Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/SYPIWFwWfIXYmXxn1AH13wYO028.roa
File:                     SYPIWFwWfIXYmXxn1AH13wYO028.roa (raw, json)
Hash identifier:          QWvqjb5YHZY9I2Hyectp6IE4/NuwBT9jZBm7xDi/oyo=
Subject key identifier:   49:83:C8:58:5C:16:7C:85:D8:99:7C:67:D4:01:F5:DF:06:0E:D3:6F
Certificate issuer:       /CN=cf9833261697652c35547e98fc05a7e2294edbc7
Certificate serial:       01974EEFF38834F1E82E8C188611CBED42B5
Authority key identifier: CF:98:33:26:16:97:65:2C:35:54:7E:98:FC:05:A7:E2:29:4E:DB:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z5gzJhaXZSw1VH6Y_AWn4ilO28c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/SYPIWFwWfIXYmXxn1AH13wYO028.roa
Signing time:             Sun 08 Jun 2025 09:47:17 +0000
ROA not before:           Sun 08 Jun 2025 09:47:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2856
IP address blocks:        45.149.168.0/23 maxlen: 24
                          45.149.170.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/z5gzJhaXZSw1VH6Y_AWn4ilO28c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/z5gzJhaXZSw1VH6Y_AWn4ilO28c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z5gzJhaXZSw1VH6Y_AWn4ilO28c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4e:ef:f3:88:34:f1:e8:2e:8c:18:86:11:cb:ed:42:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf9833261697652c35547e98fc05a7e2294edbc7
        Validity
            Not Before: Jun  8 09:47:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4983c8585c167c85d8997c67d401f5df060ed36f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:cf:8c:46:31:01:30:7b:36:2c:23:8d:ed:01:
                    f0:e4:6d:81:da:3c:6f:3f:dd:03:3d:a3:0e:13:9c:
                    31:14:24:b5:65:ee:e9:4f:b8:e5:09:d6:e4:a4:d7:
                    4a:9a:97:18:cb:58:69:68:9d:43:dc:9e:db:b9:da:
                    7c:a1:43:09:b3:bb:15:47:8d:30:00:7a:b6:d2:8b:
                    31:02:28:db:71:bd:16:cc:ae:d4:11:af:d4:0e:e1:
                    95:23:67:83:c1:d8:13:ed:35:fd:6e:8a:ce:eb:ca:
                    cf:5a:31:06:9b:0d:23:24:b3:48:8e:aa:f6:e9:8e:
                    3c:97:d2:13:e6:56:d2:50:0e:3a:e1:65:34:4e:0c:
                    5a:fd:19:54:25:ed:b0:1a:b1:9f:22:55:59:cc:1a:
                    bf:7e:bf:dd:87:aa:59:e8:f0:fa:03:74:c4:3c:de:
                    eb:db:fd:d2:dd:33:bb:1d:02:cc:1f:91:87:46:be:
                    90:a7:9d:0b:74:da:e3:54:5e:d5:e2:95:c7:0a:3a:
                    09:9e:7b:d7:88:7a:87:35:cb:e2:6b:6a:01:26:b0:
                    71:08:a0:35:7d:9c:0f:10:7e:e3:5b:6e:ed:55:61:
                    14:45:e6:f8:4b:9b:78:8c:f9:98:8e:f6:6e:03:1c:
                    d4:9a:fb:f7:c1:d7:27:fe:cd:79:a5:6d:c0:b4:64:
                    ba:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:83:C8:58:5C:16:7C:85:D8:99:7C:67:D4:01:F5:DF:06:0E:D3:6F
            X509v3 Authority Key Identifier:
