Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/zQz3tWtapn8qKz4rYeWGGnS9boI.roa
File:                     zQz3tWtapn8qKz4rYeWGGnS9boI.roa (raw, json)
Hash identifier:          Oet1y32LyQ4if4pkKw3gO80qX4zMy1K2uegwxuTNvQs=
Subject key identifier:   CD:0C:F7:B5:6B:5A:A6:7F:2A:2B:3E:2B:61:E5:86:1A:74:BD:6E:82
Certificate issuer:       /CN=a1d71853324eb060fbafc988233860499c96c53a
Certificate serial:       0194694F4A2986268721F9882AA075143DE4
Authority key identifier: A1:D7:18:53:32:4E:B0:60:FB:AF:C9:88:23:38:60:49:9C:96:C5:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/zQz3tWtapn8qKz4rYeWGGnS9boI.roa
Signing time:             Wed 15 Jan 2025 09:33:11 +0000
ROA not before:           Wed 15 Jan 2025 09:33:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32167
IP address blocks:        45.148.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 06:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:69:4f:4a:29:86:26:87:21:f9:88:2a:a0:75:14:3d:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1d71853324eb060fbafc988233860499c96c53a
        Validity
            Not Before: Jan 15 09:33:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd0cf7b56b5aa67f2a2b3e2b61e5861a74bd6e82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cc:17:40:0c:24:6f:8b:6f:c8:05:c4:6f:61:
                    52:1e:fd:6f:11:f1:ff:86:90:b5:63:b1:18:78:8e:
                    12:2a:d7:96:dd:85:17:d7:74:b5:27:6f:e0:c9:11:
                    11:d2:63:0b:64:16:ba:c9:a3:16:3c:03:0e:00:58:
                    25:94:f6:8f:f7:e1:3c:3b:72:45:a9:51:b1:90:a3:
                    2d:70:4a:5f:f5:15:ab:2a:c4:7a:29:20:01:3d:7d:
                    c0:96:10:e9:22:6f:e0:a7:0f:e9:14:2b:c0:f0:41:
                    25:15:09:d0:7f:02:3c:49:b3:66:61:22:5a:ec:e5:
                    63:4e:27:6b:d8:bb:ee:52:a6:cb:d0:8e:4b:8f:e5:
                    ce:29:b0:6b:03:bb:49:72:db:60:99:02:22:d2:60:
                    8d:f3:4f:f2:6a:ef:1e:01:31:bd:da:eb:92:b5:9d:
                    c8:82:b7:ab:9b:fa:24:bb:f1:b5:10:ed:2e:45:f5:
                    2d:47:01:75:3a:4c:91:00:9b:b4:d8:1d:ee:5b:44:
                    25:b1:1e:46:91:7f:80:1a:97:d1:e5:ac:54:ba:da:
                    24:1d:8d:ae:4f:4b:5f:32:e9:25:0a:77:e9:6a:04:
                    bf:60:b1:8c:11:0f:53:74:bc:77:ee:ee:7a:2f:71:
                    f7:2a:f8:5d:9e:5c:99:be:37:c9:92:8f:be:cc:63:
                    8b:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:0C:F7:B5:6B:5A:A6:7F:2A:2B:3E:2B:61:E5:86:1A:74:BD:6E:82
            X509v3 Authority Key Identifier:
