Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/nKWeM_CH9-9zmDpDZswtnyydpVE.roa
File:                     nKWeM_CH9-9zmDpDZswtnyydpVE.roa (raw, json)
Hash identifier:          KvDVuK8tbyCYd/evgrfJE5X1yTC3BOlJ7Aj6N3EgX7Y=
Subject key identifier:   9C:A5:9E:33:F0:87:F7:EF:73:98:3A:43:66:CC:2D:9F:2C:9D:A5:51
Certificate issuer:       /CN=bdb83e99bf7254f948057a5e981be6fa5c2054dd
Certificate serial:       019420682020F81512204168110BAD2F0E7E
Authority key identifier: BD:B8:3E:99:BF:72:54:F9:48:05:7A:5E:98:1B:E6:FA:5C:20:54:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vbg-mb9yVPlIBXpemBvm-lwgVN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/nKWeM_CH9-9zmDpDZswtnyydpVE.roa
Signing time:             Wed 01 Jan 2025 05:48:02 +0000
ROA not before:           Wed 01 Jan 2025 05:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11426
IP address blocks:        45.94.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/vbg-mb9yVPlIBXpemBvm-lwgVN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/vbg-mb9yVPlIBXpemBvm-lwgVN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vbg-mb9yVPlIBXpemBvm-lwgVN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 08:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:20:20:f8:15:12:20:41:68:11:0b:ad:2f:0e:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdb83e99bf7254f948057a5e981be6fa5c2054dd
        Validity
            Not Before: Jan  1 05:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ca59e33f087f7ef73983a4366cc2d9f2c9da551
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:75:80:5a:cc:1b:4c:3c:37:7d:8d:16:a9:3b:
                    2c:bd:b2:6b:f2:c4:06:23:2e:99:5b:3c:62:0b:fe:
                    d3:bc:2a:1f:59:0c:35:a9:4e:43:04:b5:63:b8:cf:
                    2a:cf:b8:67:44:e7:f8:6f:d7:bb:af:b6:54:f0:85:
                    ae:fb:29:fb:c8:cc:bc:ce:51:e8:c1:0c:f9:b2:73:
                    f7:22:a7:ff:fa:96:d3:e6:22:c7:4e:39:7f:dc:68:
                    08:4f:3c:32:98:7c:ee:eb:00:1a:6a:60:f0:e5:a7:
                    c8:d2:fc:c2:41:ec:e1:e7:ef:99:6e:05:49:9e:f7:
                    0d:b1:00:09:5a:88:48:60:92:80:e1:42:66:69:14:
                    90:fa:bd:0f:40:64:58:f8:ac:43:12:e6:61:d5:4b:
                    44:02:5c:4a:0e:22:45:16:7b:21:8a:a4:7d:e6:35:
                    be:2c:45:c8:21:b9:f7:40:d6:0d:78:24:05:c9:48:
                    74:18:57:92:95:26:fe:d8:9f:66:e0:ff:cc:be:04:
                    11:09:a5:dd:32:c1:6a:20:43:06:67:ac:93:6f:5e:
                    61:d6:4c:2e:69:e3:eb:dd:a2:9a:f2:8b:75:cd:47:
                    ce:80:41:f8:ba:d6:44:7f:9a:04:a6:16:1a:f3:0d:
                    aa:0b:a6:1e:64:8b:2d:39:cd:60:32:2e:8b:9b:3a:
                    35:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:A5:9E:33:F0:87:F7:EF:73:98:3A:43:66:CC:2D:9F:2C:9D:A5:51
            X509v3 Authority Key Identifier:
                keyid:BD:B8:3E:99:BF:72:54:F9:48:05:7A:5E:98:1B:E6:FA:5C:20:54:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vbg-mb9yVPlIBXpemBvm-lwgVN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/nKWeM_CH9-9zmDpDZswtnyydpVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/vbg-mb9yVPlIBXpemBvm-lwgVN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:4c:05:fb:ac:b7:fd:4a:cf:a4:bf:3c:01:db:41:88:c2:75:
         71:e8:0b:1d:54:82:23:38:dc:60:a8:27:52:ed:36:62:cb:20:
         22:c4:3d:6c:ca:71:9b:2a:30:9c:49:c5:2a:74:85:c4:6d:97:
         53:92:b0:58:6e:db:a5:bc:a9:8f:fc:39:3b:34:e7:42:ad:69:
         48:68:3c:c5:51:6c:69:56:c1:27:48:63:e3:37:8b:cc:41:4f:
         27:71:8a:88:0a:be:81:39:ad:1a:ed:79:88:2b:48:d5:8d:6e:
         e8:3e:b9:61:4f:b8:a7:08:4a:f8:d8:75:cd:c4:ad:a9:f1:c7:
         c5:f5:50:31:cc:7b:e2:e9:f3:b0:81:41:25:58:26:ff:c7:48:
         5c:26:6b:9d:42:3c:0c:90:ea:47:d3:b5:6e:e4:c5:f8:30:80:
         7a:d9:3d:f8:28:a9:d6:81:7b:17:d8:ad:d8:d3:12:52:2b:1a:
         56:c9:c5:fa:41:4d:97:9d:a6:40:e2:a8:ff:b7:0e:fc:d3:de:
         3b:ac:5a:4a:a3:d4:12:f6:3b:f2:d4:fe:00:6e:aa:c6:4d:80:
         ff:e5:e8:52:a1:ee:02:79:76:ad:5e:6d:04:34:fe:9b:6c:99:
         e2:f8:ce:8e:b4:bb:a8:bc:5e:7d:85:ac:0f:7b:ff:86:3c:c4:
         51:d7:26:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaCAg+BUSIEFoEQutLw5+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYjgzZTk5YmY3MjU0Zjk0ODA1N2E1ZTk4MWJlNmZhNWMy
MDU0ZGQwHhcNMjUwMTAxMDU0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2E1OWUzM2YwODdmN2VmNzM5ODNhNDM2NmNjMmQ5ZjJjOWRhNTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3WAWswbTDw3fY0WqTssvbJr8sQG
Iy6ZWzxiC/7TvCofWQw1qU5DBLVjuM8qz7hnROf4b9e7r7ZU8IWu+yn7yMy8zlHo
wQz5snP3Iqf/+pbT5iLHTjl/3GgITzwymHzu6wAaamDw5afI0vzCQezh5++ZbgVJ
nvcNsQAJWohIYJKA4UJmaRSQ+r0PQGRY+KxDEuZh1UtEAlxKDiJFFnshiqR95jW+
LEXIIbn3QNYNeCQFyUh0GFeSlSb+2J9m4P/MvgQRCaXdMsFqIEMGZ6yTb15h1kwu
aePr3aKa8ot1zUfOgEH4utZEf5oEphYa8w2qC6YeZIstOc1gMi6Lmzo1nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJylnjPwh/fvc5g6Q2bMLZ8snaVRMB8GA1UdIwQY
MBaAFL24Ppm/clT5SAV6Xpgb5vpcIFTdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmJnLW1iOXlWUGxJQlhwZW1Cdm0tbHdnVk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81ZTIwNWEtZWMwYS00ZmVlLWFlZjEt
ZTQ5NWFhYTBjYWMwLzEvbktXZU1fQ0g5LTl6bURwRFpzd3RueXlkcFZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81ZTIwNWEtZWMwYS00ZmVlLWFlZjEtZTQ5NWFhYTBjYWMw
LzEvdmJnLW1iOXlWUGxJQlhwZW1Cdm0tbHdnVk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV6YMA0G
CSqGSIb3DQEBCwUAA4IBAQCRTAX7rLf9Ss+kvzwB20GIwnVx6AsdVIIjONxgqCdS
7TZiyyAixD1synGbKjCcScUqdIXEbZdTkrBYbtulvKmP/Dk7NOdCrWlIaDzFUWxp
VsEnSGPjN4vMQU8ncYqICr6BOa0a7XmIK0jVjW7oPrlhT7inCEr42HXNxK2p8cfF
9VAxzHvi6fOwgUElWCb/x0hcJmudQjwMkOpH07Vu5MX4MIB62T34KKnWgXsX2K3Y
0xJSKxpWycX6QU2XnaZA4qj/tw780947rFpKo9QS9jvy1P4AbqrGTYD/5ehSoe4C
eXatXm0ENP6bbJni+M6OtLuovF59hawPe/+GPMRR1yZi
-----END CERTIFICATE-----