Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/hM4RUMXGkSsGKGeXFlPc5WdVja8.roa
File:                     hM4RUMXGkSsGKGeXFlPc5WdVja8.roa (raw, json)
Hash identifier:          +27OhfsKET5J+JAUfDDgfUlvTDk8tRsjQoV0ueuKdsc=
Subject key identifier:   84:CE:11:50:C5:C6:91:2B:06:28:67:97:16:53:DC:E5:67:55:8D:AF
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       0194654DE74C029DA0F5F4D75AF43FF1EF15
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/hM4RUMXGkSsGKGeXFlPc5WdVja8.roa
Signing time:             Tue 14 Jan 2025 14:53:11 +0000
ROA not before:           Tue 14 Jan 2025 14:53:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211373
IP address blocks:        45.155.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:65:4d:e7:4c:02:9d:a0:f5:f4:d7:5a:f4:3f:f1:ef:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Jan 14 14:53:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84ce1150c5c6912b062867971653dce567558daf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:d1:ff:45:3b:c3:64:99:3c:dd:99:54:e7:b3:
                    ae:4d:38:cc:57:56:61:1d:0f:e8:20:48:3b:ef:90:
                    d1:a9:7a:7b:af:11:e6:a2:48:5c:9d:c6:4e:09:bc:
                    8f:9d:a8:58:fe:17:1e:8b:2a:fc:38:69:fe:7d:7b:
                    be:46:ff:7a:2d:80:23:31:f2:cd:8f:8a:29:d9:24:
                    e1:f0:fb:ed:b5:8e:a6:ea:8f:29:d9:06:08:ca:8b:
                    04:31:8f:2a:41:86:fc:4c:0a:90:81:2b:bc:85:e1:
                    23:b4:9c:37:af:c9:d5:c1:17:40:ba:fa:e1:17:2e:
                    0f:96:0d:d1:f4:5b:8e:db:63:45:7e:70:88:6d:c2:
                    e4:68:48:cd:99:18:29:99:e9:5c:35:98:54:28:f0:
                    9f:77:de:82:f5:63:11:dd:aa:a8:f1:82:1e:4d:9b:
                    9a:76:a6:e0:c3:a1:00:27:d2:8c:1b:57:b3:47:63:
                    4a:5f:fb:c1:77:ff:ed:21:59:67:d3:0d:ed:93:e4:
                    31:26:f8:06:66:09:b9:83:4b:2a:30:02:55:c0:9b:
                    62:98:6d:cb:a4:00:03:54:c6:1e:3e:98:f4:c7:59:
                    f9:24:63:38:04:66:40:87:73:95:7b:64:30:90:2b:
                    b2:c6:6f:80:f0:46:ce:92:4e:35:f6:37:4f:3d:03:
                    37:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:CE:11:50:C5:C6:91:2B:06:28:67:97:16:53:DC:E5:67:55:8D:AF
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/hM4RUMXGkSsGKGeXFlPc5WdVja8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:31:6a:ce:cc:38:bc:f4:7a:48:d3:fb:cf:5e:ff:fc:99:b0:
         b0:b7:ff:82:12:23:da:72:84:7d:33:e3:f4:72:9e:50:87:5c:
         c2:8c:a9:43:9d:f8:e8:74:8a:9b:8b:1e:da:0e:b9:5a:84:5a:
         ac:7f:ea:84:d9:e0:3b:e5:e2:11:c2:d8:45:19:c7:b9:ff:8a:
         03:d0:b5:50:6c:a4:ab:2f:c5:12:b5:ae:1e:23:95:9e:4a:7a:
         42:c5:9c:bb:3c:eb:ee:4a:22:7c:30:83:91:b1:69:5b:8d:04:
         5c:64:7d:e4:c0:a3:e7:fc:6e:aa:6a:d2:25:09:b6:bc:49:df:
         07:f3:5f:90:83:ee:f0:1f:a0:81:d1:9f:e6:d8:59:d4:69:c7:
         55:4f:9e:b0:1b:8f:2d:ab:72:a3:11:a1:77:01:de:71:08:b6:
         35:55:af:7f:de:ea:95:28:cd:1d:c6:20:43:c9:c4:bd:d6:a2:
         83:be:3c:0d:19:60:12:af:ae:f2:72:d0:e6:02:05:ee:6c:d7:
         a5:df:49:84:68:7d:81:64:63:f2:ad:2d:19:8a:ee:d9:b6:8b:
         dd:59:1b:a3:3a:1b:83:cf:03:05:48:cc:05:aa:82:c0:f9:ea:
         1c:17:c7:97:1d:2f:07:49:ee:79:e9:14:0d:45:dc:d0:b4:cc:
         59:7b:a6:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRlTedMAp2g9fTXWvQ/8e8VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjUwMTE0MTQ1MzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGNlMTE1MGM1YzY5MTJiMDYyODY3OTcxNjUzZGNlNTY3NTU4ZGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6tH/RTvDZJk83ZlU57OuTTjMV1Zh
HQ/oIEg775DRqXp7rxHmokhcncZOCbyPnahY/hceiyr8OGn+fXu+Rv96LYAjMfLN
j4op2STh8PvttY6m6o8p2QYIyosEMY8qQYb8TAqQgSu8heEjtJw3r8nVwRdAuvrh
Fy4Plg3R9FuO22NFfnCIbcLkaEjNmRgpmelcNZhUKPCfd96C9WMR3aqo8YIeTZua
dqbgw6EAJ9KMG1ezR2NKX/vBd//tIVln0w3tk+QxJvgGZgm5g0sqMAJVwJtimG3L
pAADVMYePpj0x1n5JGM4BGZAh3OVe2QwkCuyxm+A8EbOkk419jdPPQM35QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFITOEVDFxpErBihnlxZT3OVnVY2vMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvaE00UlVNWEdrU3NHS0dlWEZsUGM1V2RWamE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZvzMA0G
CSqGSIb3DQEBCwUAA4IBAQAjMWrOzDi89HpI0/vPXv/8mbCwt/+CEiPacoR9M+P0
cp5Qh1zCjKlDnfjodIqbix7aDrlahFqsf+qE2eA75eIRwthFGce5/4oD0LVQbKSr
L8USta4eI5WeSnpCxZy7POvuSiJ8MIORsWlbjQRcZH3kwKPn/G6qatIlCba8Sd8H
81+Qg+7wH6CB0Z/m2FnUacdVT56wG48tq3KjEaF3Ad5xCLY1Va9/3uqVKM0dxiBD
ycS91qKDvjwNGWASr67yctDmAgXubNel30mEaH2BZGPyrS0Ziu7ZtovdWRujOhuD
zwMFSMwFqoLA+eocF8eXHS8HSe556RQNRdzQtMxZe6aX
-----END CERTIFICATE-----