Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/jZL5Xhdd_DQTPlseqK0seytctFM.roa
File:                     jZL5Xhdd_DQTPlseqK0seytctFM.roa (raw, json)
Hash identifier:          iK3t86giIYaf8WbR2Oyl7XO/RS0ik8f6mwnnTPsecrY=
Subject key identifier:   8D:92:F9:5E:17:5D:FC:34:13:3E:5B:1E:A8:AD:2C:7B:2B:5C:B4:53
Certificate issuer:       /CN=03d8024188491a319c5276721f940efae7fc21af
Certificate serial:       01942144021CC4FD49FAFC44EF2D7826A30A
Authority key identifier: 03:D8:02:41:88:49:1A:31:9C:52:76:72:1F:94:0E:FA:E7:FC:21:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/jZL5Xhdd_DQTPlseqK0seytctFM.roa
Signing time:             Wed 01 Jan 2025 09:48:12 +0000
ROA not before:           Wed 01 Jan 2025 09:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61397
IP address blocks:        45.12.156.0/22 maxlen: 22
                          185.9.4.0/22 maxlen: 22
                          185.105.180.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:02:1c:c4:fd:49:fa:fc:44:ef:2d:78:26:a3:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03d8024188491a319c5276721f940efae7fc21af
        Validity
            Not Before: Jan  1 09:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d92f95e175dfc34133e5b1ea8ad2c7b2b5cb453
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:54:f7:cc:a5:f0:b9:e7:43:c2:e7:d6:d8:62:
                    4d:e8:9c:26:6b:da:16:41:4e:ce:30:35:0c:42:38:
                    b8:86:f1:c1:24:2c:1f:ae:2e:4d:dd:5b:b7:79:fa:
                    36:db:df:86:3b:bd:34:c9:e3:75:4b:6f:55:2f:a8:
                    a1:1e:eb:04:32:3e:b5:12:68:05:c1:8e:67:57:70:
                    18:19:c1:a4:da:11:cb:d0:30:2d:60:e5:c4:e9:c8:
                    36:a5:e7:ab:67:e3:79:81:67:84:7a:67:92:65:4a:
                    e6:49:e6:60:48:56:5d:5b:0d:bf:f2:7b:85:16:29:
                    52:2c:fd:66:e7:dc:5d:74:d7:4d:4d:d4:2e:41:f4:
                    72:e9:38:9a:18:f1:ee:92:f2:c9:06:6b:a0:31:4b:
                    16:40:b5:88:aa:09:e8:5c:62:5c:fa:a1:1c:1f:8a:
                    9f:08:be:a2:ea:68:10:9d:07:c4:af:c2:03:1f:08:
                    a6:ad:f8:c6:54:82:56:e6:83:e4:9a:86:d7:cc:de:
                    85:b7:4c:c7:39:05:7b:df:07:43:00:5a:08:91:a4:
                    78:0b:40:cf:79:b5:33:48:15:d9:af:8b:a9:f0:e7:
                    7e:65:68:54:ac:95:16:ab:04:d0:fc:32:91:0e:85:
                    67:45:e1:35:bb:78:05:a1:8a:90:32:8e:e6:26:4c:
                    fb:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:92:F9:5E:17:5D:FC:34:13:3E:5B:1E:A8:AD:2C:7B:2B:5C:B4:53
            X509v3 Authority Key Identifier:
                keyid:03:D8:02:41:88:49:1A:31:9C:52:76:72:1F:94:0E:FA:E7:FC:21:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/jZL5Xhdd_DQTPlseqK0seytctFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.156.0/22
