Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/azXA0zek1r4GjxGORUc5CbVhlro.roa
File:                     azXA0zek1r4GjxGORUc5CbVhlro.roa (raw, json)
Hash identifier:          dBG8mL0HT6A6TrmZTX65GYmNTUtlNHr3mHgXq8jXk/c=
Subject key identifier:   6B:35:C0:D3:37:A4:D6:BE:06:8F:11:8E:45:47:39:09:B5:61:96:BA
Certificate issuer:       /CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
Certificate serial:       019420D64C37FCDA9860F0E61C703E4132D7
Authority key identifier: 28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/azXA0zek1r4GjxGORUc5CbVhlro.roa
Signing time:             Wed 01 Jan 2025 07:48:22 +0000
ROA not before:           Wed 01 Jan 2025 07:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48678
IP address blocks:        45.80.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 02:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:4c:37:fc:da:98:60:f0:e6:1c:70:3e:41:32:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
        Validity
            Not Before: Jan  1 07:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b35c0d337a4d6be068f118e45473909b56196ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:45:ab:58:e2:14:49:74:d9:ba:1b:cc:12:48:
                    df:56:a5:3c:04:2b:be:d5:2b:cd:86:5d:55:bb:0a:
                    21:65:69:9e:ed:1b:80:11:c2:e9:a4:6d:ed:d5:9a:
                    40:9f:a5:8f:9d:ad:65:bb:3d:62:82:c4:85:91:e7:
                    c3:de:78:37:33:ed:03:fc:5d:b6:7e:ff:67:cc:89:
                    5a:3b:d5:e4:56:c5:25:c5:68:f8:4b:c6:d1:59:f5:
                    b8:19:5d:cf:4f:e0:a2:28:22:d9:b3:0a:05:91:74:
                    45:8c:ee:60:0b:b9:1b:2e:46:f5:21:b1:99:e2:c9:
                    75:5a:5f:c9:16:0a:f3:a6:7d:ba:91:5d:75:dc:b4:
                    ce:10:20:9f:4d:05:a2:26:6e:f3:f5:31:b7:32:73:
                    e5:39:f8:9e:90:1f:8f:22:70:5c:d4:d2:a9:31:7e:
                    a6:06:b7:c0:ca:cf:b7:95:bc:f3:58:ee:17:86:5e:
                    90:6d:18:1d:d5:69:73:ca:f8:fb:f2:d7:c2:de:df:
                    cf:56:79:4d:77:c6:f3:02:40:d9:19:b7:86:40:48:
                    34:8f:cb:53:9f:05:00:d4:2a:0b:91:10:17:4b:f8:
                    1f:a3:d3:f8:f4:4c:56:b0:d5:82:6f:fe:bb:08:d1:
                    31:63:b2:73:22:f2:3a:58:cf:f1:a0:96:00:58:93:
                    f6:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:35:C0:D3:37:A4:D6:BE:06:8F:11:8E:45:47:39:09:B5:61:96:BA
            X509v3 Authority Key Identifier:
                keyid:28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/azXA0zek1r4GjxGORUc5CbVhlro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:c5:a6:ef:08:76:37:8c:aa:bf:f0:2a:08:9f:5e:8b:0d:d7:
         66:9c:11:3c:eb:c6:14:e0:2e:e9:7b:f9:f2:12:ae:2f:5b:ba:
         2e:4e:84:fa:eb:c8:44:52:b0:4f:b5:f4:33:e2:d6:e1:09:3c:
         85:49:75:ab:f3:97:a2:42:a2:ca:83:ac:1e:9f:e7:a5:e8:37:
         d8:19:3b:1c:40:d3:a8:b0:0f:ef:ec:f6:7c:f7:b2:e5:77:9b:
         91:f2:56:ef:f0:9e:5c:9a:da:5f:2a:78:26:1c:52:cf:01:66:
         4f:7d:46:4c:8a:a5:46:5c:56:d3:1a:c7:92:8d:cd:3c:b3:99:
         cf:78:50:64:a0:8f:f6:88:f0:04:ea:c1:3c:73:75:b4:34:eb:
         9e:97:34:f8:46:5e:b5:d2:19:14:d3:59:e8:d5:7e:81:6f:37:
         62:3e:0e:5c:69:13:54:44:ad:65:33:47:53:55:35:3c:5e:89:
         31:8a:09:93:14:80:cf:e9:e7:b7:a4:fe:88:71:31:66:e7:70:
         40:ce:41:a7:58:dc:25:af:79:49:9a:0f:78:0c:c7:de:57:32:
         89:19:07:e0:b9:d4:fc:1b:6e:6c:9a:4e:0b:0a:8a:93:8c:d4:
         9d:86:27:9b:13:e8:20:22:78:c9:88:60:10:69:6a:2c:fa:ae:
         b2:24:e0:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1kw3/NqYYPDmHHA+QTLXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZmQ2NmU0M2ExMDQ2MzNiMjdiYWM1MzliOThiZGY4ZWJm
YWM5YWUwHhcNMjUwMTAxMDc0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjM1YzBkMzM3YTRkNmJlMDY4ZjExOGU0NTQ3MzkwOWI1NjE5NmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1kWrWOIUSXTZuhvMEkjfVqU8BCu+
1SvNhl1VuwohZWme7RuAEcLppG3t1ZpAn6WPna1luz1igsSFkefD3ng3M+0D/F22
fv9nzIlaO9XkVsUlxWj4S8bRWfW4GV3PT+CiKCLZswoFkXRFjO5gC7kbLkb1IbGZ
4sl1Wl/JFgrzpn26kV113LTOECCfTQWiJm7z9TG3MnPlOfiekB+PInBc1NKpMX6m
BrfAys+3lbzzWO4Xhl6QbRgd1Wlzyvj78tfC3t/PVnlNd8bzAkDZGbeGQEg0j8tT
nwUA1CoLkRAXS/gfo9P49ExWsNWCb/67CNExY7JzIvI6WM/xoJYAWJP2AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGs1wNM3pNa+Bo8RjkVHOQm1YZa6MB8GA1UdIwQY
MBaAFCj9ZuQ6EEYzsnusU5uYvfjr+smuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYt
MjY3NjY5ZjM1NjQ4LzEvYXpYQTB6ZWsxcjRHanhHT1JVYzVDYlZobHJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYtMjY3NjY5ZjM1NjQ4
LzEvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVCuMA0G
CSqGSIb3DQEBCwUAA4IBAQCGxabvCHY3jKq/8CoIn16LDddmnBE868YU4C7pe/ny
Eq4vW7ouToT668hEUrBPtfQz4tbhCTyFSXWr85eiQqLKg6wen+el6DfYGTscQNOo
sA/v7PZ897Lld5uR8lbv8J5cmtpfKngmHFLPAWZPfUZMiqVGXFbTGseSjc08s5nP
eFBkoI/2iPAE6sE8c3W0NOuelzT4Rl610hkU01no1X6BbzdiPg5caRNURK1lM0dT
VTU8XokxigmTFIDP6ee3pP6IcTFm53BAzkGnWNwlr3lJmg94DMfeVzKJGQfgudT8
G25smk4LCoqTjNSdhiebE+ggInjJiGAQaWos+q6yJOBC
-----END CERTIFICATE-----