Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/433127-e2cf-41a1-9913-7a0f72cbb2d5/1/2ZRNYbv8C7Z77n06JwnDAB8dHJs.roa
File:                     2ZRNYbv8C7Z77n06JwnDAB8dHJs.roa (raw, json)
Hash identifier:          JOF3lrOpkrLDVvVTF7uM2f8rf5at25JDnT5vcTij59w=
Subject key identifier:   D9:94:4D:61:BB:FC:0B:B6:7B:EE:7D:3A:27:09:C3:00:1F:1D:1C:9B
Certificate issuer:       /CN=38b59daedd43cc9575ac35953e3f396e21bb6d80
Certificate serial:       018CC5DC33E3CA306A46679BE235C56811FE
Authority key identifier: 38:B5:9D:AE:DD:43:CC:95:75:AC:35:95:3E:3F:39:6E:21:BB:6D:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLWdrt1DzJV1rDWVPj85biG7bYA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/433127-e2cf-41a1-9913-7a0f72cbb2d5/1/2ZRNYbv8C7Z77n06JwnDAB8dHJs.roa
Signing time:             Mon 01 Jan 2024 16:29:51 +0000
ROA not before:           Mon 01 Jan 2024 16:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61309
IP address blocks:        45.147.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/433127-e2cf-41a1-9913-7a0f72cbb2d5/1/OLWdrt1DzJV1rDWVPj85biG7bYA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/433127-e2cf-41a1-9913-7a0f72cbb2d5/1/OLWdrt1DzJV1rDWVPj85biG7bYA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLWdrt1DzJV1rDWVPj85biG7bYA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:33:e3:ca:30:6a:46:67:9b:e2:35:c5:68:11:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b59daedd43cc9575ac35953e3f396e21bb6d80
        Validity
            Not Before: Jan  1 16:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9944d61bbfc0bb67bee7d3a2709c3001f1d1c9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e9:33:be:1c:10:7d:af:20:ed:2e:e0:85:65:
                    b6:9e:7f:09:3a:39:ee:09:c6:81:9f:21:2f:6a:9f:
                    f2:45:a3:c5:a2:4b:3f:b0:4c:86:11:82:2b:dc:0e:
                    28:ef:9c:01:6c:27:73:17:66:17:46:ce:c7:56:2d:
                    17:67:ec:77:0d:02:7a:ea:df:8a:44:c4:40:e8:92:
                    ee:b5:45:e5:0c:a5:8a:f4:c9:3e:b0:93:1f:f8:7f:
                    c2:96:6f:11:ce:95:82:5d:fc:43:e9:1c:25:46:c8:
                    2a:a9:aa:a7:1b:38:95:3a:75:c6:41:80:c7:c7:36:
                    e1:58:a3:d6:8d:5d:4c:ea:cc:60:a3:d5:6f:a3:d6:
                    39:eb:ad:2a:4c:3d:71:22:8b:b0:48:75:20:49:0f:
                    b4:fd:de:02:d1:ef:1e:ca:5c:e6:f1:43:22:77:a5:
                    1b:99:c0:42:f2:df:8c:94:41:4a:63:5f:4d:c2:ef:
                    ba:aa:9e:68:21:0d:32:99:db:59:5a:5e:a7:66:95:
                    0f:d5:98:c6:4e:dd:2c:1d:cb:35:21:88:d4:1f:e6:
                    cb:d0:3a:03:81:2d:31:60:93:b3:45:0e:57:43:61:
                    ef:d9:2e:99:57:22:25:43:d6:96:4c:fd:65:3a:4b:
                    a2:9d:2d:ce:64:d1:0c:04:b8:55:60:b8:ac:62:29:
                    2d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:94:4D:61:BB:FC:0B:B6:7B:EE:7D:3A:27:09:C3:00:1F:1D:1C:9B
            X509v3 Authority Key Identifier:
