzAzMTgwNTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGFiYmE4NGNmYWUwNDYzZGIyMDFmZGU5NDJkN2VlYjc5ODAzMGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBgMoADQeLNZRfMbe6DQaq0L6Wtl
f2DTO8Nde6llDijVmHbg+IHs993znqTTro2LjNAFA/KW6f2SvmTA3wYUIw7QsrK+
NEXhYJ0RlYdsYg5KdPqTlpJcgZM9vgBzf17aUoTX8t7+msh2da66Q9bYgVW6V8u6
8ExUS4kgji8OEQGHn7DagQGGSAQQd0U374D2lET6Ud7NFUdtEkPgsmlLuXugD0Du
CgM5KZgIxyzxTCqsaStpAs/LjE1wQfawpkXHrzBeRlbHEFgKs7h/wBKLFbV0N9z0
Yvl+5HU3Fbomu7ti545+8E425RJ9u8PMK2WPNtYcRAMaJToCYTwCPus0bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNCruoTPrgRj2yAf3pQtfut5gDD0MB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvMEt1NmhNLXVCR1BiSUJfZWxDMS02M21BTVBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZMtMA0G
CSqGSIb3DQEBCwUAA4IBAQBmjeCkxJxaC2ujs4VwlPwp6ntP3bUHQRCKv31AFzbr
n4pi93XjoTYOY4ZyqdtDJp1DvjdvcQAE+70oduh23CH1OIjpxyU4uOTlSKuLAl/R
qP82wUWOuszdlmigf77qCKIgfu0/Y09AG6Pmw9qrw/CBUa38MpkA+0oorA0aFhcV
CTXeFIOpq5dwb1zZwlwWE9dluqH50tSw9BszOQ/L9IrrnPOZMDONIIebEJaheEh8
JsGKqZ+Soihrf+eqaCFkpvGPbVDh/LTdZlrb9ZrRiyLmY6VNpqU8WBPIGkab/ZkI
ZHq1LljZdkN0QgLZDBy/9I3tL7z8DGv4EXyuYb8zOOTm
-----END CERTIFICATE-----