Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/Z81p6D_dRIvEDGrIYx1WijPMCWI.roa
File:                     Z81p6D_dRIvEDGrIYx1WijPMCWI.roa (raw, json)
Hash identifier:          B0c4eefCOibc6e3+7zDAkWkLSK4xkeiQAdhY0t08sgw=
Subject key identifier:   67:CD:69:E8:3F:DD:44:8B:C4:0C:6A:C8:63:1D:56:8A:33:CC:09:62
Certificate issuer:       /CN=5c61dcd3eb50c83d68060bcba4af152204193503
Certificate serial:       0196C8B1B118190078CB0CCD43EFC6320E6B
Authority key identifier: 5C:61:DC:D3:EB:50:C8:3D:68:06:0B:CB:A4:AF:15:22:04:19:35:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGHc0-tQyD1oBgvLpK8VIgQZNQM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/Z81p6D_dRIvEDGrIYx1WijPMCWI.roa
Signing time:             Tue 13 May 2025 08:10:10 +0000
ROA not before:           Tue 13 May 2025 08:10:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208570
IP address blocks:        45.128.120.0/22 maxlen: 24
                          45.128.120.0/24 maxlen: 24
                          45.128.121.0/24 maxlen: 24
                          45.128.122.0/24 maxlen: 24
                          45.128.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/XGHc0-tQyD1oBgvLpK8VIgQZNQM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/XGHc0-tQyD1oBgvLpK8VIgQZNQM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGHc0-tQyD1oBgvLpK8VIgQZNQM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c8:b1:b1:18:19:00:78:cb:0c:cd:43:ef:c6:32:0e:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c61dcd3eb50c83d68060bcba4af152204193503
        Validity
            Not Before: May 13 08:10:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67cd69e83fdd448bc40c6ac8631d568a33cc0962
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:bc:d9:ff:0d:88:de:76:3d:86:eb:b9:27:22:
                    ff:40:d4:be:2a:7e:0b:f7:eb:39:9d:0e:d2:ed:d8:
                    5e:a7:55:0e:8d:e4:41:94:b6:d8:86:6d:e0:ae:07:
                    36:f7:2f:8f:a3:26:65:2a:78:fc:fc:3e:61:94:73:
                    b9:fb:b8:c7:59:72:c8:8f:c3:90:5e:8d:75:0b:b9:
                    f3:26:4f:a5:02:80:a8:c4:80:62:0d:5a:02:e7:43:
                    b3:45:78:77:ef:3b:50:63:64:6a:2a:40:b2:f0:bd:
                    75:b5:67:d7:53:58:36:9e:86:c4:99:f1:a8:67:5a:
                    f5:08:71:9e:b9:52:45:92:7c:b1:bb:79:ad:cb:e7:
                    04:a7:8e:b0:b8:df:ae:38:3d:44:3e:49:38:e6:79:
                    bc:5b:dc:44:2f:7a:43:28:49:a2:cb:99:75:ab:fa:
                    ea:0f:b1:60:0d:e2:d0:99:24:1a:3f:f8:3e:24:23:
                    ac:5c:c3:ae:30:4c:5e:e8:69:2f:1c:0f:b5:5a:e7:
                    11:c8:49:e0:f7:37:77:13:3d:0f:68:04:d8:22:61:
                    10:e8:0b:92:83:3d:2c:12:9e:71:bd:05:02:d8:c0:
                    c1:38:b7:b4:0b:f8:f1:ad:f1:1b:98:fe:8b:ad:77:
                    8b:0b:d5:de:87:0a:41:4f:66:46:1a:1e:5b:ce:d9:
                    8d:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:CD:69:E8:3F:DD:44:8B:C4:0C:6A:C8:63:1D:56:8A:33:CC:09:62
