Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/Ed5TudW-Ayo5Pv3FnLDtzuIV6jw.roa
File:                     Ed5TudW-Ayo5Pv3FnLDtzuIV6jw.roa (raw, json)
Hash identifier:          JZ+1BOXDLHUQHCwTqV7EVsjtmnaykI16K8e9IEOS1gQ=
Subject key identifier:   11:DE:53:B9:D5:BE:03:2A:39:3E:FD:C5:9C:B0:ED:CE:E2:15:EA:3C
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       01966182E65089837EEBB41DD1D2E885C407
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/Ed5TudW-Ayo5Pv3FnLDtzuIV6jw.roa
Signing time:             Wed 23 Apr 2025 07:18:10 +0000
ROA not before:           Wed 23 Apr 2025 07:18:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.146.202.0/23 maxlen: 24
                          45.146.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 07:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:61:82:e6:50:89:83:7e:eb:b4:1d:d1:d2:e8:85:c4:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Apr 23 07:18:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11de53b9d5be032a393efdc59cb0edcee215ea3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:e7:de:dd:e8:f8:bb:89:a9:f4:ac:b4:f2:4a:
                    d8:e9:b6:27:f0:b3:a8:bb:22:68:a7:83:26:72:07:
                    cf:80:97:d3:f5:04:25:61:b4:68:6b:3e:05:03:bd:
                    8b:1b:01:9a:29:09:25:f4:6a:8b:ef:44:29:cc:09:
                    cc:41:20:3c:9d:ee:6c:ac:fa:12:c2:bc:0d:13:19:
                    c5:c0:16:ed:68:44:0f:51:38:a8:84:4a:85:f7:32:
                    f4:12:65:b1:4b:53:55:b1:29:27:da:ad:35:84:f7:
                    ff:c6:5f:a7:8e:12:f2:51:3a:5f:3c:c8:4b:83:8a:
                    57:0f:07:8e:5c:d2:ac:82:34:31:b5:15:34:ca:79:
                    9c:6b:78:80:dc:85:8e:e1:3b:95:e9:a2:bc:ee:3e:
                    93:69:ff:93:72:a8:be:66:11:b0:73:74:1d:b4:29:
                    85:74:8f:f8:2f:64:84:72:89:59:f6:5e:27:ac:3f:
                    00:8e:13:2d:e1:45:83:f4:67:62:bb:1d:01:d9:1d:
                    7f:e1:03:c7:2b:9a:9a:46:43:10:fa:30:b7:b9:6c:
                    27:d9:4d:86:03:72:b0:84:d1:6c:ab:cf:95:73:fb:
                    38:cc:04:81:bc:42:43:a8:43:fa:0b:fc:e7:09:cf:
                    75:11:09:64:3b:b7:bb:15:fa:31:07:a0:7f:81:74:
                    97:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:DE:53:B9:D5:BE:03:2A:39:3E:FD:C5:9C:B0:ED:CE:E2:15:EA:3C
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/Ed5TudW-Ayo5Pv3FnLDtzuIV6jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:70:67:bc:e5:7a:05:45:b0:b2:6d:e2:c9:ed:af:67:13:55:
         b9:93:67:8f:99:a7:86:bc:a8:7d:80:cb:22:aa:46:14:ab:b4:
         ba:42:4f:79:1a:22:0d:ce:16:6b:00:36:49:3a:da:96:01:18:
         64:29:67:23:74:47:20:ad:b9:f3:d5:9d:8e:25:f0:11:b7:7d:
         1b:8e:1b:1e:80:b5:2b:21:90:69:35:6c:ab:88:53:21:a8:3c:
         0a:bd:be:95:a7:30:c3:3c:5f:a1:43:ab:c9:f1:bd:0a:a9:2d:
         df:2b:cf:61:21:aa:c9:95:8a:42:d9:97:42:d1:9a:d9:2d:1a:
         a2:65:42:84:33:cd:24:a9:f4:a2:f6:84:46:ae:f8:89:93:de:
         d6:d3:bd:ce:de:23:0d:87:05:c3:fd:10:99:49:e8:9e:cb:17:
         76:09:de:bc:cf:6a:a8:42:15:4b:7c:07:3e:b6:68:06:af:3b:
         ba:9c:f9:4b:1c:18:fd:6f:9b:9f:41:d0:f1:68:40:c3:9d:3e:
         9c:10:90:89:9a:2c:27:2d:f1:a6:52:3b:c1:6f:b1:8d:82:c9:
         95:e8:b5:8f:bc:04:5f:e1:49:65:6b:7a:a2:c9:f4:80:9f:5e:
         14:0a:c3:23:cf:03:f7:57:5a:0f:bb:ab:0e:c6:b3:bf:2e:05:
         19:b0:49:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZhguZQiYN+67Qd0dLohcQHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjUwNDIzMDcxODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWRlNTNiOWQ1YmUwMzJhMzkzZWZkYzU5Y2IwZWRjZWUyMTVlYTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5+fe3ej4u4mp9Ky08krY6bYn8LOo
uyJop4MmcgfPgJfT9QQlYbRoaz4FA72LGwGaKQkl9GqL70QpzAnMQSA8ne5srPoS
wrwNExnFwBbtaEQPUTiohEqF9zL0EmWxS1NVsSkn2q01hPf/xl+njhLyUTpfPMhL
g4pXDweOXNKsgjQxtRU0ynmca3iA3IWO4TuV6aK87j6Taf+Tcqi+ZhGwc3QdtCmF
dI/4L2SEcolZ9l4nrD8AjhMt4UWD9Gdiux0B2R1/4QPHK5qaRkMQ+jC3uWwn2U2G
A3KwhNFsq8+Vc/s4zASBvEJDqEP6C/znCc91EQlkO7e7FfoxB6B/gXSXXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBHeU7nVvgMqOT79xZyw7c7iFeo8MB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvRWQ1VHVkVy1BeW81UHYzRm5MRHR6dUlWNmp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZLKMA0G
CSqGSIb3DQEBCwUAA4IBAQAucGe85XoFRbCybeLJ7a9nE1W5k2ePmaeGvKh9gMsi
qkYUq7S6Qk95GiINzhZrADZJOtqWARhkKWcjdEcgrbnz1Z2OJfARt30bjhsegLUr
IZBpNWyriFMhqDwKvb6VpzDDPF+hQ6vJ8b0KqS3fK89hIarJlYpC2ZdC0ZrZLRqi
ZUKEM80kqfSi9oRGrviJk97W073O3iMNhwXD/RCZSeieyxd2Cd68z2qoQhVLfAc+
tmgGrzu6nPlLHBj9b5ufQdDxaEDDnT6cEJCJmiwnLfGmUjvBb7GNgsmV6LWPvARf
4Ulla3qiyfSAn14UCsMjzwP3V1oPu6sOxrO/LgUZsElb
-----END CERTIFICATE-----