Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/w8IXiteojLyAl2hPnvm-kFaTy-o.roa
File:                     w8IXiteojLyAl2hPnvm-kFaTy-o.roa (raw, json)
Hash identifier:          MErj7Qr+atEWhbQkpkCUmfKPYXJ0Re72UrCAJYB++AM=
Subject key identifier:   C3:C2:17:8A:D7:A8:8C:BC:80:97:68:4F:9E:F9:BE:90:56:93:CB:EA
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       01951EBF849078B5F1DF0A318EA65ECC70C4
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/w8IXiteojLyAl2hPnvm-kFaTy-o.roa
Signing time:             Wed 19 Feb 2025 15:07:02 +0000
ROA not before:           Wed 19 Feb 2025 15:07:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44103
IP address blocks:        45.154.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1e:bf:84:90:78:b5:f1:df:0a:31:8e:a6:5e:cc:70:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Feb 19 15:07:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3c2178ad7a88cbc8097684f9ef9be905693cbea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f3:95:d4:4e:ab:7a:85:48:4f:c1:1b:93:15:
                    b1:c8:ed:65:1c:7e:bf:0c:ce:61:22:10:fb:57:80:
                    b8:4e:e2:c6:d3:28:bb:81:08:57:ff:5a:2a:36:77:
                    1d:f6:ac:f7:28:60:ac:f0:93:5d:e5:6d:fc:7f:80:
                    81:07:aa:99:a8:ac:89:2b:2c:86:4e:3f:c2:70:c2:
                    3b:e2:4d:49:8f:2f:0c:b5:5e:ff:18:cc:62:44:09:
                    13:81:31:f6:b9:bc:25:0c:aa:2c:bc:42:c5:03:15:
                    18:f3:e6:21:34:8b:35:9e:d4:7d:bf:44:66:15:55:
                    b1:ae:4a:8d:5a:0f:88:c6:15:fd:25:69:b7:61:ac:
                    e7:7d:37:d2:ad:db:8d:df:46:58:ff:fc:fe:63:1d:
                    12:8b:12:a1:7c:80:bc:ef:b0:c7:e5:cf:62:f2:c6:
                    30:5a:f9:26:57:19:f2:08:20:7a:15:c9:be:81:2b:
                    88:d9:ed:fa:49:27:b9:b2:20:f0:b7:eb:6d:e7:72:
                    cd:e6:b8:ef:00:97:d1:a3:b0:45:57:f2:79:27:82:
                    16:11:74:a2:05:b3:a9:ba:47:74:f5:67:76:ee:7e:
                    6b:36:39:f3:28:92:37:ec:0d:dc:fa:4f:26:31:e2:
                    e4:aa:7e:de:39:f8:3e:08:09:b3:60:c4:dc:bb:f2:
                    e8:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:C2:17:8A:D7:A8:8C:BC:80:97:68:4F:9E:F9:BE:90:56:93:CB:EA
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/w8IXiteojLyAl2hPnvm-kFaTy-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:08:0f:29:d5:6a:ed:5d:72:38:6e:32:8f:ed:94:e0:40:36:
         e9:0a:8f:6e:1d:97:ee:62:1a:a1:ca:3e:6f:3d:fb:41:0f:4a:
         ce:4b:ec:ef:07:e6:f6:73:08:3d:33:c7:e6:45:a0:94:72:e1:
         5a:6e:98:91:df:c6:e6:dd:6f:a2:2a:6e:7f:cb:48:0c:74:04:
         d2:fb:3c:e0:5c:80:5c:22:33:f8:12:2c:90:c7:04:2b:b1:db:
         ad:4d:16:72:09:4f:7e:88:a9:ce:d1:c1:55:39:71:b8:d4:47:
         20:80:ba:cc:2b:de:b1:30:69:2e:26:4b:5a:f8:f7:f3:9d:9d:
         76:f8:a4:56:29:e4:ff:bd:88:78:2f:f6:18:81:62:3c:aa:48:
         23:ab:4a:60:b4:dd:2d:2b:b1:91:8a:81:8f:0b:5c:18:44:89:
         5b:03:c3:f0:42:51:6a:1f:14:2b:e8:92:76:3d:44:fd:27:7f:
         9c:46:86:c6:6e:98:4f:f8:03:e7:12:a0:6d:01:98:4b:d4:15:
         c6:79:b7:ff:dd:e5:ab:27:70:da:49:e7:ab:f3:30:b6:de:49:
         04:fa:bb:a2:f5:e0:a6:28:07:35:51:a6:a9:de:1b:e3:9d:94:
         8e:c1:a7:18:4b:d3:7f:77:b6:68:89:38:24:f0:1a:e7:6d:70:
         db:5a:65:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUev4SQeLXx3woxjqZezHDEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjUwMjE5MTUwNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2MyMTc4YWQ3YTg4Y2JjODA5NzY4NGY5ZWY5YmU5MDU2OTNjYmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvOV1E6reoVIT8EbkxWxyO1lHH6/
DM5hIhD7V4C4TuLG0yi7gQhX/1oqNncd9qz3KGCs8JNd5W38f4CBB6qZqKyJKyyG
Tj/CcMI74k1Jjy8MtV7/GMxiRAkTgTH2ubwlDKosvELFAxUY8+YhNIs1ntR9v0Rm
FVWxrkqNWg+IxhX9JWm3YaznfTfSrduN30ZY//z+Yx0SixKhfIC877DH5c9i8sYw
WvkmVxnyCCB6Fcm+gSuI2e36SSe5siDwt+tt53LN5rjvAJfRo7BFV/J5J4IWEXSi
BbOpukd09Wd27n5rNjnzKJI37A3c+k8mMeLkqn7eOfg+CAmzYMTcu/Lo2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPCF4rXqIy8gJdoT575vpBWk8vqMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvdzhJWGl0ZW9qTHlBbDJoUG52bS1rRmFUeS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZogMA0G
CSqGSIb3DQEBCwUAA4IBAQCbCA8p1WrtXXI4bjKP7ZTgQDbpCo9uHZfuYhqhyj5v
PftBD0rOS+zvB+b2cwg9M8fmRaCUcuFabpiR38bm3W+iKm5/y0gMdATS+zzgXIBc
IjP4EiyQxwQrsdutTRZyCU9+iKnO0cFVOXG41EcggLrMK96xMGkuJkta+PfznZ12
+KRWKeT/vYh4L/YYgWI8qkgjq0pgtN0tK7GRioGPC1wYRIlbA8PwQlFqHxQr6JJ2
PUT9J3+cRobGbphP+APnEqBtAZhL1BXGebf/3eWrJ3DaSeer8zC23kkE+rui9eCm
KAc1Uaap3hvjnZSOwacYS9N/d7ZoiTgk8BrnbXDbWmUS
-----END CERTIFICATE-----