Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/ZBWGWAqzzMphg8N26iWCScRydeg.roa
File:                     ZBWGWAqzzMphg8N26iWCScRydeg.roa (raw, json)
Hash identifier:          A6bFWbJ2kwMwkm3nxNWtNaJhbLgU7mMYdBxgzHzi2zU=
Subject key identifier:   64:15:86:58:0A:B3:CC:CA:61:83:C3:76:EA:25:82:49:C4:72:75:E8
Certificate issuer:       /CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
Certificate serial:       018CC794F9A4548F390AD054760F7A2E0433
Authority key identifier: 05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/ZBWGWAqzzMphg8N26iWCScRydeg.roa
Signing time:             Tue 02 Jan 2024 00:31:18 +0000
ROA not before:           Tue 02 Jan 2024 00:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        45.84.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:f9:a4:54:8f:39:0a:d0:54:76:0f:7a:2e:04:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
        Validity
            Not Before: Jan  2 00:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=641586580ab3ccca6183c376ea258249c47275e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:39:81:67:c7:21:38:1c:3a:fd:75:32:f1:7e:
                    bd:45:b8:45:91:26:12:d1:a3:08:0d:2f:b3:55:4f:
                    39:62:e5:bc:0f:eb:c1:31:d3:9e:d3:fc:c9:a9:1e:
                    52:ef:cb:a4:44:f0:88:ce:99:16:8b:ba:f2:ec:a5:
                    56:5a:6e:95:a1:6a:ec:13:ef:b5:10:87:22:8b:34:
                    ce:7b:b6:c8:6b:b9:55:c9:44:26:be:10:cd:63:37:
                    ef:c5:e7:2b:12:43:ad:ff:16:d8:a4:e9:61:ad:35:
                    48:2a:fc:b9:0b:d8:c6:8f:22:51:2c:ab:e1:c9:73:
                    67:3d:be:bf:31:89:f2:7c:9c:bf:97:31:8e:7c:5b:
                    0e:31:c8:d6:32:89:9c:ad:91:be:a8:59:41:e0:ea:
                    30:c8:ed:56:6c:0d:a2:0a:08:0e:cf:5b:e5:10:ae:
                    56:29:9c:b6:47:1c:48:42:ae:f7:6c:bb:3d:b5:90:
                    48:af:f7:f5:11:76:1f:51:7f:fe:72:bd:44:15:99:
                    e3:64:3e:ec:38:14:57:a5:e7:6a:17:06:46:9f:c4:
                    a6:f2:2e:16:ae:56:dc:3d:e7:9f:62:05:ba:8e:5a:
                    4e:1a:bc:52:40:3c:69:91:8d:a4:ce:ae:97:19:2a:
                    93:fc:81:7b:1b:ad:79:d0:33:a9:95:8a:2d:68:f1:
                    bc:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:15:86:58:0A:B3:CC:CA:61:83:C3:76:EA:25:82:49:C4:72:75:E8
            X509v3 Authority Key Identifier:
                keyid:05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/ZBWGWAqzzMphg8N26iWCScRydeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:01:91:f7:0c:a0:65:34:f7:ca:7f:af:43:81:1c:4f:91:b7:
         df:2e:37:93:ca:a7:fc:b0:8e:de:fd:3c:ac:ea:0b:d8:29:ff:
         cd:f9:d0:01:ba:8a:5c:9d:54:3d:44:4d:bd:b1:6e:03:f1:61:
         98:78:04:82:70:6d:3c:1a:ea:ef:73:48:37:0a:be:0f:e1:eb:
         eb:10:ac:c7:ac:20:55:3b:6d:46:84:75:97:b1:c1:db:e9:5e:
         77:f2:54:ca:53:8b:2e:04:ef:8c:d4:fb:9e:80:bf:45:df:c3:
         bb:aa:21:26:e4:54:46:3d:e5:b2:88:71:80:33:bc:1d:20:8d:
         a4:77:6c:7f:88:30:41:d3:c7:b1:bd:a7:da:ca:7f:2b:2e:ba:
         60:30:3a:d8:cc:5c:a9:4e:e4:2c:9d:c0:82:58:91:c4:82:9d:
         94:dc:8f:cd:00:97:69:d8:b3:65:6a:1e:d8:d2:35:58:da:e0:
         37:67:db:69:9a:0c:35:d9:4f:82:f6:ae:b1:b6:2f:b0:93:a4:
         7f:c2:33:03:56:11:db:56:98:8d:ac:dd:fa:86:4f:23:b0:84:
         de:d0:15:02:96:e7:a3:b2:04:b0:cf:f9:ee:5c:1a:02:8a:44:
         65:5a:6d:dd:36:f8:2e:c6:a3:00:40:47:a4:c8:25:0f:3e:79:
         e3:47:c1:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlPmkVI85CtBUdg96LgQzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NTE2MDViNjc1ZWNlNGUwZmNlNzE3NWFlMzFhOTNmYTgy
NzJiYTYwHhcNMjQwMTAyMDAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDE1ODY1ODBhYjNjY2NhNjE4M2MzNzZlYTI1ODI0OWM0NzI3NWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzmBZ8chOBw6/XUy8X69RbhFkSYS
0aMIDS+zVU85YuW8D+vBMdOe0/zJqR5S78ukRPCIzpkWi7ry7KVWWm6VoWrsE++1
EIciizTOe7bIa7lVyUQmvhDNYzfvxecrEkOt/xbYpOlhrTVIKvy5C9jGjyJRLKvh
yXNnPb6/MYnyfJy/lzGOfFsOMcjWMomcrZG+qFlB4OowyO1WbA2iCggOz1vlEK5W
KZy2RxxIQq73bLs9tZBIr/f1EXYfUX/+cr1EFZnjZD7sOBRXpedqFwZGn8Sm8i4W
rlbcPeefYgW6jlpOGrxSQDxpkY2kzq6XGSqT/IF7G6150DOplYotaPG8UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQVhlgKs8zKYYPDduolgknEcnXoMB8GA1UdIwQY
MBaAFAVRYFtnXs5OD85xda4xqT+oJyumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEt
MDc3OWY0OGVjZWEwLzEvWkJXR1dBcXp6TXBoZzhOMjZpV0NTY1J5ZGVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEtMDc3OWY0OGVjZWEw
LzEvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVTwMA0G
CSqGSIb3DQEBCwUAA4IBAQB5AZH3DKBlNPfKf69DgRxPkbffLjeTyqf8sI7e/Tys
6gvYKf/N+dABuopcnVQ9RE29sW4D8WGYeASCcG08Gurvc0g3Cr4P4evrEKzHrCBV
O21GhHWXscHb6V538lTKU4suBO+M1PuegL9F38O7qiEm5FRGPeWyiHGAM7wdII2k
d2x/iDBB08exvafayn8rLrpgMDrYzFypTuQsncCCWJHEgp2U3I/NAJdp2LNlah7Y
0jVY2uA3Z9tpmgw12U+C9q6xti+wk6R/wjMDVhHbVpiNrN36hk8jsITe0BUCluej
sgSwz/nuXBoCikRlWm3dNvguxqMAQEekyCUPPnnjR8F7
-----END CERTIFICATE-----