Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/l1RkBmRrPMovkJGjGAhqwG2TomQ.roa
File:                     l1RkBmRrPMovkJGjGAhqwG2TomQ.roa (raw, json)
Hash identifier:          ja8aqL5wAU8Vk71Npu6WMYrryMZZjLGwpBOYQMZ/L/o=
Subject key identifier:   97:54:64:06:64:6B:3C:CA:2F:90:91:A3:18:08:6A:C0:6D:93:A2:64
Certificate issuer:       /CN=c15e7d7bb69efacb0c73902972c74d72d29bf77f
Certificate serial:       01942369D4023904F4493E6708E5E6143151
Authority key identifier: C1:5E:7D:7B:B6:9E:FA:CB:0C:73:90:29:72:C7:4D:72:D2:9B:F7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wV59e7ae-ssMc5ApcsdNctKb938.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/l1RkBmRrPMovkJGjGAhqwG2TomQ.roa
Signing time:             Wed 01 Jan 2025 19:48:45 +0000
ROA not before:           Wed 01 Jan 2025 19:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3758
IP address blocks:        45.144.198.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/wV59e7ae-ssMc5ApcsdNctKb938.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/wV59e7ae-ssMc5ApcsdNctKb938.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wV59e7ae-ssMc5ApcsdNctKb938.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:d4:02:39:04:f4:49:3e:67:08:e5:e6:14:31:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c15e7d7bb69efacb0c73902972c74d72d29bf77f
        Validity
            Not Before: Jan  1 19:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97546406646b3cca2f9091a318086ac06d93a264
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:da:d3:98:d6:2b:f7:58:61:f2:26:b0:ba:3b:
                    c4:2e:52:11:95:3f:b2:65:fb:5c:c7:0d:5a:e1:37:
                    fd:9f:6c:50:69:a0:1b:46:83:ff:cb:3e:bb:56:33:
                    f0:47:a0:d4:0f:5d:a3:f0:f0:41:c9:b3:81:40:82:
                    27:ce:79:e1:3d:61:d5:cf:b8:09:74:3a:49:c7:c2:
                    b3:d0:47:50:2d:93:e8:9c:b9:04:57:4e:9a:8b:fe:
                    a0:24:75:e3:32:ec:6d:a2:a2:5a:8a:07:98:de:89:
                    9e:69:8b:f9:7f:29:f8:79:3c:98:ce:7d:20:c2:9e:
                    e1:ef:9e:fd:19:f7:e5:38:29:11:10:5c:04:16:5f:
                    42:68:73:80:5e:87:27:f3:11:8e:39:c8:db:78:49:
                    17:98:84:ac:df:db:a2:f7:c1:56:ba:a3:c2:68:a8:
                    b5:a3:56:5c:6d:32:53:17:94:a1:80:b6:5a:12:bf:
                    0f:ba:a0:f0:0a:ce:c8:c6:7b:d6:29:2b:b8:9d:99:
                    e0:b1:a9:46:f7:6c:6c:ce:b2:c2:f4:7f:93:c5:6f:
                    dd:cb:6b:c9:25:a6:26:b0:53:89:23:45:01:8f:13:
                    16:53:7e:2a:48:3f:04:9c:d0:07:ef:23:63:9e:bf:
                    c4:c8:e1:d6:cd:ff:de:08:5c:a7:27:d2:96:64:3a:
                    31:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:54:64:06:64:6B:3C:CA:2F:90:91:A3:18:08:6A:C0:6D:93:A2:64
            X509v3 Authority Key Identifier:
                keyid:C1:5E:7D:7B:B6:9E:FA:CB:0C:73:90:29:72:C7:4D:72:D2:9B:F7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wV59e7ae-ssMc5ApcsdNctKb938.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/l1RkBmRrPMovkJGjGAhqwG2TomQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/wV59e7ae-ssMc5ApcsdNctKb938.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:d1:24:03:b3:ea:a9:27:5b:36:77:5e:42:e3:87:11:6c:c6:
         37:db:8d:c0:55:3f:4a:b2:8a:3a:76:65:48:3e:89:45:de:83:
         5b:1d:b4:fb:8f:87:c5:03:ac:c3:7c:14:ab:c6:55:5d:82:c3:
         c4:dc:b1:a6:3c:cb:b4:d7:96:1d:f7:bf:85:5f:80:de:9e:92:
         02:3d:d8:96:ce:36:de:3f:71:8c:44:a1:a5:8d:4b:e5:bb:0b:
         6b:e0:c9:1f:8d:2d:20:e0:ff:64:5f:b2:d5:60:a6:80:8d:39:
         27:cd:15:ed:88:9a:70:11:39:c2:82:6c:0e:28:29:7c:26:24:
         29:50:d3:7b:5d:f4:fc:62:2c:64:aa:db:b1:2a:a2:ee:74:0f:
         c0:95:40:50:67:64:7a:45:f5:3e:11:bb:16:c0:3d:63:d8:f9:
         ba:d8:71:dc:79:dd:6c:72:02:ef:d4:78:70:48:af:23:fb:a4:
         6a:26:55:32:ba:0e:f3:4d:4e:fd:b8:d8:8d:c5:7b:da:28:f5:
         96:75:4c:b0:96:94:7d:ed:6a:6a:30:f2:9b:da:cf:cf:17:d1:
         d5:e7:2f:4a:b6:d8:df:24:89:91:af:c8:e7:81:b0:96:ef:75:
         ff:4a:39:95:9b:e2:59:9f:bf:ee:ff:03:af:cf:86:0c:bd:a2:
         fb:32:f3:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjadQCOQT0ST5nCOXmFDFRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxNWU3ZDdiYjY5ZWZhY2IwYzczOTAyOTcyYzc0ZDcyZDI5
YmY3N2YwHhcNMjUwMTAxMTk0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzU0NjQwNjY0NmIzY2NhMmY5MDkxYTMxODA4NmFjMDZkOTNhMjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptrTmNYr91hh8iawujvELlIRlT+y
Zftcxw1a4Tf9n2xQaaAbRoP/yz67VjPwR6DUD12j8PBBybOBQIInznnhPWHVz7gJ
dDpJx8Kz0EdQLZPonLkEV06ai/6gJHXjMuxtoqJaigeY3omeaYv5fyn4eTyYzn0g
wp7h7579GfflOCkREFwEFl9CaHOAXocn8xGOOcjbeEkXmISs39ui98FWuqPCaKi1
o1ZcbTJTF5ShgLZaEr8PuqDwCs7IxnvWKSu4nZngsalG92xszrLC9H+TxW/dy2vJ
JaYmsFOJI0UBjxMWU34qSD8EnNAH7yNjnr/EyOHWzf/eCFynJ9KWZDoxrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJdUZAZkazzKL5CRoxgIasBtk6JkMB8GA1UdIwQY
MBaAFMFefXu2nvrLDHOQKXLHTXLSm/d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1Y1OWU3YWUtc3NNYzVBcGNzZE5jdEtiOTM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9lYTQwMmEtMGZmNi00N2Q5LTljZDAt
MzQ3YTBmN2M1YjA4LzEvbDFSa0JtUnJQTW92a0pHakdBaHF3RzJUb21RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9lYTQwMmEtMGZmNi00N2Q5LTljZDAtMzQ3YTBmN2M1YjA4
LzEvd1Y1OWU3YWUtc3NNYzVBcGNzZE5jdEtiOTM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZDGMA0G
CSqGSIb3DQEBCwUAA4IBAQB80SQDs+qpJ1s2d15C44cRbMY3243AVT9Ksoo6dmVI
PolF3oNbHbT7j4fFA6zDfBSrxlVdgsPE3LGmPMu015Yd97+FX4DenpICPdiWzjbe
P3GMRKGljUvluwtr4MkfjS0g4P9kX7LVYKaAjTknzRXtiJpwETnCgmwOKCl8JiQp
UNN7XfT8YixkqtuxKqLudA/AlUBQZ2R6RfU+EbsWwD1j2Pm62HHced1scgLv1Hhw
SK8j+6RqJlUyug7zTU79uNiNxXvaKPWWdUywlpR97WpqMPKb2s/PF9HV5y9Kttjf
JImRr8jngbCW73X/SjmVm+JZn7/u/wOvz4YMvaL7MvPT
-----END CERTIFICATE-----