Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/54e78c-5dd0-4f26-b56e-eb306a8d4ab5/1/0XZQM4HI3XhlmYvdoGd0b4phC5w.roa
File:                     0XZQM4HI3XhlmYvdoGd0b4phC5w.roa (raw, json)
Hash identifier:          U0I63h+zWa/76rG6uJx/JmYr6Xgzo7IgH0GTSgv+Tfg=
Subject key identifier:   D1:76:50:33:81:C8:DD:78:65:99:8B:DD:A0:67:74:6F:8A:61:0B:9C
Certificate issuer:       /CN=2d26fe9a7e21a773f61d65123f83e2828fd0429f
Certificate serial:       01947FB529C9056DD303A41EF06E000B74DD
Authority key identifier: 2D:26:FE:9A:7E:21:A7:73:F6:1D:65:12:3F:83:E2:82:8F:D0:42:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LSb-mn4hp3P2HWUSP4Pigo_QQp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/54e78c-5dd0-4f26-b56e-eb306a8d4ab5/1/0XZQM4HI3XhlmYvdoGd0b4phC5w.roa
Signing time:             Sun 19 Jan 2025 17:56:06 +0000
ROA not before:           Sun 19 Jan 2025 17:56:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35075
IP address blocks:        45.11.48.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/54e78c-5dd0-4f26-b56e-eb306a8d4ab5/1/LSb-mn4hp3P2HWUSP4Pigo_QQp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/54e78c-5dd0-4f26-b56e-eb306a8d4ab5/1/LSb-mn4hp3P2HWUSP4Pigo_QQp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LSb-mn4hp3P2HWUSP4Pigo_QQp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:7f:b5:29:c9:05:6d:d3:03:a4:1e:f0:6e:00:0b:74:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d26fe9a7e21a773f61d65123f83e2828fd0429f
        Validity
            Not Before: Jan 19 17:56:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d176503381c8dd7865998bdda067746f8a610b9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b2:ab:15:d6:19:30:bf:df:38:21:dd:b6:95:
                    60:6e:b6:26:81:77:bf:9c:75:35:d0:40:a6:fd:30:
                    88:e0:8f:e6:72:c5:32:fd:2b:0f:c8:14:99:a1:47:
                    9d:ba:5a:5b:e2:b9:0b:0f:9a:8d:50:0d:3a:17:8e:
                    2a:eb:4f:20:c3:dc:28:22:93:f5:9e:44:0f:99:03:
                    43:60:2a:f3:c5:3d:13:4f:65:1c:07:37:46:04:a1:
                    3a:9e:45:63:94:d3:ce:fd:1c:14:69:bb:b5:96:00:
                    22:6f:c6:ce:d7:1b:f3:d8:f7:18:06:35:e2:7c:b2:
                    88:47:7e:c8:5a:e5:ef:6a:59:0d:c1:0e:38:06:f9:
                    e1:c4:74:da:b0:64:66:eb:73:89:58:42:41:40:ba:
                    9f:f9:f4:c7:62:01:1b:69:e4:03:92:5f:72:6b:87:
                    bd:b7:b1:2d:2b:db:9e:76:72:58:5f:a0:01:99:97:
                    18:02:d3:77:cc:af:cc:36:34:43:ec:53:e8:fe:82:
                    44:e9:d6:34:83:b7:12:b2:84:43:a5:9b:29:3c:72:
                    d9:88:1f:1f:6c:5c:2a:66:fa:d0:96:bc:39:50:71:
                    a8:f1:26:a1:02:c2:85:79:3c:2a:0e:22:74:46:8f:
                    a1:5f:76:c6:93:b5:0e:3c:f1:0a:10:ce:ba:e5:55:
                    52:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:76:50:33:81:C8:DD:78:65:99:8B:DD:A0:67:74:6F:8A:61:0B:9C
            X509v3 Authority Key Identifier:
                keyid:2D:26:FE:9A:7E:21:A7:73:F6:1D:65:12:3F:83:E2:82:8F:D0:42:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LSb-mn4hp3P2HWUSP4Pigo_QQp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/54e78c-5dd0-4f26-b56e-eb306a8d4ab5/1/0XZQM4HI3XhlmYvdoGd0b4phC5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/54e78c-5dd0-4f26-b56e-eb306a8d4ab5/1/LSb-mn4hp3P2HWUSP4Pigo_QQp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:12:13:69:c5:21:50:5a:ef:38:e8:bd:7e:76:36:94:30:61:
         3c:b1:d0:3d:b7:5d:26:23:c1:86:ad:84:18:1b:12:63:12:ea:
         19:ac:19:90:32:12:bf:9c:3d:da:2e:5a:09:81:0f:67:89:cd:
         39:fe:72:dc:49:58:25:6f:ba:04:d0:6c:03:f5:cb:83:00:a4:
         24:d3:e3:01:66:dd:48:7a:d3:97:4e:a1:ab:72:f1:90:5d:96:
         f0:51:8d:c6:33:0f:43:dc:83:c1:59:2c:01:ac:ff:f8:1d:4c:
         de:60:70:2a:a8:99:1d:4c:36:0b:16:97:6b:f1:ea:49:a2:39:
         c2:3f:37:33:bd:b1:1c:d3:e3:30:44:aa:ef:7c:92:16:90:98:
         ce:be:be:8b:24:ea:98:a2:3f:3f:5c:f9:99:17:cf:7c:5f:3a:
         86:ef:69:13:d5:59:3c:64:53:28:7c:a5:86:b3:de:51:3c:27:
         c2:c4:b2:78:8f:6f:12:7e:5e:f9:99:5d:07:1a:69:30:bb:fa:
         7e:30:bd:c2:e5:99:8b:ce:04:ce:9e:59:a0:67:97:6b:bb:26:
         36:79:46:16:1c:19:61:f2:47:a0:e9:29:fb:43:40:1e:4c:d1:
         de:31:d6:ee:13:cb:47:9f:dd:83:f9:20:6a:15:66:2f:a7:12:
         2b:7d:97:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZR/tSnJBW3TA6Qe8G4AC3TdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMjZmZTlhN2UyMWE3NzNmNjFkNjUxMjNmODNlMjgyOGZk
MDQyOWYwHhcNMjUwMTE5MTc1NjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTc2NTAzMzgxYzhkZDc4NjU5OThiZGRhMDY3NzQ2ZjhhNjEwYjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLKrFdYZML/fOCHdtpVgbrYmgXe/
nHU10ECm/TCI4I/mcsUy/SsPyBSZoUedulpb4rkLD5qNUA06F44q608gw9woIpP1
nkQPmQNDYCrzxT0TT2UcBzdGBKE6nkVjlNPO/RwUabu1lgAib8bO1xvz2PcYBjXi
fLKIR37IWuXvalkNwQ44BvnhxHTasGRm63OJWEJBQLqf+fTHYgEbaeQDkl9ya4e9
t7EtK9uednJYX6ABmZcYAtN3zK/MNjRD7FPo/oJE6dY0g7cSsoRDpZspPHLZiB8f
bFwqZvrQlrw5UHGo8SahAsKFeTwqDiJ0Ro+hX3bGk7UOPPEKEM665VVSyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNF2UDOByN14ZZmL3aBndG+KYQucMB8GA1UdIwQY
MBaAFC0m/pp+Iadz9h1lEj+D4oKP0EKfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFNiLW1uNGhwM1AySFdVU1A0UGlnb19RUXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81NGU3OGMtNWRkMC00ZjI2LWI1NmUt
ZWIzMDZhOGQ0YWI1LzEvMFhaUU00SEkzWGhsbVl2ZG9HZDBiNHBoQzV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81NGU3OGMtNWRkMC00ZjI2LWI1NmUtZWIzMDZhOGQ0YWI1
LzEvTFNiLW1uNGhwM1AySFdVU1A0UGlnb19RUXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQswMA0G
CSqGSIb3DQEBCwUAA4IBAQAUEhNpxSFQWu846L1+djaUMGE8sdA9t10mI8GGrYQY
GxJjEuoZrBmQMhK/nD3aLloJgQ9nic05/nLcSVglb7oE0GwD9cuDAKQk0+MBZt1I
etOXTqGrcvGQXZbwUY3GMw9D3IPBWSwBrP/4HUzeYHAqqJkdTDYLFpdr8epJojnC
PzczvbEc0+MwRKrvfJIWkJjOvr6LJOqYoj8/XPmZF898XzqG72kT1Vk8ZFMofKWG
s95RPCfCxLJ4j28Sfl75mV0HGmkwu/p+ML3C5ZmLzgTOnlmgZ5druyY2eUYWHBlh
8keg6Sn7Q0AeTNHeMdbuE8tHn92D+SBqFWYvpxIrfZen
-----END CERTIFICATE-----