Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/B45XvbozhNWjXkQPI-m-mjKZzQY.roa
File:                     B45XvbozhNWjXkQPI-m-mjKZzQY.roa (raw, json)
Hash identifier:          De0OPO+1rvRKuUyNflE2BB3lX6yIPfgqlTtFfQgcSF4=
Subject key identifier:   07:8E:57:BD:BA:33:84:D5:A3:5E:44:0F:23:E9:BE:9A:32:99:CD:06
Certificate issuer:       /CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
Certificate serial:       01942521ED5AA267DB6936D12343CA054904
Authority key identifier: 4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/B45XvbozhNWjXkQPI-m-mjKZzQY.roa
Signing time:             Thu 02 Jan 2025 03:49:27 +0000
ROA not before:           Thu 02 Jan 2025 03:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        185.141.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ed:5a:a2:67:db:69:36:d1:23:43:ca:05:49:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
        Validity
            Not Before: Jan  2 03:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=078e57bdba3384d5a35e440f23e9be9a3299cd06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:1d:7a:09:08:e6:85:a0:69:d2:de:66:c6:72:
                    2e:02:fa:24:38:33:ce:fc:5e:58:53:6d:05:69:b4:
                    47:e5:1a:48:40:00:09:39:59:e0:57:ff:37:e3:f5:
                    01:73:6f:ed:61:d0:5a:8f:47:aa:71:1c:aa:3e:6c:
                    b5:4a:8d:dd:db:77:ed:e0:55:1c:df:f8:67:a2:70:
                    81:c1:ca:77:a6:02:f8:e8:f4:9d:3e:7c:db:63:85:
                    c0:c1:4a:f5:6b:5f:1e:ab:5c:22:ae:85:fd:0c:c8:
                    ac:7e:e1:9e:27:17:e0:c7:d8:99:e2:c5:e7:93:18:
                    20:b0:5f:a4:e7:03:24:b2:74:ab:26:36:91:cd:b2:
                    60:99:2a:5c:26:bd:0f:be:90:ca:a9:01:32:67:6c:
                    8c:86:3b:53:8c:b5:49:30:c9:e5:9e:f7:4c:5b:91:
                    62:26:43:64:f6:9f:83:e6:ea:46:1b:5e:c6:67:33:
                    d6:0c:ae:df:a6:cb:75:77:61:3f:5c:37:1c:b5:80:
                    c2:d0:82:3a:ad:fb:6f:a8:72:e3:8d:b7:ef:36:b2:
                    aa:13:df:26:32:5d:41:fa:6b:79:db:b2:ff:9f:92:
                    07:93:33:b6:ae:a5:f7:64:8f:9c:15:54:f0:95:38:
                    23:d3:a9:c4:7f:f0:03:45:60:ff:25:e6:a0:14:53:
                    4a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:8E:57:BD:BA:33:84:D5:A3:5E:44:0F:23:E9:BE:9A:32:99:CD:06
            X509v3 Authority Key Identifier:
                keyid:4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/B45XvbozhNWjXkQPI-m-mjKZzQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:23:ae:85:06:f8:3a:01:cc:d7:36:ab:19:96:9b:62:e2:df:
         d2:ae:52:1a:f6:3c:b2:79:95:70:e0:d2:eb:37:a5:ae:d9:c0:
         33:16:d0:64:de:9d:6d:93:f9:9d:ae:5e:5f:4e:07:76:64:07:
         b1:31:e7:2c:cc:c5:55:dd:83:ba:1e:2b:c3:63:06:46:15:30:
         20:8b:4b:27:84:5b:d3:93:dc:03:97:2d:3f:6a:30:0f:f5:e5:
         69:a5:15:63:cc:60:51:56:07:59:40:89:40:62:4b:75:51:69:
         d9:21:a8:6a:4d:d1:b3:12:ab:12:2a:63:6f:49:e7:a4:46:ff:
         a9:05:ea:c0:74:fb:ac:6d:e5:b0:8e:f1:ef:34:c9:c2:05:7a:
         b0:d6:07:93:c1:2b:87:2e:d4:67:36:11:fa:32:d3:2c:1e:09:
         9e:30:32:9a:d1:a0:2d:11:17:e8:e6:08:95:16:5b:a3:2a:5f:
         22:e9:96:c9:80:95:65:f3:58:48:4e:02:2b:b7:1c:01:1f:42:
         10:e3:e6:9b:00:2e:c1:71:0a:77:91:fb:13:4b:50:e0:b6:88:
         16:e8:b4:34:2e:e7:d3:47:76:c8:10:2f:4e:d5:d0:0d:05:7e:
         f3:68:d0:29:7e:59:ef:14:95:42:43:10:b6:a8:02:3d:c1:4c:
         44:0b:5b:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIe1aomfbaTbRI0PKBUkEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYjJiYjdiYWQ1MGYxOTIxODEwYTAyOGU3OGVkZDY1Zjgx
ZjZhN2QwHhcNMjUwMTAyMDM0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzhlNTdiZGJhMzM4NGQ1YTM1ZTQ0MGYyM2U5YmU5YTMyOTljZDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhx16CQjmhaBp0t5mxnIuAvokODPO
/F5YU20FabRH5RpIQAAJOVngV/834/UBc2/tYdBaj0eqcRyqPmy1So3d23ft4FUc
3/hnonCBwcp3pgL46PSdPnzbY4XAwUr1a18eq1wiroX9DMisfuGeJxfgx9iZ4sXn
kxggsF+k5wMksnSrJjaRzbJgmSpcJr0PvpDKqQEyZ2yMhjtTjLVJMMnlnvdMW5Fi
JkNk9p+D5upGG17GZzPWDK7fpst1d2E/XDcctYDC0II6rftvqHLjjbfvNrKqE98m
Ml1B+mt527L/n5IHkzO2rqX3ZI+cFVTwlTgj06nEf/ADRWD/JeagFFNKsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAeOV726M4TVo15EDyPpvpoymc0GMB8GA1UdIwQY
MBaAFE+yu3utUPGSGBCgKOeO3WX4H2p9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYt
MjdmYmM5OWVhM2M2LzEvQjQ1WHZib3poTldqWGtRUEktbS1taktaelFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYtMjdmYmM5OWVhM2M2
LzEvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY10MA0G
CSqGSIb3DQEBCwUAA4IBAQB2I66FBvg6AczXNqsZlpti4t/SrlIa9jyyeZVw4NLr
N6Wu2cAzFtBk3p1tk/mdrl5fTgd2ZAexMecszMVV3YO6HivDYwZGFTAgi0snhFvT
k9wDly0/ajAP9eVppRVjzGBRVgdZQIlAYkt1UWnZIahqTdGzEqsSKmNvSeekRv+p
BerAdPusbeWwjvHvNMnCBXqw1geTwSuHLtRnNhH6MtMsHgmeMDKa0aAtERfo5giV
FlujKl8i6ZbJgJVl81hITgIrtxwBH0IQ4+abAC7BcQp3kfsTS1DgtogW6LQ0LufT
R3bIEC9O1dANBX7zaNApflnvFJVCQxC2qAI9wUxEC1v4
-----END CERTIFICATE-----