Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/DxQo9woLXeabrOTMdWKdmE79g6E.roa
File:                     DxQo9woLXeabrOTMdWKdmE79g6E.roa (raw, json)
Hash identifier:          L7s/bsG2AYPSeoCt18lu0VaXIusr29U08eqlb4+V114=
Subject key identifier:   0F:14:28:F7:0A:0B:5D:E6:9B:AC:E4:CC:75:62:9D:98:4E:FD:83:A1
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       0197558485BB5FED95CCAE646C22705B3C14
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/DxQo9woLXeabrOTMdWKdmE79g6E.roa
Signing time:             Mon 09 Jun 2025 16:27:17 +0000
ROA not before:           Mon 09 Jun 2025 16:27:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.145.152.0/24 maxlen: 24
                          45.145.154.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:55:84:85:bb:5f:ed:95:cc:ae:64:6c:22:70:5b:3c:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jun  9 16:27:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f1428f70a0b5de69bace4cc75629d984efd83a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:12:94:5d:2a:0e:2a:94:1e:b9:6d:03:7f:b0:
                    c0:56:96:b5:41:4d:f6:ee:1c:d3:1b:52:7c:3e:1c:
                    30:d9:9e:35:ea:3f:19:51:79:1d:0f:11:7f:22:7b:
                    8e:b7:9f:40:29:37:da:f4:d0:b4:84:56:19:41:48:
                    ac:06:a3:89:f9:29:56:23:09:74:17:a8:ae:30:ce:
                    69:a0:63:28:15:37:bb:e8:a0:5e:22:b4:5b:63:72:
                    ed:cd:23:2d:47:73:e3:1b:49:b2:9d:0b:5f:b2:c4:
                    aa:77:2b:ad:6b:fb:07:55:68:7c:1c:0d:4f:6e:55:
                    cb:b7:94:3b:ae:45:6f:12:5a:92:c6:c4:7b:22:d9:
                    cb:f6:db:76:36:3a:56:d5:21:79:43:8d:a9:c8:e2:
                    79:a2:d1:54:db:42:f0:75:fa:8c:e6:63:26:76:a0:
                    00:77:cf:19:49:66:cd:f0:62:cb:50:e3:4d:8d:b6:
                    7e:f7:2c:86:9a:7d:b2:21:61:3a:c7:67:33:96:0e:
                    73:d6:27:ed:31:ab:6a:8c:3b:c0:a1:0c:00:b7:9e:
                    f0:cd:c0:a3:18:63:96:da:8c:e4:c9:84:ca:18:7b:
                    36:d7:02:91:2e:37:d1:ac:ce:c2:4d:56:09:9f:8d:
                    e2:88:7f:a2:75:d7:79:53:c5:6e:61:90:c8:d3:8a:
                    55:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:14:28:F7:0A:0B:5D:E6:9B:AC:E4:CC:75:62:9D:98:4E:FD:83:A1
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/DxQo9woLXeabrOTMdWKdmE79g6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.152.0/24
                  45.145.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:e2:3f:e2:86:77:84:cd:d8:b3:ec:7b:6c:ed:29:a6:d9:05:
         a1:fd:3c:d6:6c:93:50:ae:ff:3e:fc:7e:84:ea:4d:32:ea:23:
         f3:cf:27:fc:4d:5f:46:eb:71:0c:a6:cb:89:b1:3b:64:ef:d4:
         3a:89:50:b2:2b:df:e7:5f:56:1c:54:49:db:0b:80:be:61:e9:
         98:59:51:2a:21:ea:4d:d4:18:20:ee:99:04:43:97:02:48:8f:
         68:9e:db:79:66:ab:2f:d8:54:6b:b4:43:2c:03:79:c4:11:83:
         30:27:34:8c:49:a7:ac:2b:27:35:9d:0c:3a:16:97:bb:2b:e7:
         b3:f7:ef:2b:3a:39:1a:ab:f4:ca:fa:17:ea:12:a9:21:91:d9:
         47:6e:2b:56:b8:09:d3:c9:77:6d:0d:75:8b:73:08:64:b6:76:
         80:97:fa:b2:e7:d2:91:1f:fd:b4:31:c7:8d:34:56:fb:be:8f:
         7c:df:ff:65:ef:56:bd:53:03:30:15:ea:b6:2a:0b:d3:8b:82:
         28:2a:30:79:e3:5e:45:64:c6:dd:f4:5a:14:31:8d:d0:6d:a5:
         35:c3:36:1f:d0:04:ac:4f:52:80:36:62:71:02:98:53:fc:be:
         75:98:3c:78:06:93:b3:00:b1:f9:c5:a8:01:ba:14:90:79:39:
         20:33:74:ae
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdVhIW7X+2VzK5kbCJwWzwUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjUwNjA5MTYyNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjE0MjhmNzBhMGI1ZGU2OWJhY2U0Y2M3NTYyOWQ5ODRlZmQ4M2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBKUXSoOKpQeuW0Df7DAVpa1QU32
7hzTG1J8Phww2Z416j8ZUXkdDxF/InuOt59AKTfa9NC0hFYZQUisBqOJ+SlWIwl0
F6iuMM5poGMoFTe76KBeIrRbY3LtzSMtR3PjG0mynQtfssSqdyuta/sHVWh8HA1P
blXLt5Q7rkVvElqSxsR7ItnL9tt2NjpW1SF5Q42pyOJ5otFU20LwdfqM5mMmdqAA
d88ZSWbN8GLLUONNjbZ+9yyGmn2yIWE6x2czlg5z1iftMatqjDvAoQwAt57wzcCj
GGOW2ozkyYTKGHs21wKRLjfRrM7CTVYJn43iiH+iddd5U8VuYZDI04pVMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA8UKPcKC13mm6zkzHVinZhO/YOhMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvRHhRbzl3b0xYZWFick9UTWRXS2RtRTc5ZzZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZGYAwQB
LZGaMA0GCSqGSIb3DQEBCwUAA4IBAQCL4j/ihneEzdiz7Hts7Smm2QWh/TzWbJNQ
rv8+/H6E6k0y6iPzzyf8TV9G63EMpsuJsTtk79Q6iVCyK9/nX1YcVEnbC4C+YemY
WVEqIepN1Bgg7pkEQ5cCSI9ontt5Zqsv2FRrtEMsA3nEEYMwJzSMSaesKyc1nQw6
Fpe7K+ez9+8rOjkaq/TK+hfqEqkhkdlHbitWuAnTyXdtDXWLcwhktnaAl/qy59KR
H/20MceNNFb7vo983/9l71a9UwMwFeq2KgvTi4IoKjB5415FZMbd9FoUMY3QbaU1
wzYf0ASsT1KANmJxAphT/L51mDx4BpOzALH5xagBuhSQeTkgM3Su
-----END CERTIFICATE-----