Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/KUfnrgvA9dgIIHMNHBMcWffeWTs.roa
File:                     KUfnrgvA9dgIIHMNHBMcWffeWTs.roa (raw, json)
Hash identifier:          ATKppIWSH87IFp1zWkMzMjdgRhNP1bLq9FE4uGiSkfw=
Subject key identifier:   29:47:E7:AE:0B:C0:F5:D8:08:20:73:0D:1C:13:1C:59:F7:DE:59:3B
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       01978283B0F1B894762842E3B3925F9744E2
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/KUfnrgvA9dgIIHMNHBMcWffeWTs.roa
Signing time:             Wed 18 Jun 2025 10:09:17 +0000
ROA not before:           Wed 18 Jun 2025 10:09:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34534
IP address blocks:        45.152.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:82:83:b0:f1:b8:94:76:28:42:e3:b3:92:5f:97:44:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jun 18 10:09:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2947e7ae0bc0f5d80820730d1c131c59f7de593b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:c7:f4:c4:10:59:5b:88:35:1d:89:76:f2:b6:
                    64:81:f5:0e:57:a9:8b:96:65:c2:9d:f5:c6:a5:1d:
                    79:1e:9e:69:90:79:10:fd:2e:99:2a:1c:13:0a:3c:
                    2a:3e:4f:71:05:d4:70:4b:eb:97:15:c5:71:78:90:
                    33:10:47:01:f1:21:d0:73:fc:02:3d:02:da:96:fd:
                    2b:19:69:f3:5b:b5:cc:65:59:1c:d3:54:b0:8c:94:
                    72:81:a4:8c:74:0b:98:f5:1e:58:83:1b:10:28:18:
                    be:14:90:8a:62:a3:2e:20:43:f6:2d:b7:7e:98:ee:
                    8e:4a:05:06:10:55:e3:75:3c:ff:26:a8:0e:25:4d:
                    88:a5:1f:d6:28:d8:66:6f:14:2b:95:80:8f:f2:07:
                    c0:d3:2a:84:9a:87:1a:f7:78:56:f7:68:c6:ee:b2:
                    2e:1b:ad:dd:c4:7b:5f:8f:5c:cb:ac:c1:3f:94:15:
                    e7:c1:a0:aa:27:c8:36:88:28:09:bc:51:c3:e7:87:
                    69:44:f5:72:a7:bf:99:6d:7a:89:4d:6c:3a:b5:d3:
                    46:30:80:0a:26:ae:b5:64:fe:0a:39:08:e7:ad:61:
                    38:df:ea:f8:ba:f0:c3:20:f1:e4:98:a9:16:7d:df:
                    0a:e7:8b:17:d1:e2:4a:9c:bc:cc:f3:47:51:72:78:
                    7b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:47:E7:AE:0B:C0:F5:D8:08:20:73:0D:1C:13:1C:59:F7:DE:59:3B
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/KUfnrgvA9dgIIHMNHBMcWffeWTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:36:ad:fd:6e:32:cf:37:b6:6f:60:dc:0f:c4:3a:d2:48:ad:
         7d:d7:e7:54:f1:7f:f7:55:45:4f:ea:13:bd:fa:d3:e6:c0:a2:
         c9:67:76:a6:13:59:dd:e5:16:c8:f1:cf:c8:57:1a:56:a9:eb:
         5a:1f:0f:b5:ea:47:69:6b:2f:dc:78:d5:f7:92:81:47:8d:eb:
         46:2f:1d:8c:e8:9f:75:32:a8:23:5c:7f:05:37:a9:ec:97:de:
         f7:41:b8:0d:cc:2a:73:0e:c4:a7:51:f2:d5:77:e4:66:27:63:
         03:26:06:ac:e3:f4:99:53:63:38:26:0a:06:ca:58:3a:0b:ac:
         48:83:5b:15:34:36:db:e3:e3:ce:ac:83:51:8d:fc:f8:e0:73:
         d2:5d:79:b2:b9:8c:22:a8:4d:b2:1a:e5:c7:0f:00:bd:c8:b3:
         e2:b2:e2:31:ea:e2:c0:99:b0:be:fb:c1:a3:5d:af:2e:99:1c:
         84:a1:f1:22:c6:4f:88:b6:e0:58:59:75:85:d9:df:06:30:aa:
         30:59:ec:e7:70:43:a7:31:df:6e:85:01:fc:ed:4b:58:ae:7f:
         22:50:3c:99:e7:aa:40:b0:1c:54:a7:18:36:bd:02:fa:1e:e2:
         25:69:07:aa:4c:84:b7:8a:a6:51:d7:32:6c:f5:9a:7e:7f:6f:
         89:07:ce:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeCg7DxuJR2KELjs5Jfl0TiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwNjE4MTAwOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTQ3ZTdhZTBiYzBmNWQ4MDgyMDczMGQxYzEzMWM1OWY3ZGU1OTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Mf0xBBZW4g1HYl28rZkgfUOV6mL
lmXCnfXGpR15Hp5pkHkQ/S6ZKhwTCjwqPk9xBdRwS+uXFcVxeJAzEEcB8SHQc/wC
PQLalv0rGWnzW7XMZVkc01SwjJRygaSMdAuY9R5YgxsQKBi+FJCKYqMuIEP2Lbd+
mO6OSgUGEFXjdTz/JqgOJU2IpR/WKNhmbxQrlYCP8gfA0yqEmoca93hW92jG7rIu
G63dxHtfj1zLrME/lBXnwaCqJ8g2iCgJvFHD54dpRPVyp7+ZbXqJTWw6tdNGMIAK
Jq61ZP4KOQjnrWE43+r4uvDDIPHkmKkWfd8K54sX0eJKnLzM80dRcnh7RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClH564LwPXYCCBzDRwTHFn33lk7MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvS1VmbnJndkE5ZGdJSUhNTkhCTWNXZmZlV1RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZiiMA0G
CSqGSIb3DQEBCwUAA4IBAQAwNq39bjLPN7ZvYNwPxDrSSK191+dU8X/3VUVP6hO9
+tPmwKLJZ3amE1nd5RbI8c/IVxpWqetaHw+16kdpay/ceNX3koFHjetGLx2M6J91
MqgjXH8FN6nsl973QbgNzCpzDsSnUfLVd+RmJ2MDJgas4/SZU2M4JgoGylg6C6xI
g1sVNDbb4+POrINRjfz44HPSXXmyuYwiqE2yGuXHDwC9yLPisuIx6uLAmbC++8Gj
Xa8umRyEofEixk+ItuBYWXWF2d8GMKowWezncEOnMd9uhQH87UtYrn8iUDyZ56pA
sBxUpxg2vQL6HuIlaQeqTIS3iqZR1zJs9Zp+f2+JB84w
-----END CERTIFICATE-----