Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/CmFvYHzODnbCyXGp2-wor-OFMeE.roa
File:                     CmFvYHzODnbCyXGp2-wor-OFMeE.roa (raw, json)
Hash identifier:          xORugkXWTAXiYt0o6tX5IFm/m6og4jegyBZUKOnqoRk=
Subject key identifier:   0A:61:6F:60:7C:CE:0E:76:C2:C9:71:A9:DB:EC:28:AF:E3:85:31:E1
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       019423D7A3E514A17C11272FDDA955E6A34B
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/CmFvYHzODnbCyXGp2-wor-OFMeE.roa
Signing time:             Wed 01 Jan 2025 21:48:42 +0000
ROA not before:           Wed 01 Jan 2025 21:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135391
IP address blocks:        45.156.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:a3:e5:14:a1:7c:11:27:2f:dd:a9:55:e6:a3:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: Jan  1 21:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a616f607cce0e76c2c971a9dbec28afe38531e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:07:69:e4:a6:b6:30:2a:1d:0c:39:60:82:0b:
                    df:30:98:90:7d:fa:f4:be:ae:1a:45:c8:12:85:f9:
                    97:6c:92:12:38:93:3e:78:5b:07:50:59:4f:70:20:
                    de:6b:43:d1:07:ed:c6:39:b1:56:be:b8:c0:32:1e:
                    c1:7f:7d:f1:e1:a6:4f:44:33:ef:6c:8a:5b:37:ed:
                    ee:20:d5:a2:3e:0d:6d:eb:ba:02:87:db:98:b7:f8:
                    27:eb:00:0f:00:e0:89:69:75:d8:ac:36:21:6b:fa:
                    a0:0d:3e:7d:dc:f5:80:5e:70:f2:6f:18:a7:ed:66:
                    52:c3:6d:b2:3f:a8:83:e7:e1:35:b3:b4:81:1e:39:
                    19:67:17:ce:59:90:a8:ef:36:1d:05:5d:ad:79:93:
                    44:d0:b8:cf:09:42:01:ec:c7:3e:fe:e3:65:21:22:
                    b8:db:70:df:3a:6f:dc:d6:97:9a:d0:a1:70:33:a1:
                    d2:b5:49:c6:e7:93:39:0f:49:fe:f7:50:73:c0:54:
                    84:f4:03:04:b9:bd:6a:5a:df:8f:ab:89:fe:09:8d:
                    47:9e:df:22:f9:64:83:0e:73:2b:85:26:bf:86:f7:
                    40:d6:08:7a:b9:e5:72:a4:ae:d5:48:3c:6a:40:76:
                    b2:f1:b6:72:04:70:02:1a:48:64:d5:e2:41:42:b3:
                    ec:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:61:6F:60:7C:CE:0E:76:C2:C9:71:A9:DB:EC:28:AF:E3:85:31:E1
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/CmFvYHzODnbCyXGp2-wor-OFMeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:cc:38:2f:f0:9d:f3:c5:b3:dc:77:55:ba:17:59:d3:dd:1a:
         12:cb:4e:43:bb:1d:16:0f:10:3f:40:5d:37:eb:e7:6b:1e:d3:
         d8:90:91:a9:c5:20:55:28:f3:1e:a4:20:42:f6:66:e5:e0:1f:
         86:7a:34:52:21:a1:a9:e5:4a:6c:2f:10:3d:92:ac:7e:0e:3c:
         37:6a:c6:5d:c5:53:0e:8f:b7:68:75:98:a5:67:21:6a:11:d5:
         6e:16:19:3a:40:57:e1:26:4e:32:5e:88:8a:a3:6d:d6:d8:fc:
         73:cd:11:1a:f4:d7:cb:dd:1b:dc:fc:e0:c2:85:a5:c5:1b:4c:
         58:a6:9c:a4:85:98:75:1d:3f:80:1c:4e:28:1d:07:31:61:8d:
         47:48:b8:06:f0:17:a2:fb:67:79:58:52:96:59:82:d6:15:2a:
         37:6f:29:a4:ba:a6:22:6f:75:c2:ea:94:0e:79:99:4e:c6:5e:
         b5:be:a8:5a:6d:c7:c2:7e:58:0a:9e:62:bb:1d:de:29:24:ae:
         b8:71:6b:ba:49:4f:ec:56:b4:ea:5d:ec:20:46:a1:6c:da:7a:
         9d:a8:04:65:df:47:c3:6a:f0:c3:26:45:b9:65:7d:6c:d8:67:
         1a:a2:ff:f5:e2:88:7c:0e:15:8c:73:90:1a:6f:b5:00:da:7c:
         50:cc:15:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj16PlFKF8EScv3alV5qNLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhN2YwMzZlMjU5MjM5MWZiNDVhM2RkMzNjYWYwYjA3OTU2
OTczY2YwHhcNMjUwMTAxMjE0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTYxNmY2MDdjY2UwZTc2YzJjOTcxYTlkYmVjMjhhZmUzODUzMWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgdp5Ka2MCodDDlgggvfMJiQffr0
vq4aRcgShfmXbJISOJM+eFsHUFlPcCDea0PRB+3GObFWvrjAMh7Bf33x4aZPRDPv
bIpbN+3uINWiPg1t67oCh9uYt/gn6wAPAOCJaXXYrDYha/qgDT593PWAXnDybxin
7WZSw22yP6iD5+E1s7SBHjkZZxfOWZCo7zYdBV2teZNE0LjPCUIB7Mc+/uNlISK4
23DfOm/c1pea0KFwM6HStUnG55M5D0n+91BzwFSE9AMEub1qWt+Pq4n+CY1Hnt8i
+WSDDnMrhSa/hvdA1gh6ueVypK7VSDxqQHay8bZyBHACGkhk1eJBQrPsEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAphb2B8zg52wslxqdvsKK/jhTHhMB8GA1UdIwQY
MBaAFBp/A24lkjkftFo90zyvCweVaXPPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2It
MzQwZDYyNWM2ZGJhLzEvQ21GdllIek9EbmJDeVhHcDItd29yLU9GTWVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2ItMzQwZDYyNWM2ZGJh
LzEvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZyQMA0G
CSqGSIb3DQEBCwUAA4IBAQB+zDgv8J3zxbPcd1W6F1nT3RoSy05Dux0WDxA/QF03
6+drHtPYkJGpxSBVKPMepCBC9mbl4B+GejRSIaGp5UpsLxA9kqx+Djw3asZdxVMO
j7dodZilZyFqEdVuFhk6QFfhJk4yXoiKo23W2PxzzREa9NfL3Rvc/ODChaXFG0xY
ppykhZh1HT+AHE4oHQcxYY1HSLgG8Bei+2d5WFKWWYLWFSo3bymkuqYib3XC6pQO
eZlOxl61vqhabcfCflgKnmK7Hd4pJK64cWu6SU/sVrTqXewgRqFs2nqdqARl30fD
avDDJkW5ZX1s2Gcaov/14oh8DhWMc5Aab7UA2nxQzBW8
-----END CERTIFICATE-----