Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/RZnwVTO26PBx3a68dhxrN-N2_9U.roa
File:                     RZnwVTO26PBx3a68dhxrN-N2_9U.roa (raw, json)
Hash identifier:          2uzv1j/fxffpUq8amOpURgwfPrkNCx7YPSsxO/BHSJk=
Subject key identifier:   45:99:F0:55:33:B6:E8:F0:71:DD:AE:BC:76:1C:6B:37:E3:76:FF:D5
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       0194228E0DE159578597475B56F78D4BA22E
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/RZnwVTO26PBx3a68dhxrN-N2_9U.roa
Signing time:             Wed 01 Jan 2025 15:48:42 +0000
ROA not before:           Wed 01 Jan 2025 15:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51327
IP address blocks:        139.45.214.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 21:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:0d:e1:59:57:85:97:47:5b:56:f7:8d:4b:a2:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jan  1 15:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4599f05533b6e8f071ddaebc761c6b37e376ffd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:32:48:12:03:6d:5e:ac:6b:e0:03:18:23:fa:
                    a0:8e:81:73:14:37:ce:6e:88:79:b7:7d:98:b5:16:
                    f9:52:70:18:2d:27:3e:f6:89:d9:1b:c3:71:46:ea:
                    d7:41:b9:da:e5:fa:60:2e:f1:a1:71:bd:2d:88:bc:
                    ee:ef:ae:6a:9a:34:18:ed:f6:0c:b0:6c:37:ad:2e:
                    bf:1c:83:73:cb:93:95:13:dc:43:fe:e8:a4:0f:96:
                    6e:50:3b:5b:5f:dc:e5:4a:46:d6:47:b9:0c:2a:67:
                    a6:be:e7:63:9d:d0:30:47:bb:2e:1f:d4:37:4b:ff:
                    d1:85:c2:2e:28:9e:c7:14:8e:8b:f8:43:bd:47:bb:
                    f6:a4:4e:ad:d4:be:1c:01:04:a8:d2:0b:ff:bf:6a:
                    f9:b0:70:62:fe:23:bb:83:af:c3:79:94:fe:17:e3:
                    bd:23:ec:6c:b3:bf:96:25:bc:10:df:c7:55:72:00:
                    c6:d4:c5:c1:b7:a5:ba:c5:cb:04:90:3d:38:ce:96:
                    65:71:28:05:0a:4d:5f:6a:6c:0f:b1:3d:5f:33:99:
                    2c:f1:a8:50:eb:94:42:eb:66:f2:23:ea:ad:e1:38:
                    71:da:66:c6:f8:e7:69:5d:5f:a4:5f:9c:91:de:82:
                    69:bb:18:bf:ea:c6:32:be:43:c0:db:55:0d:8e:15:
                    be:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:99:F0:55:33:B6:E8:F0:71:DD:AE:BC:76:1C:6B:37:E3:76:FF:D5
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/RZnwVTO26PBx3a68dhxrN-N2_9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.45.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:b1:de:54:dc:39:17:03:2b:ce:77:40:6f:e1:4a:91:75:1a:
         cc:9f:e7:c3:2c:f6:ed:55:2b:dd:26:70:10:ef:5d:bc:19:9f:
         50:7a:8c:4c:46:ed:ad:4d:ac:c5:2b:2d:cc:4e:74:16:3b:95:
         9b:d3:1c:29:b6:43:cd:0d:47:8a:fb:ac:e2:3d:79:c6:b7:19:
         62:1d:0e:dc:36:f1:a9:7e:16:87:74:99:a7:52:b8:5f:35:f8:
         c0:fe:17:2a:2a:13:42:d7:fc:9a:14:d1:6e:94:01:c3:8c:ac:
         02:2f:0c:d3:8e:0c:19:a8:ac:c0:6f:8e:68:64:e9:ee:3c:e2:
         87:21:78:60:bc:8c:c9:46:96:a2:3c:c2:d3:95:76:5a:0d:0a:
         cb:f3:1e:7b:3d:bd:85:cb:58:b9:c2:6c:67:9e:31:57:2f:d0:
         bb:3d:cb:f3:95:f9:ff:78:cf:d4:08:fe:38:40:a9:cb:e5:10:
         72:91:06:dd:fc:ae:c2:40:46:81:51:e8:8d:ae:ca:dd:09:18:
         48:41:79:3d:25:d4:c0:c5:3c:b5:6a:41:22:8e:63:66:47:6e:
         f9:3f:73:81:64:b4:ac:51:6d:67:70:04:66:f3:1c:c3:21:11:
         7d:04:06:d8:d1:8b:35:42:14:b1:eb:b3:8c:0c:4f:61:57:cd:
         9f:71:9d:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijg3hWVeFl0dbVveNS6IuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjUwMTAxMTU0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTk5ZjA1NTMzYjZlOGYwNzFkZGFlYmM3NjFjNmIzN2UzNzZmZmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDJIEgNtXqxr4AMYI/qgjoFzFDfO
boh5t32YtRb5UnAYLSc+9onZG8NxRurXQbna5fpgLvGhcb0tiLzu765qmjQY7fYM
sGw3rS6/HINzy5OVE9xD/uikD5ZuUDtbX9zlSkbWR7kMKmemvudjndAwR7suH9Q3
S//RhcIuKJ7HFI6L+EO9R7v2pE6t1L4cAQSo0gv/v2r5sHBi/iO7g6/DeZT+F+O9
I+xss7+WJbwQ38dVcgDG1MXBt6W6xcsEkD04zpZlcSgFCk1famwPsT1fM5ks8ahQ
65RC62byI+qt4Thx2mbG+OdpXV+kX5yR3oJpuxi/6sYyvkPA21UNjhW+ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEWZ8FUztujwcd2uvHYcazfjdv/VMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvUlpud1ZUTzI2UEJ4M2E2OGRoeHJOLU4yXzlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBiy3WMA0G
CSqGSIb3DQEBCwUAA4IBAQAvsd5U3DkXAyvOd0Bv4UqRdRrMn+fDLPbtVSvdJnAQ
7128GZ9QeoxMRu2tTazFKy3MTnQWO5Wb0xwptkPNDUeK+6ziPXnGtxliHQ7cNvGp
fhaHdJmnUrhfNfjA/hcqKhNC1/yaFNFulAHDjKwCLwzTjgwZqKzAb45oZOnuPOKH
IXhgvIzJRpaiPMLTlXZaDQrL8x57Pb2Fy1i5wmxnnjFXL9C7Pcvzlfn/eM/UCP44
QKnL5RBykQbd/K7CQEaBUeiNrsrdCRhIQXk9JdTAxTy1akEijmNmR275P3OBZLSs
UW1ncARm8xzDIRF9BAbY0Ys1QhSx67OMDE9hV82fcZ1C
-----END CERTIFICATE-----