Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/XJPUj_synwIHQp7bRuj9018K67k.roa
File:                     XJPUj_synwIHQp7bRuj9018K67k.roa (raw, json)
Hash identifier:          nLvY6PY+U32R2cW/5HWGZNjEV3iPA1E/ctSR2ZD+DlI=
Subject key identifier:   5C:93:D4:8F:FB:32:9F:02:07:42:9E:DB:46:E8:FD:D3:5F:0A:EB:B9
Certificate issuer:       /CN=a1d71853324eb060fbafc988233860499c96c53a
Certificate serial:       0197376E317CC1A17DBA8299DB241D2F118D
Authority key identifier: A1:D7:18:53:32:4E:B0:60:FB:AF:C9:88:23:38:60:49:9C:96:C5:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/XJPUj_synwIHQp7bRuj9018K67k.roa
Signing time:             Tue 03 Jun 2025 20:14:17 +0000
ROA not before:           Tue 03 Jun 2025 20:14:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        45.148.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 02:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:37:6e:31:7c:c1:a1:7d:ba:82:99:db:24:1d:2f:11:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1d71853324eb060fbafc988233860499c96c53a
        Validity
            Not Before: Jun  3 20:14:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c93d48ffb329f0207429edb46e8fdd35f0aebb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:49:cd:8d:13:fb:af:21:6b:0c:37:6c:86:03:
                    9d:ba:49:aa:23:86:b9:a5:fc:ab:a4:00:14:31:2f:
                    59:67:62:73:84:20:d0:1c:89:ac:2e:47:d2:5f:d3:
                    71:48:65:b0:30:b7:93:c6:22:fa:b8:50:35:3f:94:
                    7c:5f:6c:5e:a3:85:c9:8b:22:93:93:e3:52:dd:06:
                    80:f4:9c:32:7f:b7:30:fc:ec:24:b4:27:0d:38:a4:
                    e8:02:b7:94:c2:8f:ca:97:b2:d2:5a:55:93:58:57:
                    5e:66:d3:c6:40:6a:a1:f5:4e:27:8a:14:64:f2:d7:
                    96:ad:6d:75:4a:04:37:60:77:a8:57:db:2b:ef:99:
                    a7:35:65:02:3c:c4:52:a5:f5:7c:58:c7:58:af:67:
                    14:51:8d:94:b0:71:3d:c3:53:72:d1:78:1b:0d:98:
                    80:f7:db:4d:78:a4:2b:5f:45:ff:e9:e3:74:5f:f6:
                    ac:96:6a:1b:99:b9:ad:fc:55:56:cc:a7:91:ee:8c:
                    bb:e7:4a:20:bd:68:ab:ba:05:ed:39:4c:37:ac:a9:
                    84:63:8c:71:7e:90:4d:ff:b9:4e:42:0d:8a:3d:a9:
                    c4:ff:e1:36:bc:fb:2b:82:fa:bb:94:c2:2d:61:6d:
                    e7:df:44:da:bc:f8:ee:a6:96:0d:2c:e6:55:fa:9f:
                    30:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:93:D4:8F:FB:32:9F:02:07:42:9E:DB:46:E8:FD:D3:5F:0A:EB:B9
            X509v3 Authority Key Identifier:
