Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/02cf08-0db5-424e-8f51-8d6f7483e632/1/dzKdTpxKq_7se5lgqFGO0igJYGY.roa
File:                     dzKdTpxKq_7se5lgqFGO0igJYGY.roa (raw, json)
Hash identifier:          u39TgSEQ2jGGZn4qmwG4cCJAONJvQaBYbbp+0NBr6L0=
Subject key identifier:   77:32:9D:4E:9C:4A:AB:FE:EC:7B:99:60:A8:51:8E:D2:28:09:60:66
Certificate issuer:       /CN=c43e5a2cf6d28015dbcaa2850d2013b365e4c931
Certificate serial:       01942067D0E12EC4C7D7B2A49874D0438459
Authority key identifier: C4:3E:5A:2C:F6:D2:80:15:DB:CA:A2:85:0D:20:13:B3:65:E4:C9:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xD5aLPbSgBXbyqKFDSATs2XkyTE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/02cf08-0db5-424e-8f51-8d6f7483e632/1/dzKdTpxKq_7se5lgqFGO0igJYGY.roa
Signing time:             Wed 01 Jan 2025 05:47:42 +0000
ROA not before:           Wed 01 Jan 2025 05:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12337
IP address blocks:        45.88.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/02cf08-0db5-424e-8f51-8d6f7483e632/1/xD5aLPbSgBXbyqKFDSATs2XkyTE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/02cf08-0db5-424e-8f51-8d6f7483e632/1/xD5aLPbSgBXbyqKFDSATs2XkyTE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xD5aLPbSgBXbyqKFDSATs2XkyTE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 10:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:d0:e1:2e:c4:c7:d7:b2:a4:98:74:d0:43:84:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c43e5a2cf6d28015dbcaa2850d2013b365e4c931
        Validity
            Not Before: Jan  1 05:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77329d4e9c4aabfeec7b9960a8518ed228096066
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:cf:b4:20:b0:f7:1f:0b:f2:34:95:65:cf:e1:
                    3b:e0:a9:06:45:6e:53:0e:59:88:5e:9d:64:68:ca:
                    79:52:69:a1:47:f4:8f:b2:d6:b6:55:8e:85:f4:57:
                    86:e1:60:30:c8:56:9e:58:a5:61:c0:16:81:30:8b:
                    19:80:a5:25:08:1c:f0:47:73:81:34:21:3d:a9:57:
                    e6:81:b4:d1:e9:ad:6b:83:f0:f3:23:13:f0:ce:5f:
                    97:69:bf:20:38:bd:7c:97:83:62:1a:47:c7:c6:ff:
                    ec:eb:8b:f9:77:a1:cf:63:02:90:1a:15:56:d7:49:
                    6b:53:bb:ea:7e:4f:af:b3:41:97:c9:c7:0a:cd:b8:
                    80:d6:47:65:ce:1b:0c:4e:29:a3:04:fa:a3:2a:4b:
                    74:da:19:6d:9a:8b:9b:38:0d:64:d8:ad:70:0a:fb:
                    eb:83:86:af:c1:a7:01:19:df:6c:cb:3f:1e:bc:5d:
                    dd:25:d6:d8:9a:b2:86:11:60:f9:50:7e:37:eb:f3:
                    55:75:4e:6d:45:4c:af:12:4f:a8:d9:6b:85:1b:9e:
                    d9:26:62:9c:9d:33:94:77:ba:63:b3:3f:77:63:de:
                    68:cf:c3:c4:0f:c6:ea:cc:46:1e:77:46:5c:d1:ba:
                    29:17:b2:cb:01:f3:cc:f1:58:5a:13:4c:d0:41:ad:
                    b5:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:32:9D:4E:9C:4A:AB:FE:EC:7B:99:60:A8:51:8E:D2:28:09:60:66
            X509v3 Authority Key Identifier:
                keyid:C4:3E:5A:2C:F6:D2:80:15:DB:CA:A2:85:0D:20:13:B3:65:E4:C9:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xD5aLPbSgBXbyqKFDSATs2XkyTE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/02cf08-0db5-424e-8f51-8d6f7483e632/1/dzKdTpxKq_7se5lgqFGO0igJYGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/02cf08-0db5-424e-8f51-8d6f7483e632/1/xD5aLPbSgBXbyqKFDSATs2XkyTE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:66:14:e0:e2:c3:59:96:d4:73:fc:85:ab:0b:15:75:04:9b:
         08:f9:80:0d:c2:9a:d3:d8:ae:ee:2c:6f:db:54:78:50:20:b8:
         e6:fa:54:cb:88:10:b9:60:8b:b3:b1:2b:57:31:0f:cd:7f:c6:
         d1:dc:a6:02:d5:96:19:d5:68:96:65:f4:ad:7b:09:0d:d5:aa:
         66:69:ec:55:20:ca:11:67:a0:54:b5:ee:ad:6a:c8:64:a1:7a:
         16:87:2b:22:55:92:27:f4:b7:bc:63:95:79:ac:1e:55:17:ad:
         5c:e2:2d:64:cd:44:b9:59:ef:70:89:e1:88:68:6c:00:a2:c4:
         87:0d:75:4c:68:d2:e4:17:b0:92:32:bb:80:00:22:fa:ac:bf:
         4b:c6:c0:c7:e7:96:6b:d9:28:33:fd:d9:0c:d3:9f:55:80:3b:
         cd:db:5b:14:a0:80:0d:a0:c0:ab:2b:9e:c3:98:ca:c8:c5:0c:
         4f:14:9b:2b:08:eb:c9:13:39:39:a7:87:57:a0:48:eb:c6:88:
         af:38:7c:63:85:09:bf:fe:b7:22:f8:57:e3:ac:82:b0:12:14:
         57:4f:cd:91:d4:75:80:05:2b:16:16:78:24:d5:6f:51:aa:8d:
         85:c4:e4:d0:ed:f1:e4:07:ca:28:9b:d8:58:37:ad:2c:5b:58:
         37:ee:d5:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ9DhLsTH17KkmHTQQ4RZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0M2U1YTJjZjZkMjgwMTVkYmNhYTI4NTBkMjAxM2IzNjVl
NGM5MzEwHhcNMjUwMTAxMDU0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzMyOWQ0ZTljNGFhYmZlZWM3Yjk5NjBhODUxOGVkMjI4MDk2MDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0M+0ILD3HwvyNJVlz+E74KkGRW5T
DlmIXp1kaMp5UmmhR/SPsta2VY6F9FeG4WAwyFaeWKVhwBaBMIsZgKUlCBzwR3OB
NCE9qVfmgbTR6a1rg/DzIxPwzl+Xab8gOL18l4NiGkfHxv/s64v5d6HPYwKQGhVW
10lrU7vqfk+vs0GXyccKzbiA1kdlzhsMTimjBPqjKkt02hltmoubOA1k2K1wCvvr
g4avwacBGd9syz8evF3dJdbYmrKGEWD5UH436/NVdU5tRUyvEk+o2WuFG57ZJmKc
nTOUd7pjsz93Y95oz8PED8bqzEYed0Zc0bopF7LLAfPM8VhaE0zQQa213QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHcynU6cSqv+7HuZYKhRjtIoCWBmMB8GA1UdIwQY
MBaAFMQ+Wiz20oAV28qihQ0gE7Nl5MkxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEQ1YUxQYlNnQlhieXFLRkRTQVRzMlhreVRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS8wMmNmMDgtMGRiNS00MjRlLThmNTEt
OGQ2Zjc0ODNlNjMyLzEvZHpLZFRweEtxXzdzZTVsZ3FGR08waWdKWUdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS8wMmNmMDgtMGRiNS00MjRlLThmNTEtOGQ2Zjc0ODNlNjMy
LzEveEQ1YUxQYlNnQlhieXFLRkRTQVRzMlhreVRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVjsMA0G
CSqGSIb3DQEBCwUAA4IBAQCdZhTg4sNZltRz/IWrCxV1BJsI+YANwprT2K7uLG/b
VHhQILjm+lTLiBC5YIuzsStXMQ/Nf8bR3KYC1ZYZ1WiWZfStewkN1apmaexVIMoR
Z6BUte6tashkoXoWhysiVZIn9Le8Y5V5rB5VF61c4i1kzUS5We9wieGIaGwAosSH
DXVMaNLkF7CSMruAACL6rL9LxsDH55Zr2Sgz/dkM059VgDvN21sUoIANoMCrK57D
mMrIxQxPFJsrCOvJEzk5p4dXoEjrxoivOHxjhQm//rci+FfjrIKwEhRXT82R1HWA
BSsWFngk1W9Rqo2FxOTQ7fHkB8oom9hYN60sW1g37tUv
-----END CERTIFICATE-----