Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/xWNsCw4Wm17UDjnUmJUpC1lzZ3Q.roa
File:                     xWNsCw4Wm17UDjnUmJUpC1lzZ3Q.roa (raw, json)
Hash identifier:          NIpf4SimRF3YYu1N0AO553A+ccCpp95SQAsoP+cL9IM=
Subject key identifier:   C5:63:6C:0B:0E:16:9B:5E:D4:0E:39:D4:98:95:29:0B:59:73:67:74
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       019664B4760ACDD5F1BEA0C7A4011F1A3588
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/xWNsCw4Wm17UDjnUmJUpC1lzZ3Q.roa
Signing time:             Wed 23 Apr 2025 22:11:10 +0000
ROA not before:           Wed 23 Apr 2025 22:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        45.11.188.0/24 maxlen: 24
                          185.83.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:64:b4:76:0a:cd:d5:f1:be:a0:c7:a4:01:1f:1a:35:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Apr 23 22:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5636c0b0e169b5ed40e39d49895290b59736774
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:de:65:1c:71:93:c9:fb:e9:2d:0c:ac:a8:1c:
                    b9:f0:06:2e:2d:80:9b:12:be:ff:03:5b:e1:2e:b1:
                    dd:d2:b1:13:e0:1b:cc:0d:b2:f1:97:05:27:91:1e:
                    6a:25:45:a0:9c:a7:76:67:ee:13:59:d8:2f:d2:56:
                    7c:28:89:a3:9e:df:f9:ef:c1:c9:ba:33:0b:68:74:
                    3d:f1:03:bf:b2:48:09:53:09:e7:e7:3c:20:8d:5e:
                    39:31:bb:3d:f5:63:dd:bf:f1:03:51:bd:be:02:5a:
                    3d:e4:ad:ea:d0:cb:f1:59:1a:06:11:17:16:45:e1:
                    e1:57:b2:4e:11:8a:53:e6:4d:1d:6c:dd:4e:ca:60:
                    22:56:f1:c8:0e:9e:75:4a:e9:77:f0:0b:5f:32:c8:
                    04:11:a4:cb:be:9c:7e:82:09:95:4a:e4:d9:8b:3d:
                    a8:da:3d:61:4c:aa:04:1f:72:de:94:39:90:10:e5:
                    bf:53:62:e7:45:a2:aa:4c:09:33:17:ee:73:b8:2b:
                    c3:d7:de:fe:1e:ad:71:44:77:be:89:52:1b:68:a8:
                    31:94:03:2e:f3:9e:ed:6e:20:ac:b1:7e:22:3b:d7:
                    22:6e:3d:b4:b2:05:6e:1c:ce:4b:43:d6:13:79:60:
                    c1:2d:ff:5d:1b:a5:7b:44:a1:21:55:2c:03:56:e6:
                    8c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:63:6C:0B:0E:16:9B:5E:D4:0E:39:D4:98:95:29:0B:59:73:67:74
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/xWNsCw4Wm17UDjnUmJUpC1lzZ3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.188.0/24
                  185.83.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:75:69:76:b6:f8:04:87:90:f3:e8:ec:72:33:fc:a1:7f:5f:
         44:a8:b9:dc:4d:02:26:1d:fd:8f:7c:d4:40:ad:d3:3f:a6:47:
         56:1b:13:40:c0:3b:80:d6:2e:e2:76:56:74:12:49:f4:fb:c3:
         07:6d:ee:b9:85:95:d5:a6:3d:de:ac:f3:0e:73:8c:f7:0e:7c:
         0a:0d:6c:f5:eb:e8:ea:7f:74:10:6f:15:0b:ab:dc:60:f6:88:
         3e:7a:02:40:dd:43:0f:97:9c:41:0e:0f:84:00:29:98:06:db:
         2f:29:b4:8e:8f:75:a0:56:9c:d9:52:45:ca:31:7e:30:ea:b3:
         b7:e6:56:c1:95:36:17:f3:c8:b9:f4:26:1e:d0:33:82:9e:7f:
         52:64:5c:78:2d:c9:3e:80:56:46:95:cb:c0:33:ea:07:d7:11:
         85:01:e5:19:0f:af:4a:cb:05:6b:47:6e:ab:f8:d4:58:61:9e:
         79:48:43:8d:44:dc:f5:5c:3c:a8:bc:7a:9e:c2:07:e5:40:51:
         2f:3e:3d:76:c7:50:88:46:53:25:87:87:d0:53:2a:8a:8a:84:
         0f:72:e6:81:a6:79:48:47:22:2a:a7:7e:2e:7b:ee:8c:62:49:
         69:52:f3:df:7c:80:4f:03:c2:f3:cf:88:87:b2:13:7b:ba:da:
         29:69:3e:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZktHYKzdXxvqDHpAEfGjWIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwNDIzMjIxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTYzNmMwYjBlMTY5YjVlZDQwZTM5ZDQ5ODk1MjkwYjU5NzM2Nzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnd5lHHGTyfvpLQysqBy58AYuLYCb
Er7/A1vhLrHd0rET4BvMDbLxlwUnkR5qJUWgnKd2Z+4TWdgv0lZ8KImjnt/578HJ
ujMLaHQ98QO/skgJUwnn5zwgjV45Mbs99WPdv/EDUb2+Alo95K3q0MvxWRoGERcW
ReHhV7JOEYpT5k0dbN1OymAiVvHIDp51Sul38AtfMsgEEaTLvpx+ggmVSuTZiz2o
2j1hTKoEH3LelDmQEOW/U2LnRaKqTAkzF+5zuCvD197+Hq1xRHe+iVIbaKgxlAMu
857tbiCssX4iO9cibj20sgVuHM5LQ9YTeWDBLf9dG6V7RKEhVSwDVuaMcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMVjbAsOFpte1A451JiVKQtZc2d0MB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEveFdOc0N3NFdtMTdVRGpuVW1KVXBDMWx6WjNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQu8AwQA
uVPLMA0GCSqGSIb3DQEBCwUAA4IBAQCAdWl2tvgEh5Dz6OxyM/yhf19EqLncTQIm
Hf2PfNRArdM/pkdWGxNAwDuA1i7idlZ0Ekn0+8MHbe65hZXVpj3erPMOc4z3DnwK
DWz16+jqf3QQbxULq9xg9og+egJA3UMPl5xBDg+EACmYBtsvKbSOj3WgVpzZUkXK
MX4w6rO35lbBlTYX88i59CYe0DOCnn9SZFx4Lck+gFZGlcvAM+oH1xGFAeUZD69K
ywVrR26r+NRYYZ55SEONRNz1XDyovHqewgflQFEvPj12x1CIRlMlh4fQUyqKioQP
cuaBpnlIRyIqp34ue+6MYklpUvPffIBPA8Lzz4iHshN7utopaT6T
-----END CERTIFICATE-----