Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/dd7764-1a58-45e6-ad83-32a60912ef40/1/29nd_dOa0jOSjO-BSVNW7WFQmeU.roa
File:                     29nd_dOa0jOSjO-BSVNW7WFQmeU.roa (raw, json)
Hash identifier:          PQzBa+M3c2965MBEIUlCwMA/PPxb1gOFyUG0cf3P01E=
Subject key identifier:   DB:D9:DD:FD:D3:9A:D2:33:92:8C:EF:81:49:53:56:ED:61:50:99:E5
Certificate issuer:       /CN=6c6ddb72e7268298c1714583131bbe4ae4ef0916
Certificate serial:       019634D5F6A59A1B346DECE0A52180D6CBEE
Authority key identifier: 6C:6D:DB:72:E7:26:82:98:C1:71:45:83:13:1B:BE:4A:E4:EF:09:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bG3bcucmgpjBcUWDExu-SuTvCRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/dd7764-1a58-45e6-ad83-32a60912ef40/1/29nd_dOa0jOSjO-BSVNW7WFQmeU.roa
Signing time:             Mon 14 Apr 2025 15:05:59 +0000
ROA not before:           Mon 14 Apr 2025 15:05:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213986
IP address blocks:        45.152.132.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/dd7764-1a58-45e6-ad83-32a60912ef40/1/bG3bcucmgpjBcUWDExu-SuTvCRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/dd7764-1a58-45e6-ad83-32a60912ef40/1/bG3bcucmgpjBcUWDExu-SuTvCRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bG3bcucmgpjBcUWDExu-SuTvCRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 09:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:34:d5:f6:a5:9a:1b:34:6d:ec:e0:a5:21:80:d6:cb:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c6ddb72e7268298c1714583131bbe4ae4ef0916
        Validity
            Not Before: Apr 14 15:05:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbd9ddfdd39ad233928cef81495356ed615099e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:73:9c:ad:cf:5b:22:fa:4a:3d:d7:55:b4:55:
                    46:1b:66:61:ff:f2:a3:fa:d2:d1:ef:14:dd:72:c0:
                    58:bc:bb:d0:ad:6f:65:87:e2:54:5f:ed:56:ef:fa:
                    97:d7:01:3e:d6:7b:65:af:96:6f:5f:ed:d3:2e:de:
                    91:a1:f8:62:1e:4d:72:d3:b6:23:56:ee:b2:de:a2:
                    99:0a:ec:d6:1a:0f:15:d7:c8:bd:e2:8a:73:2e:fb:
                    ec:7e:46:dc:0a:c4:31:9f:55:35:78:76:31:55:c6:
                    fd:1d:60:90:56:91:f8:8d:1c:ec:14:b8:de:08:fa:
                    bb:71:f4:98:8e:dd:34:5a:38:05:66:fb:c2:30:f3:
                    df:b4:3e:42:0e:9a:7c:98:82:19:a4:d3:22:81:90:
                    24:3a:c8:74:fa:4e:27:4a:57:ac:12:fc:37:0e:2f:
                    8c:75:e6:97:a1:2b:63:0d:b5:c7:6c:10:43:4b:63:
                    02:ab:a4:24:f7:84:be:22:80:24:18:3e:cc:b2:66:
                    77:05:c7:84:c3:d3:47:9b:ea:01:03:b3:44:0f:7b:
                    ba:38:7f:ae:ed:ad:a9:a7:3b:68:0c:66:a3:8c:8f:
                    72:cf:8d:59:83:a9:4d:1d:e5:c6:f4:51:cc:59:4b:
                    fd:72:5c:ce:72:35:8e:68:99:91:5a:b7:f4:ab:c5:
                    8a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:D9:DD:FD:D3:9A:D2:33:92:8C:EF:81:49:53:56:ED:61:50:99:E5
            X509v3 Authority Key Identifier:
