Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zhXQp5zddU2pJrAhflyKZ6ivZp4.roa
File:                     zhXQp5zddU2pJrAhflyKZ6ivZp4.roa (raw, json)
Hash identifier:          gOaI/alM0S36ro478fVS+Hs4poxUfL/vF5SDVORFVOU=
Subject key identifier:   CE:15:D0:A7:9C:DD:75:4D:A9:26:B0:21:7E:5C:8A:67:A8:AF:66:9E
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01944BB76BAD444C4B14319E11588374CC6E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zhXQp5zddU2pJrAhflyKZ6ivZp4.roa
Signing time:             Thu 09 Jan 2025 15:38:19 +0000
ROA not before:           Thu 09 Jan 2025 15:38:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50225
IP address blocks:        79.110.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4b:b7:6b:ad:44:4c:4b:14:31:9e:11:58:83:74:cc:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  9 15:38:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce15d0a79cdd754da926b0217e5c8a67a8af669e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:94:c4:5a:47:d3:f6:98:a4:e2:73:f0:90:d4:
                    63:a3:a6:10:b8:45:25:e4:0c:48:97:da:9a:75:b2:
                    90:ba:94:14:32:68:31:58:20:65:c5:87:72:7c:62:
                    fa:a6:9b:c1:d4:c1:33:d1:d5:6e:70:2a:61:73:11:
                    8a:0c:20:1b:34:18:ca:15:c5:00:69:c0:ee:b4:99:
                    f6:44:63:44:17:d6:2f:01:d6:63:55:00:4b:6c:e8:
                    e5:87:81:97:f8:24:76:b9:07:91:b4:cd:08:21:6a:
                    ea:ae:23:a1:9a:2f:42:2c:f5:5f:94:47:49:8a:b2:
                    b9:11:80:86:a3:71:3f:6f:d4:04:83:41:9a:7a:45:
                    4a:b8:11:f9:8e:a4:6d:a2:2d:6e:cc:ae:a5:a9:ba:
                    3a:15:66:67:62:33:5f:4f:aa:97:e8:fb:82:51:32:
                    e1:88:70:f2:f9:80:60:0c:af:17:f3:8c:9d:87:92:
                    fb:18:99:b8:d7:fd:c2:7e:cb:8f:18:4b:a5:8a:ba:
                    31:5e:a1:fa:9d:f6:25:53:a7:d9:d6:df:fc:8e:66:
                    e3:f9:56:d2:5a:34:2a:82:eb:0b:07:cd:09:1d:73:
                    00:a1:57:14:5a:7f:11:b3:ac:6f:6d:0b:ca:ef:0d:
                    31:19:a6:b0:bf:4c:90:63:04:e9:6f:d3:c1:8a:80:
                    b1:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:15:D0:A7:9C:DD:75:4D:A9:26:B0:21:7E:5C:8A:67:A8:AF:66:9E
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zhXQp5zddU2pJrAhflyKZ6ivZp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:15:a0:cc:d4:74:b5:72:df:dc:3a:76:b4:cf:36:2f:a7:c3:
         e5:7e:17:5a:e3:30:d0:2b:a0:b0:39:5e:3c:b7:c7:04:92:f0:
         97:87:42:dc:dd:42:65:94:67:de:f7:bb:3f:11:88:63:f0:a1:
         65:28:af:19:45:55:cd:00:0d:84:57:d9:1e:e6:a4:a0:d8:04:
         35:bd:90:6a:f3:a6:c9:56:fe:4a:23:e9:e0:4a:11:99:70:45:
         0d:32:51:a8:54:d2:70:76:e6:37:46:1e:04:bd:82:97:d9:c1:
         41:c1:bf:0d:e5:e6:79:5f:68:18:5d:d0:b4:3e:6a:0e:de:13:
         9c:61:c6:c2:17:b8:dd:c5:c8:d6:14:b7:2f:99:7d:d7:78:07:
         ed:62:91:e3:22:84:9a:7e:24:bc:73:50:76:50:e7:4e:0a:db:
         20:a1:2a:50:ad:1f:5d:21:ec:1a:bc:0b:bb:4d:75:2c:50:b5:
         6b:80:9c:7c:22:e0:72:4c:23:80:0c:3d:c1:e6:16:f6:d2:16:
         b8:5f:c8:93:68:91:6d:e7:48:d3:56:c9:7c:a9:96:92:ab:50:
         56:6a:da:51:17:bd:e9:45:b3:5c:48:08:88:1c:4a:ac:ef:23:
         db:f6:f0:7d:4c:ca:8f:06:ba:4a:46:91:23:c3:75:a5:db:10:
         73:c4:ac:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRLt2utRExLFDGeEViDdMxuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTA5MTUzODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTE1ZDBhNzljZGQ3NTRkYTkyNmIwMjE3ZTVjOGE2N2E4YWY2NjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZTEWkfT9pik4nPwkNRjo6YQuEUl
5AxIl9qadbKQupQUMmgxWCBlxYdyfGL6ppvB1MEz0dVucCphcxGKDCAbNBjKFcUA
acDutJn2RGNEF9YvAdZjVQBLbOjlh4GX+CR2uQeRtM0IIWrqriOhmi9CLPVflEdJ
irK5EYCGo3E/b9QEg0GaekVKuBH5jqRtoi1uzK6lqbo6FWZnYjNfT6qX6PuCUTLh
iHDy+YBgDK8X84ydh5L7GJm41/3CfsuPGEuliroxXqH6nfYlU6fZ1t/8jmbj+VbS
WjQqgusLB80JHXMAoVcUWn8Rs6xvbQvK7w0xGaawv0yQYwTpb9PBioCxLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4V0Kec3XVNqSawIX5cimeor2aeMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvemhYUXA1emRkVTJwSnJBaGZseUtaNml2WnA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT24yMA0G
CSqGSIb3DQEBCwUAA4IBAQBTFaDM1HS1ct/cOna0zzYvp8Plfhda4zDQK6CwOV48
t8cEkvCXh0Lc3UJllGfe97s/EYhj8KFlKK8ZRVXNAA2EV9ke5qSg2AQ1vZBq86bJ
Vv5KI+ngShGZcEUNMlGoVNJwduY3Rh4EvYKX2cFBwb8N5eZ5X2gYXdC0PmoO3hOc
YcbCF7jdxcjWFLcvmX3XeAftYpHjIoSafiS8c1B2UOdOCtsgoSpQrR9dIewavAu7
TXUsULVrgJx8IuByTCOADD3B5hb20ha4X8iTaJFt50jTVsl8qZaSq1BWatpRF73p
RbNcSAiIHEqs7yPb9vB9TMqPBrpKRpEjw3Wl2xBzxKzH
-----END CERTIFICATE-----