Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/2f977a-c0db-437e-9f60-5592360e3e8e/1/PAVyRbFaEEoOWTl92A8TbczIVRA.roa
File:                     PAVyRbFaEEoOWTl92A8TbczIVRA.roa (raw, json)
Hash identifier:          exAiJS6L6PDn4Agqv44VIUH/UIoW7ahABMr/MK9GM9o=
Subject key identifier:   3C:05:72:45:B1:5A:10:4A:0E:59:39:7D:D8:0F:13:6D:CC:C8:55:10
Certificate issuer:       /CN=cab936b35f92cdec5e90df33bdc508661c27b455
Certificate serial:       0196A55A7361B1A259AB490932BD40AD706B
Authority key identifier: CA:B9:36:B3:5F:92:CD:EC:5E:90:DF:33:BD:C5:08:66:1C:27:B4:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yrk2s1-SzexekN8zvcUIZhwntFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/2f977a-c0db-437e-9f60-5592360e3e8e/1/PAVyRbFaEEoOWTl92A8TbczIVRA.roa
Signing time:             Tue 06 May 2025 11:28:10 +0000
ROA not before:           Tue 06 May 2025 11:28:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201746
IP address blocks:        45.94.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/2f977a-c0db-437e-9f60-5592360e3e8e/1/yrk2s1-SzexekN8zvcUIZhwntFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/2f977a-c0db-437e-9f60-5592360e3e8e/1/yrk2s1-SzexekN8zvcUIZhwntFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yrk2s1-SzexekN8zvcUIZhwntFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 15:42:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a5:5a:73:61:b1:a2:59:ab:49:09:32:bd:40:ad:70:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cab936b35f92cdec5e90df33bdc508661c27b455
        Validity
            Not Before: May  6 11:28:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c057245b15a104a0e59397dd80f136dccc85510
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e2:e9:53:5d:03:18:a8:81:9f:a1:78:57:18:
                    7a:11:32:e0:cb:04:59:d7:9e:cc:8b:02:c5:59:66:
                    c8:84:63:7b:f7:57:9f:ea:68:77:4a:22:cf:89:f1:
                    af:19:9d:79:d0:e8:c0:a3:86:bc:63:29:59:01:83:
                    00:66:f1:e0:53:26:c1:28:93:2a:75:38:c8:df:ad:
                    43:76:2a:64:8c:3b:26:7a:c1:6e:c1:04:f6:3a:ba:
                    80:da:a6:3f:38:79:8f:61:e4:aa:39:64:ec:c6:8d:
                    ed:4a:43:d1:21:e5:5b:f9:8b:68:cd:93:c2:70:1c:
                    e8:0c:32:20:c6:3a:9c:11:47:37:08:7e:dc:b1:6d:
                    73:aa:84:78:a4:90:0d:9c:dd:ff:a5:04:fc:0e:cd:
                    ef:33:d9:4c:1f:4e:2b:fb:fd:68:4a:8d:bd:7e:dc:
                    40:0e:05:68:5e:e7:86:79:b4:74:b5:73:34:18:20:
                    34:72:13:b1:dc:ee:b5:bc:87:b0:b3:8d:c8:e8:4a:
                    28:f0:78:20:5e:a9:0c:59:58:3f:6f:0c:07:6f:00:
                    b2:24:6d:9a:32:6d:c4:5f:f5:f5:f2:f8:4c:7a:75:
                    e7:ed:53:07:e9:70:dc:dd:43:65:75:02:d6:98:5f:
                    28:af:fb:3e:df:d1:2a:0d:f1:1b:91:13:a7:16:36:
                    3a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:05:72:45:B1:5A:10:4A:0E:59:39:7D:D8:0F:13:6D:CC:C8:55:10
            X509v3 Authority Key Identifier:
                keyid:CA:B9:36:B3:5F:92:CD:EC:5E:90:DF:33:BD:C5:08:66:1C:27:B4:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yrk2s1-SzexekN8zvcUIZhwntFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/2f977a-c0db-437e-9f60-5592360e3e8e/1/PAVyRbFaEEoOWTl92A8TbczIVRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/2f977a-c0db-437e-9f60-5592360e3e8e/1/yrk2s1-SzexekN8zvcUIZhwntFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:6c:1a:8b:ac:6d:c1:08:e0:69:cc:6b:2e:b4:5b:c5:ba:3f:
         bc:08:57:a8:04:61:61:9c:cd:72:bd:5a:5e:29:2b:ea:8a:dc:
         0f:34:b3:c0:8b:53:07:3d:3e:f3:f7:31:b6:20:da:3a:5c:48:
         e2:58:8b:4e:84:a5:66:b0:d7:36:f8:d1:74:49:ab:dc:5f:f3:
         7a:f2:11:b9:f1:ab:fe:bc:7c:e0:f0:9a:e0:ec:16:2f:98:10:
         23:d8:47:72:3f:69:7b:93:9e:d0:8b:63:f6:59:93:f7:41:f8:
         74:d4:39:57:91:13:0d:66:f9:b0:fd:ae:19:21:6c:db:9c:d1:
         d3:47:5d:3b:89:bd:35:48:de:f5:dd:d5:bf:b4:1f:fc:89:93:
         7b:9f:4a:b1:1d:ec:9f:0f:c7:fd:d9:92:37:e6:4d:64:76:f1:
         22:3b:c4:00:bb:34:fa:d9:53:63:b3:c1:7e:78:4b:c6:54:f1:
         f4:88:b7:2e:8f:35:cc:78:e5:0e:c0:23:72:05:8e:31:98:c2:
         98:b1:5b:ed:85:57:42:f0:45:3f:33:67:79:46:23:7e:e1:d2:
         ba:99:68:f1:df:9c:a6:0c:4c:6f:43:a4:ab:4b:44:32:23:61:
         fa:ae:2e:04:a7:06:31:37:58:14:6d:f5:b4:50:95:13:db:56:
         05:52:68:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZalWnNhsaJZq0kJMr1ArXBrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhYjkzNmIzNWY5MmNkZWM1ZTkwZGYzM2JkYzUwODY2MWMy
N2I0NTUwHhcNMjUwNTA2MTEyODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzA1NzI0NWIxNWExMDRhMGU1OTM5N2RkODBmMTM2ZGNjYzg1NTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOLpU10DGKiBn6F4Vxh6ETLgywRZ
157MiwLFWWbIhGN791ef6mh3SiLPifGvGZ150OjAo4a8YylZAYMAZvHgUybBKJMq
dTjI361DdipkjDsmesFuwQT2OrqA2qY/OHmPYeSqOWTsxo3tSkPRIeVb+YtozZPC
cBzoDDIgxjqcEUc3CH7csW1zqoR4pJANnN3/pQT8Ds3vM9lMH04r+/1oSo29ftxA
DgVoXueGebR0tXM0GCA0chOx3O61vIews43I6Eoo8HggXqkMWVg/bwwHbwCyJG2a
Mm3EX/X18vhMenXn7VMH6XDc3UNldQLWmF8or/s+39EqDfEbkROnFjY61wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDwFckWxWhBKDlk5fdgPE23MyFUQMB8GA1UdIwQY
MBaAFMq5NrNfks3sXpDfM73FCGYcJ7RVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXJrMnMxLVN6ZXhla044enZjVUlaaHdudEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8yZjk3N2EtYzBkYi00MzdlLTlmNjAt
NTU5MjM2MGUzZThlLzEvUEFWeVJiRmFFRW9PV1RsOTJBOFRiY3pJVlJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8yZjk3N2EtYzBkYi00MzdlLTlmNjAtNTU5MjM2MGUzZThl
LzEveXJrMnMxLVN6ZXhla044enZjVUlaaHdudEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV5lMA0G
CSqGSIb3DQEBCwUAA4IBAQB1bBqLrG3BCOBpzGsutFvFuj+8CFeoBGFhnM1yvVpe
KSvqitwPNLPAi1MHPT7z9zG2INo6XEjiWItOhKVmsNc2+NF0SavcX/N68hG58av+
vHzg8Jrg7BYvmBAj2EdyP2l7k57Qi2P2WZP3Qfh01DlXkRMNZvmw/a4ZIWzbnNHT
R107ib01SN713dW/tB/8iZN7n0qxHeyfD8f92ZI35k1kdvEiO8QAuzT62VNjs8F+
eEvGVPH0iLcujzXMeOUOwCNyBY4xmMKYsVvthVdC8EU/M2d5RiN+4dK6mWjx35ym
DExvQ6SrS0QyI2H6ri4EpwYxN1gUbfW0UJUT21YFUmi/
-----END CERTIFICATE-----