                keyid:6C:6D:DB:72:E7:26:82:98:C1:71:45:83:13:1B:BE:4A:E4:EF:09:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bG3bcucmgpjBcUWDExu-SuTvCRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/dd7764-1a58-45e6-ad83-32a60912ef40/1/29nd_dOa0jOSjO-BSVNW7WFQmeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/dd7764-1a58-45e6-ad83-32a60912ef40/1/bG3bcucmgpjBcUWDExu-SuTvCRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:e7:5a:14:8a:ae:c4:d0:57:4a:4a:3f:cc:dc:f0:db:43:aa:
         ff:d8:c3:6a:0d:f2:a4:9c:81:25:64:b9:e1:7a:03:30:f7:06:
         ac:42:ea:74:60:08:f2:1a:fa:5b:a3:22:a0:20:55:26:56:11:
         e3:c6:d5:62:43:9e:44:68:43:bc:58:d4:da:dc:81:f2:16:78:
         fb:17:a1:bf:c2:66:e8:62:54:09:42:28:a0:d1:af:a9:2b:e0:
         00:2c:9a:f4:67:ae:ce:ed:fa:c7:d2:49:25:3a:7f:32:df:9d:
         fc:cc:8c:d8:3b:0f:33:a4:31:3d:43:78:c8:49:d0:9a:d9:a8:
         84:53:c8:e0:82:e3:73:2b:41:25:97:44:4f:dc:90:e5:5b:3f:
         6a:b2:0f:f1:39:f5:da:a8:72:3a:de:72:3a:09:de:e7:a5:fa:
         03:28:49:d4:6e:02:20:76:5f:9b:9c:d9:19:8b:f5:8a:52:10:
         66:c7:26:d8:c4:73:00:9b:e2:08:c7:2b:09:31:0f:5c:8e:41:
         35:41:4b:81:ed:c8:c4:93:72:aa:ae:68:a3:c3:40:30:89:3e:
         95:6f:40:9b:9b:de:d9:0e:3e:fe:1b:d6:e6:ce:da:21:5f:fa:
         c7:6c:73:8e:a3:b4:95:ef:2d:99:31:12:78:ab:2f:35:59:84:
         73:04:66:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY01falmhs0bezgpSGA1svuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjNmRkYjcyZTcyNjgyOThjMTcxNDU4MzEzMWJiZTRhZTRl
ZjA5MTYwHhcNMjUwNDE0MTUwNTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmQ5ZGRmZGQzOWFkMjMzOTI4Y2VmODE0OTUzNTZlZDYxNTA5OWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnOcrc9bIvpKPddVtFVGG2Zh//Kj
+tLR7xTdcsBYvLvQrW9lh+JUX+1W7/qX1wE+1ntlr5ZvX+3TLt6RofhiHk1y07Yj
Vu6y3qKZCuzWGg8V18i94opzLvvsfkbcCsQxn1U1eHYxVcb9HWCQVpH4jRzsFLje
CPq7cfSYjt00WjgFZvvCMPPftD5CDpp8mIIZpNMigZAkOsh0+k4nSlesEvw3Di+M
deaXoStjDbXHbBBDS2MCq6Qk94S+IoAkGD7MsmZ3BceEw9NHm+oBA7NED3u6OH+u
7a2ppztoDGajjI9yz41Zg6lNHeXG9FHMWUv9clzOcjWOaJmRWrf0q8WKBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvZ3f3TmtIzkozvgUlTVu1hUJnlMB8GA1UdIwQY
MBaAFGxt23LnJoKYwXFFgxMbvkrk7wkWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkczYmN1Y21ncGpCY1VXREV4dS1TdVR2Q1JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9kZDc3NjQtMWE1OC00NWU2LWFkODMt
MzJhNjA5MTJlZjQwLzEvMjluZF9kT2Ewak9Tak8tQlNWTlc3V0ZRbWVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9kZDc3NjQtMWE1OC00NWU2LWFkODMtMzJhNjA5MTJlZjQw
LzEvYkczYmN1Y21ncGpCY1VXREV4dS1TdVR2Q1JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZiEMA0G
CSqGSIb3DQEBCwUAA4IBAQBO51oUiq7E0FdKSj/M3PDbQ6r/2MNqDfKknIElZLnh
egMw9wasQup0YAjyGvpboyKgIFUmVhHjxtViQ55EaEO8WNTa3IHyFnj7F6G/wmbo
YlQJQiig0a+pK+AALJr0Z67O7frH0kklOn8y3538zIzYOw8zpDE9Q3jISdCa2aiE
U8jgguNzK0Ell0RP3JDlWz9qsg/xOfXaqHI63nI6Cd7npfoDKEnUbgIgdl+bnNkZ
i/WKUhBmxybYxHMAm+IIxysJMQ9cjkE1QUuB7cjEk3Kqrmijw0AwiT6Vb0Cbm97Z
Dj7+G9bmztohX/rHbHOOo7SV7y2ZMRJ4qy81WYRzBGZb
-----END CERTIFICATE-----