Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/nx0Nx3RUcjg69TXrkEufTSbs61w.roa
File:                     nx0Nx3RUcjg69TXrkEufTSbs61w.roa (raw, json)
Hash identifier:          KMtfn4uZNi8ih3qU7QWNp/Rahsd8G3VcGheyTA9UvAY=
Subject key identifier:   9F:1D:0D:C7:74:54:72:38:3A:F5:35:EB:90:4B:9F:4D:26:EC:EB:5C
Certificate issuer:       /CN=e795c9617ca5a6a3bff263fc1837992fd1ac47f2
Certificate serial:       01957FE566A06AF4992C77D1FD51CDAC5741
Authority key identifier: E7:95:C9:61:7C:A5:A6:A3:BF:F2:63:FC:18:37:99:2F:D1:AC:47:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/55XJYXylpqO_8mP8GDeZL9GsR_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/nx0Nx3RUcjg69TXrkEufTSbs61w.roa
Signing time:             Mon 10 Mar 2025 11:51:35 +0000
ROA not before:           Mon 10 Mar 2025 11:51:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56339
IP address blocks:        45.149.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/55XJYXylpqO_8mP8GDeZL9GsR_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/55XJYXylpqO_8mP8GDeZL9GsR_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/55XJYXylpqO_8mP8GDeZL9GsR_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 11:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:7f:e5:66:a0:6a:f4:99:2c:77:d1:fd:51:cd:ac:57:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e795c9617ca5a6a3bff263fc1837992fd1ac47f2
        Validity
            Not Before: Mar 10 11:51:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f1d0dc7745472383af535eb904b9f4d26eceb5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:09:e5:4c:4e:01:ab:42:c6:97:5b:66:18:84:
                    b4:5f:29:64:3d:63:ad:e3:10:ed:1d:0e:a8:b6:84:
                    66:81:0b:1a:c8:d4:53:a3:68:be:29:06:63:d8:18:
                    6b:a1:6c:3d:11:6f:85:c8:8f:77:78:8d:cb:f4:db:
                    43:e3:18:18:67:2e:48:f3:4d:ba:37:26:37:97:0c:
                    ee:16:3a:52:4d:7b:2d:7e:37:8c:30:9c:78:47:d3:
                    e6:99:08:f3:05:0b:cf:a9:53:08:38:4c:5b:16:d2:
                    ff:0e:cf:53:04:0a:5d:9d:c7:97:fd:31:04:bf:17:
                    38:05:4a:46:1f:14:d1:c7:a7:59:da:03:1d:94:c4:
                    4c:f1:c9:d0:6d:2e:2c:e1:b3:c1:7a:19:cc:af:dc:
                    6a:94:7c:13:a7:79:e5:2d:5f:c5:95:36:92:6d:79:
                    57:a2:e1:07:8d:95:f9:74:da:71:0c:32:29:a5:e6:
                    03:1d:70:ab:9e:3e:a2:c1:62:43:32:98:65:7d:db:
                    e8:67:c0:fc:11:67:60:d1:78:e9:a1:c0:12:2d:23:
                    15:d1:c6:af:f5:42:2c:e9:6f:c5:d4:52:eb:9b:d9:
                    62:7d:3d:46:ff:82:bc:be:8f:f1:f9:9b:c0:ad:76:
                    84:9b:ec:12:1e:18:79:bf:77:e6:28:d4:10:da:4e:
                    7a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:1D:0D:C7:74:54:72:38:3A:F5:35:EB:90:4B:9F:4D:26:EC:EB:5C
            X509v3 Authority Key Identifier:
