Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/I0AFm-vc4rf4QsaVWhj5NHyb11w.roa
File:                     I0AFm-vc4rf4QsaVWhj5NHyb11w.roa (raw, json)
Hash identifier:          BGbcWwHIrmn5ZBCCyfBSP0+HfpIO8Xl9K0FKbiZmvI8=
Subject key identifier:   23:40:05:9B:EB:DC:E2:B7:F8:42:C6:95:5A:18:F9:34:7C:9B:D7:5C
Certificate issuer:       /CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Certificate serial:       01969AA4723508CF017F8DC2509CEC4A1184
Authority key identifier: C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/I0AFm-vc4rf4QsaVWhj5NHyb11w.roa
Signing time:             Sun 04 May 2025 09:33:10 +0000
ROA not before:           Sun 04 May 2025 09:33:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     268581
IP address blocks:        45.157.156.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 09:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9a:a4:72:35:08:cf:01:7f:8d:c2:50:9c:ec:4a:11:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
        Validity
            Not Before: May  4 09:33:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2340059bebdce2b7f842c6955a18f9347c9bd75c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fa:8a:f2:42:a2:7d:53:0b:38:39:74:57:83:
                    04:f0:98:85:83:78:d9:a5:31:a4:c6:aa:66:74:6a:
                    f6:e5:26:f4:f5:bb:6b:1b:25:c7:3b:d0:c4:09:ed:
                    16:c4:f6:32:8a:6b:7f:ca:d8:f1:46:7e:67:8d:ef:
                    94:a2:fe:1a:0d:d6:62:5b:fb:b8:af:61:e5:47:f3:
                    8b:4e:e9:cd:8b:3e:db:19:3c:de:18:8e:b4:19:d0:
                    82:97:15:b9:86:84:d8:11:3f:8d:3d:da:65:22:1e:
                    94:20:34:2a:3e:cf:66:14:37:f3:0d:e1:d4:6b:a2:
                    fc:5c:a9:dd:ee:db:3d:98:e6:28:db:13:cc:a6:0a:
                    e1:88:be:f6:83:70:7c:c5:fa:32:df:e4:3c:a1:e0:
                    bf:78:9c:f3:91:58:c4:b8:d8:d9:6c:e1:da:62:25:
                    52:89:23:22:7c:eb:4c:b1:45:5c:bc:7a:09:c5:8f:
                    3f:95:b3:69:e1:86:57:65:1e:87:74:87:00:38:2a:
                    90:63:bf:c6:34:1c:b6:f8:86:51:6b:23:9b:c9:0f:
                    80:e5:de:4a:6e:27:bf:a9:bb:f8:46:e6:f8:2b:65:
                    7f:d7:2e:a2:d8:e1:62:27:66:59:2f:b1:48:3d:00:
                    a7:07:6d:06:90:a6:d4:93:b9:cb:f2:3d:b7:84:ab:
                    e1:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:40:05:9B:EB:DC:E2:B7:F8:42:C6:95:5A:18:F9:34:7C:9B:D7:5C
            X509v3 Authority Key Identifier:
                keyid:C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/I0AFm-vc4rf4QsaVWhj5NHyb11w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:29:f8:d6:54:33:54:4e:32:9d:3b:d6:15:05:a5:df:89:50:
         85:30:24:6e:7c:61:e5:db:79:6b:8a:c7:9d:05:2e:40:a0:2d:
         a9:f0:b4:0f:27:d5:5a:2d:ab:19:ab:3c:be:9d:1a:62:86:24:
         85:43:31:a2:72:70:ac:46:27:d5:40:4c:23:15:b1:f7:6d:ac:
         32:b3:63:50:d6:76:f7:a9:d4:2e:4b:6d:c9:0f:73:95:69:cb:
         8f:ac:f0:47:ec:62:3c:04:f0:9b:4e:95:93:02:dc:5b:4f:bd:
         a7:5a:99:13:03:de:5d:e2:00:84:10:50:5f:3a:82:52:f4:9d:
         79:ee:5f:a2:80:62:f0:d7:02:87:ae:7c:d2:00:44:ca:16:9d:
         5b:b5:c1:cf:05:8e:35:dd:fe:be:e3:17:f6:66:47:d3:4d:54:
         7f:1e:49:2f:ac:8b:a8:8d:a1:77:59:bd:6a:a4:40:89:97:ab:
         7f:c8:a5:59:e7:0f:44:88:b2:d4:66:26:4b:ec:2e:bd:ac:dc:
         90:cc:d0:57:a3:51:4a:5e:b6:8b:0d:bc:13:4d:68:94:2d:b8:
         7f:07:5f:13:32:84:4d:cc:04:fd:13:25:b3:d2:62:60:65:f7:
         cf:1d:0b:83:6c:a0:ed:62:29:d6:88:6a:d7:04:a4:93:e9:9e:
         e9:b2:55:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaapHI1CM8Bf43CUJzsShGEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTI0OWEwZWFjZDhhYmNiZWEwZDgyZWY3MTAxNmQzODZl
OGVmOTQwHhcNMjUwNTA0MDkzMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzQwMDU5YmViZGNlMmI3Zjg0MmM2OTU1YTE4ZjkzNDdjOWJkNzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvqK8kKifVMLODl0V4ME8JiFg3jZ
pTGkxqpmdGr25Sb09btrGyXHO9DECe0WxPYyimt/ytjxRn5nje+Uov4aDdZiW/u4
r2HlR/OLTunNiz7bGTzeGI60GdCClxW5hoTYET+NPdplIh6UIDQqPs9mFDfzDeHU
a6L8XKnd7ts9mOYo2xPMpgrhiL72g3B8xfoy3+Q8oeC/eJzzkVjEuNjZbOHaYiVS
iSMifOtMsUVcvHoJxY8/lbNp4YZXZR6HdIcAOCqQY7/GNBy2+IZRayObyQ+A5d5K
bie/qbv4Rub4K2V/1y6i2OFiJ2ZZL7FIPQCnB20GkKbUk7nL8j23hKvh3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNABZvr3OK3+ELGlVoY+TR8m9dcMB8GA1UdIwQY
MBaAFMaiSaDqzYq8vqDYLvcQFtOG6O+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2Ut
MjEwNTdkMjI4ZDA1LzEvSTBBRm0tdmM0cmY0UXNhVldoajVOSHliMTF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2UtMjEwNTdkMjI4ZDA1
LzEveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZ2cMA0G
CSqGSIb3DQEBCwUAA4IBAQBnKfjWVDNUTjKdO9YVBaXfiVCFMCRufGHl23lrised
BS5AoC2p8LQPJ9VaLasZqzy+nRpihiSFQzGicnCsRifVQEwjFbH3bawys2NQ1nb3
qdQuS23JD3OVacuPrPBH7GI8BPCbTpWTAtxbT72nWpkTA95d4gCEEFBfOoJS9J15
7l+igGLw1wKHrnzSAETKFp1btcHPBY413f6+4xf2ZkfTTVR/HkkvrIuojaF3Wb1q
pECJl6t/yKVZ5w9EiLLUZiZL7C69rNyQzNBXo1FKXraLDbwTTWiULbh/B18TMoRN
zAT9EyWz0mJgZffPHQuDbKDtYinWiGrXBKST6Z7pslXB
-----END CERTIFICATE-----