Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/3b11de-900f-4378-84eb-7870c645e219/1/CSyvgilT5mnW9pyqSyfTaCfKxrY.roa
File:                     CSyvgilT5mnW9pyqSyfTaCfKxrY.roa (raw, json)
Hash identifier:          tpDRNnsrbKfOJ2P6aML+VDmpLs4+ujzAYf4aKfdZnQg=
Subject key identifier:   09:2C:AF:82:29:53:E6:69:D6:F6:9C:AA:4B:27:D3:68:27:CA:C6:B6
Certificate issuer:       /CN=8f1cb9737524c437f6fa7521176bb0ab71fbee63
Certificate serial:       0197789459DE8F6998601AB54CBC06B4A3D1
Authority key identifier: 8F:1C:B9:73:75:24:C4:37:F6:FA:75:21:17:6B:B0:AB:71:FB:EE:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jxy5c3UkxDf2-nUhF2uwq3H77mM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/3b11de-900f-4378-84eb-7870c645e219/1/CSyvgilT5mnW9pyqSyfTaCfKxrY.roa
Signing time:             Mon 16 Jun 2025 11:51:17 +0000
ROA not before:           Mon 16 Jun 2025 11:51:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152339
IP address blocks:        45.134.98.0/24 maxlen: 24
                          2a13:96c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/3b11de-900f-4378-84eb-7870c645e219/1/jxy5c3UkxDf2-nUhF2uwq3H77mM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/3b11de-900f-4378-84eb-7870c645e219/1/jxy5c3UkxDf2-nUhF2uwq3H77mM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jxy5c3UkxDf2-nUhF2uwq3H77mM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 08:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:78:94:59:de:8f:69:98:60:1a:b5:4c:bc:06:b4:a3:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f1cb9737524c437f6fa7521176bb0ab71fbee63
        Validity
            Not Before: Jun 16 11:51:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=092caf822953e669d6f69caa4b27d36827cac6b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2a:f2:65:3e:79:c8:95:b9:b8:9d:4b:0f:7e:
                    d7:81:88:7f:19:88:ac:3d:83:78:89:c6:ba:a1:e7:
                    53:9d:67:05:df:3e:9a:7c:a6:90:f9:ba:dd:59:55:
                    d5:71:87:a2:f2:b3:ce:a9:2c:02:39:8e:6c:32:be:
                    cd:88:e3:15:ec:dd:66:ae:d1:be:87:c5:04:38:69:
                    9d:22:ca:8d:8e:cc:98:0a:f5:0b:2e:48:f7:fa:41:
                    31:f9:87:11:4e:94:c1:a2:bc:2d:68:cd:d3:3d:63:
                    48:e3:68:0f:4f:bd:a0:b5:31:61:c0:6a:17:fe:a1:
                    0a:af:5d:7d:9b:35:b7:3b:09:a7:2c:8b:c2:08:80:
                    9f:e3:be:96:ab:73:75:0e:6d:1a:30:a4:58:30:00:
                    d5:cb:f9:ff:da:66:a1:0d:30:1a:50:b4:af:63:de:
                    ad:6c:6c:f4:c4:0f:02:56:a8:7c:ec:d1:5e:1f:92:
                    78:43:4f:aa:30:98:b4:20:b5:8f:36:20:21:e1:4c:
                    49:d2:09:66:ac:30:50:cc:3e:9e:ba:0a:25:6a:44:
                    2b:bf:27:b1:3d:0e:88:4b:32:a0:e2:4a:77:77:fa:
                    6d:ca:c8:62:03:13:a1:94:96:69:f4:78:b8:23:9d:
                    4d:1b:29:0c:eb:13:31:b5:49:c4:14:79:f8:9a:86:
                    db:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:2C:AF:82:29:53:E6:69:D6:F6:9C:AA:4B:27:D3:68:27:CA:C6:B6
            X509v3 Authority Key Identifier:
                keyid:8F:1C:B9:73:75:24:C4:37:F6:FA:75:21:17:6B:B0:AB:71:FB:EE:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jxy5c3UkxDf2-nUhF2uwq3H77mM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/3b11de-900f-4378-84eb-7870c645e219/1/CSyvgilT5mnW9pyqSyfTaCfKxrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/3b11de-900f-4378-84eb-7870c645e219/1/jxy5c3UkxDf2-nUhF2uwq3H77mM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.98.0/24
                IPv6:
                  2a13:96c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         54:02:4e:c8:d6:77:5a:97:67:ef:f0:be:82:3e:45:6f:ae:fa:
         8c:21:cc:16:1f:8f:03:a3:0e:13:d0:db:ca:3c:30:09:ef:02:
         cd:7b:da:e3:f2:3a:0b:d8:e3:b6:a7:e6:f9:d9:b9:7d:f9:f1:
         a3:24:0c:f4:93:9c:6a:6c:c4:64:fb:c8:c5:e6:9d:d3:69:63:
         2f:86:52:a2:79:ff:f1:02:72:cd:7b:df:16:97:ce:7c:23:63:
         1d:91:fd:c7:a9:d2:00:7c:f9:d9:2b:a6:d1:4d:25:08:d2:8c:
         56:d8:7b:29:82:a2:73:c1:b5:6d:4f:50:05:3b:e5:5b:b3:c6:
         18:b2:4b:fd:4b:66:47:e8:ed:e2:83:96:62:14:e3:0a:88:39:
         01:29:6b:b1:a7:7e:72:3d:95:c0:4c:1a:b8:58:10:85:de:bd:
         4b:76:3f:2b:d9:7c:83:38:a3:42:e6:4d:f3:87:40:b9:bc:85:
         67:ba:f6:51:d1:cb:81:d7:f5:58:5c:6e:b1:03:18:ec:d9:0c:
         68:f1:b6:d4:09:84:d9:f5:cd:0d:7b:ce:05:d5:11:e8:49:ec:
         c8:71:29:9d:55:68:34:e3:a9:c7:db:d8:a4:98:1c:95:14:8a:
         53:2f:bf:48:de:25:a2:5e:63:f8:6c:e0:53:4f:f8:97:2c:5a:
         6b:71:ba:8e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZd4lFnej2mYYBq1TLwGtKPRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMWNiOTczNzUyNGM0MzdmNmZhNzUyMTE3NmJiMGFiNzFm
YmVlNjMwHhcNMjUwNjE2MTE1MTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTJjYWY4MjI5NTNlNjY5ZDZmNjljYWE0YjI3ZDM2ODI3Y2FjNmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyryZT55yJW5uJ1LD37XgYh/GYis
PYN4ica6oedTnWcF3z6afKaQ+brdWVXVcYei8rPOqSwCOY5sMr7NiOMV7N1mrtG+
h8UEOGmdIsqNjsyYCvULLkj3+kEx+YcRTpTBorwtaM3TPWNI42gPT72gtTFhwGoX
/qEKr119mzW3OwmnLIvCCICf476Wq3N1Dm0aMKRYMADVy/n/2mahDTAaULSvY96t
bGz0xA8CVqh87NFeH5J4Q0+qMJi0ILWPNiAh4UxJ0glmrDBQzD6eugolakQrvyex
PQ6ISzKg4kp3d/ptyshiAxOhlJZp9Hi4I51NGykM6xMxtUnEFHn4mobbgQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAksr4IpU+Zp1vacqksn02gnysa2MB8GA1UdIwQY
MBaAFI8cuXN1JMQ39vp1IRdrsKtx++5jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanh5NWMzVWt4RGYyLW5VaEYydXdxM0g3N21NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8zYjExZGUtOTAwZi00Mzc4LTg0ZWIt
Nzg3MGM2NDVlMjE5LzEvQ1N5dmdpbFQ1bW5XOXB5cVN5ZlRhQ2ZLeHJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8zYjExZGUtOTAwZi00Mzc4LTg0ZWItNzg3MGM2NDVlMjE5
LzEvanh5NWMzVWt4RGYyLW5VaEYydXdxM0g3N21NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALYZiMA0E
AgACMAcDBQMqE5bAMA0GCSqGSIb3DQEBCwUAA4IBAQBUAk7I1ndal2fv8L6CPkVv
rvqMIcwWH48Dow4T0NvKPDAJ7wLNe9rj8joL2OO2p+b52bl9+fGjJAz0k5xqbMRk
+8jF5p3TaWMvhlKief/xAnLNe98Wl858I2Mdkf3HqdIAfPnZK6bRTSUI0oxW2Hsp
gqJzwbVtT1AFO+Vbs8YYskv9S2ZH6O3ig5ZiFOMKiDkBKWuxp35yPZXATBq4WBCF
3r1Ldj8r2XyDOKNC5k3zh0C5vIVnuvZR0cuB1/VYXG6xAxjs2Qxo8bbUCYTZ9c0N
e84F1RHoSezIcSmdVWg046nH29ikmByVFIpTL79I3iWiXmP4bOBTT/iXLFprcbqO
-----END CERTIFICATE-----