Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/d5c042-5b4d-4b10-bc76-42eaabbfbfd2/1/M6kd2OZVwbLsznfkTpr9P9tvc9U.roa
File:                     M6kd2OZVwbLsznfkTpr9P9tvc9U.roa (raw, json)
Hash identifier:          Jp9yH5OnFSN9zDtKINo+7/MzPgxLUFZmRYughYu+MLQ=
Subject key identifier:   33:A9:1D:D8:E6:55:C1:B2:EC:CE:77:E4:4E:9A:FD:3F:DB:6F:73:D5
Certificate issuer:       /CN=16f9f928b0ac67731991f374b8e194eb6542ac24
Certificate serial:       0194206818FAF0DFA14B445227D1E562155F
Authority key identifier: 16:F9:F9:28:B0:AC:67:73:19:91:F3:74:B8:E1:94:EB:65:42:AC:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fvn5KLCsZ3MZkfN0uOGU62VCrCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/d5c042-5b4d-4b10-bc76-42eaabbfbfd2/1/M6kd2OZVwbLsznfkTpr9P9tvc9U.roa
Signing time:             Wed 01 Jan 2025 05:48:00 +0000
ROA not before:           Wed 01 Jan 2025 05:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209053
IP address blocks:        45.8.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/d5c042-5b4d-4b10-bc76-42eaabbfbfd2/1/Fvn5KLCsZ3MZkfN0uOGU62VCrCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/d5c042-5b4d-4b10-bc76-42eaabbfbfd2/1/Fvn5KLCsZ3MZkfN0uOGU62VCrCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fvn5KLCsZ3MZkfN0uOGU62VCrCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:18:fa:f0:df:a1:4b:44:52:27:d1:e5:62:15:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16f9f928b0ac67731991f374b8e194eb6542ac24
        Validity
            Not Before: Jan  1 05:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33a91dd8e655c1b2ecce77e44e9afd3fdb6f73d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:95:1a:61:43:6b:97:a0:68:af:90:2b:3d:75:
                    d7:2a:b0:7b:a3:00:5a:15:0b:e4:46:01:1d:fd:cb:
                    32:57:75:e2:4f:03:6f:e9:0d:f3:c6:14:92:1c:6e:
                    df:c8:ba:5a:f2:38:f3:d7:9e:a4:a5:4f:77:5d:37:
                    cd:84:da:9d:94:29:eb:9a:e0:de:d8:ec:22:57:0f:
                    2d:f7:f7:29:33:38:c3:66:15:bc:7d:d0:8c:d4:42:
                    4c:4e:0f:a6:c2:3b:c8:29:d0:78:c9:b5:d5:38:79:
                    9d:2f:86:75:d6:e0:bf:2b:87:a7:d9:31:1a:a5:33:
                    84:4d:36:c2:fe:ac:e5:a3:00:31:ba:74:86:a6:38:
                    45:4b:35:9c:d3:49:e5:d9:9a:5b:43:77:d1:b5:57:
                    0c:ae:58:39:a9:56:e2:3e:51:d9:06:aa:fe:9f:2b:
                    da:a3:c2:8b:82:a1:6b:9e:85:3c:ba:92:4c:b0:20:
                    84:01:27:78:be:61:71:ca:86:c1:7a:e7:2a:be:cb:
                    30:54:8f:b5:4f:a0:8d:04:f7:fd:c3:c8:51:11:ff:
                    e3:ef:35:43:28:0c:d2:e5:71:0f:94:8c:b6:c9:80:
                    ef:c6:3d:41:81:2b:d2:27:ad:26:3c:e3:85:d6:27:
                    b4:73:dd:99:1c:d6:38:dd:0e:7f:2a:53:c4:45:7d:
                    ec:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:A9:1D:D8:E6:55:C1:B2:EC:CE:77:E4:4E:9A:FD:3F:DB:6F:73:D5
            X509v3 Authority Key Identifier:
                keyid:16:F9:F9:28:B0:AC:67:73:19:91:F3:74:B8:E1:94:EB:65:42:AC:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fvn5KLCsZ3MZkfN0uOGU62VCrCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d5c042-5b4d-4b10-bc76-42eaabbfbfd2/1/M6kd2OZVwbLsznfkTpr9P9tvc9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d5c042-5b4d-4b10-bc76-42eaabbfbfd2/1/Fvn5KLCsZ3MZkfN0uOGU62VCrCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:25:4a:85:bf:4d:ae:40:dd:e1:ef:63:32:66:f5:b6:c9:01:
         76:ee:e1:1e:91:29:f5:21:3f:4e:ae:2c:d5:3c:a4:83:30:ea:
         a2:24:f0:1e:b2:ee:fd:80:e4:98:1b:ba:ba:dc:f9:a3:b1:b1:
         2c:00:c5:f3:a7:99:10:2e:11:9d:b6:78:bc:e4:e9:e1:f4:48:
         e9:88:3f:9f:46:e6:77:94:3a:8d:c8:ab:ca:04:bf:ed:e2:2b:
         ed:75:14:3d:b7:d6:94:57:67:47:2c:0d:38:c0:07:fb:31:a4:
         56:b0:41:b9:8b:87:54:7a:e6:ec:6c:48:64:af:13:3b:df:fe:
         12:e1:7b:e6:59:29:5b:d4:63:8a:11:fb:cc:d9:ff:4d:0a:86:
         c1:a6:6a:e5:09:21:44:63:d3:09:0c:27:30:66:77:bb:f7:49:
         43:d0:3b:03:e0:c7:ee:cf:0f:22:5a:38:ea:87:1b:21:7b:ab:
         3a:58:8e:48:a5:fe:5c:82:c2:c7:88:71:c2:d0:85:c0:65:48:
         a3:fa:da:d5:f6:17:23:0c:1b:7a:2e:5d:d6:3b:a2:c8:86:c3:
         c5:35:e5:59:cb:5c:d2:82:9b:25:da:d1:91:18:07:95:40:84:
         bd:12:42:e6:66:37:ee:82:36:3c:96:c0:fa:cc:8b:77:83:25:
         6a:a6:8a:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaBj68N+hS0RSJ9HlYhVfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2ZjlmOTI4YjBhYzY3NzMxOTkxZjM3NGI4ZTE5NGViNjU0
MmFjMjQwHhcNMjUwMTAxMDU0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2E5MWRkOGU2NTVjMWIyZWNjZTc3ZTQ0ZTlhZmQzZmRiNmY3M2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspUaYUNrl6Bor5ArPXXXKrB7owBa
FQvkRgEd/csyV3XiTwNv6Q3zxhSSHG7fyLpa8jjz156kpU93XTfNhNqdlCnrmuDe
2OwiVw8t9/cpMzjDZhW8fdCM1EJMTg+mwjvIKdB4ybXVOHmdL4Z11uC/K4en2TEa
pTOETTbC/qzlowAxunSGpjhFSzWc00nl2ZpbQ3fRtVcMrlg5qVbiPlHZBqr+nyva
o8KLgqFrnoU8upJMsCCEASd4vmFxyobBeucqvsswVI+1T6CNBPf9w8hREf/j7zVD
KAzS5XEPlIy2yYDvxj1BgSvSJ60mPOOF1ie0c92ZHNY43Q5/KlPERX3scQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDOpHdjmVcGy7M535E6a/T/bb3PVMB8GA1UdIwQY
MBaAFBb5+SiwrGdzGZHzdLjhlOtlQqwkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnZuNUtMQ3NaM01aa2ZOMHVPR1U2MlZDckNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9kNWMwNDItNWI0ZC00YjEwLWJjNzYt
NDJlYWFiYmZiZmQyLzEvTTZrZDJPWlZ3Ykxzem5ma1RwcjlQOXR2YzlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9kNWMwNDItNWI0ZC00YjEwLWJjNzYtNDJlYWFiYmZiZmQy
LzEvRnZuNUtMQ3NaM01aa2ZOMHVPR1U2MlZDckNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQjoMA0G
CSqGSIb3DQEBCwUAA4IBAQBBJUqFv02uQN3h72MyZvW2yQF27uEekSn1IT9OrizV
PKSDMOqiJPAesu79gOSYG7q63PmjsbEsAMXzp5kQLhGdtni85Onh9EjpiD+fRuZ3
lDqNyKvKBL/t4ivtdRQ9t9aUV2dHLA04wAf7MaRWsEG5i4dUeubsbEhkrxM73/4S
4XvmWSlb1GOKEfvM2f9NCobBpmrlCSFEY9MJDCcwZne790lD0DsD4Mfuzw8iWjjq
hxshe6s6WI5Ipf5cgsLHiHHC0IXAZUij+trV9hcjDBt6Ll3WO6LIhsPFNeVZy1zS
gpsl2tGRGAeVQIS9EkLmZjfugjY8lsD6zIt3gyVqpooz
-----END CERTIFICATE-----