Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/uSWhGb7yh0hnhYBmE-uLSzu4Rns.roa
File:                     uSWhGb7yh0hnhYBmE-uLSzu4Rns.roa (raw, json)
Hash identifier:          K+cvStncEiJXwD+zki81oVh+wXS7gjez2aJZSXM9/64=
Subject key identifier:   B9:25:A1:19:BE:F2:87:48:67:85:80:66:13:EB:8B:4B:3B:B8:46:7B
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       019789DCE12A64A0E7B4D3CB4FA28F257728
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/uSWhGb7yh0hnhYBmE-uLSzu4Rns.roa
Signing time:             Thu 19 Jun 2025 20:24:03 +0000
ROA not before:           Thu 19 Jun 2025 20:24:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215304
IP address blocks:        45.145.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 20:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:89:dc:e1:2a:64:a0:e7:b4:d3:cb:4f:a2:8f:25:77:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jun 19 20:24:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b925a119bef287486785806613eb8b4b3bb8467b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:21:52:3a:1c:ab:ea:2b:c2:1b:9d:dd:90:6f:
                    fa:d6:aa:54:fc:68:61:ae:d6:0d:31:5c:f6:f5:0d:
                    d6:bd:23:a7:d2:11:78:be:63:5b:01:88:04:ce:ff:
                    c1:b0:be:68:f5:77:5c:ff:8f:41:98:49:f0:53:39:
                    33:f2:78:3c:6e:74:5e:fd:83:d0:bd:00:1e:36:0f:
                    73:9e:d6:2f:39:9e:30:75:8f:a3:67:af:51:99:23:
                    95:68:05:a9:3b:ff:2e:2f:fd:a5:2e:a7:7d:b0:0c:
                    2f:cf:eb:23:a0:03:6a:8b:aa:ba:a1:f8:6c:97:62:
                    8d:03:34:dd:42:de:8d:c3:45:bb:3e:4d:a8:38:ce:
                    a6:5d:ae:b7:2b:c3:a4:89:26:0b:ae:28:ab:d6:83:
                    00:61:5c:29:09:95:a7:17:ef:c7:6d:d2:b8:49:44:
                    66:7b:f1:89:c8:2e:8a:8a:0c:54:67:5e:1f:e2:d2:
                    11:be:7b:13:40:16:65:3e:5a:8b:99:da:16:fd:54:
                    7b:fa:30:53:f2:42:b1:d0:59:c1:99:17:5d:18:71:
                    6d:40:fc:b5:9b:35:de:04:ea:ce:3c:9e:13:c2:70:
                    d8:e9:29:b7:04:6b:d0:e7:e8:35:5e:3a:5c:4b:89:
                    5e:16:ad:d3:da:71:63:21:ef:6f:8f:fd:13:72:3b:
                    21:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:25:A1:19:BE:F2:87:48:67:85:80:66:13:EB:8B:4B:3B:B8:46:7B
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/uSWhGb7yh0hnhYBmE-uLSzu4Rns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:f5:47:0e:2c:93:9a:17:00:e0:99:65:c0:1b:03:e1:97:28:
         8d:e1:be:dc:90:61:62:17:ae:7a:a6:81:9a:e2:c2:b1:94:02:
         18:85:f4:1b:ff:f6:b8:83:8c:78:b9:d6:e2:aa:71:74:e1:14:
         cf:b2:2c:55:cb:f6:57:55:63:dd:65:1c:38:0f:da:04:e5:ef:
         7c:13:31:12:57:90:8c:0d:8d:e7:87:9b:43:ec:21:b0:85:d2:
         4b:4e:70:60:9b:ea:98:0a:aa:fe:d0:ce:26:f1:bc:a2:14:71:
         32:52:cd:ac:17:ee:99:d1:79:15:56:cb:1d:e0:04:34:44:15:
         07:59:e2:21:e7:c4:72:c5:dd:f8:79:13:5e:12:8a:fb:ea:fc:
         a8:33:b6:ed:4c:a0:70:18:e2:ad:d2:30:1d:bd:a0:a1:0a:10:
         61:66:b4:33:a6:41:2c:9b:6d:b3:ba:9f:aa:0e:37:c9:eb:bd:
         ec:d1:41:fa:d7:c6:4c:04:81:bc:48:bb:61:57:07:e3:5e:e6:
         3a:50:cb:87:f9:2b:33:9f:f9:dc:43:b8:36:19:c1:ce:9a:e8:
         65:62:24:dc:4a:86:ff:9c:f8:cb:c2:63:9c:9f:41:6d:6d:c4:
         17:3b:7a:47:e9:87:d9:b8:c9:38:02:4e:2a:f7:de:56:44:f1:
         b2:d0:e4:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeJ3OEqZKDntNPLT6KPJXcoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjUwNjE5MjAyNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTI1YTExOWJlZjI4NzQ4Njc4NTgwNjYxM2ViOGI0YjNiYjg0NjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSFSOhyr6ivCG53dkG/61qpU/Ghh
rtYNMVz29Q3WvSOn0hF4vmNbAYgEzv/BsL5o9Xdc/49BmEnwUzkz8ng8bnRe/YPQ
vQAeNg9zntYvOZ4wdY+jZ69RmSOVaAWpO/8uL/2lLqd9sAwvz+sjoANqi6q6ofhs
l2KNAzTdQt6Nw0W7Pk2oOM6mXa63K8OkiSYLriir1oMAYVwpCZWnF+/HbdK4SURm
e/GJyC6KigxUZ14f4tIRvnsTQBZlPlqLmdoW/VR7+jBT8kKx0FnBmRddGHFtQPy1
mzXeBOrOPJ4TwnDY6Sm3BGvQ5+g1XjpcS4leFq3T2nFjIe9vj/0TcjshQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLkloRm+8odIZ4WAZhPri0s7uEZ7MB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvdVNXaEdiN3loMGhuaFlCbUUtdUxTenU0Um5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGYMA0G
CSqGSIb3DQEBCwUAA4IBAQBE9UcOLJOaFwDgmWXAGwPhlyiN4b7ckGFiF656poGa
4sKxlAIYhfQb//a4g4x4udbiqnF04RTPsixVy/ZXVWPdZRw4D9oE5e98EzESV5CM
DY3nh5tD7CGwhdJLTnBgm+qYCqr+0M4m8byiFHEyUs2sF+6Z0XkVVssd4AQ0RBUH
WeIh58Ryxd34eRNeEor76vyoM7btTKBwGOKt0jAdvaChChBhZrQzpkEsm22zup+q
DjfJ673s0UH618ZMBIG8SLthVwfjXuY6UMuH+Sszn/ncQ7g2GcHOmuhlYiTcSob/
nPjLwmOcn0FtbcQXO3pH6YfZuMk4Ak4q995WRPGy0ORV
-----END CERTIFICATE-----