Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/1YZPajybnCjPvo9e6ZEIknxOsVc.roa
File:                     1YZPajybnCjPvo9e6ZEIknxOsVc.roa (raw, json)
Hash identifier:          7DyT+f6YqW9hpDXb6w0agZ4XnunJXCtadxyfpuK6CA0=
Subject key identifier:   D5:86:4F:6A:3C:9B:9C:28:CF:BE:8F:5E:E9:91:08:92:7C:4E:B1:57
Certificate issuer:       /CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
Certificate serial:       0196A545659D9AB18E064EDEE560FBA99906
Authority key identifier: 71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/1YZPajybnCjPvo9e6ZEIknxOsVc.roa
Signing time:             Tue 06 May 2025 11:05:10 +0000
ROA not before:           Tue 06 May 2025 11:05:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202425
IP address blocks:        45.148.144.0/24 maxlen: 24
                          185.224.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 May 2025 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a5:45:65:9d:9a:b1:8e:06:4e:de:e5:60:fb:a9:99:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
        Validity
            Not Before: May  6 11:05:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5864f6a3c9b9c28cfbe8f5ee99108927c4eb157
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:1b:ef:bd:0f:05:3a:31:4b:a6:5e:a2:28:d7:
                    dd:30:00:0a:cb:6b:d8:71:99:7b:18:1c:47:04:b0:
                    ee:41:06:a4:8b:f7:a1:8c:f0:db:0a:4d:fb:19:c7:
                    6f:05:fa:b2:22:20:bf:b5:a8:b6:bb:4f:ed:bb:03:
                    91:1d:dc:ad:0a:37:ef:2a:66:d2:b0:69:fd:bc:42:
                    8f:f8:06:ff:a2:b6:4b:13:d2:89:1d:7c:0b:20:13:
                    45:71:7e:f7:0b:e3:8d:d3:96:c4:70:a8:e5:72:e9:
                    71:ab:24:54:16:04:ef:1a:df:aa:5a:45:22:e2:71:
                    4f:5c:38:fe:fa:9c:3e:dd:84:eb:bd:3b:ed:f8:c8:
                    52:f3:9a:22:eb:1d:59:c4:05:43:f2:46:44:fd:8d:
                    e1:5f:28:24:8e:0d:c4:32:4f:5a:30:64:b7:88:18:
                    58:9a:29:70:4a:25:33:10:a6:bb:2b:64:52:8d:de:
                    47:a7:4d:93:d0:09:ce:82:dd:83:aa:5a:12:7d:e4:
                    54:5d:bb:86:b6:99:e9:f4:d8:01:df:11:dd:02:a9:
                    4a:b3:d7:ae:9d:ae:87:0f:f9:67:43:74:8d:55:02:
                    04:44:a3:00:0f:39:bf:04:43:14:b6:c4:e8:a0:34:
                    2c:30:42:16:b5:5a:be:48:21:7a:f2:cf:4f:d2:94:
                    34:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:86:4F:6A:3C:9B:9C:28:CF:BE:8F:5E:E9:91:08:92:7C:4E:B1:57
            X509v3 Authority Key Identifier:
                keyid:71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/1YZPajybnCjPvo9e6ZEIknxOsVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.144.0/24
                  185.224.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:a1:46:a2:fa:40:c9:c9:c9:de:e1:a2:2a:ec:f0:f0:07:ed:
         04:a3:a2:27:d4:f9:b5:97:6d:d6:bd:57:5f:e6:97:fc:12:09:
         27:11:2f:79:a9:c6:6b:34:c3:5e:c0:62:37:b1:d3:67:5c:fd:
         cb:0f:b8:81:5a:ac:00:26:92:5f:94:b5:f7:29:1b:57:19:c9:
         29:5b:7d:39:39:a2:ec:ea:01:40:90:dd:d8:d9:c7:89:51:5f:
         cb:6e:12:ea:f3:3f:5d:ed:26:15:ae:59:17:20:a5:39:cb:02:
         de:d5:dc:3e:a3:4c:e3:44:95:58:6b:19:e4:d4:4c:71:27:1f:
         04:0c:5a:30:44:9c:d9:49:4b:42:14:c8:c8:31:2d:c0:f1:9a:
         dd:ba:44:be:74:2a:93:53:be:b3:cf:65:09:94:3d:a9:e8:63:
         15:8c:68:be:ce:c0:89:3f:93:ce:d8:a1:cc:74:d4:dd:72:cc:
         dd:c0:63:e3:01:1a:c6:ad:c3:d2:ab:f3:4c:1e:27:8c:84:3c:
         8d:f6:59:50:f9:a3:88:94:4f:2f:06:da:0d:31:55:02:f4:ee:
         9f:5c:5a:16:3a:b7:7b:e6:39:91:94:c4:ec:8b:52:55:b8:33:
         bb:9b:02:a1:a7:18:41:c8:77:fd:b9:94:a9:f2:2a:6a:24:31:
         2c:ae:cd:ee
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZalRWWdmrGOBk7e5WD7qZkGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYmRkZWFmMGYzMGZiZGFmOWU3NWI5MmFjN2Q1YmQxM2Yy
ODVkZTcwHhcNMjUwNTA2MTEwNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTg2NGY2YTNjOWI5YzI4Y2ZiZThmNWVlOTkxMDg5MjdjNGViMTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BvvvQ8FOjFLpl6iKNfdMAAKy2vY
cZl7GBxHBLDuQQaki/ehjPDbCk37GcdvBfqyIiC/tai2u0/tuwORHdytCjfvKmbS
sGn9vEKP+Ab/orZLE9KJHXwLIBNFcX73C+ON05bEcKjlculxqyRUFgTvGt+qWkUi
4nFPXDj++pw+3YTrvTvt+MhS85oi6x1ZxAVD8kZE/Y3hXygkjg3EMk9aMGS3iBhY
milwSiUzEKa7K2RSjd5Hp02T0AnOgt2DqloSfeRUXbuGtpnp9NgB3xHdAqlKs9eu
na6HD/lnQ3SNVQIERKMADzm/BEMUtsTooDQsMEIWtVq+SCF68s9P0pQ0zQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNWGT2o8m5woz76PXumRCJJ8TrFXMB8GA1UdIwQY
MBaAFHG93q8PMPva+edbkqx9W9E/KF3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUt
NDc3MjMxMTkxYTM1LzEvMVlaUGFqeWJuQ2pQdm85ZTZaRUlrbnhPc1ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUtNDc3MjMxMTkxYTM1
LzEvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZSQAwQA
ueDYMA0GCSqGSIb3DQEBCwUAA4IBAQAKoUai+kDJycne4aIq7PDwB+0Eo6In1Pm1
l23WvVdf5pf8EgknES95qcZrNMNewGI3sdNnXP3LD7iBWqwAJpJflLX3KRtXGckp
W305OaLs6gFAkN3Y2ceJUV/LbhLq8z9d7SYVrlkXIKU5ywLe1dw+o0zjRJVYaxnk
1ExxJx8EDFowRJzZSUtCFMjIMS3A8ZrdukS+dCqTU76zz2UJlD2p6GMVjGi+zsCJ
P5PO2KHMdNTdcszdwGPjARrGrcPSq/NMHieMhDyN9llQ+aOIlE8vBtoNMVUC9O6f
XFoWOrd75jmRlMTsi1JVuDO7mwKhpxhByHf9uZSp8ipqJDEsrs3u
-----END CERTIFICATE-----