Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/cQE0U4xZCH69tgR4nrNYYPj6JOo.roa
File:                     cQE0U4xZCH69tgR4nrNYYPj6JOo.roa (raw, json)
Hash identifier:          bmWiNVCBbvYWUh9gi74WST8Cmi7v0uEcrjWGnyUEh+0=
Subject key identifier:   71:01:34:53:8C:59:08:7E:BD:B6:04:78:9E:B3:58:60:F8:FA:24:EA
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       01963548672B07499A9C6D644D75962A37F4
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/cQE0U4xZCH69tgR4nrNYYPj6JOo.roa
Signing time:             Mon 14 Apr 2025 17:10:59 +0000
ROA not before:           Mon 14 Apr 2025 17:10:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35308
IP address blocks:        45.152.164.0/24 maxlen: 24
                          193.151.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:35:48:67:2b:07:49:9a:9c:6d:64:4d:75:96:2a:37:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Apr 14 17:10:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=710134538c59087ebdb604789eb35860f8fa24ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b7:22:70:0b:cf:b2:f1:82:de:c6:be:87:89:
                    1f:e0:a5:fd:21:28:75:5f:e1:9c:ac:3d:63:0e:80:
                    f5:0e:42:da:26:51:fc:ba:2b:2e:68:b0:65:15:78:
                    81:c8:a2:42:78:e7:31:42:f3:de:53:c7:a0:73:42:
                    84:fb:d8:e7:dc:4f:4d:2d:3e:69:bf:53:8b:bc:97:
                    c1:96:8d:62:37:5c:62:88:50:1c:41:1c:b4:10:fd:
                    72:1d:79:dd:b7:4b:be:04:8b:fc:41:27:d5:7a:94:
                    d3:50:47:03:ec:10:df:3b:14:79:24:1f:e7:4a:32:
                    0a:cd:c3:d0:cb:af:5e:8f:8e:c1:ac:ce:9a:63:fc:
                    02:ac:1c:07:74:36:58:97:7d:5a:0d:dc:b4:27:9c:
                    bc:44:10:b9:d3:f0:0b:26:4d:2b:dc:14:cc:f4:8c:
                    5e:91:95:27:49:3e:51:40:74:e1:3e:3b:98:f4:ed:
                    dc:ae:16:f9:26:b7:bd:cd:0a:34:0d:b5:b5:f8:65:
                    a1:62:66:1e:74:fd:14:f8:ea:cf:31:75:49:0a:19:
                    65:72:f7:10:9f:3d:3e:ec:22:d4:f1:78:23:d4:a8:
                    62:0b:ff:f0:49:78:c9:1a:10:dd:4a:7d:bf:f6:2b:
                    01:38:2e:8a:8a:34:28:5c:8c:26:58:81:47:33:61:
                    f0:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:01:34:53:8C:59:08:7E:BD:B6:04:78:9E:B3:58:60:F8:FA:24:EA
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/cQE0U4xZCH69tgR4nrNYYPj6JOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.164.0/24
                  193.151.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:63:9b:5b:55:5a:50:47:36:71:bb:e4:4f:91:f5:3f:94:32:
         c7:ed:39:a3:7e:2a:dc:a5:03:53:36:e3:8b:a7:1c:44:ae:85:
         98:32:6b:f7:c1:a2:89:18:49:3e:02:0d:25:0d:cf:d0:96:c0:
         4b:45:c8:68:f2:0c:4f:09:79:e3:4b:8d:6d:3d:d5:6f:60:40:
         f6:a3:de:57:a2:25:7c:a3:c6:ec:a6:af:00:11:b3:91:bb:7a:
         cd:2e:7e:78:fc:f7:fd:ee:5e:64:98:1a:c7:9b:6d:01:40:e0:
         76:ae:35:da:07:d7:06:84:0e:e6:81:f3:6c:09:d0:cf:fc:3a:
         95:2f:d4:ba:1a:7f:8b:62:95:9b:8c:58:32:11:7e:29:12:1d:
         07:b7:90:06:fa:52:4b:56:6e:c7:17:a3:0a:57:84:0e:1e:42:
         e3:93:57:ba:b0:78:a6:b9:c0:e6:1d:ee:f0:8e:b6:0e:04:86:
         1c:3e:82:c6:88:08:4e:2e:af:77:62:c8:a7:2f:bc:47:cb:26:
         3b:1d:0b:50:97:12:dd:5f:a7:32:b0:fa:28:b4:81:cc:99:67:
         29:81:ec:aa:20:4a:36:a4:69:b7:2f:05:29:a6:c6:76:ef:53:
         12:be:a7:09:5a:e3:b9:41:2e:4b:dd:0b:2a:b8:83:dd:ac:b8:
         18:d5:79:8d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZY1SGcrB0manG1kTXWWKjf0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjUwNDE0MTcxMDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTAxMzQ1MzhjNTkwODdlYmRiNjA0Nzg5ZWIzNTg2MGY4ZmEyNGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17cicAvPsvGC3sa+h4kf4KX9ISh1
X+GcrD1jDoD1DkLaJlH8uisuaLBlFXiByKJCeOcxQvPeU8egc0KE+9jn3E9NLT5p
v1OLvJfBlo1iN1xiiFAcQRy0EP1yHXndt0u+BIv8QSfVepTTUEcD7BDfOxR5JB/n
SjIKzcPQy69ej47BrM6aY/wCrBwHdDZYl31aDdy0J5y8RBC50/ALJk0r3BTM9Ixe
kZUnST5RQHThPjuY9O3crhb5Jre9zQo0DbW1+GWhYmYedP0U+OrPMXVJChllcvcQ
nz0+7CLU8Xgj1KhiC//wSXjJGhDdSn2/9isBOC6KijQoXIwmWIFHM2HwSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHEBNFOMWQh+vbYEeJ6zWGD4+iTqMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvY1FFMFU0eFpDSDY5dGdSNG5yTllZUGo2Sk9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZikAwQA
wZenMA0GCSqGSIb3DQEBCwUAA4IBAQCfY5tbVVpQRzZxu+RPkfU/lDLH7Tmjfirc
pQNTNuOLpxxEroWYMmv3waKJGEk+Ag0lDc/QlsBLRcho8gxPCXnjS41tPdVvYED2
o95XoiV8o8bspq8AEbORu3rNLn54/Pf97l5kmBrHm20BQOB2rjXaB9cGhA7mgfNs
CdDP/DqVL9S6Gn+LYpWbjFgyEX4pEh0Ht5AG+lJLVm7HF6MKV4QOHkLjk1e6sHim
ucDmHe7wjrYOBIYcPoLGiAhOLq93YsinL7xHyyY7HQtQlxLdX6cysPootIHMmWcp
geyqIEo2pGm3LwUppsZ271MSvqcJWuO5QS5L3QsquIPdrLgY1XmN
-----END CERTIFICATE-----