Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/t-nVwMrqHHxrE1ark94Yjjtte-Q.roa
File:                     t-nVwMrqHHxrE1ark94Yjjtte-Q.roa (raw, json)
Hash identifier:          LPqKL8VE/r4l01BQV0rr2GgmF/BaUOTIrC3hVfr4ek8=
Subject key identifier:   B7:E9:D5:C0:CA:EA:1C:7C:6B:13:56:AB:93:DE:18:8E:3B:6D:7B:E4
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       01964D31C91D8FEECAB6EECBDD6F442A2E22
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/t-nVwMrqHHxrE1ark94Yjjtte-Q.roa
Signing time:             Sat 19 Apr 2025 08:37:10 +0000
ROA not before:           Sat 19 Apr 2025 08:37:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216221
IP address blocks:        45.154.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:4d:31:c9:1d:8f:ee:ca:b6:ee:cb:dd:6f:44:2a:2e:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Apr 19 08:37:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7e9d5c0caea1c7c6b1356ab93de188e3b6d7be4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:52:2c:10:b0:b1:44:e7:f9:bd:68:e5:3f:56:
                    32:ed:3d:2e:9c:85:ee:ba:88:e8:5c:e2:7b:a1:32:
                    5b:85:3e:a7:8a:94:ca:d0:5b:9d:4c:40:6b:72:d4:
                    81:bd:dc:5e:4a:92:71:4f:d4:6a:cb:78:14:d5:55:
                    21:40:6b:10:8f:6f:ed:9f:bc:eb:e5:53:f1:29:19:
                    ad:a1:90:7d:94:9e:f3:66:f9:32:a8:36:1f:3e:e4:
                    b6:e1:f2:5a:26:da:67:cc:91:4e:d7:56:44:f7:36:
                    da:3b:3b:b6:0a:55:93:28:72:05:6c:55:63:1c:b7:
                    94:8a:cd:5e:f3:86:fd:8f:f3:e9:57:52:6a:6c:4a:
                    d7:58:d9:34:8b:67:28:c2:47:80:04:ee:8f:3e:dd:
                    3f:ee:20:b9:79:5b:a1:66:f4:d9:ce:25:b4:e5:b1:
                    06:cb:1a:1b:08:1d:2e:3e:7d:64:48:54:d8:31:2b:
                    f7:c8:27:38:fb:86:35:d8:0a:15:13:80:b6:5e:69:
                    50:a1:8f:2b:6a:04:bc:35:d3:9a:96:c1:3d:e6:94:
                    86:61:06:20:ce:34:e8:c2:82:9e:4e:06:2e:8a:9a:
                    2d:93:79:56:30:02:a4:79:1f:d6:16:07:42:f1:69:
                    25:c6:6b:b6:72:5f:1b:d3:c5:16:a5:d2:4a:0a:19:
                    dc:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:E9:D5:C0:CA:EA:1C:7C:6B:13:56:AB:93:DE:18:8E:3B:6D:7B:E4
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/t-nVwMrqHHxrE1ark94Yjjtte-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:21:87:cf:7b:91:e4:34:32:77:ba:3f:85:6e:19:50:a9:7d:
         00:5f:8e:c5:ea:8a:75:e5:e8:d0:96:63:5d:a7:5f:b1:52:4e:
         67:65:cd:a5:c1:d3:14:66:94:be:56:66:85:82:f9:16:c9:35:
         04:7a:b7:0d:9d:bd:43:48:1c:c0:ed:eb:4a:00:5f:98:da:c3:
         25:a4:4a:d6:71:ca:c6:fa:f3:5e:56:3b:a7:ad:7d:b8:5f:88:
         34:ec:42:be:9d:cc:2a:bf:dc:fa:d8:e3:07:d6:83:9a:f2:b6:
         78:7a:e4:ee:bb:74:73:3d:0c:75:13:8b:06:74:08:38:5c:d0:
         e4:29:f6:3d:9c:d7:ad:d3:d7:48:6d:ae:e3:b1:dd:a0:ee:ad:
         5b:b9:1e:14:69:26:3d:88:1e:dd:11:fb:44:b0:e1:4b:28:40:
         ac:c1:cc:66:95:2b:1e:ca:50:58:ae:83:dd:2e:df:5f:87:1c:
         f5:14:28:cf:7b:a3:2d:df:75:dd:0d:90:13:3e:d2:e6:f8:c7:
         5b:be:09:72:e5:52:71:7b:96:09:64:04:e8:4e:55:f6:9a:87:
         cc:d9:db:d3:55:4d:af:3a:f3:36:7c:00:fb:ec:06:9c:31:54:
         41:d0:d0:85:5b:40:6d:37:d9:46:c0:57:57:cb:fc:33:65:79:
         cf:7a:8b:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZNMckdj+7Ktu7L3W9EKi4iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwNDE5MDgzNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2U5ZDVjMGNhZWExYzdjNmIxMzU2YWI5M2RlMTg4ZTNiNmQ3YmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1FIsELCxROf5vWjlP1Yy7T0unIXu
uojoXOJ7oTJbhT6nipTK0FudTEBrctSBvdxeSpJxT9Rqy3gU1VUhQGsQj2/tn7zr
5VPxKRmtoZB9lJ7zZvkyqDYfPuS24fJaJtpnzJFO11ZE9zbaOzu2ClWTKHIFbFVj
HLeUis1e84b9j/PpV1JqbErXWNk0i2cowkeABO6PPt0/7iC5eVuhZvTZziW05bEG
yxobCB0uPn1kSFTYMSv3yCc4+4Y12AoVE4C2XmlQoY8ragS8NdOalsE95pSGYQYg
zjTowoKeTgYuipotk3lWMAKkeR/WFgdC8Wklxmu2cl8b08UWpdJKChnclwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfp1cDK6hx8axNWq5PeGI47bXvkMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvdC1uVndNcnFISHhyRTFhcms5NFlqanR0ZS1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZqdMA0G
CSqGSIb3DQEBCwUAA4IBAQAxIYfPe5HkNDJ3uj+FbhlQqX0AX47F6op15ejQlmNd
p1+xUk5nZc2lwdMUZpS+VmaFgvkWyTUEercNnb1DSBzA7etKAF+Y2sMlpErWccrG
+vNeVjunrX24X4g07EK+ncwqv9z62OMH1oOa8rZ4euTuu3RzPQx1E4sGdAg4XNDk
KfY9nNet09dIba7jsd2g7q1buR4UaSY9iB7dEftEsOFLKECswcxmlSseylBYroPd
Lt9fhxz1FCjPe6Mt33XdDZATPtLm+Mdbvgly5VJxe5YJZAToTlX2mofM2dvTVU2v
OvM2fAD77AacMVRB0NCFW0BtN9lGwFdXy/wzZXnPeouL
-----END CERTIFICATE-----