                keyid:A1:D7:18:53:32:4E:B0:60:FB:AF:C9:88:23:38:60:49:9C:96:C5:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/zQz3tWtapn8qKz4rYeWGGnS9boI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:fb:ab:91:25:61:cf:8f:cd:ce:cc:f7:76:0d:77:be:c6:ff:
         38:ba:cf:0e:56:aa:69:9e:a3:cd:50:7a:98:14:59:54:ff:de:
         40:89:01:5a:40:50:57:c6:46:dd:1c:cf:2a:55:c6:9d:98:1e:
         37:04:f3:97:81:c7:67:fa:0b:a1:67:c3:ad:1d:71:d0:cb:05:
         5d:d2:33:cb:6e:9f:7b:64:79:47:33:b5:40:1b:6f:c7:ad:57:
         43:12:3f:94:cb:a8:e4:0e:b3:53:05:0d:2f:88:19:39:d1:36:
         6b:57:45:48:0a:b0:5b:0d:71:0f:8b:df:cd:af:04:be:c9:ed:
         ab:0c:fc:4f:84:0b:76:e8:14:50:32:af:c1:22:36:07:23:bb:
         29:7c:6b:2f:32:2e:0e:47:39:c9:47:1c:d5:04:ee:05:6a:09:
         6f:42:00:13:52:53:ae:ff:5e:75:4d:f7:a0:97:34:bc:39:4e:
         c9:4b:58:60:9d:7a:a6:50:0f:1c:33:9b:c0:70:12:93:19:38:
         a8:31:1e:a0:3f:e7:36:c5:ee:0a:6d:d6:3d:e6:18:7c:25:39:
         49:9c:62:6a:9c:29:c3:52:e1:1d:b8:98:db:9b:2d:99:ab:c7:
         0f:f7:85:53:bd:af:8a:ad:81:49:ea:05:20:a3:dd:81:0d:ed:
         b8:a6:6e:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRpT0ophiaHIfmIKqB1FD3kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZDcxODUzMzI0ZWIwNjBmYmFmYzk4ODIzMzg2MDQ5OWM5
NmM1M2EwHhcNMjUwMTE1MDkzMzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDBjZjdiNTZiNWFhNjdmMmEyYjNlMmI2MWU1ODYxYTc0YmQ2ZTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8wXQAwkb4tvyAXEb2FSHv1vEfH/
hpC1Y7EYeI4SKteW3YUX13S1J2/gyRER0mMLZBa6yaMWPAMOAFgllPaP9+E8O3JF
qVGxkKMtcEpf9RWrKsR6KSABPX3AlhDpIm/gpw/pFCvA8EElFQnQfwI8SbNmYSJa
7OVjTidr2LvuUqbL0I5Lj+XOKbBrA7tJcttgmQIi0mCN80/yau8eATG92uuStZ3I
grerm/oku/G1EO0uRfUtRwF1OkyRAJu02B3uW0QlsR5GkX+AGpfR5axUutokHY2u
T0tfMuklCnfpagS/YLGMEQ9TdLx37u56L3H3KvhdnlyZvjfJko++zGOL6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0M97VrWqZ/Kis+K2Hlhhp0vW6CMB8GA1UdIwQY
MBaAFKHXGFMyTrBg+6/JiCM4YEmclsU6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2RjWVV6Sk9zR0Q3cjhtSUl6aGdTWnlXeFRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy83NjU2ZGItOTRhNS00NWJlLTk0MzUt
NzA2MTM1NmJlZjFiLzEvelF6M3RXdGFwbjhxS3o0clllV0dHblM5Ym9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy83NjU2ZGItOTRhNS00NWJlLTk0MzUtNzA2MTM1NmJlZjFi
LzEvb2RjWVV6Sk9zR0Q3cjhtSUl6aGdTWnlXeFRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZSEMA0G
CSqGSIb3DQEBCwUAA4IBAQBh+6uRJWHPj83OzPd2DXe+xv84us8OVqppnqPNUHqY
FFlU/95AiQFaQFBXxkbdHM8qVcadmB43BPOXgcdn+guhZ8OtHXHQywVd0jPLbp97
ZHlHM7VAG2/HrVdDEj+Uy6jkDrNTBQ0viBk50TZrV0VICrBbDXEPi9/NrwS+ye2r
DPxPhAt26BRQMq/BIjYHI7spfGsvMi4ORznJRxzVBO4FaglvQgATUlOu/151Tfeg
lzS8OU7JS1hgnXqmUA8cM5vAcBKTGTioMR6gP+c2xe4KbdY95hh8JTlJnGJqnCnD
UuEduJjbmy2Zq8cP94VTva+KrYFJ6gUgo92BDe24pm7y
-----END CERTIFICATE-----