Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/v4n00KmIPMAeaXO1e4oehEUWYOs.roa
File:                     v4n00KmIPMAeaXO1e4oehEUWYOs.roa (raw, json)
Hash identifier:          7qEK4cAhcKMrkHzInLLOjuudGbx99FNXFdW89sFY/Us=
Subject key identifier:   BF:89:F4:D0:A9:88:3C:C0:1E:69:73:B5:7B:8A:1E:84:45:16:60:EB
Certificate issuer:       /CN=a1d71853324eb060fbafc988233860499c96c53a
Certificate serial:       019789D93728EE299262DDDBB4CC983F7CBC
Authority key identifier: A1:D7:18:53:32:4E:B0:60:FB:AF:C9:88:23:38:60:49:9C:96:C5:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/v4n00KmIPMAeaXO1e4oehEUWYOs.roa
Signing time:             Thu 19 Jun 2025 20:20:03 +0000
ROA not before:           Thu 19 Jun 2025 20:20:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22516
IP address blocks:        45.148.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:89:d9:37:28:ee:29:92:62:dd:db:b4:cc:98:3f:7c:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1d71853324eb060fbafc988233860499c96c53a
        Validity
            Not Before: Jun 19 20:20:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf89f4d0a9883cc01e6973b57b8a1e84451660eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:13:f9:14:c5:c1:1b:5c:83:64:7f:84:59:74:
                    e1:0c:d6:dd:76:ac:be:c0:ec:be:9b:c2:1b:00:7e:
                    5a:31:36:b0:27:61:2e:fc:ff:9a:34:45:5f:93:ac:
                    1a:db:90:a2:1f:15:dc:58:2f:34:aa:28:c8:96:62:
                    14:4e:e3:3f:4d:19:d9:b0:41:41:a3:0c:4e:4f:1c:
                    e9:53:64:48:18:3e:8b:d7:eb:bd:1a:30:db:43:29:
                    7e:0e:c5:77:02:01:b2:93:bd:83:88:e1:3b:bd:d5:
                    49:31:f8:2e:63:71:ad:06:35:0a:1f:07:98:4f:18:
                    a2:bb:c7:39:0a:00:d2:19:d3:d3:b7:d1:2d:c9:b6:
                    8e:75:b8:92:e9:2d:e6:69:39:01:e1:6e:a1:ca:41:
                    10:26:9b:a8:d9:c7:a8:b7:bb:d5:80:dd:34:2b:93:
                    57:d3:a0:1d:f2:25:0b:2e:8a:a3:66:99:c9:c7:44:
                    76:a1:de:4b:24:e8:92:dd:16:a8:03:b6:16:54:59:
                    62:dc:e5:e9:57:91:d9:61:04:af:61:bf:4b:d8:50:
                    b5:b5:43:e0:16:df:98:21:85:cc:a3:28:17:4c:db:
                    c8:4a:2c:20:ec:b4:09:fa:9a:79:af:dd:b4:eb:32:
                    92:25:87:ec:7b:10:5a:1b:2a:73:27:be:a5:70:3a:
                    18:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:89:F4:D0:A9:88:3C:C0:1E:69:73:B5:7B:8A:1E:84:45:16:60:EB
            X509v3 Authority Key Identifier:
                keyid:A1:D7:18:53:32:4E:B0:60:FB:AF:C9:88:23:38:60:49:9C:96:C5:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/v4n00KmIPMAeaXO1e4oehEUWYOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:1c:4e:a2:7a:d8:d9:22:2b:8c:45:ba:9a:a7:9b:92:65:b5:
         a3:f6:8c:54:41:57:78:40:f2:17:1b:9c:69:45:96:2b:fa:25:
         0d:1f:50:27:6b:a4:cc:b1:36:cc:5e:8d:39:83:21:18:c9:7c:
         22:57:a7:2c:d5:a7:b1:3a:39:3e:11:dd:e0:e4:0e:13:13:92:
         e1:9d:60:45:ac:7f:24:6f:2e:69:44:90:e1:ff:0d:d3:10:5e:
         e4:3e:48:06:9b:ef:9c:90:25:0c:33:1b:c5:56:8d:a9:2c:3a:
         e7:60:22:15:0a:7f:d4:f9:ff:0e:93:26:1b:08:ae:3a:5e:5f:
         ab:29:c8:1d:e8:bf:8e:ed:87:27:b5:ea:63:4a:48:af:8f:fb:
         bf:83:ce:42:ac:21:33:5c:9f:e7:33:36:20:26:cc:1c:b0:08:
         f8:c5:ae:c8:0a:19:1d:3c:fc:03:53:0d:56:3f:91:46:ef:98:
         86:b5:53:f6:b5:3a:78:46:df:65:f8:9b:34:1f:ec:31:43:cc:
         66:ff:3a:13:9c:2a:a6:53:d4:34:f2:06:66:40:17:ec:ba:cd:
         31:77:48:54:c8:b1:5e:75:10:84:f8:6e:77:c5:f3:73:6b:8e:
         0a:9a:d1:ce:98:e7:ba:fa:d6:88:36:87:29:a0:4d:ba:c6:f9:
         ce:0f:d1:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeJ2Tco7imSYt3btMyYP3y8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZDcxODUzMzI0ZWIwNjBmYmFmYzk4ODIzMzg2MDQ5OWM5
NmM1M2EwHhcNMjUwNjE5MjAyMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjg5ZjRkMGE5ODgzY2MwMWU2OTczYjU3YjhhMWU4NDQ1MTY2MGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBP5FMXBG1yDZH+EWXThDNbddqy+
wOy+m8IbAH5aMTawJ2Eu/P+aNEVfk6wa25CiHxXcWC80qijIlmIUTuM/TRnZsEFB
owxOTxzpU2RIGD6L1+u9GjDbQyl+DsV3AgGyk72DiOE7vdVJMfguY3GtBjUKHweY
Txiiu8c5CgDSGdPTt9EtybaOdbiS6S3maTkB4W6hykEQJpuo2ceot7vVgN00K5NX
06Ad8iULLoqjZpnJx0R2od5LJOiS3RaoA7YWVFli3OXpV5HZYQSvYb9L2FC1tUPg
Ft+YIYXMoygXTNvISiwg7LQJ+pp5r9206zKSJYfsexBaGypzJ76lcDoYHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+J9NCpiDzAHmlztXuKHoRFFmDrMB8GA1UdIwQY
MBaAFKHXGFMyTrBg+6/JiCM4YEmclsU6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2RjWVV6Sk9zR0Q3cjhtSUl6aGdTWnlXeFRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy83NjU2ZGItOTRhNS00NWJlLTk0MzUt
NzA2MTM1NmJlZjFiLzEvdjRuMDBLbUlQTUFlYVhPMWU0b2VoRVVXWU9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy83NjU2ZGItOTRhNS00NWJlLTk0MzUtNzA2MTM1NmJlZjFi
LzEvb2RjWVV6Sk9zR0Q3cjhtSUl6aGdTWnlXeFRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZSHMA0G
CSqGSIb3DQEBCwUAA4IBAQBmHE6ietjZIiuMRbqap5uSZbWj9oxUQVd4QPIXG5xp
RZYr+iUNH1Ana6TMsTbMXo05gyEYyXwiV6cs1aexOjk+Ed3g5A4TE5LhnWBFrH8k
by5pRJDh/w3TEF7kPkgGm++ckCUMMxvFVo2pLDrnYCIVCn/U+f8OkyYbCK46Xl+r
Kcgd6L+O7YcntepjSkivj/u/g85CrCEzXJ/nMzYgJswcsAj4xa7IChkdPPwDUw1W
P5FG75iGtVP2tTp4Rt9l+Js0H+wxQ8xm/zoTnCqmU9Q08gZmQBfsus0xd0hUyLFe
dRCE+G53xfNza44KmtHOmOe6+taINocpoE26xvnOD9G5
-----END CERTIFICATE-----