Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/pY04MvNLEI4_6cNhPFy2qVDxgKo.roa
File:                     pY04MvNLEI4_6cNhPFy2qVDxgKo.roa (raw, json)
Hash identifier:          5Dml35iXrbHiY5zOgy9nGWNDdTfpvu/1v0vbsuq03Rs=
Subject key identifier:   A5:8D:38:32:F3:4B:10:8E:3F:E9:C3:61:3C:5C:B6:A9:50:F1:80:AA
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019788CC0D259599E7FE6F039C100E850BA3
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/pY04MvNLEI4_6cNhPFy2qVDxgKo.roa
Signing time:             Thu 19 Jun 2025 15:26:03 +0000
ROA not before:           Thu 19 Jun 2025 15:26:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212384
IP address blocks:        45.152.166.0/24 maxlen: 24
                          91.193.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:88:cc:0d:25:95:99:e7:fe:6f:03:9c:10:0e:85:0b:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jun 19 15:26:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a58d3832f34b108e3fe9c3613c5cb6a950f180aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b2:be:ff:f4:1e:90:1f:7e:90:6a:1c:50:c0:
                    22:a3:29:e4:be:35:ce:f6:78:b1:74:72:2f:d0:33:
                    ec:7b:e2:48:a4:3e:0d:38:0f:f2:a6:69:bb:6a:15:
                    35:8e:ec:a9:d4:eb:d1:8c:97:9e:da:b3:fb:40:8a:
                    14:96:91:f7:d4:40:45:f9:08:4d:09:1c:2f:4e:8c:
                    0a:ae:c7:fa:a2:a1:ef:c6:19:a7:0a:76:0d:96:36:
                    30:cd:dc:3c:25:22:19:2b:3d:66:a5:a3:f2:1b:79:
                    77:be:83:ba:3d:b7:79:3d:93:c8:83:36:69:e6:aa:
                    4b:4b:f9:cc:35:83:f7:a8:df:ee:08:c5:10:db:83:
                    d3:73:64:b8:f0:27:1f:85:ff:ca:2d:0a:e0:86:aa:
                    0d:47:45:59:3e:7e:c6:b3:eb:b3:46:72:22:4e:1d:
                    b1:7a:9f:33:00:76:b0:e8:ec:31:02:24:36:ea:af:
                    31:b8:1d:d6:bb:2b:ef:59:07:16:e3:df:1b:ef:9e:
                    f0:38:53:76:99:6b:cf:01:9d:18:ce:37:36:e9:02:
                    ac:b5:3b:20:dc:4e:b4:0e:55:e8:ee:a8:8a:62:b5:
                    04:1d:3b:d7:b4:8e:8f:50:8f:cf:40:0d:19:04:ad:
                    ff:1b:18:0e:e2:ed:6f:e9:33:4e:e4:5d:f5:d6:5a:
                    84:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:8D:38:32:F3:4B:10:8E:3F:E9:C3:61:3C:5C:B6:A9:50:F1:80:AA
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/pY04MvNLEI4_6cNhPFy2qVDxgKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.166.0/24
                  91.193.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:b7:31:10:46:a4:98:da:73:d5:df:c9:81:96:e7:96:a6:67:
         74:11:9a:3b:92:81:fa:c5:6b:44:05:73:e1:6e:aa:e9:d4:b2:
         4d:a8:ee:7f:38:52:96:a5:ff:1a:be:ae:f8:11:ca:0a:1b:f1:
         ff:19:7a:9f:87:e0:4c:b5:b0:8c:52:ae:bd:ad:f8:27:12:9d:
         2a:1f:f0:fc:cb:bf:42:64:a6:38:a8:a5:4d:9c:d0:a7:d0:df:
         26:73:12:f8:96:d6:6f:ca:ac:e6:01:ae:4d:64:22:24:bb:11:
         0e:94:25:89:54:d4:ef:dd:ac:e4:01:98:30:e2:c5:ba:dc:ed:
         b5:4d:ff:e7:b8:b5:2c:4a:b6:59:66:7b:2d:49:7c:7f:e3:37:
         a4:2e:5c:3d:95:09:99:a7:92:ce:f0:a0:92:a7:54:99:8a:1f:
         cf:fc:7d:d4:fb:b1:64:37:a7:b4:8e:14:00:85:48:04:75:dc:
         cb:5f:e7:4d:b1:bd:1d:ac:78:62:8f:65:5d:52:8c:8c:04:6b:
         20:2e:92:9a:47:1f:00:20:e8:2e:01:91:e6:99:64:21:18:fc:
         48:83:71:bf:26:e1:5f:71:f9:de:05:e5:fa:bb:73:dc:48:ce:
         85:8f:8e:b0:a6:af:2d:45:f2:d1:83:9e:ea:57:77:f3:56:95:
         ff:0d:13:80
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeIzA0llZnn/m8DnBAOhQujMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjUwNjE5MTUyNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNThkMzgzMmYzNGIxMDhlM2ZlOWMzNjEzYzVjYjZhOTUwZjE4MGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurK+//QekB9+kGocUMAioynkvjXO
9nixdHIv0DPse+JIpD4NOA/ypmm7ahU1juyp1OvRjJee2rP7QIoUlpH31EBF+QhN
CRwvTowKrsf6oqHvxhmnCnYNljYwzdw8JSIZKz1mpaPyG3l3voO6Pbd5PZPIgzZp
5qpLS/nMNYP3qN/uCMUQ24PTc2S48Ccfhf/KLQrghqoNR0VZPn7Gs+uzRnIiTh2x
ep8zAHaw6OwxAiQ26q8xuB3WuyvvWQcW498b757wOFN2mWvPAZ0Yzjc26QKstTsg
3E60DlXo7qiKYrUEHTvXtI6PUI/PQA0ZBK3/GxgO4u1v6TNO5F311lqEswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKWNODLzSxCOP+nDYTxctqlQ8YCqMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvcFkwNE12TkxFSTRfNmNOaFBGeTJxVkR4Z0tvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZimAwQA
W8HqMA0GCSqGSIb3DQEBCwUAA4IBAQAJtzEQRqSY2nPV38mBlueWpmd0EZo7koH6
xWtEBXPhbqrp1LJNqO5/OFKWpf8avq74EcoKG/H/GXqfh+BMtbCMUq69rfgnEp0q
H/D8y79CZKY4qKVNnNCn0N8mcxL4ltZvyqzmAa5NZCIkuxEOlCWJVNTv3azkAZgw
4sW63O21Tf/nuLUsSrZZZnstSXx/4zekLlw9lQmZp5LO8KCSp1SZih/P/H3U+7Fk
N6e0jhQAhUgEddzLX+dNsb0drHhij2VdUoyMBGsgLpKaRx8AIOguAZHmmWQhGPxI
g3G/JuFfcfneBeX6u3PcSM6Fj46wpq8tRfLRg57qV3fzVpX/DROA
-----END CERTIFICATE-----