Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/1333qp73ruq7A2nSo9kOVQ7ZzE0.roa
File:                     1333qp73ruq7A2nSo9kOVQ7ZzE0.roa (raw, json)
Hash identifier:          JX94IngnG5jgwt/Et193zGmN4IyvZ77gInsz4D23C18=
Subject key identifier:   D7:7D:F7:AA:9E:F7:AE:EA:BB:03:69:D2:A3:D9:0E:55:0E:D9:CC:4D
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       0195A400C9AF8B6367EEACF74138AF724306
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/1333qp73ruq7A2nSo9kOVQ7ZzE0.roa
Signing time:             Mon 17 Mar 2025 12:07:49 +0000
ROA not before:           Mon 17 Mar 2025 12:07:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        2.59.180.0/24 maxlen: 24
                          45.156.144.0/24 maxlen: 24
                          45.156.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 12:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a4:00:c9:af:8b:63:67:ee:ac:f7:41:38:af:72:43:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: Mar 17 12:07:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d77df7aa9ef7aeeabb0369d2a3d90e550ed9cc4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f6:90:1f:f3:10:f4:c1:82:0a:ec:27:01:5f:
                    a5:fd:cd:2a:7a:75:5a:fd:76:92:59:ab:e9:53:b8:
                    a3:e1:c1:51:d5:a4:d2:97:5d:42:19:24:1b:44:5e:
                    e9:db:e9:71:c6:56:05:75:5c:f3:96:49:f9:9e:cc:
                    dd:7d:f0:ac:f7:70:ac:2f:5a:6f:2d:74:e8:6e:40:
                    8b:a2:f1:10:7b:a8:30:62:16:14:37:7f:61:36:52:
                    d8:e9:bb:48:6b:d1:af:03:8a:bb:20:7a:28:2d:85:
                    1f:a5:9c:a8:db:e4:1a:6a:f9:ca:a5:fd:d8:67:ae:
                    42:21:8c:7f:95:50:47:f3:b9:61:66:c5:a6:0f:b0:
                    5e:0a:75:37:c5:f6:c0:62:2c:34:7f:9f:d7:6a:79:
                    30:00:ba:83:00:02:d0:ca:97:5c:fe:97:36:ee:a1:
                    e2:83:9b:e9:d1:d3:1a:72:b9:e9:35:c1:22:a2:e5:
                    1c:48:05:b0:44:8d:15:fb:3e:1e:21:30:8e:5d:f6:
                    a1:ea:1b:2d:7d:30:03:e5:04:fa:e7:da:0a:32:e2:
                    61:82:5f:f1:24:86:f9:9f:a6:fd:44:4a:09:a9:64:
                    9e:9f:dc:6c:4c:89:b6:99:d9:0a:3f:07:13:57:4d:
                    e0:77:5d:67:bc:ab:c6:bd:79:84:0c:7b:92:e1:3f:
                    f0:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:7D:F7:AA:9E:F7:AE:EA:BB:03:69:D2:A3:D9:0E:55:0E:D9:CC:4D
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/1333qp73ruq7A2nSo9kOVQ7ZzE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.180.0/24
                  45.156.144.0/24
                  45.156.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:65:d5:78:84:fb:14:76:c7:09:28:bc:95:8d:1b:e9:81:77:
         84:ff:c9:0e:8c:c9:84:9f:dd:75:67:25:e7:a7:58:64:d9:f5:
         47:f9:41:cf:d5:8c:33:80:67:dc:89:53:0b:cd:55:c7:83:78:
         52:93:a6:a5:4f:5a:96:c0:a2:79:05:b6:b9:7c:64:11:15:3d:
         2e:7d:78:7b:37:82:ab:c5:7d:32:90:75:fa:cf:31:9a:6c:6b:
         07:de:ae:0f:7b:44:aa:43:58:7a:26:10:fb:1f:3f:35:63:72:
         bd:67:c4:9f:0e:e5:a3:af:d2:18:06:47:ad:5c:a9:43:b4:c4:
         9c:97:81:f5:b0:0d:d4:db:12:d8:04:d4:73:cd:1f:76:c1:1e:
         b6:58:fc:e9:2e:a2:32:5e:fd:93:10:f5:9a:fa:c5:b3:75:d9:
         fc:90:9a:f7:8b:e8:8a:be:cc:2b:0d:2f:24:10:d3:c2:59:46:
         ce:6e:80:13:00:10:c8:b8:41:fa:c9:36:90:f7:02:05:6e:70:
         a9:c9:13:96:10:8f:52:4c:93:51:c4:9b:a9:9b:bb:12:b3:ed:
         fc:1b:08:2f:e5:34:59:12:95:80:da:72:e2:8a:e7:de:be:81:
         94:91:ca:30:fd:44:8e:f7:20:be:6f:9e:2b:11:df:57:fd:ca:
         3b:b8:13:31
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZWkAMmvi2Nn7qz3QTivckMGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhN2YwMzZlMjU5MjM5MWZiNDVhM2RkMzNjYWYwYjA3OTU2
OTczY2YwHhcNMjUwMzE3MTIwNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzdkZjdhYTllZjdhZWVhYmIwMzY5ZDJhM2Q5MGU1NTBlZDljYzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfaQH/MQ9MGCCuwnAV+l/c0qenVa
/XaSWavpU7ij4cFR1aTSl11CGSQbRF7p2+lxxlYFdVzzlkn5nszdffCs93CsL1pv
LXTobkCLovEQe6gwYhYUN39hNlLY6btIa9GvA4q7IHooLYUfpZyo2+QaavnKpf3Y
Z65CIYx/lVBH87lhZsWmD7BeCnU3xfbAYiw0f5/XankwALqDAALQypdc/pc27qHi
g5vp0dMacrnpNcEiouUcSAWwRI0V+z4eITCOXfah6hstfTAD5QT659oKMuJhgl/x
JIb5n6b9REoJqWSen9xsTIm2mdkKPwcTV03gd11nvKvGvXmEDHuS4T/wwQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNd996qe967quwNp0qPZDlUO2cxNMB8GA1UdIwQY
MBaAFBp/A24lkjkftFo90zyvCweVaXPPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2It
MzQwZDYyNWM2ZGJhLzEvMTMzM3FwNzNydXE3QTJuU285a09WUTdaekUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2ItMzQwZDYyNWM2ZGJh
LzEvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAAju0AwQA
LZyQAwQALZyTMA0GCSqGSIb3DQEBCwUAA4IBAQAWZdV4hPsUdscJKLyVjRvpgXeE
/8kOjMmEn911ZyXnp1hk2fVH+UHP1YwzgGfciVMLzVXHg3hSk6alT1qWwKJ5Bba5
fGQRFT0ufXh7N4KrxX0ykHX6zzGabGsH3q4Pe0SqQ1h6JhD7Hz81Y3K9Z8SfDuWj
r9IYBketXKlDtMScl4H1sA3U2xLYBNRzzR92wR62WPzpLqIyXv2TEPWa+sWzddn8
kJr3i+iKvswrDS8kENPCWUbOboATABDIuEH6yTaQ9wIFbnCpyROWEI9STJNRxJup
m7sSs+38Gwgv5TRZEpWA2nLiiufevoGUkcow/USO9yC+b54rEd9X/co7uBMx
-----END CERTIFICATE-----