                keyid:38:B5:9D:AE:DD:43:CC:95:75:AC:35:95:3E:3F:39:6E:21:BB:6D:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLWdrt1DzJV1rDWVPj85biG7bYA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/433127-e2cf-41a1-9913-7a0f72cbb2d5/1/2ZRNYbv8C7Z77n06JwnDAB8dHJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/433127-e2cf-41a1-9913-7a0f72cbb2d5/1/OLWdrt1DzJV1rDWVPj85biG7bYA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:e8:16:01:d3:9d:3c:82:8a:cd:14:1d:7c:14:50:65:07:2a:
         d3:9d:b4:7e:25:db:b4:e0:fb:bc:3d:46:e0:85:65:b4:85:07:
         2c:d4:80:5a:d7:f5:60:e4:93:c5:e9:b2:e6:1a:d3:9b:a4:1e:
         e7:4d:e8:27:50:30:e0:7a:3f:85:c9:da:72:c0:3e:ed:a7:fb:
         4b:f2:69:ba:3d:81:bd:a2:96:66:0c:a3:a1:7e:97:4f:97:68:
         60:ae:d7:60:30:23:d1:99:df:9b:0a:50:f3:d7:e9:45:b2:a1:
         6f:85:c2:9b:64:f2:41:b3:ba:9b:5a:68:4d:34:c0:2f:e6:f9:
         da:4e:ca:3a:30:08:82:39:f6:9e:44:5f:73:89:f6:f3:2c:22:
         3c:26:ec:5c:32:b2:d5:05:1d:20:4e:11:4a:58:c2:70:7b:25:
         99:0e:03:6f:3b:f2:73:c0:bb:d4:a4:f1:e5:8d:64:d2:2e:df:
         2c:2c:2b:4a:e0:4b:a5:64:23:f3:e6:5a:c8:57:5d:7a:2d:52:
         37:ad:a5:f5:98:f3:57:96:4e:eb:e9:bb:f2:ed:ca:c7:f4:d4:
         b6:0d:19:9e:c7:bf:32:1d:8c:ef:9a:7a:57:12:77:76:19:48:
         a6:bf:9e:b0:b9:b2:6e:b3:22:c3:0c:13:df:f4:2a:01:f3:8a:
         41:5e:93:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3DPjyjBqRmeb4jXFaBH+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjU5ZGFlZGQ0M2NjOTU3NWFjMzU5NTNlM2YzOTZlMjFi
YjZkODAwHhcNMjQwMTAxMTYyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTk0NGQ2MWJiZmMwYmI2N2JlZTdkM2EyNzA5YzMwMDFmMWQxYzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoukzvhwQfa8g7S7ghWW2nn8JOjnu
CcaBnyEvap/yRaPFoks/sEyGEYIr3A4o75wBbCdzF2YXRs7HVi0XZ+x3DQJ66t+K
RMRA6JLutUXlDKWK9Mk+sJMf+H/Clm8RzpWCXfxD6RwlRsgqqaqnGziVOnXGQYDH
xzbhWKPWjV1M6sxgo9Vvo9Y5660qTD1xIouwSHUgSQ+0/d4C0e8eylzm8UMid6Ub
mcBC8t+MlEFKY19Nwu+6qp5oIQ0ymdtZWl6nZpUP1ZjGTt0sHcs1IYjUH+bL0DoD
gS0xYJOzRQ5XQ2Hv2S6ZVyIlQ9aWTP1lOkuinS3OZNEMBLhVYLisYiktAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmUTWG7/Au2e+59OicJwwAfHRybMB8GA1UdIwQY
MBaAFDi1na7dQ8yVdaw1lT4/OW4hu22AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xXZHJ0MUR6SlYxckRXVlBqODViaUc3YllBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC80MzMxMjctZTJjZi00MWExLTk5MTMt
N2EwZjcyY2JiMmQ1LzEvMlpSTllidjhDN1o3N24wNkp3bkRBQjhkSEpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC80MzMxMjctZTJjZi00MWExLTk5MTMtN2EwZjcyY2JiMmQ1
LzEvT0xXZHJ0MUR6SlYxckRXVlBqODViaUc3YllBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZMqMA0G
CSqGSIb3DQEBCwUAA4IBAQCg6BYB0508gorNFB18FFBlByrTnbR+Jdu04Pu8PUbg
hWW0hQcs1IBa1/Vg5JPF6bLmGtObpB7nTegnUDDgej+FydpywD7tp/tL8mm6PYG9
opZmDKOhfpdPl2hgrtdgMCPRmd+bClDz1+lFsqFvhcKbZPJBs7qbWmhNNMAv5vna
Tso6MAiCOfaeRF9zifbzLCI8JuxcMrLVBR0gThFKWMJweyWZDgNvO/JzwLvUpPHl
jWTSLt8sLCtK4EulZCPz5lrIV116LVI3raX1mPNXlk7r6bvy7crH9NS2DRmex78y
HYzvmnpXEnd2GUimv56wubJusyLDDBPf9CoB84pBXpPk
-----END CERTIFICATE-----