Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/ImqGpadxiBCf4ORVtpQ-O4OMQHA.roa
File:                     ImqGpadxiBCf4ORVtpQ-O4OMQHA.roa (raw, json)
Hash identifier:          /eUvKdvOX1J6h0VQ6X96iAVLr8hOx4hfOs9jfqrqEeQ=
Subject key identifier:   22:6A:86:A5:A7:71:88:10:9F:E0:E4:55:B6:94:3E:3B:83:8C:40:70
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       018F148F062385CAA63134AA299567291A7F
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/ImqGpadxiBCf4ORVtpQ-O4OMQHA.roa
Signing time:             Thu 25 Apr 2024 09:21:08 +0000
ROA not before:           Thu 25 Apr 2024 09:21:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201670
IP address blocks:        45.155.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:14:8f:06:23:85:ca:a6:31:34:aa:29:95:67:29:1a:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Apr 25 09:21:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=226a86a5a77188109fe0e455b6943e3b838c4070
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:fe:28:d9:17:5f:7e:29:53:71:60:28:f9:58:
                    5d:3d:02:ad:54:61:73:c4:f7:60:be:ac:2c:10:37:
                    39:9a:89:7c:71:39:70:f3:80:73:93:81:de:e2:f8:
                    39:69:1c:f0:32:4f:18:20:17:70:8b:61:8b:ad:09:
                    ad:8b:a4:69:f4:75:5a:85:eb:29:39:fa:8b:2c:0e:
                    8b:af:28:35:07:be:d1:b6:63:ab:20:dc:9c:8b:de:
                    c6:a1:5b:38:53:b8:1a:bb:53:05:20:24:ef:d5:93:
                    95:1e:b0:79:e9:fa:f2:56:e0:6f:13:d3:41:44:db:
                    8c:ea:c2:72:ce:bc:41:c4:b8:29:b2:22:60:52:d3:
                    e0:3f:a3:93:0a:24:58:56:9a:d9:20:be:18:3f:56:
                    7c:aa:9e:5d:65:c8:18:34:b0:51:92:27:b2:2c:db:
                    0f:74:a2:5f:fd:1c:84:8f:59:36:f5:90:5d:57:7b:
                    87:d9:34:b9:74:6d:97:84:d7:d7:fb:12:29:88:e2:
                    c2:c3:ee:35:e0:f4:13:63:23:e5:b7:b2:c3:ea:e3:
                    8b:88:32:14:cb:43:b2:88:fd:12:eb:5f:55:21:c3:
                    6e:1e:26:80:00:8e:66:45:88:cf:c9:62:cc:34:82:
                    cc:70:57:ec:91:7d:ca:fb:5e:b5:f7:49:1b:a3:02:
                    f6:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:6A:86:A5:A7:71:88:10:9F:E0:E4:55:B6:94:3E:3B:83:8C:40:70
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/ImqGpadxiBCf4ORVtpQ-O4OMQHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:57:eb:03:92:db:3c:30:20:82:f1:20:47:6c:13:d1:c4:7c:
         2e:34:f8:e9:db:42:47:3d:d7:b7:e5:08:86:f6:aa:71:75:22:
         96:ea:9c:7d:f3:cf:32:83:45:4e:03:55:d7:11:49:d7:0f:c3:
         19:d0:d4:71:33:2c:89:2a:00:90:d2:50:b9:c4:7e:da:97:d3:
         83:36:d7:20:22:18:af:df:44:83:53:16:e4:a3:af:0b:6d:db:
         67:a0:52:04:31:fa:d0:14:e9:23:f5:25:ad:e5:9c:0f:b4:e8:
         8b:6f:1e:6f:fa:32:79:0b:2c:9b:56:d3:7e:55:ea:f5:b6:7c:
         e8:a6:72:7e:04:9f:6e:a2:ae:b3:94:2e:18:cc:e1:fe:e8:1c:
         ac:04:95:64:5e:4b:1d:94:63:43:24:c6:d5:31:5f:3e:36:b1:
         90:f7:7b:35:00:62:c3:58:c9:bb:9a:62:aa:30:84:14:22:85:
         c9:f8:57:7f:c8:81:e3:7d:43:e1:78:a8:17:cc:0b:c2:c9:6a:
         bb:f8:b0:23:93:c1:bc:f6:c1:5a:6a:99:2f:97:42:bf:3e:1b:
         1b:4a:77:d3:e3:41:c1:67:e9:51:3e:cc:44:da:9a:02:be:ba:
         26:0b:ef:33:2d:f5:46:45:e3:3a:d0:1b:2d:f3:f6:2b:9a:1c:
         ac:96:d8:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8UjwYjhcqmMTSqKZVnKRp/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjQwNDI1MDkyMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjZhODZhNWE3NzE4ODEwOWZlMGU0NTViNjk0M2UzYjgzOGM0MDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvP4o2RdffilTcWAo+VhdPQKtVGFz
xPdgvqwsEDc5mol8cTlw84Bzk4He4vg5aRzwMk8YIBdwi2GLrQmti6Rp9HVahesp
OfqLLA6Lryg1B77RtmOrINyci97GoVs4U7gau1MFICTv1ZOVHrB56fryVuBvE9NB
RNuM6sJyzrxBxLgpsiJgUtPgP6OTCiRYVprZIL4YP1Z8qp5dZcgYNLBRkieyLNsP
dKJf/RyEj1k29ZBdV3uH2TS5dG2XhNfX+xIpiOLCw+414PQTYyPlt7LD6uOLiDIU
y0OyiP0S619VIcNuHiaAAI5mRYjPyWLMNILMcFfskX3K+16190kbowL24QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJqhqWncYgQn+DkVbaUPjuDjEBwMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvSW1xR3BhZHhpQkNmNE9SVnRwUS1PNE9NUUhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZvxMA0G
CSqGSIb3DQEBCwUAA4IBAQC1V+sDkts8MCCC8SBHbBPRxHwuNPjp20JHPde35QiG
9qpxdSKW6px9888yg0VOA1XXEUnXD8MZ0NRxMyyJKgCQ0lC5xH7al9ODNtcgIhiv
30SDUxbko68LbdtnoFIEMfrQFOkj9SWt5ZwPtOiLbx5v+jJ5CyybVtN+Ver1tnzo
pnJ+BJ9uoq6zlC4YzOH+6BysBJVkXksdlGNDJMbVMV8+NrGQ93s1AGLDWMm7mmKq
MIQUIoXJ+Fd/yIHjfUPheKgXzAvCyWq7+LAjk8G89sFaapkvl0K/PhsbSnfT40HB
Z+lRPsxE2poCvromC+8zLfVGReM60Bst8/Yrmhyslths
-----END CERTIFICATE-----