Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0zYkpz2AM_MBD7J1zi-W8wcxV50.roa
File:                     0zYkpz2AM_MBD7J1zi-W8wcxV50.roa (raw, json)
Hash identifier:          k051KRpSUnIKxpmAKZQgydxSa7LgUlz9HwIm5veM7t0=
Subject key identifier:   D3:36:24:A7:3D:80:33:F3:01:0F:B2:75:CE:2F:96:F3:07:31:57:9D
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019428249C82DA69DED385D2483FA1FD1B51
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0zYkpz2AM_MBD7J1zi-W8wcxV50.roa
Signing time:             Thu 02 Jan 2025 17:51:15 +0000
ROA not before:           Thu 02 Jan 2025 17:51:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152878
IP address blocks:        45.8.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:9c:82:da:69:de:d3:85:d2:48:3f:a1:fd:1b:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d33624a73d8033f3010fb275ce2f96f30731579d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:8a:e7:42:dc:a0:07:4e:7a:2f:61:df:d6:2a:
                    67:84:3a:3e:fa:6b:dd:ef:31:99:a4:e1:56:f7:f0:
                    61:b2:ea:f3:4d:73:df:0c:2b:a0:df:5a:96:b3:03:
                    53:5c:d1:f8:cd:01:00:11:6d:76:10:bb:27:ca:2e:
                    ca:b9:eb:2b:02:81:f4:88:e9:05:e7:00:ac:eb:60:
                    d9:3d:2e:77:c5:9a:2f:67:47:ed:18:60:69:cf:7b:
                    1b:d9:a3:79:0c:70:e9:86:e3:2d:ce:8d:0e:4e:b3:
                    10:90:d7:94:d0:1d:c8:fb:47:d0:a2:ea:8c:b7:93:
                    df:f1:cd:62:8f:3e:36:6e:c5:33:13:52:10:44:83:
                    99:9c:c6:05:98:01:91:cb:96:dc:79:c9:2f:59:25:
                    32:5a:f5:05:68:16:36:7d:56:27:72:ad:62:e5:a6:
                    95:44:fb:5d:24:dc:c8:e4:3a:3a:6a:92:20:ca:02:
                    df:a0:24:2b:72:f8:b9:bb:a1:a4:fb:16:a8:d9:ac:
                    ef:86:a5:9f:f2:e0:93:13:4a:53:0f:74:0c:d0:54:
                    7d:66:46:7d:9e:1e:dd:7b:3a:b8:aa:f1:a5:ac:8b:
                    14:9b:ea:02:75:4e:39:46:9d:ec:b1:d1:07:9e:c8:
                    5d:2e:04:2c:43:61:ed:82:65:fd:23:63:18:c7:9b:
                    9c:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:36:24:A7:3D:80:33:F3:01:0F:B2:75:CE:2F:96:F3:07:31:57:9D
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0zYkpz2AM_MBD7J1zi-W8wcxV50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:1b:c7:a5:b9:aa:df:6c:eb:ff:89:72:bd:7b:58:0f:41:d6:
         0c:d2:32:4c:f6:68:96:34:2c:cd:31:04:c9:19:6d:2e:1f:c5:
         7d:d8:25:f3:56:07:ae:37:62:72:b6:29:c3:db:e2:06:67:57:
         de:38:d1:7e:2e:2a:c3:1b:0f:ba:94:60:cf:74:fa:ab:56:57:
         95:81:4f:8d:22:5d:ee:31:d4:5f:83:6a:3d:78:52:bb:e5:f2:
         fc:e9:02:cc:f6:bf:8f:02:fe:be:53:0f:ac:dd:b9:af:6a:3a:
         bd:a0:6f:b1:54:80:70:72:17:34:76:6b:f8:0d:a2:ef:b0:2d:
         85:54:e0:96:99:f1:cb:9e:37:5b:17:15:7f:9a:9f:f0:d4:23:
         34:94:73:a4:93:ad:28:5d:75:69:10:e4:b8:e1:96:e8:a3:64:
         ae:71:5d:7f:6d:18:b0:c9:55:4c:b5:96:c4:c5:42:76:4a:c4:
         7d:a3:1a:0f:d5:77:d2:b4:31:7c:66:3f:31:5b:1d:a5:7d:4e:
         05:26:38:0b:74:74:e5:76:82:da:8d:1f:2c:2d:07:18:9f:77:
         db:69:cc:3f:43:ec:a2:7e:85:52:75:33:27:55:8f:59:8c:0e:
         e9:bd:97:d8:53:8c:6b:c8:0a:2d:2f:5b:5f:58:a5:5f:f1:7a:
         5e:83:15:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJJyC2mne04XSSD+h/RtRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzM2MjRhNzNkODAzM2YzMDEwZmIyNzVjZTJmOTZmMzA3MzE1NzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIrnQtygB056L2Hf1ipnhDo++mvd
7zGZpOFW9/BhsurzTXPfDCug31qWswNTXNH4zQEAEW12ELsnyi7KuesrAoH0iOkF
5wCs62DZPS53xZovZ0ftGGBpz3sb2aN5DHDphuMtzo0OTrMQkNeU0B3I+0fQouqM
t5Pf8c1ijz42bsUzE1IQRIOZnMYFmAGRy5bceckvWSUyWvUFaBY2fVYncq1i5aaV
RPtdJNzI5Do6apIgygLfoCQrcvi5u6Gk+xao2azvhqWf8uCTE0pTD3QM0FR9ZkZ9
nh7dezq4qvGlrIsUm+oCdU45Rp3ssdEHnshdLgQsQ2HtgmX9I2MYx5ucwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNM2JKc9gDPzAQ+ydc4vlvMHMVedMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMHpZa3B6MkFNX01CRDdKMXppLVc4d2N4VjUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQhdMA0G
CSqGSIb3DQEBCwUAA4IBAQBNG8eluarfbOv/iXK9e1gPQdYM0jJM9miWNCzNMQTJ
GW0uH8V92CXzVgeuN2JytinD2+IGZ1feONF+LirDGw+6lGDPdPqrVleVgU+NIl3u
MdRfg2o9eFK75fL86QLM9r+PAv6+Uw+s3bmvajq9oG+xVIBwchc0dmv4DaLvsC2F
VOCWmfHLnjdbFxV/mp/w1CM0lHOkk60oXXVpEOS44Zboo2SucV1/bRiwyVVMtZbE
xUJ2SsR9oxoP1XfStDF8Zj8xWx2lfU4FJjgLdHTldoLajR8sLQcYn3fbacw/Q+yi
foVSdTMnVY9ZjA7pvZfYU4xryAotL1tfWKVf8XpegxWi
-----END CERTIFICATE-----