Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/6ade9b-3216-4fef-8049-f3e24e075e35/1/9zc3UK9Q2NW5kQioYk692gU-YJI.roa
File:                     9zc3UK9Q2NW5kQioYk692gU-YJI.roa (raw, json)
Hash identifier:          BBodVy2RZip9O+WWUTv52ptxLTbUw/7auCFYyPArRAA=
Subject key identifier:   F7:37:37:50:AF:50:D8:D5:B9:91:08:A8:62:4E:BD:DA:05:3E:60:92
Certificate issuer:       /CN=ed3ff7836530d1c474f4d088b6b36224fbf6982d
Certificate serial:       019422FB472DB8900EE2A1119CEAFC8E924A
Authority key identifier: ED:3F:F7:83:65:30:D1:C4:74:F4:D0:88:B6:B3:62:24:FB:F6:98:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7T_3g2Uw0cR09NCItrNiJPv2mC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/6ade9b-3216-4fef-8049-f3e24e075e35/1/9zc3UK9Q2NW5kQioYk692gU-YJI.roa
Signing time:             Wed 01 Jan 2025 17:48:00 +0000
ROA not before:           Wed 01 Jan 2025 17:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        45.88.28.0/24 maxlen: 24
                          45.88.29.0/24 maxlen: 24
                          45.88.30.0/24 maxlen: 24
                          45.88.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/6ade9b-3216-4fef-8049-f3e24e075e35/1/7T_3g2Uw0cR09NCItrNiJPv2mC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/6ade9b-3216-4fef-8049-f3e24e075e35/1/7T_3g2Uw0cR09NCItrNiJPv2mC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7T_3g2Uw0cR09NCItrNiJPv2mC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:47:2d:b8:90:0e:e2:a1:11:9c:ea:fc:8e:92:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed3ff7836530d1c474f4d088b6b36224fbf6982d
        Validity
            Not Before: Jan  1 17:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7373750af50d8d5b99108a8624ebdda053e6092
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:65:a2:13:f4:29:e5:dd:ac:87:dd:3e:9e:54:
                    7b:89:a3:9f:35:3f:da:d2:df:64:41:22:81:4e:e3:
                    e8:f3:f5:cc:cc:bd:12:b7:9f:55:67:d4:f6:0f:91:
                    79:d8:46:21:21:21:ca:91:3d:cd:90:09:16:9e:ad:
                    eb:ca:14:9b:27:92:1c:f8:e2:69:42:88:74:93:da:
                    b8:c6:e6:8e:16:ae:31:61:f9:70:64:a0:8a:d3:02:
                    e2:1f:be:72:6c:c8:64:00:fd:b1:39:33:ed:c0:43:
                    9d:42:cb:2a:2c:7c:98:b7:56:b6:27:85:71:04:bd:
                    a8:38:78:64:1f:30:ad:3a:0e:47:cc:90:c0:c2:15:
                    52:e5:05:75:b1:d9:04:07:95:d2:11:24:c9:32:f5:
                    dd:47:31:10:c4:c9:b9:1b:4c:0e:81:1c:62:e8:96:
                    ec:e5:7a:6a:8f:6c:4f:c3:da:80:ea:b8:81:f8:de:
                    0c:86:a5:12:a5:1d:8e:5c:af:d4:ef:b6:a4:e4:45:
                    e8:90:70:ef:da:17:7d:dd:e6:8d:c0:58:57:36:81:
                    22:c2:55:47:c3:76:6b:b9:57:29:82:86:8e:79:2c:
                    1c:db:df:a1:aa:31:88:26:cb:9b:c9:bb:e2:cb:1a:
                    16:ae:27:9b:5b:c1:cd:e0:08:9b:cf:f7:fe:f6:14:
                    15:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:37:37:50:AF:50:D8:D5:B9:91:08:A8:62:4E:BD:DA:05:3E:60:92