                  185.9.4.0/22
                  185.105.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:c1:84:fa:b0:c8:d3:3d:4c:49:b5:66:50:e4:ab:4a:77:f2:
         c1:be:30:c7:ab:54:c1:64:c1:ce:4b:da:96:eb:aa:73:08:8a:
         dc:43:a7:01:28:bc:5b:fe:69:27:89:aa:b7:67:0b:cd:f4:bd:
         58:dd:73:7e:de:ce:dc:ef:c3:61:f5:34:9c:9a:fe:a5:d0:b5:
         c5:d2:7e:5d:c1:63:cc:86:ea:80:88:5d:82:37:88:df:0d:d5:
         e0:19:a5:a9:ae:76:c3:86:c3:28:7e:7f:24:56:4b:fe:fc:cc:
         26:4c:d6:65:7d:c1:ff:a5:9e:e0:48:65:da:3e:f0:c3:d4:b8:
         78:0e:f4:c4:28:b7:2c:de:49:40:df:51:62:8e:de:ee:e3:75:
         56:55:d9:19:65:85:87:0c:bf:c7:57:72:3a:39:c8:d0:c2:4b:
         3d:ad:4b:9a:a7:6f:4f:e1:db:be:bd:29:ab:34:6a:a4:da:ce:
         6c:4c:17:f1:fb:19:0d:ab:72:2e:74:7e:bb:09:c0:a2:3e:67:
         9d:fe:81:75:35:08:da:ec:2e:37:a6:f2:6d:73:23:df:42:82:
         d6:30:bf:90:04:bf:68:a2:57:4e:03:1d:42:71:21:37:c5:85:
         7c:a3:b5:2b:9b:80:dc:88:23:94:ad:0c:b6:84:7a:08:7b:ad:
         b7:29:77:7d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhRAIcxP1J+vxE7y14JqMKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzZDgwMjQxODg0OTFhMzE5YzUyNzY3MjFmOTQwZWZhZTdm
YzIxYWYwHhcNMjUwMTAxMDk0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDkyZjk1ZTE3NWRmYzM0MTMzZTViMWVhOGFkMmM3YjJiNWNiNDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVT3zKXwuedDwufW2GJN6Jwma9oW
QU7OMDUMQji4hvHBJCwfri5N3Vu3efo229+GO700yeN1S29VL6ihHusEMj61EmgF
wY5nV3AYGcGk2hHL0DAtYOXE6cg2peerZ+N5gWeEemeSZUrmSeZgSFZdWw2/8nuF
FilSLP1m59xddNdNTdQuQfRy6TiaGPHukvLJBmugMUsWQLWIqgnoXGJc+qEcH4qf
CL6i6mgQnQfEr8IDHwimrfjGVIJW5oPkmobXzN6Ft0zHOQV73wdDAFoIkaR4C0DP
ebUzSBXZr4up8Od+ZWhUrJUWqwTQ/DKRDoVnReE1u3gFoYqQMo7mJkz7tQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI2S+V4XXfw0Ez5bHqitLHsrXLRTMB8GA1UdIwQY
MBaAFAPYAkGISRoxnFJ2ch+UDvrn/CGvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTlnQ1FZaEpHakdjVW5aeUg1UU8tdWY4SWE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8yMDk3ZGQtYzM5Ni00OGY2LWJlODct
N2JiYWM4Y2MyNzgzLzEvalpMNVhoZGRfRFFUUGxzZXFLMHNleXRjdEZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8yMDk3ZGQtYzM5Ni00OGY2LWJlODctN2JiYWM4Y2MyNzgz
LzEvQTlnQ1FZaEpHakdjVW5aeUg1UU8tdWY4SWE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLQycAwQC
uQkEAwQCuWm0MA0GCSqGSIb3DQEBCwUAA4IBAQB1wYT6sMjTPUxJtWZQ5KtKd/LB
vjDHq1TBZMHOS9qW66pzCIrcQ6cBKLxb/mkniaq3ZwvN9L1Y3XN+3s7c78Nh9TSc
mv6l0LXF0n5dwWPMhuqAiF2CN4jfDdXgGaWprnbDhsMofn8kVkv+/MwmTNZlfcH/
pZ7gSGXaPvDD1Lh4DvTEKLcs3klA31Fijt7u43VWVdkZZYWHDL/HV3I6OcjQwks9
rUuap29P4du+vSmrNGqk2s5sTBfx+xkNq3IudH67CcCiPmed/oF1NQja7C43pvJt
cyPfQoLWML+QBL9ooldOAx1CcSE3xYV8o7Urm4DciCOUrQy2hHoIe623KXd9
-----END CERTIFICATE-----