Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/45be32-821f-4514-aa31-bc75466047c9/1/dO1sDlUm4GNT1NLwZmfUYJ1pPqA.roa
File:                     dO1sDlUm4GNT1NLwZmfUYJ1pPqA.roa (raw, json)
Hash identifier:          JWs3QU5N8u442ANJ16//ujHqSWgzP2/558mG+17RvNo=
Subject key identifier:   74:ED:6C:0E:55:26:E0:63:53:D4:D2:F0:66:67:D4:60:9D:69:3E:A0
Certificate issuer:       /CN=d422367433765b541a37390a998997b737c46472
Certificate serial:       0194266BAE16F7BA130DB1157AD73E359D45
Authority key identifier: D4:22:36:74:33:76:5B:54:1A:37:39:0A:99:89:97:B7:37:C4:64:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1CI2dDN2W1QaNzkKmYmXtzfEZHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/45be32-821f-4514-aa31-bc75466047c9/1/dO1sDlUm4GNT1NLwZmfUYJ1pPqA.roa
Signing time:             Thu 02 Jan 2025 09:49:38 +0000
ROA not before:           Thu 02 Jan 2025 09:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137
IP address blocks:        151.100.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/45be32-821f-4514-aa31-bc75466047c9/1/1CI2dDN2W1QaNzkKmYmXtzfEZHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/45be32-821f-4514-aa31-bc75466047c9/1/1CI2dDN2W1QaNzkKmYmXtzfEZHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1CI2dDN2W1QaNzkKmYmXtzfEZHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:ae:16:f7:ba:13:0d:b1:15:7a:d7:3e:35:9d:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d422367433765b541a37390a998997b737c46472
        Validity
            Not Before: Jan  2 09:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74ed6c0e5526e06353d4d2f06667d4609d693ea0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:f4:7b:2b:35:c1:73:5c:c8:38:5c:96:0a:bb:
                    ec:20:95:91:c8:74:bb:ad:86:f3:93:23:e4:bd:ee:
                    13:3c:1d:db:90:39:39:db:80:85:4c:b2:68:c1:09:
                    2c:f7:9d:6d:f5:be:ff:f5:08:28:49:3e:c7:ed:ed:
                    d1:5b:a2:74:ce:7b:00:00:12:0f:0f:0d:a8:e2:87:
                    b6:92:28:c8:4c:23:21:84:6e:a2:e9:38:61:01:19:
                    3d:02:21:df:ca:b0:46:7e:c9:ad:e1:61:c9:b6:89:
                    38:91:24:7c:b2:bf:60:9c:71:ce:db:d4:f8:26:16:
                    1e:b4:a4:ed:f4:9e:f2:50:3a:08:db:69:b3:02:90:
                    9c:02:8b:e6:16:a4:43:a8:cd:43:0c:c2:3d:80:01:
                    e8:30:de:70:bd:96:db:32:09:76:a6:19:1c:00:df:
                    83:36:62:c4:0f:56:dc:14:ab:d3:5b:c0:e3:93:f9:
                    2e:65:68:92:f9:db:d9:4a:a2:37:99:9e:ec:35:8c:
                    52:f5:7b:90:e6:5d:64:78:74:36:ec:4b:2e:b1:ac:
                    51:ce:e6:eb:49:d2:4f:8b:21:50:69:51:ce:dd:89:
                    96:a2:04:1a:5c:3e:96:9d:f8:df:80:dd:56:ce:8a:
                    57:ba:eb:21:89:68:ac:44:12:22:ad:19:90:bf:b5:
                    bd:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:ED:6C:0E:55:26:E0:63:53:D4:D2:F0:66:67:D4:60:9D:69:3E:A0
            X509v3 Authority Key Identifier:
                keyid:D4:22:36:74:33:76:5B:54:1A:37:39:0A:99:89:97:B7:37:C4:64:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1CI2dDN2W1QaNzkKmYmXtzfEZHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/45be32-821f-4514-aa31-bc75466047c9/1/dO1sDlUm4GNT1NLwZmfUYJ1pPqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/45be32-821f-4514-aa31-bc75466047c9/1/1CI2dDN2W1QaNzkKmYmXtzfEZHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.100.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         51:1f:3a:9b:34:ef:a8:5b:29:09:40:c8:a2:61:22:2c:5b:47:
         b3:4c:29:70:b2:fa:da:7f:a5:d8:fb:bd:e3:07:ac:98:86:f6:
         dd:68:95:94:cf:2a:ac:da:d3:16:ba:2f:9c:3e:b5:43:00:76:
         84:f7:68:66:f2:76:17:8c:47:13:a1:1a:c2:9c:f8:1e:b0:22:
         0f:41:f3:b7:51:1a:b0:82:54:e1:46:00:62:c5:e2:f5:95:7f:
         91:eb:eb:dd:12:ac:85:06:f2:21:bc:a6:0d:34:e3:16:8e:cf:
         05:f8:ee:c1:99:a8:15:cd:0e:48:d5:ab:53:62:11:9a:07:a6:
         39:d2:9f:bc:07:87:cf:5b:a9:fc:c3:06:ec:4d:35:64:05:2c:
         bd:df:26:d6:8b:c4:76:ba:04:0a:ae:49:ec:07:08:5d:83:74:
         e8:2d:c9:1f:1f:b2:74:52:f7:25:72:89:ec:94:90:20:e8:b3:
         c8:57:d9:4f:61:df:25:84:6f:06:dd:63:ce:7a:71:84:f2:dd:
         68:a7:0f:da:a4:ce:f6:87:fe:b9:a9:7a:f7:3f:47:bb:15:20:
         a8:d7:80:e1:53:e6:16:3d:a0:b0:1f:7b:72:85:58:9f:5c:ce:
         4d:10:4f:a0:66:c0:70:ea:a9:f5:02:e2:c0:44:1c:be:0b:be:
         18:84:82:f5
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQma64W97oTDbEVetc+NZ1FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MjIzNjc0MzM3NjViNTQxYTM3MzkwYTk5ODk5N2I3Mzdj
NDY0NzIwHhcNMjUwMTAyMDk0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGVkNmMwZTU1MjZlMDYzNTNkNGQyZjA2NjY3ZDQ2MDlkNjkzZWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfR7KzXBc1zIOFyWCrvsIJWRyHS7
rYbzkyPkve4TPB3bkDk524CFTLJowQks951t9b7/9QgoST7H7e3RW6J0znsAABIP
Dw2o4oe2kijITCMhhG6i6ThhARk9AiHfyrBGfsmt4WHJtok4kSR8sr9gnHHO29T4
JhYetKTt9J7yUDoI22mzApCcAovmFqRDqM1DDMI9gAHoMN5wvZbbMgl2phkcAN+D
NmLED1bcFKvTW8Djk/kuZWiS+dvZSqI3mZ7sNYxS9XuQ5l1keHQ27EsusaxRzubr
SdJPiyFQaVHO3YmWogQaXD6WnfjfgN1WzopXuushiWisRBIirRmQv7W9gQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHTtbA5VJuBjU9TS8GZn1GCdaT6gMB8GA1UdIwQY
MBaAFNQiNnQzdltUGjc5CpmJl7c3xGRyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUNJMmRETjJXMVFhTnprS21ZbVh0emZFWkhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy80NWJlMzItODIxZi00NTE0LWFhMzEt
YmM3NTQ2NjA0N2M5LzEvZE8xc0RsVW00R05UMU5Md1ptZlVZSjFwUHFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy80NWJlMzItODIxZi00NTE0LWFhMzEtYmM3NTQ2NjA0N2M5
LzEvMUNJMmRETjJXMVFhTnprS21ZbVh0emZFWkhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAl2QwDQYJ
KoZIhvcNAQELBQADggEBAFEfOps076hbKQlAyKJhIixbR7NMKXCy+tp/pdj7veMH
rJiG9t1olZTPKqza0xa6L5w+tUMAdoT3aGbydheMRxOhGsKc+B6wIg9B87dRGrCC
VOFGAGLF4vWVf5Hr690SrIUG8iG8pg004xaOzwX47sGZqBXNDkjVq1NiEZoHpjnS
n7wHh89bqfzDBuxNNWQFLL3fJtaLxHa6BAquSewHCF2DdOgtyR8fsnRS9yVyieyU
kCDos8hX2U9h3yWEbwbdY856cYTy3WinD9qkzvaH/rmpevc/R7sVIKjXgOFT5hY9
oLAfe3KFWJ9czk0QT6BmwHDqqfUC4sBEHL4LvhiEgvU=
-----END CERTIFICATE-----