            X509v3 Authority Key Identifier:
                keyid:ED:3F:F7:83:65:30:D1:C4:74:F4:D0:88:B6:B3:62:24:FB:F6:98:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7T_3g2Uw0cR09NCItrNiJPv2mC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/6ade9b-3216-4fef-8049-f3e24e075e35/1/9zc3UK9Q2NW5kQioYk692gU-YJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/6ade9b-3216-4fef-8049-f3e24e075e35/1/7T_3g2Uw0cR09NCItrNiJPv2mC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:0d:13:d7:67:53:61:7f:2d:36:4f:7e:c3:c7:67:3c:bd:c2:
         82:42:29:02:8c:57:f4:5d:a7:07:1f:b0:35:e7:b0:fd:a9:d9:
         f9:39:59:49:1f:23:6f:aa:fd:53:65:9a:3b:70:a6:e7:6a:57:
         63:92:bd:c4:89:77:83:9b:72:96:4b:5b:12:57:92:e7:2f:a2:
         3c:1e:64:b1:2b:7c:af:43:65:87:a7:54:ef:aa:a6:c9:b0:38:
         22:e9:49:a2:58:f1:74:97:d8:da:c3:f2:57:50:d2:e0:2c:5c:
         90:3b:ed:ae:71:ac:36:89:02:5f:eb:a1:fe:50:bc:43:59:40:
         fa:aa:7f:e5:95:68:47:b7:81:5a:e0:52:3c:2c:66:19:3a:9b:
         59:0b:db:b0:04:41:2c:26:fd:6f:09:bb:de:b6:f1:3f:82:bb:
         53:12:7e:b5:fd:2d:30:ed:fc:b9:02:e6:1f:f1:bc:f4:5d:ea:
         08:03:5b:5e:c1:a1:ba:4f:8b:c5:43:f8:0e:1b:73:31:7d:62:
         a5:15:c3:1f:f9:56:1f:88:0d:8b:7c:91:4e:83:ec:9e:66:16:
         cb:39:0b:9c:dd:6e:2d:1d:82:89:67:84:b8:96:85:5d:ad:85:
         57:83:02:0d:39:f1:73:02:75:33:e7:92:48:30:74:0e:9a:5d:
         51:61:56:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+0ctuJAO4qERnOr8jpJKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkM2ZmNzgzNjUzMGQxYzQ3NGY0ZDA4OGI2YjM2MjI0ZmJm
Njk4MmQwHhcNMjUwMTAxMTc0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzM3Mzc1MGFmNTBkOGQ1Yjk5MTA4YTg2MjRlYmRkYTA1M2U2MDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2WiE/Qp5d2sh90+nlR7iaOfNT/a
0t9kQSKBTuPo8/XMzL0St59VZ9T2D5F52EYhISHKkT3NkAkWnq3ryhSbJ5Ic+OJp
Qoh0k9q4xuaOFq4xYflwZKCK0wLiH75ybMhkAP2xOTPtwEOdQssqLHyYt1a2J4Vx
BL2oOHhkHzCtOg5HzJDAwhVS5QV1sdkEB5XSESTJMvXdRzEQxMm5G0wOgRxi6Jbs
5Xpqj2xPw9qA6riB+N4MhqUSpR2OXK/U77ak5EXokHDv2hd93eaNwFhXNoEiwlVH
w3ZruVcpgoaOeSwc29+hqjGIJsubybviyxoWriebW8HN4Aibz/f+9hQVxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPc3N1CvUNjVuZEIqGJOvdoFPmCSMB8GA1UdIwQY
MBaAFO0/94NlMNHEdPTQiLazYiT79pgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1RfM2cyVXcwY1IwOU5DSXRyTmlKUHYybUMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS82YWRlOWItMzIxNi00ZmVmLTgwNDkt
ZjNlMjRlMDc1ZTM1LzEvOXpjM1VLOVEyTlc1a1Fpb1lrNjkyZ1UtWUpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS82YWRlOWItMzIxNi00ZmVmLTgwNDktZjNlMjRlMDc1ZTM1
LzEvN1RfM2cyVXcwY1IwOU5DSXRyTmlKUHYybUMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVgcMA0G
CSqGSIb3DQEBCwUAA4IBAQADDRPXZ1Nhfy02T37Dx2c8vcKCQikCjFf0XacHH7A1
57D9qdn5OVlJHyNvqv1TZZo7cKbnaldjkr3EiXeDm3KWS1sSV5LnL6I8HmSxK3yv
Q2WHp1TvqqbJsDgi6UmiWPF0l9jaw/JXUNLgLFyQO+2ucaw2iQJf66H+ULxDWUD6
qn/llWhHt4Fa4FI8LGYZOptZC9uwBEEsJv1vCbvetvE/grtTEn61/S0w7fy5AuYf
8bz0XeoIA1tewaG6T4vFQ/gOG3MxfWKlFcMf+VYfiA2LfJFOg+yeZhbLOQuc3W4t
HYKJZ4S4loVdrYVXgwINOfFzAnUz55JIMHQOml1RYVaj
-----END CERTIFICATE-----