Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/09w6O33e4HDbgd-Z94h_C8ChRks.roa
File:                     09w6O33e4HDbgd-Z94h_C8ChRks.roa (raw, json)
Hash identifier:          5z3Fv6PEotNKrDWnuCLjxHUlDb693V/tXm75hjr6QOg=
Subject key identifier:   D3:DC:3A:3B:7D:DE:E0:70:DB:81:DF:99:F7:88:7F:0B:C0:A1:46:4B
Certificate issuer:       /CN=6a798f0fe4f4dffdfed2c8e62d235430f49377cd
Certificate serial:       01942746610DB508C8C1B37D6FAEE7BFF9E2
Authority key identifier: 6A:79:8F:0F:E4:F4:DF:FD:FE:D2:C8:E6:2D:23:54:30:F4:93:77:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/anmPD-T03_3-0sjmLSNUMPSTd80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/09w6O33e4HDbgd-Z94h_C8ChRks.roa
Signing time:             Thu 02 Jan 2025 13:48:31 +0000
ROA not before:           Thu 02 Jan 2025 13:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        45.154.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/anmPD-T03_3-0sjmLSNUMPSTd80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/anmPD-T03_3-0sjmLSNUMPSTd80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/anmPD-T03_3-0sjmLSNUMPSTd80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:61:0d:b5:08:c8:c1:b3:7d:6f:ae:e7:bf:f9:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a798f0fe4f4dffdfed2c8e62d235430f49377cd
        Validity
            Not Before: Jan  2 13:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3dc3a3b7ddee070db81df99f7887f0bc0a1464b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:71:55:d1:96:2d:41:f8:5a:03:31:b2:9b:4c:
                    1f:a7:0c:9f:d1:14:eb:1b:14:62:ca:30:ff:a2:03:
                    95:7d:3a:ec:ad:6c:3f:44:4e:0b:3e:fc:d6:49:1a:
                    30:24:f6:97:e1:92:59:87:bd:89:59:32:45:0c:cb:
                    8e:c1:1e:59:8f:cf:2c:12:58:18:b2:53:50:32:dc:
                    71:6e:13:a6:1d:a8:bc:20:17:1f:70:9e:46:22:73:
                    21:b0:ec:c5:6d:cb:ee:9c:15:4f:27:e9:45:1b:df:
                    42:5d:50:d4:0d:a4:0b:b1:62:b5:b8:b9:d1:fc:79:
                    c1:de:04:23:02:e1:58:0a:31:a3:fb:fd:78:49:b6:
                    3d:87:bf:77:ef:17:5c:ab:c0:30:61:4d:2a:10:a2:
                    0a:00:7d:9e:47:11:df:b3:09:a8:be:69:f9:75:a8:
                    27:0f:fe:97:4b:fe:9c:34:ce:93:c0:54:9d:9f:d9:
                    eb:f6:d2:68:a2:01:cc:15:f7:8a:f6:a5:f9:67:da:
                    c3:d5:aa:5c:a2:14:12:8f:b6:ef:f1:f3:fb:91:c0:
                    80:5c:6a:3e:de:25:83:97:0e:ef:c9:06:f2:f6:64:
                    1d:47:24:2f:74:16:1f:6f:5e:8d:5c:e4:9f:89:ce:
                    b7:57:87:61:6d:66:f1:07:1a:d9:be:c7:bc:96:69:
                    08:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:DC:3A:3B:7D:DE:E0:70:DB:81:DF:99:F7:88:7F:0B:C0:A1:46:4B
            X509v3 Authority Key Identifier:
                keyid:6A:79:8F:0F:E4:F4:DF:FD:FE:D2:C8:E6:2D:23:54:30:F4:93:77:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/anmPD-T03_3-0sjmLSNUMPSTd80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/09w6O33e4HDbgd-Z94h_C8ChRks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/anmPD-T03_3-0sjmLSNUMPSTd80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:ec:8a:15:81:44:bb:55:4f:eb:44:05:19:e2:29:87:46:a5:
         c1:a8:7e:ab:30:06:28:9a:ea:6b:cc:9a:cb:60:bb:c2:cf:4f:
         51:b6:44:c2:c3:be:c6:1f:78:87:f7:90:e2:9e:a7:8d:d9:ba:
         bf:ec:41:4b:cd:ca:bb:18:7e:da:9b:f8:e8:7e:92:f7:ab:08:
         70:95:b2:14:34:a2:e8:74:14:f3:0d:d2:d8:db:2d:41:a4:75:
         e6:3f:97:bf:8f:58:1d:3b:cf:3a:1e:02:21:0d:a1:da:b3:13:
         9f:a7:a8:e8:c7:e8:9b:39:71:5c:a4:08:94:ba:45:8b:cb:11:
         1b:32:a5:94:b3:1d:da:03:af:74:b1:f5:fa:4b:46:45:ea:a4:
         aa:7f:39:0a:24:6e:21:84:3a:c9:df:23:ac:21:41:d3:28:cb:
         4f:1a:bd:97:ae:73:26:c3:60:b6:95:28:c3:dd:5a:ee:dd:02:
         e6:ab:7b:43:88:c0:69:71:57:45:d2:7f:93:05:d7:fe:81:4a:
         9a:25:19:86:75:2e:a3:bc:81:5a:73:0c:9e:9e:b5:8a:0e:cd:
         67:ec:95:87:bd:92:a3:a2:68:04:85:06:92:03:d7:fa:7d:f4:
         7f:70:40:ca:76:85:62:c2:23:a6:df:c8:eb:c1:2b:70:c4:2a:
         10:14:72:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRmENtQjIwbN9b67nv/niMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNzk4ZjBmZTRmNGRmZmRmZWQyYzhlNjJkMjM1NDMwZjQ5
Mzc3Y2QwHhcNMjUwMTAyMTM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2RjM2EzYjdkZGVlMDcwZGI4MWRmOTlmNzg4N2YwYmMwYTE0NjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynFV0ZYtQfhaAzGym0wfpwyf0RTr
GxRiyjD/ogOVfTrsrWw/RE4LPvzWSRowJPaX4ZJZh72JWTJFDMuOwR5Zj88sElgY
slNQMtxxbhOmHai8IBcfcJ5GInMhsOzFbcvunBVPJ+lFG99CXVDUDaQLsWK1uLnR
/HnB3gQjAuFYCjGj+/14SbY9h7937xdcq8AwYU0qEKIKAH2eRxHfswmovmn5dagn
D/6XS/6cNM6TwFSdn9nr9tJoogHMFfeK9qX5Z9rD1apcohQSj7bv8fP7kcCAXGo+
3iWDlw7vyQby9mQdRyQvdBYfb16NXOSfic63V4dhbWbxBxrZvse8lmkIOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPcOjt93uBw24HfmfeIfwvAoUZLMB8GA1UdIwQY
MBaAFGp5jw/k9N/9/tLI5i0jVDD0k3fNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW5tUEQtVDAzXzMtMHNqbUxTTlVNUFNUZDgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC83Yjc4MjUtYTBmNy00ZjViLTljMjMt
NzdjZjgxMDQxMDgzLzEvMDl3Nk8zM2U0SERiZ2QtWjk0aF9DOENoUmtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC83Yjc4MjUtYTBmNy00ZjViLTljMjMtNzdjZjgxMDQxMDgz
LzEvYW5tUEQtVDAzXzMtMHNqbUxTTlVNUFNUZDgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZrNMA0G
CSqGSIb3DQEBCwUAA4IBAQA67IoVgUS7VU/rRAUZ4imHRqXBqH6rMAYomuprzJrL
YLvCz09RtkTCw77GH3iH95DinqeN2bq/7EFLzcq7GH7am/jofpL3qwhwlbIUNKLo
dBTzDdLY2y1BpHXmP5e/j1gdO886HgIhDaHasxOfp6jox+ibOXFcpAiUukWLyxEb
MqWUsx3aA690sfX6S0ZF6qSqfzkKJG4hhDrJ3yOsIUHTKMtPGr2XrnMmw2C2lSjD
3Vru3QLmq3tDiMBpcVdF0n+TBdf+gUqaJRmGdS6jvIFacwyenrWKDs1n7JWHvZKj
omgEhQaSA9f6ffR/cEDKdoViwiOm38jrwStwxCoQFHI9
-----END CERTIFICATE-----