Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/ZissewWbHSji-mOFnMwTfTZU9BM.roa
File:                     ZissewWbHSji-mOFnMwTfTZU9BM.roa (raw, json)
Hash identifier:          cHP+m2eaQgzr425H/zARxRePa6pkLbgYLNsqqFbr7qU=
Subject key identifier:   66:2B:2C:7B:05:9B:1D:28:E2:FA:63:85:9C:CC:13:7D:36:54:F4:13
Certificate issuer:       /CN=e754c347d68d15493de71bb962f0a567e134d603
Certificate serial:       01951AF165EB48C17612643B528A92F9A5FE
Authority key identifier: E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/ZissewWbHSji-mOFnMwTfTZU9BM.roa
Signing time:             Tue 18 Feb 2025 21:23:02 +0000
ROA not before:           Tue 18 Feb 2025 21:23:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42532
IP address blocks:        45.43.76.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1a:f1:65:eb:48:c1:76:12:64:3b:52:8a:92:f9:a5:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e754c347d68d15493de71bb962f0a567e134d603
        Validity
            Not Before: Feb 18 21:23:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=662b2c7b059b1d28e2fa63859ccc137d3654f413
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:e7:f8:94:bd:62:37:fe:1e:ef:38:9a:ad:73:
                    08:f4:96:19:a6:7d:b9:ff:db:e2:b2:30:4c:06:44:
                    06:20:33:24:e3:db:a9:f3:02:dc:af:e2:7f:2e:37:
                    8c:bc:b0:5f:7f:12:35:32:55:ad:7b:fd:57:7d:c2:
                    78:a4:42:a4:fb:f0:68:29:e1:c0:87:9b:4d:7f:cd:
                    53:5e:f2:00:51:43:7d:0f:ae:e1:1c:80:f9:a8:aa:
                    f9:f2:13:c0:59:35:46:80:c2:3d:72:09:6a:7a:80:
                    32:34:18:77:a8:04:0e:50:ed:9a:a7:7a:8f:95:cb:
                    5c:e3:9a:d6:8c:81:56:5b:56:fe:31:24:e0:75:45:
                    6f:ca:24:73:f9:51:6c:c2:df:64:a8:a8:78:e6:53:
                    a6:1c:1b:b5:04:19:30:72:c2:dd:48:c1:69:96:67:
                    cc:0f:49:50:02:be:73:1d:44:41:d9:90:16:cb:2d:
                    38:01:9d:b9:9d:30:9e:01:2d:96:6b:e7:96:8c:a0:
                    a1:17:e1:09:f6:30:a2:85:82:08:c6:59:11:85:4b:
                    f0:1d:e8:27:f9:d8:1c:bc:74:76:70:75:49:ed:dd:
                    a6:ab:88:7b:f3:4b:00:2f:a7:22:b8:05:42:75:3d:
                    7a:4f:fa:94:ea:9d:a4:12:5c:28:05:36:8f:25:fb:
                    61:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:2B:2C:7B:05:9B:1D:28:E2:FA:63:85:9C:CC:13:7D:36:54:F4:13
            X509v3 Authority Key Identifier:
                keyid:E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/ZissewWbHSji-mOFnMwTfTZU9BM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:1c:71:52:ad:07:a5:c4:e5:5c:39:c3:7c:c8:65:36:46:2f:
         02:e7:54:cf:be:9f:d6:b7:8a:5b:78:77:9d:ec:41:29:58:d6:
         d5:96:d9:30:b7:61:cb:b3:40:b3:34:16:54:7e:ba:43:77:2e:
         af:41:ee:db:50:f3:a0:d7:88:a1:62:03:a8:aa:4a:6b:24:3e:
         f4:97:eb:26:13:d1:31:6c:f7:f8:f1:38:09:52:e8:38:3e:d6:
         80:81:62:7f:87:6d:d0:c5:38:99:23:d9:48:52:1b:a7:c8:c1:
         2d:76:c4:87:12:8e:54:9c:64:fc:fd:fb:5c:ba:24:01:c6:87:
         36:99:be:5a:3d:2c:b2:ff:69:f9:d3:fb:44:e2:bb:2d:b3:81:
         1c:ee:39:cb:a6:9c:51:41:93:cc:d4:12:54:ca:81:7d:6a:32:
         07:23:54:eb:27:48:2b:97:ea:77:3c:0f:36:e9:64:7d:b8:60:
         a3:e4:4c:b7:5a:b5:c1:1e:37:d6:67:3e:78:0b:ee:bf:60:78:
         5e:6a:a0:7f:e9:f8:27:76:81:8d:3b:5b:94:2f:d1:90:4f:6d:
         fc:93:fb:a7:e6:50:03:f7:f2:b7:fc:c6:1c:6b:c8:9b:6d:d7:
         89:af:e9:b9:ea:1c:d8:22:c5:24:16:0a:40:8b:5c:56:19:88:
         ed:02:7b:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUa8WXrSMF2EmQ7UoqS+aX+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTRjMzQ3ZDY4ZDE1NDkzZGU3MWJiOTYyZjBhNTY3ZTEz
NGQ2MDMwHhcNMjUwMjE4MjEyMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjJiMmM3YjA1OWIxZDI4ZTJmYTYzODU5Y2NjMTM3ZDM2NTRmNDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAief4lL1iN/4e7ziarXMI9JYZpn25
/9visjBMBkQGIDMk49up8wLcr+J/LjeMvLBffxI1MlWte/1XfcJ4pEKk+/BoKeHA
h5tNf81TXvIAUUN9D67hHID5qKr58hPAWTVGgMI9cglqeoAyNBh3qAQOUO2ap3qP
lctc45rWjIFWW1b+MSTgdUVvyiRz+VFswt9kqKh45lOmHBu1BBkwcsLdSMFplmfM
D0lQAr5zHURB2ZAWyy04AZ25nTCeAS2Wa+eWjKChF+EJ9jCihYIIxlkRhUvwHegn
+dgcvHR2cHVJ7d2mq4h780sAL6ciuAVCdT16T/qU6p2kElwoBTaPJfthWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGYrLHsFmx0o4vpjhZzME302VPQTMB8GA1UdIwQY
MBaAFOdUw0fWjRVJPecbuWLwpWfhNNYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2It
MzdiNjJkMjIzOTI0LzEvWmlzc2V3V2JIU2ppLW1PRm5Nd1RmVFpVOUJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2ItMzdiNjJkMjIzOTI0
LzEvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLStMMA0G
CSqGSIb3DQEBCwUAA4IBAQCZHHFSrQelxOVcOcN8yGU2Ri8C51TPvp/Wt4pbeHed
7EEpWNbVltkwt2HLs0CzNBZUfrpDdy6vQe7bUPOg14ihYgOoqkprJD70l+smE9Ex
bPf48TgJUug4PtaAgWJ/h23QxTiZI9lIUhunyMEtdsSHEo5UnGT8/ftcuiQBxoc2
mb5aPSyy/2n50/tE4rsts4Ec7jnLppxRQZPM1BJUyoF9ajIHI1TrJ0grl+p3PA82
6WR9uGCj5Ey3WrXBHjfWZz54C+6/YHheaqB/6fgndoGNO1uUL9GQT238k/un5lAD
9/K3/MYca8ibbdeJr+m56hzYIsUkFgpAi1xWGYjtAnv4
-----END CERTIFICATE-----