                keyid:A1:D7:18:53:32:4E:B0:60:FB:AF:C9:88:23:38:60:49:9C:96:C5:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/XJPUj_synwIHQp7bRuj9018K67k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:6e:7b:d9:ae:e1:99:93:de:27:c1:5c:73:47:9b:5d:46:44:
         e8:24:a3:24:a6:96:9f:42:8a:99:a9:c3:50:8c:04:70:f2:f8:
         cc:f8:2a:58:90:4a:54:df:13:c9:6c:b9:1f:58:8e:29:a0:a0:
         0c:de:3c:48:f6:22:16:bf:b2:96:5b:fe:34:94:c2:3b:bc:a6:
         93:88:19:e1:01:4e:dd:5f:79:b2:fe:39:91:da:ee:ff:cf:03:
         04:5d:27:77:98:0f:22:b4:12:1f:03:a7:a8:9f:0b:3b:95:2f:
         3e:89:d1:9f:3e:e9:f8:10:1b:65:0a:d9:4d:4b:6e:66:83:0f:
         1a:6d:16:ad:d7:da:88:d2:cd:7d:6b:33:a3:95:e5:6b:0e:96:
         8c:7a:42:88:a8:69:ce:ba:8d:fc:36:d1:53:7a:34:e2:a6:04:
         82:0e:2d:c7:ae:0f:a3:9f:5a:e7:46:71:55:82:59:b2:04:8a:
         d7:53:dc:c4:19:40:76:2f:1c:35:3f:c1:b2:94:8c:13:2a:2c:
         80:11:1d:4c:8d:2e:5e:5c:4f:72:ce:8c:40:94:86:9b:ce:39:
         48:d0:21:1a:bb:1c:16:fb:2a:79:d7:55:fb:62:2a:55:9e:8e:
         12:83:f1:61:42:21:00:83:2a:06:8e:d5:ab:a0:c5:17:b9:05:
         48:dd:01:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc3bjF8waF9uoKZ2yQdLxGNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZDcxODUzMzI0ZWIwNjBmYmFmYzk4ODIzMzg2MDQ5OWM5
NmM1M2EwHhcNMjUwNjAzMjAxNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzkzZDQ4ZmZiMzI5ZjAyMDc0MjllZGI0NmU4ZmRkMzVmMGFlYmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnknNjRP7ryFrDDdshgOdukmqI4a5
pfyrpAAUMS9ZZ2JzhCDQHImsLkfSX9NxSGWwMLeTxiL6uFA1P5R8X2xeo4XJiyKT
k+NS3QaA9Jwyf7cw/OwktCcNOKToAreUwo/Kl7LSWlWTWFdeZtPGQGqh9U4nihRk
8teWrW11SgQ3YHeoV9sr75mnNWUCPMRSpfV8WMdYr2cUUY2UsHE9w1Ny0XgbDZiA
99tNeKQrX0X/6eN0X/aslmobmbmt/FVWzKeR7oy750ogvWirugXtOUw3rKmEY4xx
fpBN/7lOQg2KPanE/+E2vPsrgvq7lMItYW3n30TavPjuppYNLOZV+p8wrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyT1I/7Mp8CB0Ke20bo/dNfCuu5MB8GA1UdIwQY
MBaAFKHXGFMyTrBg+6/JiCM4YEmclsU6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2RjWVV6Sk9zR0Q3cjhtSUl6aGdTWnlXeFRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy83NjU2ZGItOTRhNS00NWJlLTk0MzUt
NzA2MTM1NmJlZjFiLzEvWEpQVWpfc3lud0lIUXA3YlJ1ajkwMThLNjdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy83NjU2ZGItOTRhNS00NWJlLTk0MzUtNzA2MTM1NmJlZjFi
LzEvb2RjWVV6Sk9zR0Q3cjhtSUl6aGdTWnlXeFRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZSHMA0G
CSqGSIb3DQEBCwUAA4IBAQB2bnvZruGZk94nwVxzR5tdRkToJKMkppafQoqZqcNQ
jARw8vjM+CpYkEpU3xPJbLkfWI4poKAM3jxI9iIWv7KWW/40lMI7vKaTiBnhAU7d
X3my/jmR2u7/zwMEXSd3mA8itBIfA6eonws7lS8+idGfPun4EBtlCtlNS25mgw8a
bRat19qI0s19azOjleVrDpaMekKIqGnOuo38NtFTejTipgSCDi3Hrg+jn1rnRnFV
glmyBIrXU9zEGUB2Lxw1P8GylIwTKiyAER1MjS5eXE9yzoxAlIabzjlI0CEauxwW
+yp511X7YipVno4Sg/FhQiEAgyoGjtWroMUXuQVI3QFr
-----END CERTIFICATE-----