Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/af8e9d-6c65-41fd-a755-b18d76b012e7/1/ZQzI8pwKz3Y9UFOTdtU4b9ctJXY.roa
File:                     ZQzI8pwKz3Y9UFOTdtU4b9ctJXY.roa (raw, json)
Hash identifier:          m2HxLCCi/fQqzx7YAu5gwnUGUYg0wp/lcNW6PdEdels=
Subject key identifier:   65:0C:C8:F2:9C:0A:CF:76:3D:50:53:93:76:D5:38:6F:D7:2D:25:76
Certificate issuer:       /CN=a977820ea61b11b5b3859ab4a4bc7ec0a7b7388c
Certificate serial:       0194258F6ED23F1827B4A46C5AF7E5A1128A
Authority key identifier: A9:77:82:0E:A6:1B:11:B5:B3:85:9A:B4:A4:BC:7E:C0:A7:B7:38:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qXeCDqYbEbWzhZq0pLx-wKe3OIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/af8e9d-6c65-41fd-a755-b18d76b012e7/1/ZQzI8pwKz3Y9UFOTdtU4b9ctJXY.roa
Signing time:             Thu 02 Jan 2025 05:49:04 +0000
ROA not before:           Thu 02 Jan 2025 05:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45007
IP address blocks:        77.220.196.0/22 maxlen: 22
                          185.230.4.0/22 maxlen: 22
                          185.230.4.0/23 maxlen: 23
                          185.230.6.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/af8e9d-6c65-41fd-a755-b18d76b012e7/1/qXeCDqYbEbWzhZq0pLx-wKe3OIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/af8e9d-6c65-41fd-a755-b18d76b012e7/1/qXeCDqYbEbWzhZq0pLx-wKe3OIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qXeCDqYbEbWzhZq0pLx-wKe3OIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:6e:d2:3f:18:27:b4:a4:6c:5a:f7:e5:a1:12:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a977820ea61b11b5b3859ab4a4bc7ec0a7b7388c
        Validity
            Not Before: Jan  2 05:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=650cc8f29c0acf763d50539376d5386fd72d2576
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:aa:05:bd:38:d2:df:ee:53:63:46:7d:c5:06:
                    81:d0:26:89:57:0c:1f:3c:8b:91:99:48:d3:56:ec:
                    80:ec:f1:5b:0e:c0:80:e3:84:3a:ed:ce:8f:7d:1c:
                    86:f5:48:0f:f4:fb:08:aa:68:5e:76:11:42:53:fc:
                    31:8c:4c:11:53:fc:66:83:09:e3:d9:02:50:c6:fc:
                    32:88:71:1c:73:05:c7:96:61:4b:08:6b:83:24:fe:
                    0b:c8:2a:39:82:35:43:46:79:94:df:aa:6c:2e:85:
                    86:32:1e:6a:b0:a4:b8:98:3a:43:35:ee:90:c1:d5:
                    b4:97:d5:fe:0c:79:f3:34:b0:3d:78:82:38:3a:ba:
                    e7:50:00:ca:4b:c4:ae:cf:10:64:bf:88:c7:d1:02:
                    53:a1:57:fb:a4:08:47:a9:a7:a9:6e:46:bd:93:27:
                    b0:74:41:d7:4e:91:4d:53:5e:2f:1b:e6:8c:d7:d4:
                    73:4f:19:e6:9d:cb:ef:58:12:e4:b7:53:91:38:31:
                    6b:8d:50:2c:fd:d1:9d:d7:d3:aa:ff:32:a5:21:c3:
                    ce:12:60:cc:01:e5:bd:18:e4:87:cf:19:12:0c:c4:
                    a2:a1:56:56:fb:0d:c1:65:c5:68:19:12:79:56:6f:
                    5c:41:eb:56:d9:70:fd:d6:cb:c0:7f:07:ff:98:1b:
                    4d:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:0C:C8:F2:9C:0A:CF:76:3D:50:53:93:76:D5:38:6F:D7:2D:25:76
            X509v3 Authority Key Identifier:
