Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/1-zMjdrovfKElMdhwtCBJW63RcQ8.roa
File:                     1-zMjdrovfKElMdhwtCBJW63RcQ8.roa (raw, json)
Hash identifier:          X2ZrjgkILr9vh4Mo2BS9ptEU9WRB0hrr7Ab3hu6IE8A=
Subject key identifier:   FB:33:23:76:BA:2F:7C:A1:25:31:D8:70:B4:20:49:5B:AD:D1:71:0F
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0196A053379B8A7E2698BAA35B2A40F85069
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/1-zMjdrovfKElMdhwtCBJW63RcQ8.roa
Signing time:             Mon 05 May 2025 12:02:10 +0000
ROA not before:           Mon 05 May 2025 12:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212384
IP address blocks:        45.138.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 13:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a0:53:37:9b:8a:7e:26:98:ba:a3:5b:2a:40:f8:50:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: May  5 12:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb332376ba2f7ca12531d870b420495badd1710f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:8d:29:51:61:15:1b:19:04:64:e8:32:07:12:
                    5a:42:46:14:b8:00:90:7d:09:8b:19:fa:8f:39:fe:
                    ff:41:4e:94:4d:8a:98:e8:02:4d:da:b9:d2:12:fb:
                    28:8d:f7:57:08:ed:ea:c2:03:ce:e2:db:f5:2b:f6:
                    c3:f5:f5:a6:57:3a:1a:09:b8:cc:6b:c4:16:0b:ba:
                    1b:ab:36:2a:5c:88:2e:74:13:ec:27:3e:a3:e7:75:
                    02:cc:e4:64:de:d8:63:f8:ee:51:77:1e:a9:24:8b:
                    cb:53:01:4b:04:31:de:c3:63:f8:11:b3:25:06:8e:
                    0c:13:25:52:eb:4f:3e:d8:9f:1d:95:30:93:08:fc:
                    67:c3:db:60:18:e8:48:61:b8:5f:77:05:7b:77:9a:
                    5c:58:bf:0d:81:5e:57:93:a8:ff:3a:6c:09:88:52:
                    0a:38:37:31:c1:ca:3e:27:1a:7d:47:18:2d:02:c9:
                    8b:b2:a2:a1:94:5a:cf:9a:91:eb:f3:11:de:19:e4:
                    ff:bf:14:46:e1:df:81:e8:ac:45:3c:6e:01:ef:1e:
                    5f:b3:f0:aa:f5:5b:c4:b9:72:e7:57:94:6c:83:c0:
                    11:d0:db:8f:c0:8d:cb:47:c8:bc:2f:c5:b1:3d:84:
                    75:af:61:37:34:d3:0f:d7:d6:fe:f9:65:23:41:c3:
                    a7:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:33:23:76:BA:2F:7C:A1:25:31:D8:70:B4:20:49:5B:AD:D1:71:0F
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/1-zMjdrovfKElMdhwtCBJW63RcQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:23:eb:16:ba:71:fa:2c:af:08:6f:bf:a0:37:11:e5:fd:1c:
         0d:c1:77:70:9a:01:9b:69:0a:b0:2a:f7:50:08:1e:9c:d8:e6:
         bc:32:d3:45:cc:27:04:df:56:bb:18:75:54:8b:fe:7b:32:ff:
         42:61:f1:b6:cb:97:61:84:51:d0:6f:5d:21:b2:e0:b0:4e:90:
         f2:9e:c6:cc:a6:68:f7:6a:c5:19:17:9d:ef:ee:73:eb:de:c3:
         07:9a:22:e9:3c:d8:3c:d0:ee:42:c3:a2:55:4e:db:84:40:7b:
         7e:cf:33:b8:ae:52:b3:c4:15:96:65:2a:41:ac:38:99:84:b7:
         89:dd:8b:dd:a0:bf:b9:1f:8c:0f:0c:ce:df:e6:28:97:89:f2:
         2b:29:19:ab:f0:d8:7b:7f:a1:3b:32:fc:82:dd:c5:0b:ac:90:
         0e:c0:d5:be:a2:db:a7:0f:c4:02:34:47:d8:69:52:b9:c0:bf:
         b4:80:96:43:25:2c:07:42:a7:e8:2e:9c:2f:3e:e9:78:6e:c6:
         68:78:0e:de:65:b0:46:79:88:06:45:cd:de:64:ed:49:6c:5d:
         cb:a0:00:31:c7:06:d2:d3:15:50:da:52:43:0e:75:b4:53:41:
         6b:cb:c6:bf:88:d0:38:a9:3b:55:c7:cd:09:bf:7f:e5:30:e9:
         98:da:cd:5d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZagUzebin4mmLqjWypA+FBpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwNTA1MTIwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjMzMjM3NmJhMmY3Y2ExMjUzMWQ4NzBiNDIwNDk1YmFkZDE3MTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmI0pUWEVGxkEZOgyBxJaQkYUuACQ
fQmLGfqPOf7/QU6UTYqY6AJN2rnSEvsojfdXCO3qwgPO4tv1K/bD9fWmVzoaCbjM
a8QWC7obqzYqXIgudBPsJz6j53UCzORk3thj+O5Rdx6pJIvLUwFLBDHew2P4EbMl
Bo4MEyVS608+2J8dlTCTCPxnw9tgGOhIYbhfdwV7d5pcWL8NgV5Xk6j/OmwJiFIK
ODcxwco+Jxp9RxgtAsmLsqKhlFrPmpHr8xHeGeT/vxRG4d+B6KxFPG4B7x5fs/Cq
9VvEuXLnV5Rsg8AR0NuPwI3LR8i8L8WxPYR1r2E3NNMP19b++WUjQcOn9wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPszI3a6L3yhJTHYcLQgSVut0XEPMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvMS16TWpkcm92ZktFbE1kaHd0Q0JKVzYzUmNROC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTYvNjYzZGY1LTU4MGMtNGYyYy1hNjZjLWVlZjM1MTFmNmM2
MC8xL25TcEhpN0N3am1ZYkN5LWZ2b2sxdkp3cUtLRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2KtTAN
BgkqhkiG9w0BAQsFAAOCAQEASiPrFrpx+iyvCG+/oDcR5f0cDcF3cJoBm2kKsCr3
UAgenNjmvDLTRcwnBN9Wuxh1VIv+ezL/QmHxtsuXYYRR0G9dIbLgsE6Q8p7GzKZo
92rFGRed7+5z697DB5oi6TzYPNDuQsOiVU7bhEB7fs8zuK5Ss8QVlmUqQaw4mYS3
id2L3aC/uR+MDwzO3+Yol4nyKykZq/DYe3+hOzL8gt3FC6yQDsDVvqLbpw/EAjRH
2GlSucC/tICWQyUsB0Kn6C6cLz7peG7GaHgO3mWwRnmIBkXN3mTtSWxdy6AAMccG
0tMVUNpSQw51tFNBa8vGv4jQOKk7VcfNCb9/5TDpmNrNXQ==
-----END CERTIFICATE-----