                keyid:CF:98:33:26:16:97:65:2C:35:54:7E:98:FC:05:A7:E2:29:4E:DB:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z5gzJhaXZSw1VH6Y_AWn4ilO28c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/SYPIWFwWfIXYmXxn1AH13wYO028.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/z5gzJhaXZSw1VH6Y_AWn4ilO28c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:85:82:41:dc:f7:55:2c:5c:75:92:c8:c0:3f:6a:d6:ad:be:
         23:b1:6b:38:2d:9d:b4:a7:df:02:64:a7:a3:be:66:c0:f4:df:
         a8:36:0f:e0:3b:be:2a:87:07:e9:22:48:f1:ae:e8:3e:91:98:
         78:06:c6:ad:c2:db:07:4e:47:0a:6f:3f:1f:de:f7:95:9f:97:
         c1:aa:14:c9:45:a4:0e:75:b2:1f:49:ee:22:c1:cd:d2:9c:b3:
         16:3c:dd:66:51:12:50:74:93:a6:a3:f1:ff:bb:15:be:fe:15:
         9a:b1:22:0b:2b:95:25:4f:96:06:d2:1c:16:e9:17:ec:b4:89:
         5d:4e:ff:40:7f:c4:b9:86:cf:42:db:08:cb:08:92:43:33:aa:
         71:ac:51:a4:2e:b0:bd:9b:59:47:3f:25:70:8d:2a:48:ee:f2:
         09:ef:81:c7:e8:e5:2e:d9:77:35:11:00:c3:b9:5f:cd:41:6a:
         c1:37:b9:be:a9:d1:23:0b:28:7d:10:fb:7a:5e:b6:60:cc:54:
         6e:70:1d:5a:4f:ff:bb:ef:e8:b6:d2:7d:2b:09:74:df:8f:91:
         a2:41:06:b8:d3:a9:ee:ed:84:56:49:47:dd:a2:35:b1:78:b9:
         d8:d0:c0:b8:d3:1e:cc:dd:ba:0c:d6:d0:5e:9f:7c:e3:9b:0a:
         74:d4:03:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdO7/OINPHoLowYhhHL7UK1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOTgzMzI2MTY5NzY1MmMzNTU0N2U5OGZjMDVhN2UyMjk0
ZWRiYzcwHhcNMjUwNjA4MDk0NzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTgzYzg1ODVjMTY3Yzg1ZDg5OTdjNjdkNDAxZjVkZjA2MGVkMzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6M+MRjEBMHs2LCON7QHw5G2B2jxv
P90DPaMOE5wxFCS1Ze7pT7jlCdbkpNdKmpcYy1hpaJ1D3J7budp8oUMJs7sVR40w
AHq20osxAijbcb0WzK7UEa/UDuGVI2eDwdgT7TX9borO68rPWjEGmw0jJLNIjqr2
6Y48l9IT5lbSUA464WU0Tgxa/RlUJe2wGrGfIlVZzBq/fr/dh6pZ6PD6A3TEPN7r
2/3S3TO7HQLMH5GHRr6Qp50LdNrjVF7V4pXHCjoJnnvXiHqHNcvia2oBJrBxCKA1
fZwPEH7jW27tVWEUReb4S5t4jPmYjvZuAxzUmvv3wdcn/s15pW3AtGS6kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmDyFhcFnyF2Jl8Z9QB9d8GDtNvMB8GA1UdIwQY
MBaAFM+YMyYWl2UsNVR+mPwFp+IpTtvHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejVnekpoYVhaU3cxVkg2WV9BV240aWxPMjhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8zNjA2ZjUtMTdlMS00MzE5LTk3MDMt
YWU0MDFhMzdjMDQ0LzEvU1lQSVdGd1dmSVhZbVh4bjFBSDEzd1lPMDI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8zNjA2ZjUtMTdlMS00MzE5LTk3MDMtYWU0MDFhMzdjMDQ0
LzEvejVnekpoYVhaU3cxVkg2WV9BV240aWxPMjhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZWoMA0G
CSqGSIb3DQEBCwUAA4IBAQA/hYJB3PdVLFx1ksjAP2rWrb4jsWs4LZ20p98CZKej
vmbA9N+oNg/gO74qhwfpIkjxrug+kZh4BsatwtsHTkcKbz8f3veVn5fBqhTJRaQO
dbIfSe4iwc3SnLMWPN1mURJQdJOmo/H/uxW+/hWasSILK5UlT5YG0hwW6RfstIld
Tv9Af8S5hs9C2wjLCJJDM6pxrFGkLrC9m1lHPyVwjSpI7vIJ74HH6OUu2Xc1EQDD
uV/NQWrBN7m+qdEjCyh9EPt6XrZgzFRucB1aT/+77+i20n0rCXTfj5GiQQa406nu
7YRWSUfdojWxeLnY0MC40x7M3boM1tBen3zjmwp01AMT
-----END CERTIFICATE-----