Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/f9a00a-84ee-47a0-9ea1-f179db5f04b6/1/tClIzpB8AXYvJfeCisA8HxpOd74.roa
File:                     tClIzpB8AXYvJfeCisA8HxpOd74.roa (raw, json)
Hash identifier:          sXbqNinLjTETFbK42QOaktsLVCyYHDlotZvPtCRaxBU=
Subject key identifier:   B4:29:48:CE:90:7C:01:76:2F:25:F7:82:8A:C0:3C:1F:1A:4E:77:BE
Certificate issuer:       /CN=64a0db102703082c7ca554abb5b22760018d563f
Certificate serial:       019421B20D73175A5C975DAEAB32A908B523
Authority key identifier: 64:A0:DB:10:27:03:08:2C:7C:A5:54:AB:B5:B2:27:60:01:8D:56:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZKDbECcDCCx8pVSrtbInYAGNVj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/f9a00a-84ee-47a0-9ea1-f179db5f04b6/1/tClIzpB8AXYvJfeCisA8HxpOd74.roa
Signing time:             Wed 01 Jan 2025 11:48:24 +0000
ROA not before:           Wed 01 Jan 2025 11:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207937
IP address blocks:        45.66.16.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/f9a00a-84ee-47a0-9ea1-f179db5f04b6/1/ZKDbECcDCCx8pVSrtbInYAGNVj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/f9a00a-84ee-47a0-9ea1-f179db5f04b6/1/ZKDbECcDCCx8pVSrtbInYAGNVj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZKDbECcDCCx8pVSrtbInYAGNVj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:0d:73:17:5a:5c:97:5d:ae:ab:32:a9:08:b5:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64a0db102703082c7ca554abb5b22760018d563f
        Validity
            Not Before: Jan  1 11:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b42948ce907c01762f25f7828ac03c1f1a4e77be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c0:66:5f:2c:c7:9a:ea:38:89:2a:1b:28:78:
                    09:b0:03:15:4e:5d:54:bf:e6:76:1f:8e:71:59:60:
                    6f:b0:40:99:7b:4b:b6:90:3f:db:70:fe:54:60:41:
                    cd:a0:8c:37:10:4f:47:9f:f0:aa:54:95:56:ba:5d:
                    3a:71:72:6b:ea:cd:63:76:d6:cd:d4:8e:bc:92:b6:
                    65:a6:98:39:66:55:11:ca:e1:5b:bb:db:43:49:8a:
                    e4:a7:f3:05:50:52:4b:89:80:42:b5:ac:9d:4d:c5:
                    f3:b7:c6:dd:2f:15:d7:fc:cc:c9:f9:09:d0:62:12:
                    11:43:55:b6:2c:e6:c8:f4:17:9d:e0:1d:8b:0a:fa:
                    18:47:99:5f:7d:c9:54:42:6d:7f:45:95:24:99:09:
                    c7:e1:0d:2c:2c:e8:14:25:51:f7:b2:13:73:10:b7:
                    f2:db:2e:e8:ca:7d:f0:ea:af:cb:c9:28:0c:b3:fe:
                    70:3c:31:fd:c5:d5:d8:cd:3d:2b:95:27:6e:93:43:
                    bb:c4:19:e0:51:9f:a1:4a:11:4d:26:36:3f:53:c2:
                    71:a7:19:58:8e:bf:52:d8:49:45:93:19:6c:52:d9:
                    42:60:ad:5f:fb:44:d4:fc:b3:7c:e9:f3:b9:c9:66:
                    60:75:60:5d:a1:ea:d9:5b:94:bc:90:94:39:95:e2:
                    b0:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:29:48:CE:90:7C:01:76:2F:25:F7:82:8A:C0:3C:1F:1A:4E:77:BE
            X509v3 Authority Key Identifier:
                keyid:64:A0:DB:10:27:03:08:2C:7C:A5:54:AB:B5:B2:27:60:01:8D:56:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZKDbECcDCCx8pVSrtbInYAGNVj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/f9a00a-84ee-47a0-9ea1-f179db5f04b6/1/tClIzpB8AXYvJfeCisA8HxpOd74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/f9a00a-84ee-47a0-9ea1-f179db5f04b6/1/ZKDbECcDCCx8pVSrtbInYAGNVj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:e7:f7:fa:25:89:ce:e2:41:0f:ef:44:45:86:ed:1e:9f:e2:
         a6:3a:64:92:35:99:19:b9:45:9a:b9:4e:95:2a:45:2c:07:b4:
         58:fc:0d:66:08:12:eb:d5:55:0d:d7:fe:e9:0c:87:32:5f:9c:
         a0:e2:b5:5b:69:e6:6b:c8:e0:7f:c3:8b:e7:fb:07:60:00:eb:
         11:a4:0d:44:ac:46:45:ae:90:54:b2:90:57:77:ef:30:5d:9c:
         af:5f:b6:45:c5:c4:62:ad:24:54:32:99:c3:1a:57:b5:e0:c7:
         a1:57:2f:41:ab:1d:bb:3f:7b:ce:cf:6d:9e:81:6f:2f:a8:ed:
         ff:d8:9e:ad:1f:c3:30:3b:93:bf:66:d2:4c:df:1d:3b:51:98:
         ee:0b:0f:0c:50:08:f0:09:68:4f:b0:62:b2:39:71:52:d9:eb:
         4f:9f:0f:76:f3:c9:0e:ce:a6:e6:87:87:7c:0a:64:f8:b3:d8:
         5e:51:59:6f:97:cc:82:4b:4d:20:03:99:7c:bb:d7:3f:2c:58:
         d5:09:c8:65:0a:7d:dd:79:2b:7f:e1:d2:71:44:1a:7b:9a:5e:
         3a:71:07:0a:aa:99:92:67:bc:45:ee:08:7f:f2:dc:33:0e:11:
         a1:2f:e6:38:e9:78:96:c6:b5:f2:21:0b:55:09:56:63:39:47:
         19:10:0c:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsg1zF1pcl12uqzKpCLUjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0YTBkYjEwMjcwMzA4MmM3Y2E1NTRhYmI1YjIyNzYwMDE4
ZDU2M2YwHhcNMjUwMTAxMTE0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDI5NDhjZTkwN2MwMTc2MmYyNWY3ODI4YWMwM2MxZjFhNGU3N2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycBmXyzHmuo4iSobKHgJsAMVTl1U
v+Z2H45xWWBvsECZe0u2kD/bcP5UYEHNoIw3EE9Hn/CqVJVWul06cXJr6s1jdtbN
1I68krZlppg5ZlURyuFbu9tDSYrkp/MFUFJLiYBCtaydTcXzt8bdLxXX/MzJ+QnQ
YhIRQ1W2LObI9Bed4B2LCvoYR5lffclUQm1/RZUkmQnH4Q0sLOgUJVH3shNzELfy
2y7oyn3w6q/LySgMs/5wPDH9xdXYzT0rlSduk0O7xBngUZ+hShFNJjY/U8JxpxlY
jr9S2ElFkxlsUtlCYK1f+0TU/LN86fO5yWZgdWBdoerZW5S8kJQ5leKwYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQpSM6QfAF2LyX3gorAPB8aTne+MB8GA1UdIwQY
MBaAFGSg2xAnAwgsfKVUq7WyJ2ABjVY/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWktEYkVDY0RDQ3g4cFZTcnRiSW5ZQUdOVmo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9mOWEwMGEtODRlZS00N2EwLTllYTEt
ZjE3OWRiNWYwNGI2LzEvdENsSXpwQjhBWFl2SmZlQ2lzQThIeHBPZDc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9mOWEwMGEtODRlZS00N2EwLTllYTEtZjE3OWRiNWYwNGI2
LzEvWktEYkVDY0RDQ3g4cFZTcnRiSW5ZQUdOVmo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLUIQMA0G
CSqGSIb3DQEBCwUAA4IBAQCU5/f6JYnO4kEP70RFhu0en+KmOmSSNZkZuUWauU6V
KkUsB7RY/A1mCBLr1VUN1/7pDIcyX5yg4rVbaeZryOB/w4vn+wdgAOsRpA1ErEZF
rpBUspBXd+8wXZyvX7ZFxcRirSRUMpnDGle14MehVy9Bqx27P3vOz22egW8vqO3/
2J6tH8MwO5O/ZtJM3x07UZjuCw8MUAjwCWhPsGKyOXFS2etPnw9288kOzqbmh4d8
CmT4s9heUVlvl8yCS00gA5l8u9c/LFjVCchlCn3deSt/4dJxRBp7ml46cQcKqpmS
Z7xF7gh/8twzDhGhL+Y46XiWxrXyIQtVCVZjOUcZEAxU
-----END CERTIFICATE-----