Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/18T_mPCDly9XxQMas1pXMW8BsdI.roa
File:                     18T_mPCDly9XxQMas1pXMW8BsdI.roa (raw, json)
Hash identifier:          z49WAzt8RESbp3eySn5A7kGROWlS9ga5GVUmmkKWEvY=
Subject key identifier:   D7:C4:FF:98:F0:83:97:2F:57:C5:03:1A:B3:5A:57:31:6F:01:B1:D2
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0196800199160FE7BB8EEFB17A0B5F1EC061
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/18T_mPCDly9XxQMas1pXMW8BsdI.roa
Signing time:             Tue 29 Apr 2025 05:25:10 +0000
ROA not before:           Tue 29 Apr 2025 05:25:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273189
IP address blocks:        45.67.246.0/23 maxlen: 23
                          45.67.246.0/24 maxlen: 24
                          45.67.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:80:01:99:16:0f:e7:bb:8e:ef:b1:7a:0b:5f:1e:c0:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Apr 29 05:25:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7c4ff98f083972f57c5031ab35a57316f01b1d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:58:97:63:27:7a:70:0d:cb:c1:13:5d:2d:c7:
                    8d:77:6e:57:b2:82:45:bd:5e:6c:07:02:6f:0d:53:
                    5a:16:8e:2a:80:05:20:0b:e9:37:c5:82:0f:b2:2b:
                    13:4a:32:c5:4f:fb:e4:78:fa:67:c9:ec:66:45:7e:
                    c7:97:61:0d:1c:c1:3f:f4:29:da:ec:a5:04:5d:77:
                    c5:70:11:6b:12:b3:4e:ed:47:71:fe:0f:8c:d7:ad:
                    3c:4f:61:90:7b:ab:c8:bf:7f:bd:57:3c:e3:dc:6e:
                    53:47:8f:d5:cb:b0:20:da:3a:81:24:1b:fc:21:44:
                    58:aa:73:a0:c0:15:d0:37:f2:ca:1b:4e:78:55:d7:
                    a2:fb:59:dd:6b:1e:4e:82:6e:77:9f:78:ae:ce:16:
                    5c:b9:38:9e:d2:2c:a0:75:41:b7:6c:78:25:bd:8e:
                    14:72:78:9b:3a:a6:92:ef:b9:46:15:3a:81:bf:9c:
                    b1:f5:23:57:0c:c6:91:6e:77:73:16:8d:eb:3a:07:
                    cb:b9:2d:52:45:9e:62:c9:7d:d2:38:b0:31:cd:b7:
                    7a:9d:a3:96:4c:dd:6c:6c:21:3a:70:9d:1c:ad:bc:
                    15:38:dc:4b:0e:51:93:96:6b:6a:05:48:35:4d:85:
                    19:f4:48:60:ea:0b:fa:4b:b3:2d:bb:05:8e:3e:1f:
                    cf:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:C4:FF:98:F0:83:97:2F:57:C5:03:1A:B3:5A:57:31:6F:01:B1:D2
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/18T_mPCDly9XxQMas1pXMW8BsdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:99:71:29:88:5d:d2:98:0c:b8:37:e2:90:4c:bc:f6:c5:1b:
         f8:d7:88:ae:9a:30:ee:30:9b:17:14:5e:80:88:15:8d:37:27:
         0d:f7:d5:f1:4a:45:4d:e2:05:5b:df:4d:d7:7d:02:1b:1d:b1:
         7e:66:69:70:3c:5a:04:93:dd:e9:5b:6e:c2:1e:5e:34:ff:e0:
         da:61:bc:63:f5:c6:2c:21:71:b9:5f:47:24:ac:74:05:c6:0c:
         02:81:f7:f1:2a:c4:85:61:f6:b9:1c:3c:23:a3:5d:78:fa:2e:
         6e:48:38:8c:fe:11:26:01:a0:43:12:58:7d:dc:3a:3e:10:82:
         ec:6b:65:47:18:cd:25:10:06:8a:48:98:62:d9:81:4d:a6:2e:
         18:26:7d:d0:34:10:a6:96:b7:cd:b7:24:09:fe:b4:20:ff:9b:
         a0:95:13:78:09:d8:ac:ef:a3:dc:6a:fa:da:78:21:3a:a8:c0:
         33:d1:86:62:1a:b6:ea:9e:1d:52:a1:36:5d:7c:f6:61:a3:5c:
         d4:a1:26:65:8b:6f:37:2d:3f:ac:5d:73:a0:9e:d4:5b:f1:a1:
         33:c8:76:e9:c6:34:0c:53:18:69:3b:bf:ce:2f:b4:c9:1c:c8:
         5f:f6:3c:60:e1:8c:31:47:90:2e:e6:75:55:31:2e:a5:79:f8:
         1f:22:c9:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaAAZkWD+e7ju+xegtfHsBhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwNDI5MDUyNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2M0ZmY5OGYwODM5NzJmNTdjNTAzMWFiMzVhNTczMTZmMDFiMWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFiXYyd6cA3LwRNdLceNd25XsoJF
vV5sBwJvDVNaFo4qgAUgC+k3xYIPsisTSjLFT/vkePpnyexmRX7Hl2ENHME/9Cna
7KUEXXfFcBFrErNO7Udx/g+M1608T2GQe6vIv3+9Vzzj3G5TR4/Vy7Ag2jqBJBv8
IURYqnOgwBXQN/LKG054Vdei+1ndax5Ogm53n3iuzhZcuTie0iygdUG3bHglvY4U
cnibOqaS77lGFTqBv5yx9SNXDMaRbndzFo3rOgfLuS1SRZ5iyX3SOLAxzbd6naOW
TN1sbCE6cJ0crbwVONxLDlGTlmtqBUg1TYUZ9Ehg6gv6S7MtuwWOPh/P9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNfE/5jwg5cvV8UDGrNaVzFvAbHSMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvMThUX21QQ0RseTlYeFFNYXMxcFhNVzhCc2RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLUP2MA0G
CSqGSIb3DQEBCwUAA4IBAQBAmXEpiF3SmAy4N+KQTLz2xRv414iumjDuMJsXFF6A
iBWNNycN99XxSkVN4gVb303XfQIbHbF+ZmlwPFoEk93pW27CHl40/+DaYbxj9cYs
IXG5X0ckrHQFxgwCgffxKsSFYfa5HDwjo114+i5uSDiM/hEmAaBDElh93Do+EILs
a2VHGM0lEAaKSJhi2YFNpi4YJn3QNBCmlrfNtyQJ/rQg/5uglRN4Cdis76Pcavra
eCE6qMAz0YZiGrbqnh1SoTZdfPZho1zUoSZli283LT+sXXOgntRb8aEzyHbpxjQM
UxhpO7/OL7TJHMhf9jxg4YwxR5Au5nVVMS6lefgfIsmh
-----END CERTIFICATE-----