Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/zgvcOUimolOfc-2snaZEdo8wyhc.roa
File:                     zgvcOUimolOfc-2snaZEdo8wyhc.roa (raw, json)
Hash identifier:          S2xJZFbuR+fVbmsKnaewbJdRcVJWvtsi5rfDD2/PNaM=
Subject key identifier:   CE:0B:DC:39:48:A6:A2:53:9F:73:ED:AC:9D:A6:44:76:8F:30:CA:17
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       019424B3E812CCA7B41A00CADCD3350E23C1
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/zgvcOUimolOfc-2snaZEdo8wyhc.roa
Signing time:             Thu 02 Jan 2025 01:49:17 +0000
ROA not before:           Thu 02 Jan 2025 01:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201119
IP address blocks:        45.132.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:e8:12:cc:a7:b4:1a:00:ca:dc:d3:35:0e:23:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Jan  2 01:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce0bdc3948a6a2539f73edac9da644768f30ca17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ca:66:9c:27:fe:eb:73:40:67:ea:60:02:54:
                    b0:a3:46:96:ac:9f:72:d7:43:36:5f:b6:80:f3:ff:
                    e8:a1:c5:d7:c9:30:9e:ea:93:ab:f5:ba:b4:86:59:
                    71:5e:85:f0:5e:d0:fa:90:0d:99:d1:8a:05:83:cc:
                    31:21:f8:0e:ca:cc:26:18:71:10:5d:81:08:a4:a1:
                    f4:e3:26:1e:62:f7:82:73:3d:ad:f3:aa:33:e0:ce:
                    89:21:7e:b3:4f:30:f3:b3:12:fb:82:dc:43:e7:76:
                    c4:66:a4:cb:c1:a9:61:fd:05:0c:ce:10:c2:f3:e8:
                    18:68:89:d5:99:45:fc:e0:57:cd:aa:87:2c:70:76:
                    46:b2:5b:4a:03:5d:ee:c8:43:f6:f0:54:2d:d6:96:
                    bc:a4:0f:ff:8a:89:69:f0:0c:1f:ce:82:8e:99:4a:
                    9e:fa:8d:6e:b0:14:d4:5f:05:00:f1:ba:00:d5:54:
                    cf:67:e3:16:87:be:f5:38:66:7c:05:b9:76:a5:a7:
                    47:62:79:7c:86:eb:05:8d:95:bd:ab:dd:e1:26:e1:
                    26:ec:69:dc:4e:9d:83:3d:bd:62:83:20:6a:71:12:
                    a0:ab:0a:4a:c1:26:4e:9a:19:b2:ed:9c:ea:a2:9e:
                    47:26:cf:61:d2:12:29:dc:b1:27:5a:a8:08:93:fe:
                    06:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:0B:DC:39:48:A6:A2:53:9F:73:ED:AC:9D:A6:44:76:8F:30:CA:17
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/zgvcOUimolOfc-2snaZEdo8wyhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:12:97:54:60:7e:ec:20:e9:c7:de:06:9f:d6:94:e9:a1:a3:
         a3:0a:84:cc:3d:ef:86:d7:ca:ed:36:e4:83:19:01:f2:13:25:
         a0:a5:b9:3e:f3:1b:39:6a:44:fb:bb:c2:fd:10:c4:86:36:6d:
         e5:6e:46:29:6e:ca:13:fb:1e:8d:c2:ae:c4:24:a2:95:be:50:
         e2:c2:49:ee:06:b2:71:a5:aa:5e:64:33:b7:45:06:20:ec:1e:
         03:b2:cd:f1:30:92:d0:14:2e:82:7a:7b:cd:00:a9:52:a0:80:
         b6:5b:80:cd:48:05:30:54:8b:e4:a9:18:cf:c4:e0:7d:05:99:
         4a:7b:be:3f:13:e5:d9:05:d0:e1:db:e0:54:6a:c2:bb:c7:18:
         a7:eb:ec:14:cc:e5:fa:79:b9:2d:10:55:6d:25:3e:27:e9:43:
         15:d3:29:eb:2f:48:e9:2f:9f:f8:02:46:87:05:0e:cd:40:20:
         04:f5:c8:40:22:39:a9:87:0c:99:0e:71:99:87:f1:bd:21:be:
         c6:22:41:bd:af:35:ed:17:2b:87:7a:f0:98:cf:95:cc:ff:b0:
         0e:15:92:8a:e1:ae:bf:ff:42:be:0f:4b:42:e0:bc:53:46:b8:
         6e:25:c9:80:cb:3b:a6:af:5c:e9:a0:40:1b:6a:d6:6e:80:b3:
         89:63:62:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks+gSzKe0GgDK3NM1DiPBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjUwMTAyMDE0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTBiZGMzOTQ4YTZhMjUzOWY3M2VkYWM5ZGE2NDQ3NjhmMzBjYTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyspmnCf+63NAZ+pgAlSwo0aWrJ9y
10M2X7aA8//oocXXyTCe6pOr9bq0hllxXoXwXtD6kA2Z0YoFg8wxIfgOyswmGHEQ
XYEIpKH04yYeYveCcz2t86oz4M6JIX6zTzDzsxL7gtxD53bEZqTLwalh/QUMzhDC
8+gYaInVmUX84FfNqocscHZGsltKA13uyEP28FQt1pa8pA//iolp8AwfzoKOmUqe
+o1usBTUXwUA8boA1VTPZ+MWh771OGZ8Bbl2padHYnl8husFjZW9q93hJuEm7Gnc
Tp2DPb1igyBqcRKgqwpKwSZOmhmy7Zzqop5HJs9h0hIp3LEnWqgIk/4GAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4L3DlIpqJTn3PtrJ2mRHaPMMoXMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvemd2Y09VaW1vbE9mYy0yc25hWkVkbzh3eWhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYSXMA0G
CSqGSIb3DQEBCwUAA4IBAQCcEpdUYH7sIOnH3gaf1pTpoaOjCoTMPe+G18rtNuSD
GQHyEyWgpbk+8xs5akT7u8L9EMSGNm3lbkYpbsoT+x6Nwq7EJKKVvlDiwknuBrJx
papeZDO3RQYg7B4Dss3xMJLQFC6CenvNAKlSoIC2W4DNSAUwVIvkqRjPxOB9BZlK
e74/E+XZBdDh2+BUasK7xxin6+wUzOX6ebktEFVtJT4n6UMV0ynrL0jpL5/4AkaH
BQ7NQCAE9chAIjmphwyZDnGZh/G9Ib7GIkG9rzXtFyuHevCYz5XM/7AOFZKK4a6/
/0K+D0tC4LxTRrhuJcmAyzumr1zpoEAbatZugLOJY2IH
-----END CERTIFICATE-----