Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/3dc222-1206-4922-8890-455b19f766cc/1/16-jUNfPaeEDFi2CG2Dls7NK5lg.roa
File:                     16-jUNfPaeEDFi2CG2Dls7NK5lg.roa (raw, json)
Hash identifier:          9zFXZ8EDGdJp6On1sZ8dp628uiNp48YN4eESkdpnuOk=
Subject key identifier:   D7:AF:A3:50:D7:CF:69:E1:03:16:2D:82:1B:60:E5:B3:B3:4A:E6:58
Certificate issuer:       /CN=4f0e77d9c6ff68dca68f05df8f4675ee7bdcb0bc
Certificate serial:       0197A60479E77B1FA90DBABE6F6C2AD27FA5
Authority key identifier: 4F:0E:77:D9:C6:FF:68:DC:A6:8F:05:DF:8F:46:75:EE:7B:DC:B0:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tw532cb_aNymjwXfj0Z17nvcsLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/3dc222-1206-4922-8890-455b19f766cc/1/16-jUNfPaeEDFi2CG2Dls7NK5lg.roa
Signing time:             Wed 25 Jun 2025 07:36:40 +0000
ROA not before:           Wed 25 Jun 2025 07:36:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35131
IP address blocks:        45.145.24.0/22 maxlen: 22
                          45.145.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/3dc222-1206-4922-8890-455b19f766cc/1/Tw532cb_aNymjwXfj0Z17nvcsLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/3dc222-1206-4922-8890-455b19f766cc/1/Tw532cb_aNymjwXfj0Z17nvcsLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tw532cb_aNymjwXfj0Z17nvcsLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 13:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a6:04:79:e7:7b:1f:a9:0d:ba:be:6f:6c:2a:d2:7f:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f0e77d9c6ff68dca68f05df8f4675ee7bdcb0bc
        Validity
            Not Before: Jun 25 07:36:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7afa350d7cf69e103162d821b60e5b3b34ae658
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:cd:cf:10:22:2f:35:df:c3:4b:ff:5c:5d:49:
                    4e:59:d2:1b:08:ea:ca:2e:9b:02:58:98:f8:5e:ca:
                    1a:f4:0c:43:5c:03:7b:56:57:dd:01:73:dc:9b:67:
                    13:4d:18:fa:a9:5c:10:ba:90:4e:02:8c:fe:61:68:
                    77:c8:3e:ac:53:05:0b:97:2a:65:14:96:82:32:81:
                    c0:e1:10:8f:7b:ec:5b:6e:d7:01:c3:d5:de:32:36:
                    6b:61:0c:2b:b7:03:1f:16:cf:32:18:0e:f4:f3:07:
                    c5:b0:cb:53:29:9c:15:c4:52:42:07:50:53:0c:cd:
                    0e:14:1a:48:26:fc:57:52:64:7c:19:5e:42:cf:be:
                    1a:1c:0d:37:81:11:b8:b6:18:c5:56:0a:4c:fb:7b:
                    8f:77:0d:e5:5a:c6:70:d1:98:22:f8:e7:4b:55:9a:
                    ef:74:b8:b6:68:5c:d8:71:9c:9d:3a:a3:5f:12:02:
                    ca:ff:fa:47:e7:83:2c:64:da:81:28:5c:ae:5a:5a:
                    87:47:22:09:09:ed:7b:d6:c5:b7:90:e8:9d:bd:14:
                    9d:93:45:9f:e2:fd:ac:eb:29:0f:f9:1c:ba:71:35:
                    c3:00:43:5d:63:e5:2d:f4:cb:ab:a7:7f:58:ef:60:
                    1e:9b:63:ea:3d:7a:8e:5a:86:c0:6f:cc:2c:97:c2:
                    ac:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:AF:A3:50:D7:CF:69:E1:03:16:2D:82:1B:60:E5:B3:B3:4A:E6:58
