Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/diUYpUKMIXz1gLgZaNSVSKV18U8.roa
File:                     diUYpUKMIXz1gLgZaNSVSKV18U8.roa (raw, json)
Hash identifier:          2LacqRpLn+KwsMEDop6qn6ZSkweQldM8ZPPhx+K/olo=
Subject key identifier:   76:25:18:A5:42:8C:21:7C:F5:80:B8:19:68:D4:95:48:A5:75:F1:4F
Certificate issuer:       /CN=b08ace0eb3e2df49fdbb77726716fb65e7777964
Certificate serial:       0194221FD7C883F2B794C0B7B2065B17CD41
Authority key identifier: B0:8A:CE:0E:B3:E2:DF:49:FD:BB:77:72:67:16:FB:65:E7:77:79:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sIrODrPi30n9u3dyZxb7Zed3eWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/diUYpUKMIXz1gLgZaNSVSKV18U8.roa
Signing time:             Wed 01 Jan 2025 13:48:19 +0000
ROA not before:           Wed 01 Jan 2025 13:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199524
IP address blocks:        45.135.228.0/24 maxlen: 24
                          45.135.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/sIrODrPi30n9u3dyZxb7Zed3eWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/sIrODrPi30n9u3dyZxb7Zed3eWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sIrODrPi30n9u3dyZxb7Zed3eWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:d7:c8:83:f2:b7:94:c0:b7:b2:06:5b:17:cd:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b08ace0eb3e2df49fdbb77726716fb65e7777964
        Validity
            Not Before: Jan  1 13:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=762518a5428c217cf580b81968d49548a575f14f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b1:d4:25:4f:e7:c7:40:40:7d:65:e9:59:11:
                    da:b9:90:2e:8f:fc:57:77:62:42:c7:c4:f1:20:e4:
                    37:0e:5a:3a:e6:7b:bc:a1:3a:ff:ed:d7:43:f0:98:
                    52:4b:5e:dc:d7:55:d2:0d:75:5c:e0:98:94:9f:7c:
                    e2:ac:11:24:00:f5:a4:0a:6f:17:f0:d3:f0:53:9c:
                    ff:eb:71:07:f6:69:82:7d:0c:73:75:9f:95:73:3d:
                    b2:8a:d3:62:df:10:a0:b5:39:dd:2b:d9:4a:d4:ae:
                    6e:f2:23:f2:14:0f:fb:50:b0:64:6c:5e:a4:9b:3c:
                    c6:03:9a:6d:29:58:28:31:a7:da:a9:29:0e:db:0b:
                    6e:01:6d:d9:52:ee:55:53:0e:e5:6d:96:38:06:e3:
                    29:58:cc:a7:d8:0f:13:14:d5:73:45:cb:fc:35:0a:
                    bb:65:65:78:a0:4f:f2:37:37:3d:46:98:fd:89:7a:
                    7a:38:0a:79:0c:3f:0a:37:b7:a5:ec:02:d2:51:c4:
                    67:7e:9a:47:d6:fd:14:3a:a2:49:db:3b:03:c8:a3:
                    8d:25:0b:bf:e7:8d:88:05:5a:2f:38:d4:a3:c4:13:
                    d2:00:0c:82:d6:f0:29:ef:44:79:05:eb:7f:24:b2:
                    bc:07:cf:c9:1d:b9:5b:9b:78:86:6d:c8:cd:02:1d:
                    c0:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:25:18:A5:42:8C:21:7C:F5:80:B8:19:68:D4:95:48:A5:75:F1:4F
            X509v3 Authority Key Identifier:
                keyid:B0:8A:CE:0E:B3:E2:DF:49:FD:BB:77:72:67:16:FB:65:E7:77:79:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sIrODrPi30n9u3dyZxb7Zed3eWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/diUYpUKMIXz1gLgZaNSVSKV18U8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/sIrODrPi30n9u3dyZxb7Zed3eWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.228.0/24
                  45.135.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:1d:95:8f:45:9a:76:c5:77:64:50:6d:2c:82:31:e5:86:6e:
         e9:ca:38:a7:e8:12:f3:47:2e:a1:bb:17:13:76:5f:34:20:f7:
         14:55:a1:7a:91:41:a6:a2:b3:25:63:cd:65:87:61:35:7f:fa:
         b8:3c:3a:05:b1:39:d8:91:6b:2e:6f:97:c1:dc:20:50:83:85:
         48:2a:72:c3:7b:d1:db:80:f1:40:8b:26:d8:2f:9b:c0:74:fb:
         e7:3f:03:ad:c2:f6:48:da:d4:66:1b:da:2b:78:40:33:08:c9:
         99:32:df:35:72:c6:84:92:ef:d0:e7:b7:e3:cd:8f:83:c3:98:
         51:2c:a2:18:f2:08:65:a8:1a:00:91:66:6a:26:c3:63:fe:10:
         b2:f3:9c:16:22:3a:b8:cb:bb:88:5a:77:dd:c0:38:4c:22:dc:
         39:f6:40:2f:d2:b4:f8:b4:0f:3c:4f:7f:5b:d8:e6:76:30:f4:
         6d:31:c8:b3:e5:ed:31:5a:80:6d:7c:fa:25:d3:61:08:e1:4d:
         a0:71:c6:0a:ba:80:a9:ba:7d:b1:1a:6b:e5:35:9a:71:3c:df:
         64:fe:1a:55:ff:5d:cc:6a:72:c7:c9:5d:17:ea:ea:f2:73:08:
         94:da:20:e5:8c:6c:b4:a0:3e:9c:68:6e:53:41:2f:d1:a2:d9:
         c9:bb:23:8f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH9fIg/K3lMC3sgZbF81BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwOGFjZTBlYjNlMmRmNDlmZGJiNzc3MjY3MTZmYjY1ZTc3
Nzc5NjQwHhcNMjUwMTAxMTM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjI1MThhNTQyOGMyMTdjZjU4MGI4MTk2OGQ0OTU0OGE1NzVmMTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbHUJU/nx0BAfWXpWRHauZAuj/xX
d2JCx8TxIOQ3Dlo65nu8oTr/7ddD8JhSS17c11XSDXVc4JiUn3zirBEkAPWkCm8X
8NPwU5z/63EH9mmCfQxzdZ+Vcz2yitNi3xCgtTndK9lK1K5u8iPyFA/7ULBkbF6k
mzzGA5ptKVgoMafaqSkO2wtuAW3ZUu5VUw7lbZY4BuMpWMyn2A8TFNVzRcv8NQq7
ZWV4oE/yNzc9Rpj9iXp6OAp5DD8KN7el7ALSUcRnfppH1v0UOqJJ2zsDyKONJQu/
542IBVovONSjxBPSAAyC1vAp70R5Bet/JLK8B8/JHblbm3iGbcjNAh3AtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHYlGKVCjCF89YC4GWjUlUildfFPMB8GA1UdIwQY
MBaAFLCKzg6z4t9J/bt3cmcW+2Xnd3lkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0lyT0RyUGkzMG45dTNkeVp4YjdaZWQzZVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80NTM3ZGQtNzhiNi00NjdlLTkxNGQt
ODY1YjRjZmJkNGNkLzEvZGlVWXBVS01JWHoxZ0xnWmFOU1ZTS1YxOFU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80NTM3ZGQtNzhiNi00NjdlLTkxNGQtODY1YjRjZmJkNGNk
LzEvc0lyT0RyUGkzMG45dTNkeVp4YjdaZWQzZVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYfkAwQA
LYfnMA0GCSqGSIb3DQEBCwUAA4IBAQAlHZWPRZp2xXdkUG0sgjHlhm7pyjin6BLz
Ry6huxcTdl80IPcUVaF6kUGmorMlY81lh2E1f/q4PDoFsTnYkWsub5fB3CBQg4VI
KnLDe9HbgPFAiybYL5vAdPvnPwOtwvZI2tRmG9oreEAzCMmZMt81csaEku/Q57fj
zY+Dw5hRLKIY8ghlqBoAkWZqJsNj/hCy85wWIjq4y7uIWnfdwDhMItw59kAv0rT4
tA88T39b2OZ2MPRtMciz5e0xWoBtfPol02EI4U2gccYKuoCpun2xGmvlNZpxPN9k
/hpV/13ManLHyV0X6urycwiU2iDljGy0oD6caG5TQS/RotnJuyOP
-----END CERTIFICATE-----