Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/49a221-67f5-4edd-b00d-4d2c4c5ad14e/1/iZoqGkHfTscgkTRCL_nQYe_AAg4.roa
File:                     iZoqGkHfTscgkTRCL_nQYe_AAg4.roa (raw, json)
Hash identifier:          gZNhRS+asEm9YEfETKtD9xHhALpBNhQLktZUScrlo6g=
Subject key identifier:   89:9A:2A:1A:41:DF:4E:C7:20:91:34:42:2F:F9:D0:61:EF:C0:02:0E
Certificate issuer:       /CN=465c62c6bcd4cfb8933bcb6a61cf7b3dad2fb118
Certificate serial:       019426D95E14BA6C4091D940A9757CB2C235
Authority key identifier: 46:5C:62:C6:BC:D4:CF:B8:93:3B:CB:6A:61:CF:7B:3D:AD:2F:B1:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RlxixrzUz7iTO8tqYc97Pa0vsRg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/49a221-67f5-4edd-b00d-4d2c4c5ad14e/1/iZoqGkHfTscgkTRCL_nQYe_AAg4.roa
Signing time:             Thu 02 Jan 2025 11:49:27 +0000
ROA not before:           Thu 02 Jan 2025 11:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16303
IP address blocks:        77.95.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/49a221-67f5-4edd-b00d-4d2c4c5ad14e/1/RlxixrzUz7iTO8tqYc97Pa0vsRg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/49a221-67f5-4edd-b00d-4d2c4c5ad14e/1/RlxixrzUz7iTO8tqYc97Pa0vsRg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RlxixrzUz7iTO8tqYc97Pa0vsRg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:5e:14:ba:6c:40:91:d9:40:a9:75:7c:b2:c2:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=465c62c6bcd4cfb8933bcb6a61cf7b3dad2fb118
        Validity
            Not Before: Jan  2 11:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=899a2a1a41df4ec7209134422ff9d061efc0020e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e4:46:21:10:9a:6c:56:35:87:60:e8:c2:35:
                    91:24:b3:e2:ba:7a:a8:73:74:ad:8f:b7:bf:98:44:
                    f9:7e:be:b6:e9:02:c3:3d:4a:47:7e:7e:db:f2:c5:
                    b0:c8:65:8a:67:92:a0:93:39:33:a4:8b:5d:9a:76:
                    a0:28:f8:64:29:cd:09:e6:c1:f5:05:8e:16:09:7c:
                    64:59:b0:70:93:6c:9c:5d:63:c4:fc:2b:e1:4a:89:
                    1d:17:38:2f:28:77:37:30:0c:3c:fc:2d:6f:db:ef:
                    4e:99:e5:a2:e6:c1:47:ee:e4:36:77:fd:b9:24:b4:
                    92:26:45:a4:1f:fc:a6:b8:e2:06:f9:d7:fb:6d:b2:
                    fa:7c:03:41:e0:50:d7:53:b3:97:c9:9b:40:83:5d:
                    12:a4:59:a8:9c:48:94:90:f7:cd:33:b7:6c:2b:3a:
                    14:a9:f0:97:56:26:72:4d:c6:d5:57:f3:4d:25:61:
                    74:e7:ec:54:6f:20:8f:c9:25:e4:8d:ad:b9:c8:b5:
                    55:ac:2d:3f:5d:a8:10:fd:76:33:16:b0:41:59:46:
                    42:2f:34:38:2a:e7:f9:2a:0a:ca:bf:d5:5a:7a:9c:
                    98:3e:82:ff:25:a6:14:5e:de:f5:27:1a:d8:a7:c1:
                    e9:47:51:1f:4f:c4:f0:2c:80:71:8e:6a:ac:49:06:
                    8f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:9A:2A:1A:41:DF:4E:C7:20:91:34:42:2F:F9:D0:61:EF:C0:02:0E
            X509v3 Authority Key Identifier:
                keyid:46:5C:62:C6:BC:D4:CF:B8:93:3B:CB:6A:61:CF:7B:3D:AD:2F:B1:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RlxixrzUz7iTO8tqYc97Pa0vsRg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/49a221-67f5-4edd-b00d-4d2c4c5ad14e/1/iZoqGkHfTscgkTRCL_nQYe_AAg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/49a221-67f5-4edd-b00d-4d2c4c5ad14e/1/RlxixrzUz7iTO8tqYc97Pa0vsRg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:c6:2c:2f:35:42:e9:74:34:1c:83:b8:03:ac:cd:81:34:af:
         dd:7f:90:2e:98:a5:66:b0:38:67:3d:9b:94:6a:f8:a5:5d:4c:
         72:53:16:fb:6c:f2:e3:10:49:a1:37:1e:83:b3:1c:2e:60:fe:
         86:78:52:f7:b5:17:f6:de:65:40:dc:0c:b7:83:98:0d:5b:ce:
         39:1e:06:eb:89:98:f5:9b:ca:84:5b:10:31:46:a4:67:23:b0:
         1b:cf:2a:8b:69:1f:b8:65:2e:36:c3:0f:bc:bb:12:7f:e5:58:
         b0:77:bc:76:e6:22:8b:42:19:61:f9:1a:63:b0:c1:ec:ff:88:
         b7:ca:da:68:6e:86:8d:35:92:b7:55:a2:2c:2a:40:a8:88:56:
         3f:5f:c9:92:15:4b:64:4d:22:38:f2:67:a4:4c:62:c6:e4:73:
         36:5c:72:0e:bb:3e:b9:dc:e7:34:51:ac:50:66:ad:10:6a:77:
         af:4b:1f:6b:f5:e8:0d:57:65:98:73:29:1d:fb:c0:6e:7f:d4:
         6c:40:07:87:52:43:2b:8f:62:c7:88:35:84:8d:dd:52:ad:f2:
         db:66:6d:69:f5:df:1c:1d:aa:fa:df:8f:1b:63:32:b6:b2:1d:
         2e:48:cb:b5:af:63:35:f4:62:4c:88:78:da:77:69:2c:c7:76:
         27:76:7b:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2V4UumxAkdlAqXV8ssI1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWM2MmM2YmNkNGNmYjg5MzNiY2I2YTYxY2Y3YjNkYWQy
ZmIxMTgwHhcNMjUwMTAyMTE0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTlhMmExYTQxZGY0ZWM3MjA5MTM0NDIyZmY5ZDA2MWVmYzAwMjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweRGIRCabFY1h2DowjWRJLPiunqo
c3Stj7e/mET5fr626QLDPUpHfn7b8sWwyGWKZ5KgkzkzpItdmnagKPhkKc0J5sH1
BY4WCXxkWbBwk2ycXWPE/CvhSokdFzgvKHc3MAw8/C1v2+9OmeWi5sFH7uQ2d/25
JLSSJkWkH/ymuOIG+df7bbL6fANB4FDXU7OXyZtAg10SpFmonEiUkPfNM7dsKzoU
qfCXViZyTcbVV/NNJWF05+xUbyCPySXkja25yLVVrC0/XagQ/XYzFrBBWUZCLzQ4
Kuf5KgrKv9VaepyYPoL/JaYUXt71JxrYp8HpR1EfT8TwLIBxjmqsSQaPTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImaKhpB307HIJE0Qi/50GHvwAIOMB8GA1UdIwQY
MBaAFEZcYsa81M+4kzvLamHPez2tL7EYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmx4aXhyelV6N2lUTzh0cVljOTdQYTB2c1JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC80OWEyMjEtNjdmNS00ZWRkLWIwMGQt
NGQyYzRjNWFkMTRlLzEvaVpvcUdrSGZUc2Nna1RSQ0xfblFZZV9BQWc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC80OWEyMjEtNjdmNS00ZWRkLWIwMGQtNGQyYzRjNWFkMTRl
LzEvUmx4aXhyelV6N2lUTzh0cVljOTdQYTB2c1JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATV9yMA0G
CSqGSIb3DQEBCwUAA4IBAQBoxiwvNULpdDQcg7gDrM2BNK/df5AumKVmsDhnPZuU
avilXUxyUxb7bPLjEEmhNx6DsxwuYP6GeFL3tRf23mVA3Ay3g5gNW845HgbriZj1
m8qEWxAxRqRnI7AbzyqLaR+4ZS42ww+8uxJ/5Viwd7x25iKLQhlh+RpjsMHs/4i3
ytpoboaNNZK3VaIsKkCoiFY/X8mSFUtkTSI48mekTGLG5HM2XHIOuz653Oc0UaxQ
Zq0QanevSx9r9egNV2WYcykd+8Buf9RsQAeHUkMrj2LHiDWEjd1SrfLbZm1p9d8c
Har6348bYzK2sh0uSMu1r2M19GJMiHjad2ksx3Yndnvo
-----END CERTIFICATE-----