                keyid:E7:95:C9:61:7C:A5:A6:A3:BF:F2:63:FC:18:37:99:2F:D1:AC:47:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/55XJYXylpqO_8mP8GDeZL9GsR_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/nx0Nx3RUcjg69TXrkEufTSbs61w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/55XJYXylpqO_8mP8GDeZL9GsR_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:36:47:c1:cb:49:37:57:67:08:78:6b:42:08:7c:d2:08:39:
         15:8b:d6:0f:1d:de:74:3e:8f:ed:3f:43:34:ca:09:28:02:db:
         14:16:cd:cd:cb:27:3f:b0:a3:9d:ba:b4:f8:27:34:ba:45:74:
         01:ad:35:0a:c4:1f:d6:75:c1:6b:b2:47:09:68:e5:90:d7:e5:
         c9:28:d0:1e:d9:05:f4:c5:0a:18:7a:3a:a5:ae:20:67:27:94:
         35:4b:0e:53:13:4f:7d:0a:8d:be:fb:02:a7:e6:3f:2b:6d:e9:
         6c:f3:84:d2:3f:a5:a7:75:df:96:c5:12:51:3e:c8:8f:a6:36:
         bf:f4:f1:f0:cb:09:d3:c0:d7:e9:c0:5e:a6:cd:36:7c:ad:c9:
         72:68:c5:3b:a4:a3:72:9b:1f:3f:e7:56:5b:cb:4b:7d:98:32:
         e7:a1:a3:d0:1f:73:6d:48:fb:96:3e:e7:d4:31:ee:75:77:f1:
         00:70:1c:4d:57:35:86:d1:10:c1:dc:b6:7b:ce:1c:9f:41:98:
         79:87:34:7d:3a:ee:91:1d:a5:c4:b7:b5:e4:de:08:cb:15:a9:
         6f:04:0b:c7:10:51:52:aa:45:9a:8c:0f:b8:d9:b7:ca:53:0b:
         ac:e6:1c:5c:b1:7d:26:20:46:36:82:93:1e:e2:f0:fb:3f:d9:
         f0:49:f3:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZV/5WagavSZLHfR/VHNrFdBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3OTVjOTYxN2NhNWE2YTNiZmYyNjNmYzE4Mzc5OTJmZDFh
YzQ3ZjIwHhcNMjUwMzEwMTE1MTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjFkMGRjNzc0NTQ3MjM4M2FmNTM1ZWI5MDRiOWY0ZDI2ZWNlYjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QnlTE4Bq0LGl1tmGIS0XylkPWOt
4xDtHQ6otoRmgQsayNRTo2i+KQZj2BhroWw9EW+FyI93eI3L9NtD4xgYZy5I8026
NyY3lwzuFjpSTXstfjeMMJx4R9PmmQjzBQvPqVMIOExbFtL/Ds9TBApdnceX/TEE
vxc4BUpGHxTRx6dZ2gMdlMRM8cnQbS4s4bPBehnMr9xqlHwTp3nlLV/FlTaSbXlX
ouEHjZX5dNpxDDIppeYDHXCrnj6iwWJDMphlfdvoZ8D8EWdg0XjpocASLSMV0cav
9UIs6W/F1FLrm9lifT1G/4K8vo/x+ZvArXaEm+wSHhh5v3fmKNQQ2k56tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8dDcd0VHI4OvU165BLn00m7OtcMB8GA1UdIwQY
MBaAFOeVyWF8paajv/Jj/Bg3mS/RrEfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTVYSllYeWxwcU9fOG1QOEdEZVpMOUdzUl9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC85ODZkZGUtNWY2OC00YzIxLWI1NDYt
ZDU0MGRmODg2YmFiLzEvbngwTngzUlVjamc2OVRYcmtFdWZUU2JzNjF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC85ODZkZGUtNWY2OC00YzIxLWI1NDYtZDU0MGRmODg2YmFi
LzEvNTVYSllYeWxwcU9fOG1QOEdEZVpMOUdzUl9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZWbMA0G
CSqGSIb3DQEBCwUAA4IBAQA3NkfBy0k3V2cIeGtCCHzSCDkVi9YPHd50Po/tP0M0
ygkoAtsUFs3Nyyc/sKOdurT4JzS6RXQBrTUKxB/WdcFrskcJaOWQ1+XJKNAe2QX0
xQoYejqlriBnJ5Q1Sw5TE099Co2++wKn5j8rbels84TSP6Wndd+WxRJRPsiPpja/
9PHwywnTwNfpwF6mzTZ8rclyaMU7pKNymx8/51Zby0t9mDLnoaPQH3NtSPuWPufU
Me51d/EAcBxNVzWG0RDB3LZ7zhyfQZh5hzR9Ou6RHaXEt7Xk3gjLFalvBAvHEFFS
qkWajA+42bfKUwus5hxcsX0mIEY2gpMe4vD7P9nwSfMR
-----END CERTIFICATE-----