Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/ZYlcf7X6lFUqPdlZgjx7h6pY7f0.roa
File:                     ZYlcf7X6lFUqPdlZgjx7h6pY7f0.roa (raw, json)
Hash identifier:          Z91lhusvfId6xXTKVa6gm5qmkQJNcO8M7YoIqY37LFU=
Subject key identifier:   65:89:5C:7F:B5:FA:94:55:2A:3D:D9:59:82:3C:7B:87:AA:58:ED:FD
Certificate issuer:       /CN=8b91e0a104b5b3ddf1f5d08e7acb2b79e0d566f9
Certificate serial:       01942522330F50E2BA3B6C67CF93764876FC
Authority key identifier: 8B:91:E0:A1:04:B5:B3:DD:F1:F5:D0:8E:7A:CB:2B:79:E0:D5:66:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i5HgoQS1s93x9dCOessreeDVZvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/ZYlcf7X6lFUqPdlZgjx7h6pY7f0.roa
Signing time:             Thu 02 Jan 2025 03:49:45 +0000
ROA not before:           Thu 02 Jan 2025 03:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        45.92.116.0/22 maxlen: 22
                          194.28.46.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/i5HgoQS1s93x9dCOessreeDVZvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/i5HgoQS1s93x9dCOessreeDVZvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i5HgoQS1s93x9dCOessreeDVZvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:33:0f:50:e2:ba:3b:6c:67:cf:93:76:48:76:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b91e0a104b5b3ddf1f5d08e7acb2b79e0d566f9
        Validity
            Not Before: Jan  2 03:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65895c7fb5fa94552a3dd959823c7b87aa58edfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:5f:c0:80:cf:09:a8:60:25:c8:d3:5d:fb:8e:
                    52:7d:89:0d:9a:34:29:9c:43:1b:7c:8d:c7:df:0d:
                    27:55:bc:8a:25:99:5b:05:12:5c:38:68:f1:a0:84:
                    95:e2:dd:7e:df:ec:2f:40:51:82:46:72:71:53:fa:
                    75:19:ac:00:2c:c7:47:ef:b0:59:35:57:54:1a:d8:
                    06:c9:11:b3:99:73:3c:a1:ce:46:fc:1a:40:b2:8c:
                    4a:5b:03:c2:82:cc:a6:5c:5a:40:28:f2:60:fc:24:
                    71:5b:fd:7c:ea:1a:36:03:a0:9e:94:1f:0f:3b:55:
                    a9:69:9e:de:22:7e:d5:1a:28:09:e5:77:35:f9:d4:
                    4e:9e:aa:ac:6f:0b:92:c4:e4:17:92:51:ff:cc:e7:
                    b6:d2:46:8a:fe:fb:8f:61:0a:26:02:b6:58:b0:c1:
                    6f:a8:1a:ba:9f:37:a2:39:30:b5:e6:82:8d:9e:10:
                    c2:09:ce:92:6f:76:fc:eb:82:50:31:0e:f2:c5:a6:
                    8b:2f:73:ca:76:5b:63:f2:f3:3c:2b:db:d8:1b:6c:
                    81:e0:3f:e5:6c:05:3a:b8:74:96:eb:76:a7:5c:ce:
                    3a:e1:a0:63:97:0e:4d:55:88:c6:7a:2e:8c:74:52:
                    07:e5:ff:c4:ea:29:ff:f4:ce:2c:a3:df:e3:c0:b0:
                    2a:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:89:5C:7F:B5:FA:94:55:2A:3D:D9:59:82:3C:7B:87:AA:58:ED:FD
            X509v3 Authority Key Identifier:
                keyid:8B:91:E0:A1:04:B5:B3:DD:F1:F5:D0:8E:7A:CB:2B:79:E0:D5:66:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i5HgoQS1s93x9dCOessreeDVZvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/ZYlcf7X6lFUqPdlZgjx7h6pY7f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/dfbfc4-cc3f-477c-8d76-a8c576224ba2/1/i5HgoQS1s93x9dCOessreeDVZvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.116.0/22
                  194.28.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:2b:11:b3:2c:eb:c6:f8:66:d0:88:dc:ca:be:1c:37:26:16:
         81:02:29:67:d9:3e:24:13:10:3b:37:5f:96:19:d4:dd:48:54:
         30:7a:49:be:7c:fc:ff:7f:5d:79:ec:1e:a0:62:34:d7:e3:1f:
         a9:d9:a8:4c:d8:f1:a2:02:98:84:77:e8:5e:65:d2:7b:8c:95:
         0e:5c:72:0b:ac:89:b8:dd:ee:50:b0:ec:3b:60:80:c4:a7:a8:
         40:5f:db:03:29:9c:4a:da:26:3f:4f:b8:99:bd:16:38:35:43:
         0d:aa:e2:32:dd:17:90:ec:16:5d:1b:6e:42:38:78:23:5d:94:
         0b:88:f9:61:76:76:5c:28:c1:e9:85:d2:0f:d5:28:1b:b4:5d:
         0a:ab:65:8e:92:c5:69:09:d5:05:f4:c1:93:a7:01:ec:88:65:
         0e:98:28:56:3b:b4:8e:83:b0:da:47:30:cc:e3:6a:ad:77:46:
         b6:9d:07:5c:de:4a:a8:41:b2:87:b0:d2:21:05:ec:65:04:a6:
         48:99:f7:f7:6f:32:f8:12:ae:2b:13:29:94:80:19:67:4d:d1:
         c3:b3:3a:15:b0:d7:52:46:35:ae:ae:b7:ff:af:1f:de:b6:89:
         1c:88:6b:d1:4f:75:d1:02:c0:e7:d3:17:57:d5:d1:a6:af:6b:
         79:ea:df:f9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIjMPUOK6O2xnz5N2SHb8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiOTFlMGExMDRiNWIzZGRmMWY1ZDA4ZTdhY2IyYjc5ZTBk
NTY2ZjkwHhcNMjUwMTAyMDM0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTg5NWM3ZmI1ZmE5NDU1MmEzZGQ5NTk4MjNjN2I4N2FhNThlZGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21/AgM8JqGAlyNNd+45SfYkNmjQp
nEMbfI3H3w0nVbyKJZlbBRJcOGjxoISV4t1+3+wvQFGCRnJxU/p1GawALMdH77BZ
NVdUGtgGyRGzmXM8oc5G/BpAsoxKWwPCgsymXFpAKPJg/CRxW/186ho2A6CelB8P
O1WpaZ7eIn7VGigJ5Xc1+dROnqqsbwuSxOQXklH/zOe20kaK/vuPYQomArZYsMFv
qBq6nzeiOTC15oKNnhDCCc6Sb3b864JQMQ7yxaaLL3PKdltj8vM8K9vYG2yB4D/l
bAU6uHSW63anXM464aBjlw5NVYjGei6MdFIH5f/E6in/9M4so9/jwLAqiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGWJXH+1+pRVKj3ZWYI8e4eqWO39MB8GA1UdIwQY
MBaAFIuR4KEEtbPd8fXQjnrLK3ng1Wb5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTVIZ29RUzFzOTN4OWRDT2Vzc3JlZURWWnZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9kZmJmYzQtY2MzZi00NzdjLThkNzYt
YThjNTc2MjI0YmEyLzEvWllsY2Y3WDZsRlVxUGRsWmdqeDdoNnBZN2YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9kZmJmYzQtY2MzZi00NzdjLThkNzYtYThjNTc2MjI0YmEy
LzEvaTVIZ29RUzFzOTN4OWRDT2Vzc3JlZURWWnZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVx0AwQB
whwuMA0GCSqGSIb3DQEBCwUAA4IBAQBMKxGzLOvG+GbQiNzKvhw3JhaBAiln2T4k
ExA7N1+WGdTdSFQwekm+fPz/f1157B6gYjTX4x+p2ahM2PGiApiEd+heZdJ7jJUO
XHILrIm43e5QsOw7YIDEp6hAX9sDKZxK2iY/T7iZvRY4NUMNquIy3ReQ7BZdG25C
OHgjXZQLiPlhdnZcKMHphdIP1SgbtF0Kq2WOksVpCdUF9MGTpwHsiGUOmChWO7SO
g7DaRzDM42qtd0a2nQdc3kqoQbKHsNIhBexlBKZImff3bzL4Eq4rEymUgBlnTdHD
szoVsNdSRjWurrf/rx/etokciGvRT3XRAsDn0xdX1dGmr2t56t/5
-----END CERTIFICATE-----