Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/dzvMmjRwUTnMr4DZ4MQqNwqOqlg.roa
File:                     dzvMmjRwUTnMr4DZ4MQqNwqOqlg.roa (raw, json)
Hash identifier:          uLO1GP7nfhua/KOSdLN/3nZvOSj9VVaQYxmNm5g591s=
Subject key identifier:   77:3B:CC:9A:34:70:51:39:CC:AF:80:D9:E0:C4:2A:37:0A:8E:AA:58
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       0194266BA1E94304D4C8C03D0E7C90ECA9D3
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/dzvMmjRwUTnMr4DZ4MQqNwqOqlg.roa
Signing time:             Thu 02 Jan 2025 09:49:35 +0000
ROA not before:           Thu 02 Jan 2025 09:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     17098
IP address blocks:        45.141.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:a1:e9:43:04:d4:c8:c0:3d:0e:7c:90:ec:a9:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 09:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=773bcc9a34705139ccaf80d9e0c42a370a8eaa58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:24:e8:2f:bb:10:a5:ff:a4:75:23:ca:8a:ec:
                    4c:8f:36:95:9e:da:78:a1:b3:0f:08:c5:c2:78:28:
                    a1:8f:82:a9:a3:ac:1a:a8:62:3c:b8:9e:49:f9:0a:
                    c4:4e:de:06:58:d8:2e:a7:09:d8:49:09:50:48:b2:
                    40:e4:c0:60:66:ba:b9:92:77:cf:d7:8b:36:51:0e:
                    b6:7a:8c:12:51:12:8f:80:dd:97:da:63:dc:6c:aa:
                    a3:b8:f1:e4:3e:9e:79:2f:a1:c8:8e:30:09:90:47:
                    37:d5:80:72:da:1f:5a:4f:a8:4b:cd:58:b1:28:73:
                    63:1b:ca:7e:f4:bc:48:ea:4f:45:86:3c:8b:d8:35:
                    ee:33:42:26:3e:69:f7:37:00:08:b6:d6:ac:f0:2e:
                    4d:66:46:16:07:68:bd:ac:05:62:1c:17:8b:10:b2:
                    1f:54:63:93:52:be:d5:3a:80:53:8f:95:41:d2:9e:
                    69:2d:0f:9f:8d:ba:3b:1d:5b:83:dc:10:70:a7:36:
                    03:1d:5a:6b:02:de:19:ef:03:34:29:c6:ca:06:eb:
                    69:8b:57:cb:9d:77:e4:05:73:cf:3d:00:b5:a5:21:
                    7c:3a:cf:3d:85:9e:c5:37:69:83:78:90:f4:df:03:
                    0a:35:8f:91:4f:b5:79:42:72:9c:c7:23:f2:f7:e5:
                    74:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:3B:CC:9A:34:70:51:39:CC:AF:80:D9:E0:C4:2A:37:0A:8E:AA:58
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/dzvMmjRwUTnMr4DZ4MQqNwqOqlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:ec:e9:51:07:34:d3:5b:4c:a3:df:5c:6b:34:24:88:5c:c6:
         28:db:c2:ff:b3:bb:59:bf:3b:ad:12:ec:2f:cd:4f:d8:e4:85:
         a6:4f:39:39:40:14:58:84:d8:b1:76:d2:78:b7:d9:3a:3b:c3:
         6d:c8:ad:eb:31:e1:95:84:60:09:4f:9e:2c:35:d8:a6:7a:86:
         59:08:94:2a:9b:47:c2:2c:74:31:9c:33:2f:bf:85:0d:ad:6f:
         d4:a2:6e:43:3c:7a:5c:8a:ba:a7:82:8d:ad:07:7b:11:07:f8:
         0b:0d:2b:0d:b7:c5:99:ca:b5:a7:11:6d:30:f0:fa:0c:f6:de:
         7e:18:c8:f7:6c:b0:ca:04:85:e4:65:9a:91:f8:0c:3b:dc:e4:
         6f:eb:5d:c9:06:e0:c6:ed:83:f5:17:d9:82:83:19:9e:0f:12:
         9b:85:d1:f3:8a:d4:1a:12:e7:3e:92:fd:e1:fe:cd:d5:29:46:
         5d:40:a2:08:51:e2:0d:99:7d:c9:5a:37:17:28:75:a4:a1:ee:
         23:10:82:3b:35:ad:f7:f6:47:30:fb:20:18:c5:9b:a4:24:4d:
         dd:24:b4:f5:86:73:34:a4:b1:b1:c2:3d:6e:d1:be:37:20:17:
         c4:e6:76:a2:5a:cc:e9:f2:00:f2:41:d8:f5:cc:ca:54:85:58:
         7e:1c:0f:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma6HpQwTUyMA9DnyQ7KnTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjUwMTAyMDk0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzNiY2M5YTM0NzA1MTM5Y2NhZjgwZDllMGM0MmEzNzBhOGVhYTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3yToL7sQpf+kdSPKiuxMjzaVntp4
obMPCMXCeCihj4Kpo6waqGI8uJ5J+QrETt4GWNgupwnYSQlQSLJA5MBgZrq5knfP
14s2UQ62eowSURKPgN2X2mPcbKqjuPHkPp55L6HIjjAJkEc31YBy2h9aT6hLzVix
KHNjG8p+9LxI6k9FhjyL2DXuM0ImPmn3NwAIttas8C5NZkYWB2i9rAViHBeLELIf
VGOTUr7VOoBTj5VB0p5pLQ+fjbo7HVuD3BBwpzYDHVprAt4Z7wM0KcbKButpi1fL
nXfkBXPPPQC1pSF8Os89hZ7FN2mDeJD03wMKNY+RT7V5QnKcxyPy9+V08QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHc7zJo0cFE5zK+A2eDEKjcKjqpYMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvZHp2TW1qUndVVG5NcjREWjRNUXFOd3FPcWxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY2BMA0G
CSqGSIb3DQEBCwUAA4IBAQAg7OlRBzTTW0yj31xrNCSIXMYo28L/s7tZvzutEuwv
zU/Y5IWmTzk5QBRYhNixdtJ4t9k6O8NtyK3rMeGVhGAJT54sNdimeoZZCJQqm0fC
LHQxnDMvv4UNrW/Uom5DPHpcirqngo2tB3sRB/gLDSsNt8WZyrWnEW0w8PoM9t5+
GMj3bLDKBIXkZZqR+Aw73ORv613JBuDG7YP1F9mCgxmeDxKbhdHzitQaEuc+kv3h
/s3VKUZdQKIIUeINmX3JWjcXKHWkoe4jEII7Na339kcw+yAYxZukJE3dJLT1hnM0
pLGxwj1u0b43IBfE5naiWszp8gDyQdj1zMpUhVh+HA84
-----END CERTIFICATE-----