Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/ZLfZ3KLSTzAzvcn_p7cpBMFY28I.roa
File:                     ZLfZ3KLSTzAzvcn_p7cpBMFY28I.roa (raw, json)
Hash identifier:          fmYs39TXwa3l+TLCw/cGvbw90YqvjsWFCke0W0GQtFg=
Subject key identifier:   64:B7:D9:DC:A2:D2:4F:30:33:BD:C9:FF:A7:B7:29:04:C1:58:DB:C2
Certificate issuer:       /CN=96ff45e6de48bfc0397dacad83a84831db7952d1
Certificate serial:       018CC7951F3CE955EDABDB0E352DB1BEE2CD
Authority key identifier: 96:FF:45:E6:DE:48:BF:C0:39:7D:AC:AD:83:A8:48:31:DB:79:52:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lv9F5t5Iv8A5faytg6hIMdt5UtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/ZLfZ3KLSTzAzvcn_p7cpBMFY28I.roa
Signing time:             Tue 02 Jan 2024 00:31:28 +0000
ROA not before:           Tue 02 Jan 2024 00:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205638
IP address blocks:        45.137.112.0/23 maxlen: 23
                          45.137.112.0/24 maxlen: 24
                          45.137.113.0/24 maxlen: 24
                          45.137.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/lv9F5t5Iv8A5faytg6hIMdt5UtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/lv9F5t5Iv8A5faytg6hIMdt5UtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lv9F5t5Iv8A5faytg6hIMdt5UtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:1f:3c:e9:55:ed:ab:db:0e:35:2d:b1:be:e2:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96ff45e6de48bfc0397dacad83a84831db7952d1
        Validity
            Not Before: Jan  2 00:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64b7d9dca2d24f3033bdc9ffa7b72904c158dbc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f7:cc:5d:0f:58:7a:67:b0:94:c5:0c:79:43:
                    54:a2:aa:17:c2:69:30:6b:09:56:8d:9b:dc:aa:e0:
                    b0:12:f3:4a:f7:b9:dd:dd:0d:17:c1:d9:64:fe:82:
                    a8:63:6f:94:9b:52:72:a4:4b:83:8b:09:0f:ee:56:
                    c9:f2:02:3c:dd:eb:63:0b:d4:a5:d8:06:2d:01:bf:
                    54:0a:98:56:88:7d:e2:b0:68:94:8b:93:06:84:04:
                    b0:85:0b:6e:ec:db:a6:59:a9:27:f2:f2:25:c5:fe:
                    da:ee:38:dc:d6:a9:7d:b4:b7:54:aa:ba:f4:c6:6b:
                    bf:b8:a3:1e:00:6b:7e:96:a5:30:99:6c:29:2e:5a:
                    d4:29:2d:61:5f:19:03:68:0d:0d:b9:d7:6c:fc:27:
                    d9:60:34:08:8f:2a:36:5c:98:d9:93:8a:9c:66:7d:
                    aa:6d:58:f8:3c:42:7c:7c:7b:ca:c3:cd:e0:70:c7:
                    99:bc:b4:b7:28:41:33:c6:5f:d5:7e:ec:3a:ff:9b:
                    ce:a2:1f:9c:bd:3f:73:71:e0:3e:eb:cc:8d:7a:9b:
                    52:6e:ef:89:2c:88:29:2d:ba:e6:89:66:d3:f6:67:
                    a4:12:07:9c:b1:4f:0b:74:63:f8:6d:cf:ac:9c:00:
                    4f:95:2c:33:1b:98:db:b1:bc:b9:5d:ec:f4:2a:aa:
                    0b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:B7:D9:DC:A2:D2:4F:30:33:BD:C9:FF:A7:B7:29:04:C1:58:DB:C2
            X509v3 Authority Key Identifier:
