Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/8ezldgsZjdYUFJex6k0Ut1HMEC4.roa
File:                     8ezldgsZjdYUFJex6k0Ut1HMEC4.roa (raw, json)
Hash identifier:          bDkmxhsgqaahY46AsODPGEATa+7WHhbve+WtDMm08R4=
Subject key identifier:   F1:EC:E5:76:0B:19:8D:D6:14:14:97:B1:EA:4D:14:B7:51:CC:10:2E
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       0196CE382F07326F72ECA94ABC14228E560C
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/8ezldgsZjdYUFJex6k0Ut1HMEC4.roa
Signing time:             Wed 14 May 2025 09:55:10 +0000
ROA not before:           Wed 14 May 2025 09:55:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        45.140.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ce:38:2f:07:32:6f:72:ec:a9:4a:bc:14:22:8e:56:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: May 14 09:55:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1ece5760b198dd6141497b1ea4d14b751cc102e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:00:dd:9a:69:5f:f6:5e:3a:43:9d:d2:8f:7d:
                    d0:cf:1d:b3:4f:1f:fc:b9:73:6a:aa:6c:0d:2e:2f:
                    4f:22:25:c5:5b:c2:8d:b0:12:54:26:20:b5:96:2f:
                    d7:d5:15:e2:a7:30:fc:1b:a8:9b:cd:ca:a6:bb:f1:
                    f1:67:06:8a:2f:74:f4:57:01:33:4d:24:2b:54:6b:
                    b9:70:d3:bd:34:11:e4:b7:2a:3e:6c:50:af:bd:15:
                    ce:29:b0:3e:c0:9a:15:5c:ac:40:a9:5e:24:84:f7:
                    51:50:e6:a9:6c:41:f2:3b:9f:1c:a4:35:5b:a0:67:
                    1b:51:4c:bc:93:af:21:da:1b:c4:50:07:e7:95:24:
                    38:2e:7a:fe:cb:ea:2c:3f:5f:08:2c:01:66:25:27:
                    9b:8d:99:53:73:b5:aa:4d:53:01:7f:ce:86:da:66:
                    19:26:2c:a2:bd:67:1e:db:b9:e4:09:0d:ba:1a:34:
                    40:b4:52:e2:16:5e:97:81:e5:fd:f5:4c:26:95:4b:
                    b8:79:5d:1c:7f:77:e0:44:e5:ba:2a:77:ca:0f:e1:
                    54:de:8d:0a:5b:71:a2:d1:69:ee:62:bf:b6:66:97:
                    32:2a:c2:d7:e7:c4:e4:35:6a:ae:0e:a3:88:2c:4a:
                    d8:10:8b:39:b1:be:3a:39:91:79:a3:d8:55:66:a3:
                    0a:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:EC:E5:76:0B:19:8D:D6:14:14:97:B1:EA:4D:14:B7:51:CC:10:2E
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/8ezldgsZjdYUFJex6k0Ut1HMEC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:ee:b3:e6:5c:6f:19:44:7c:cb:4e:e2:f8:4c:90:78:28:2d:
         11:88:78:7b:5f:c4:c1:db:1a:42:02:51:83:da:27:b2:4f:d1:
         11:01:9d:20:7c:06:d4:c5:e7:0d:bb:7d:9b:6c:ea:ec:7f:44:
         21:18:a9:d0:f8:46:f6:dd:90:48:7c:07:a5:88:eb:d0:f1:e7:
         53:95:31:61:d2:f6:4a:d9:fd:17:f1:72:85:a4:6f:e0:a0:e9:
         26:c3:8a:a4:9b:1c:b8:c4:0c:eb:11:a3:f9:37:ac:bc:45:ff:
         40:53:28:55:f0:4e:ff:56:87:f6:ad:f5:b8:b4:f6:e2:58:3d:
         c4:f5:60:34:1c:cf:0e:1e:1d:a0:62:7b:50:dd:79:ea:a6:fe:
         32:8b:f6:13:d6:24:e7:08:9c:ed:de:4a:8a:fc:a5:29:d4:e7:
         5b:6d:07:c6:22:e7:b5:9a:0e:45:35:67:4e:85:93:67:ed:1d:
         dd:57:9e:a0:bd:63:8f:57:d0:86:4d:79:14:73:72:a8:da:7f:
         0a:0a:af:f4:5f:9d:4c:26:48:f7:3d:7c:e6:43:5d:0d:ac:67:
         9b:53:c8:51:f0:62:be:53:ed:f6:73:63:c2:16:ac:39:40:1a:
         46:6b:e9:8d:dd:20:36:55:c2:a3:5b:a3:eb:91:08:21:53:02:
         2d:82:d7:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbOOC8HMm9y7KlKvBQijlYMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjUwNTE0MDk1NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWVjZTU3NjBiMTk4ZGQ2MTQxNDk3YjFlYTRkMTRiNzUxY2MxMDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnADdmmlf9l46Q53Sj33Qzx2zTx/8
uXNqqmwNLi9PIiXFW8KNsBJUJiC1li/X1RXipzD8G6ibzcqmu/HxZwaKL3T0VwEz
TSQrVGu5cNO9NBHktyo+bFCvvRXOKbA+wJoVXKxAqV4khPdRUOapbEHyO58cpDVb
oGcbUUy8k68h2hvEUAfnlSQ4Lnr+y+osP18ILAFmJSebjZlTc7WqTVMBf86G2mYZ
JiyivWce27nkCQ26GjRAtFLiFl6XgeX99UwmlUu4eV0cf3fgROW6KnfKD+FU3o0K
W3Gi0WnuYr+2ZpcyKsLX58TkNWquDqOILErYEIs5sb46OZF5o9hVZqMK6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHs5XYLGY3WFBSXsepNFLdRzBAuMB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvOGV6bGRnc1pqZFlVRkpleDZrMFV0MUhNRUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYw5MA0G
CSqGSIb3DQEBCwUAA4IBAQBj7rPmXG8ZRHzLTuL4TJB4KC0RiHh7X8TB2xpCAlGD
2ieyT9ERAZ0gfAbUxecNu32bbOrsf0QhGKnQ+Eb23ZBIfAeliOvQ8edTlTFh0vZK
2f0X8XKFpG/goOkmw4qkmxy4xAzrEaP5N6y8Rf9AUyhV8E7/Vof2rfW4tPbiWD3E
9WA0HM8OHh2gYntQ3Xnqpv4yi/YT1iTnCJzt3kqK/KUp1OdbbQfGIue1mg5FNWdO
hZNn7R3dV56gvWOPV9CGTXkUc3Ko2n8KCq/0X51MJkj3PXzmQ10NrGebU8hR8GK+
U+32c2PCFqw5QBpGa+mN3SA2VcKjW6PrkQghUwItgtdE
-----END CERTIFICATE-----