                keyid:A9:77:82:0E:A6:1B:11:B5:B3:85:9A:B4:A4:BC:7E:C0:A7:B7:38:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qXeCDqYbEbWzhZq0pLx-wKe3OIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/af8e9d-6c65-41fd-a755-b18d76b012e7/1/ZQzI8pwKz3Y9UFOTdtU4b9ctJXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/af8e9d-6c65-41fd-a755-b18d76b012e7/1/qXeCDqYbEbWzhZq0pLx-wKe3OIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.220.196.0/22
                  185.230.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:85:34:b7:ce:a4:8a:9a:a4:21:e9:07:37:7c:f7:dc:e6:c9:
         d4:b3:ba:d1:22:a0:90:8e:0e:1a:a7:b7:41:7c:c6:1e:47:be:
         5b:47:ec:a8:ad:c3:bb:ab:ad:cf:12:df:b6:2c:c5:d4:49:8b:
         6d:c6:a1:a4:51:65:62:99:8c:33:3e:b3:ab:52:66:a4:75:63:
         d0:2f:4f:68:59:8b:ba:7a:91:70:55:36:2f:87:53:cc:c5:1b:
         d5:7e:2f:93:ec:6a:53:1e:03:8a:d2:ea:f9:15:8a:73:ba:dd:
         82:90:8c:a4:e9:7a:ce:82:8f:d0:3a:01:40:cc:31:5f:84:c3:
         ee:fb:fc:bc:6d:a5:27:a5:32:38:66:a3:40:2b:5a:1a:5b:d0:
         15:ed:2f:15:d9:5b:52:b2:a3:b0:bb:02:c5:a0:31:a5:fc:c1:
         6b:ae:79:01:72:59:4f:5e:a0:18:63:9c:e1:10:57:e2:dd:7c:
         f8:d1:ec:7f:83:f1:ce:3d:db:d6:0b:fe:10:a1:24:a6:cc:9b:
         17:83:76:d4:53:b9:19:f2:16:ca:14:44:d8:ea:14:da:6e:38:
         52:1c:0a:1c:43:c1:fb:65:93:31:1b:ac:4b:a3:9c:f8:e3:91:
         9c:a5:ed:ee:10:45:f3:d8:4b:ad:e9:7f:62:0b:58:3a:13:0f:
         a1:8a:2f:09
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlj27SPxgntKRsWvfloRKKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5Nzc4MjBlYTYxYjExYjViMzg1OWFiNGE0YmM3ZWMwYTdi
NzM4OGMwHhcNMjUwMTAyMDU0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTBjYzhmMjljMGFjZjc2M2Q1MDUzOTM3NmQ1Mzg2ZmQ3MmQyNTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6oFvTjS3+5TY0Z9xQaB0CaJVwwf
PIuRmUjTVuyA7PFbDsCA44Q67c6PfRyG9UgP9PsIqmhedhFCU/wxjEwRU/xmgwnj
2QJQxvwyiHEccwXHlmFLCGuDJP4LyCo5gjVDRnmU36psLoWGMh5qsKS4mDpDNe6Q
wdW0l9X+DHnzNLA9eII4OrrnUADKS8SuzxBkv4jH0QJToVf7pAhHqaepbka9kyew
dEHXTpFNU14vG+aM19RzTxnmncvvWBLkt1ORODFrjVAs/dGd19Oq/zKlIcPOEmDM
AeW9GOSHzxkSDMSioVZW+w3BZcVoGRJ5Vm9cQetW2XD91svAfwf/mBtNbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGUMyPKcCs92PVBTk3bVOG/XLSV2MB8GA1UdIwQY
MBaAFKl3gg6mGxG1s4WatKS8fsCntziMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVhlQ0RxWWJFYld6aFpxMHBMeC13S2UzT0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9hZjhlOWQtNmM2NS00MWZkLWE3NTUt
YjE4ZDc2YjAxMmU3LzEvWlF6SThwd0t6M1k5VUZPVGR0VTRiOWN0SlhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9hZjhlOWQtNmM2NS00MWZkLWE3NTUtYjE4ZDc2YjAxMmU3
LzEvcVhlQ0RxWWJFYld6aFpxMHBMeC13S2UzT0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCTdzEAwQC
ueYEMA0GCSqGSIb3DQEBCwUAA4IBAQAChTS3zqSKmqQh6Qc3fPfc5snUs7rRIqCQ
jg4ap7dBfMYeR75bR+yorcO7q63PEt+2LMXUSYttxqGkUWVimYwzPrOrUmakdWPQ
L09oWYu6epFwVTYvh1PMxRvVfi+T7GpTHgOK0ur5FYpzut2CkIyk6XrOgo/QOgFA
zDFfhMPu+/y8baUnpTI4ZqNAK1oaW9AV7S8V2VtSsqOwuwLFoDGl/MFrrnkBcllP
XqAYY5zhEFfi3Xz40ex/g/HOPdvWC/4QoSSmzJsXg3bUU7kZ8hbKFETY6hTabjhS
HAocQ8H7ZZMxG6xLo5z445Gcpe3uEEXz2Eut6X9iC1g6Ew+hii8J
-----END CERTIFICATE-----