Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/x15ULiW754F1ObONmoVbkQs7nYI.roa
File:                     x15ULiW754F1ObONmoVbkQs7nYI.roa (raw, json)
Hash identifier:          bSI6qYxvaq8RiX1rvKXgOyLM4McCUNl91ONq9pqzVk0=
Subject key identifier:   C7:5E:54:2E:25:BB:E7:81:75:39:B3:8D:9A:85:5B:91:0B:3B:9D:82
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01963EFB7BB48D9A4B123F1D7E91E8575846
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/x15ULiW754F1ObONmoVbkQs7nYI.roa
Signing time:             Wed 16 Apr 2025 14:23:10 +0000
ROA not before:           Wed 16 Apr 2025 14:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215955
IP address blocks:        45.14.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3e:fb:7b:b4:8d:9a:4b:12:3f:1d:7e:91:e8:57:58:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 16 14:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c75e542e25bbe7817539b38d9a855b910b3b9d82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:31:9c:04:b9:91:a3:e5:cb:65:26:ee:9c:d9:
                    18:e2:f3:16:74:c3:26:0f:4a:51:87:a6:07:15:18:
                    c4:ff:ab:5f:0c:fc:c3:0f:16:0d:72:38:1f:13:95:
                    02:dd:3a:28:cf:d0:37:88:84:7a:d9:0d:50:6b:53:
                    82:71:13:73:9e:95:57:b2:0d:44:57:c7:98:5f:1c:
                    56:88:60:26:04:f1:94:fe:7b:92:ec:2d:2e:46:c7:
                    87:94:47:8b:76:db:47:a9:62:bf:39:b0:d6:cb:8f:
                    ce:f9:c9:e3:70:5d:df:9e:d4:22:5e:ce:88:6b:fb:
                    14:18:d9:14:a5:f7:74:32:9a:13:d3:2f:97:b2:80:
                    1f:d3:1f:ff:fe:83:93:a3:23:30:48:35:a8:c3:36:
                    1f:ae:fc:a1:4a:b6:6a:90:31:f5:a7:18:92:e9:d2:
                    29:09:8e:69:cd:f3:45:a0:f4:fb:c9:54:ed:e1:02:
                    a1:bd:63:47:e8:f0:16:9a:4d:51:5f:1d:a6:f3:77:
                    f1:32:01:4b:43:e0:76:30:84:0a:6b:63:cb:20:36:
                    21:13:e2:62:34:f3:b0:f7:a9:17:63:28:fb:f5:92:
                    a3:0e:b2:69:18:cf:29:4b:f1:f1:93:9a:97:10:7b:
                    2f:d4:9c:8d:97:37:f8:5d:ff:c1:15:aa:2d:1b:c2:
                    81:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:5E:54:2E:25:BB:E7:81:75:39:B3:8D:9A:85:5B:91:0B:3B:9D:82
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/x15ULiW754F1ObONmoVbkQs7nYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:3d:41:8b:e5:54:a0:84:56:cb:a0:a9:a8:a5:5d:6d:fd:f5:
         33:04:43:48:ad:d1:09:33:f9:5f:22:53:76:05:dd:aa:09:6a:
         03:a2:68:40:67:bf:24:e1:3f:e4:e6:86:10:ff:c0:ce:c3:c4:
         9c:09:34:39:4d:5a:57:fd:ee:ee:91:f2:67:c1:5e:8a:16:95:
         ce:ed:35:f8:24:d5:ca:e6:8d:30:63:3e:26:08:f0:6b:35:41:
         89:05:3d:d6:a8:14:d4:5c:78:81:d8:a6:b2:ce:1f:79:b5:f7:
         b8:1a:c7:45:20:17:00:3f:bd:e5:a2:b4:2f:f8:2f:4f:4e:51:
         6b:72:7c:91:9a:b6:bc:ca:7c:65:0b:4e:ae:85:30:d7:2a:39:
         bb:06:d1:5d:ce:6c:5a:fb:db:ce:b3:31:aa:7c:ee:39:44:61:
         03:3d:88:e5:e5:d9:bb:55:9a:ca:c4:97:71:8c:c4:18:01:62:
         ce:22:ff:01:9d:84:f1:d7:58:ab:5b:14:6b:60:e7:9a:8e:6f:
         8f:31:51:43:aa:0b:de:02:a6:d6:a9:9a:eb:d3:b4:bc:ab:1c:
         ae:21:20:92:18:e1:03:82:4e:e7:b7:ce:da:ef:34:b0:b5:48:
         9e:30:4b:22:15:6c:4a:55:0f:e4:64:4a:49:c6:e3:16:fc:90:
         b9:56:41:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY++3u0jZpLEj8dfpHoV1hGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNDE2MTQyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzVlNTQyZTI1YmJlNzgxNzUzOWIzOGQ5YTg1NWI5MTBiM2I5ZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4zGcBLmRo+XLZSbunNkY4vMWdMMm
D0pRh6YHFRjE/6tfDPzDDxYNcjgfE5UC3Tooz9A3iIR62Q1Qa1OCcRNznpVXsg1E
V8eYXxxWiGAmBPGU/nuS7C0uRseHlEeLdttHqWK/ObDWy4/O+cnjcF3fntQiXs6I
a/sUGNkUpfd0MpoT0y+XsoAf0x///oOToyMwSDWowzYfrvyhSrZqkDH1pxiS6dIp
CY5pzfNFoPT7yVTt4QKhvWNH6PAWmk1RXx2m83fxMgFLQ+B2MIQKa2PLIDYhE+Ji
NPOw96kXYyj79ZKjDrJpGM8pS/Hxk5qXEHsv1JyNlzf4Xf/BFaotG8KBrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMdeVC4lu+eBdTmzjZqFW5ELO52CMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveDE1VUxpVzc1NEYxT2JPTm1vVmJrUXM3bllJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ6nMA0G
CSqGSIb3DQEBCwUAA4IBAQA/PUGL5VSghFbLoKmopV1t/fUzBENIrdEJM/lfIlN2
Bd2qCWoDomhAZ78k4T/k5oYQ/8DOw8ScCTQ5TVpX/e7ukfJnwV6KFpXO7TX4JNXK
5o0wYz4mCPBrNUGJBT3WqBTUXHiB2Kayzh95tfe4GsdFIBcAP73lorQv+C9PTlFr
cnyRmra8ynxlC06uhTDXKjm7BtFdzmxa+9vOszGqfO45RGEDPYjl5dm7VZrKxJdx
jMQYAWLOIv8BnYTx11irWxRrYOeajm+PMVFDqgveAqbWqZrr07S8qxyuISCSGOED
gk7nt87a7zSwtUieMEsiFWxKVQ/kZEpJxuMW/JC5VkFQ
-----END CERTIFICATE-----