            X509v3 Authority Key Identifier:
                keyid:5C:61:DC:D3:EB:50:C8:3D:68:06:0B:CB:A4:AF:15:22:04:19:35:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGHc0-tQyD1oBgvLpK8VIgQZNQM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/Z81p6D_dRIvEDGrIYx1WijPMCWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/XGHc0-tQyD1oBgvLpK8VIgQZNQM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:f9:9e:cb:1e:a6:37:b0:34:0a:72:20:86:fa:4f:cf:35:7d:
         1e:17:9c:60:80:fb:7f:7a:b0:e8:c2:99:54:84:31:cf:f4:25:
         5e:99:c7:00:31:7e:93:f6:eb:1d:b2:36:5f:a0:75:cd:75:84:
         a4:c0:04:ff:ef:8d:eb:55:e1:c3:a1:4c:75:bc:da:09:e0:e5:
         d2:c9:e3:9b:9b:a2:7d:01:65:29:ca:eb:66:89:9c:3f:5b:5f:
         ec:25:ac:a2:59:32:51:b9:d8:1d:5e:75:8a:71:30:b6:3c:a6:
         f7:a9:3e:d4:e2:e6:c0:3c:3f:1b:af:d7:80:a6:65:46:ec:7f:
         22:e3:7b:9c:18:56:e0:f4:ef:d8:8e:0c:cb:28:ea:64:dc:67:
         f5:5b:fe:36:d9:7e:a0:b7:bf:15:23:8f:79:31:96:33:86:44:
         45:b4:a0:71:42:37:0c:c2:8b:43:06:00:32:35:4a:fc:6a:9d:
         2f:d3:51:43:13:2d:9f:2e:86:a6:96:6d:3c:cf:7a:01:31:fd:
         b8:a0:85:92:56:e5:b8:91:ec:e7:bd:31:57:29:30:27:f6:22:
         b8:94:f9:f7:c2:a8:6d:c0:e5:83:a0:85:8f:65:55:8c:83:74:
         0f:b9:32:47:0d:08:53:b3:3c:5b:7d:cd:6c:f1:8b:fb:1d:42:
         6a:56:51:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbIsbEYGQB4ywzNQ+/GMg5rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNjFkY2QzZWI1MGM4M2Q2ODA2MGJjYmE0YWYxNTIyMDQx
OTM1MDMwHhcNMjUwNTEzMDgxMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2NkNjllODNmZGQ0NDhiYzQwYzZhYzg2MzFkNTY4YTMzY2MwOTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7zZ/w2I3nY9huu5JyL/QNS+Kn4L
9+s5nQ7S7dhep1UOjeRBlLbYhm3grgc29y+PoyZlKnj8/D5hlHO5+7jHWXLIj8OQ
Xo11C7nzJk+lAoCoxIBiDVoC50OzRXh37ztQY2RqKkCy8L11tWfXU1g2nobEmfGo
Z1r1CHGeuVJFknyxu3mty+cEp46wuN+uOD1EPkk45nm8W9xEL3pDKEmiy5l1q/rq
D7FgDeLQmSQaP/g+JCOsXMOuMExe6GkvHA+1WucRyEng9zd3Ez0PaATYImEQ6AuS
gz0sEp5xvQUC2MDBOLe0C/jxrfEbmP6LrXeLC9XehwpBT2ZGGh5bztmNCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfNaeg/3USLxAxqyGMdVoozzAliMB8GA1UdIwQY
MBaAFFxh3NPrUMg9aAYLy6SvFSIEGTUDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdIYzAtdFF5RDFvQmd2THBLOFZJZ1FaTlFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80NGExNTUtNGQwMi00MDAyLThmM2Qt
YzM2ZDFjNDYwZTJmLzEvWjgxcDZEX2RSSXZFREdySVl4MVdpalBNQ1dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80NGExNTUtNGQwMi00MDAyLThmM2QtYzM2ZDFjNDYwZTJm
LzEvWEdIYzAtdFF5RDFvQmd2THBLOFZJZ1FaTlFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYB4MA0G
CSqGSIb3DQEBCwUAA4IBAQAR+Z7LHqY3sDQKciCG+k/PNX0eF5xggPt/erDowplU
hDHP9CVemccAMX6T9usdsjZfoHXNdYSkwAT/743rVeHDoUx1vNoJ4OXSyeObm6J9
AWUpyutmiZw/W1/sJayiWTJRudgdXnWKcTC2PKb3qT7U4ubAPD8br9eApmVG7H8i
43ucGFbg9O/YjgzLKOpk3Gf1W/422X6gt78VI495MZYzhkRFtKBxQjcMwotDBgAy
NUr8ap0v01FDEy2fLoamlm08z3oBMf24oIWSVuW4keznvTFXKTAn9iK4lPn3wqht
wOWDoIWPZVWMg3QPuTJHDQhTszxbfc1s8Yv7HUJqVlH/
-----END CERTIFICATE-----