            X509v3 Authority Key Identifier:
                keyid:4F:0E:77:D9:C6:FF:68:DC:A6:8F:05:DF:8F:46:75:EE:7B:DC:B0:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tw532cb_aNymjwXfj0Z17nvcsLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/3dc222-1206-4922-8890-455b19f766cc/1/16-jUNfPaeEDFi2CG2Dls7NK5lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/3dc222-1206-4922-8890-455b19f766cc/1/Tw532cb_aNymjwXfj0Z17nvcsLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:69:00:f9:b2:6a:85:c3:67:92:c1:ac:f6:86:ba:1c:16:6b:
         80:58:10:42:c8:19:32:f5:92:bf:67:d4:c4:4f:ac:c1:80:59:
         c2:30:97:68:d2:d0:a7:5c:5d:df:dc:88:1d:1c:d1:a3:0d:55:
         df:34:a1:9b:14:a4:d0:af:c2:00:50:7b:70:06:18:47:c1:2f:
         70:d3:64:0b:34:3d:4a:e8:84:73:c4:43:f5:59:58:ee:88:29:
         ba:53:15:0c:80:5e:b4:5f:e9:bb:55:06:5f:19:28:01:fe:14:
         ce:41:22:b8:f5:de:bc:88:45:b9:a6:cf:00:48:e0:15:8f:ac:
         28:dd:35:0a:cc:cd:cd:54:b4:df:7c:ac:b1:ad:0f:68:f2:8f:
         4d:bb:b8:e3:c2:82:e1:07:aa:f0:b8:38:8f:a3:47:bf:78:f1:
         d6:24:be:95:f0:28:0f:a1:22:06:ba:c3:ac:ac:91:a0:a7:4c:
         4f:30:fe:4d:80:88:10:f3:0c:29:ae:a8:d3:7c:79:1e:76:e8:
         4b:a8:c4:88:c4:6e:2b:ee:ad:8e:1c:5a:e1:4d:b1:f1:37:86:
         50:46:84:76:58:ba:eb:2c:b6:d3:68:86:39:26:1e:8f:e4:34:
         ff:3a:d7:49:f2:3a:b4:ff:c1:6f:b0:ec:66:47:28:0e:6c:9d:
         53:da:60:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZemBHnnex+pDbq+b2wq0n+lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMGU3N2Q5YzZmZjY4ZGNhNjhmMDVkZjhmNDY3NWVlN2Jk
Y2IwYmMwHhcNMjUwNjI1MDczNjQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2FmYTM1MGQ3Y2Y2OWUxMDMxNjJkODIxYjYwZTViM2IzNGFlNjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0M3PECIvNd/DS/9cXUlOWdIbCOrK
LpsCWJj4Xsoa9AxDXAN7VlfdAXPcm2cTTRj6qVwQupBOAoz+YWh3yD6sUwULlypl
FJaCMoHA4RCPe+xbbtcBw9XeMjZrYQwrtwMfFs8yGA708wfFsMtTKZwVxFJCB1BT
DM0OFBpIJvxXUmR8GV5Cz74aHA03gRG4thjFVgpM+3uPdw3lWsZw0Zgi+OdLVZrv
dLi2aFzYcZydOqNfEgLK//pH54MsZNqBKFyuWlqHRyIJCe171sW3kOidvRSdk0Wf
4v2s6ykP+Ry6cTXDAENdY+Ut9Murp39Y72Aem2PqPXqOWobAb8wsl8KsXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNevo1DXz2nhAxYtghtg5bOzSuZYMB8GA1UdIwQY
MBaAFE8Od9nG/2jcpo8F349Gde573LC8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHc1MzJjYl9hTnltandYZmowWjE3bnZjc0x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8zZGMyMjItMTIwNi00OTIyLTg4OTAt
NDU1YjE5Zjc2NmNjLzEvMTYtalVOZlBhZUVERmkyQ0cyRGxzN05LNWxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8zZGMyMjItMTIwNi00OTIyLTg4OTAtNDU1YjE5Zjc2NmNj
LzEvVHc1MzJjYl9hTnltandYZmowWjE3bnZjc0x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZEYMA0G
CSqGSIb3DQEBCwUAA4IBAQAnaQD5smqFw2eSwaz2hrocFmuAWBBCyBky9ZK/Z9TE
T6zBgFnCMJdo0tCnXF3f3IgdHNGjDVXfNKGbFKTQr8IAUHtwBhhHwS9w02QLND1K
6IRzxEP1WVjuiCm6UxUMgF60X+m7VQZfGSgB/hTOQSK49d68iEW5ps8ASOAVj6wo
3TUKzM3NVLTffKyxrQ9o8o9Nu7jjwoLhB6rwuDiPo0e/ePHWJL6V8CgPoSIGusOs
rJGgp0xPMP5NgIgQ8wwprqjTfHkeduhLqMSIxG4r7q2OHFrhTbHxN4ZQRoR2WLrr
LLbTaIY5Jh6P5DT/OtdJ8jq0/8FvsOxmRygObJ1T2mCG
-----END CERTIFICATE-----