                keyid:96:FF:45:E6:DE:48:BF:C0:39:7D:AC:AD:83:A8:48:31:DB:79:52:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lv9F5t5Iv8A5faytg6hIMdt5UtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/ZLfZ3KLSTzAzvcn_p7cpBMFY28I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/lv9F5t5Iv8A5faytg6hIMdt5UtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.112.0/23
                  45.137.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:82:cb:fe:4c:a0:8f:fb:24:36:d3:a3:8e:b6:0a:d9:ad:30:
         73:65:b6:76:fd:09:8f:15:55:3c:ba:c3:ad:12:6c:7a:cc:5d:
         42:e7:93:c8:0b:55:bf:34:4b:e5:30:98:48:64:e0:f9:26:ae:
         3e:f5:3e:83:9e:a2:49:ff:6e:db:84:3a:92:8c:03:59:31:4e:
         a3:3e:e8:71:75:2d:6f:4e:2c:82:58:f0:01:4d:c9:ee:20:16:
         4d:fa:f7:94:b6:0d:26:df:fd:dc:ed:14:dc:fe:0e:59:92:05:
         35:f9:d8:78:e0:b1:b2:18:11:5e:85:4b:4c:03:78:b0:48:8f:
         cb:e0:55:0f:68:0c:f7:07:5c:db:b7:9d:1d:fa:d8:8e:9f:35:
         15:df:b8:b8:64:63:c5:9a:88:6d:a1:d4:a6:88:d9:70:41:46:
         88:cd:a8:e8:88:14:e7:c2:0d:79:9e:cc:92:be:01:9f:37:f0:
         24:43:35:bf:ff:ea:bc:d0:87:ef:8f:3e:83:a3:78:1e:ed:42:
         9c:12:90:4a:7b:f7:73:ec:6a:62:1e:5a:5b:ad:cf:99:e5:38:
         b5:21:ed:73:89:9d:e9:7a:ad:5b:9c:5a:91:8e:62:97:d0:c3:
         4c:fe:74:e3:c2:d6:ce:3c:5d:dd:c2:98:95:54:2b:fa:94:da:
         d5:bc:e3:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlR886VXtq9sONS2xvuLNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZmY0NWU2ZGU0OGJmYzAzOTdkYWNhZDgzYTg0ODMxZGI3
OTUyZDEwHhcNMjQwMTAyMDAzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGI3ZDlkY2EyZDI0ZjMwMzNiZGM5ZmZhN2I3MjkwNGMxNThkYmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/fMXQ9YemewlMUMeUNUoqoXwmkw
awlWjZvcquCwEvNK97nd3Q0Xwdlk/oKoY2+Um1JypEuDiwkP7lbJ8gI83etjC9Sl
2AYtAb9UCphWiH3isGiUi5MGhASwhQtu7NumWakn8vIlxf7a7jjc1ql9tLdUqrr0
xmu/uKMeAGt+lqUwmWwpLlrUKS1hXxkDaA0Nudds/CfZYDQIjyo2XJjZk4qcZn2q
bVj4PEJ8fHvKw83gcMeZvLS3KEEzxl/Vfuw6/5vOoh+cvT9zceA+68yNeptSbu+J
LIgpLbrmiWbT9mekEgecsU8LdGP4bc+snABPlSwzG5jbsby5Xez0KqoLpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGS32dyi0k8wM73J/6e3KQTBWNvCMB8GA1UdIwQY
MBaAFJb/RebeSL/AOX2srYOoSDHbeVLRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHY5RjV0NUl2OEE1ZmF5dGc2aElNZHQ1VXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS82YzdiMjgtZjJjZS00NDVmLThmOTAt
MGY1ZDM3OTdhMzI1LzEvWkxmWjNLTFNUekF6dmNuX3A3Y3BCTUZZMjhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS82YzdiMjgtZjJjZS00NDVmLThmOTAtMGY1ZDM3OTdhMzI1
LzEvbHY5RjV0NUl2OEE1ZmF5dGc2aElNZHQ1VXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLYlwAwQA
LYlzMA0GCSqGSIb3DQEBCwUAA4IBAQCNgsv+TKCP+yQ206OOtgrZrTBzZbZ2/QmP
FVU8usOtEmx6zF1C55PIC1W/NEvlMJhIZOD5Jq4+9T6DnqJJ/27bhDqSjANZMU6j
PuhxdS1vTiyCWPABTcnuIBZN+veUtg0m3/3c7RTc/g5ZkgU1+dh44LGyGBFehUtM
A3iwSI/L4FUPaAz3B1zbt50d+tiOnzUV37i4ZGPFmohtodSmiNlwQUaIzajoiBTn
wg15nsySvgGfN/AkQzW//+q80Ifvjz6Do3ge7UKcEpBKe/dz7GpiHlpbrc+Z5Ti1
Ie1ziZ3peq1bnFqRjmKX0MNM/nTjwtbOPF3dwpiVVCv6lNrVvON6
-----END CERTIFICATE-----