Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/zpZBrq8RbkZDS9RG2TxpwXGuLC8.roa
File:                     zpZBrq8RbkZDS9RG2TxpwXGuLC8.roa (raw, json)
Hash identifier:          owyVbjuxXBLCpmTk2xHR5ZOcrMg9navrhIk8zkX+9js=
Subject key identifier:   CE:96:41:AE:AF:11:6E:46:43:4B:D4:46:D9:3C:69:C1:71:AE:2C:2F
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       019422202FBA4856F568C6861709174530CD
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/zpZBrq8RbkZDS9RG2TxpwXGuLC8.roa
Signing time:             Wed 01 Jan 2025 13:48:42 +0000
ROA not before:           Wed 01 Jan 2025 13:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57844
IP address blocks:        45.141.208.0/22 maxlen: 22
                          45.150.8.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:2f:ba:48:56:f5:68:c6:86:17:09:17:45:30:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Jan  1 13:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce9641aeaf116e46434bd446d93c69c171ae2c2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2c:19:53:d7:08:58:e2:09:52:0e:37:80:4c:
                    21:d1:1b:eb:fe:8d:2c:15:fa:9a:9e:1e:e0:d2:4d:
                    7c:b1:4f:83:0e:c1:9c:39:bc:09:2c:7e:07:16:eb:
                    40:57:88:74:b8:2f:e3:26:b9:44:4f:6e:54:47:3b:
                    7f:9c:ef:ba:f0:a2:ea:ef:5b:ef:8c:6d:f9:4e:cc:
                    b5:8a:94:25:6a:af:3d:23:a3:18:2a:07:90:5f:a6:
                    09:36:7d:17:ab:8c:8d:20:0f:45:58:bf:2e:ec:63:
                    1f:e8:69:22:2c:62:e3:ce:97:85:d8:d8:78:26:77:
                    f3:c6:35:50:6b:e4:6a:90:05:56:90:a2:d1:e1:0e:
                    46:d3:4b:d7:1c:be:97:8e:b9:3a:d4:1b:f6:95:f8:
                    39:03:99:61:13:e9:19:da:dc:44:a7:08:d0:88:7e:
                    be:d4:1f:62:9b:50:f9:02:fb:76:e2:c8:ff:79:84:
                    e1:dd:ff:b2:de:0b:53:aa:76:94:9f:6b:b5:03:a3:
                    ca:57:23:21:3c:1a:59:cd:95:87:7f:5f:07:d1:9f:
                    58:68:71:42:15:81:5f:d9:71:4b:81:2d:de:16:bd:
                    82:d7:ae:37:93:83:47:66:9c:99:8c:45:04:88:26:
                    89:3d:39:8a:c3:9f:50:5f:5b:07:a0:84:36:7b:f9:
                    a3:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:96:41:AE:AF:11:6E:46:43:4B:D4:46:D9:3C:69:C1:71:AE:2C:2F
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/zpZBrq8RbkZDS9RG2TxpwXGuLC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.208.0/22
                  45.150.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cd:48:53:35:bc:33:d6:6a:81:89:33:5d:95:65:b9:a7:00:1f:
         c9:4b:04:42:7c:f2:12:70:74:a7:a2:e2:55:6b:c7:58:f9:bf:
         b0:b8:af:1f:c1:56:cd:ec:ff:30:8b:fd:86:26:06:25:6d:c5:
         bc:c1:54:67:48:4e:7f:96:0b:23:da:e3:52:33:b1:e2:e5:e4:
         2f:ec:b9:71:00:78:de:c4:8d:a7:68:f0:a5:cb:db:d4:b3:ba:
         28:af:b0:20:ac:99:a4:3f:81:d3:1f:d8:20:9b:1b:05:a0:e1:
         34:6d:6c:63:2e:1d:c0:fd:53:02:29:85:ac:7c:18:a4:aa:11:
         3e:07:f2:08:6c:1f:04:48:a6:b1:49:9a:92:65:08:a3:25:72:
         52:4c:25:b8:04:28:68:7b:1f:80:9a:0a:df:d8:9c:e2:7d:64:
         16:ff:4b:b3:c9:d0:f8:79:95:27:fc:dc:84:64:16:e2:36:1a:
         84:d3:3f:c6:4d:5e:3b:ea:1f:4f:c2:60:5e:77:b6:66:29:af:
         cf:f6:8d:e1:62:cd:4a:ff:28:ad:7d:28:33:df:48:d7:50:2f:
         cc:88:bb:80:68:51:95:24:09:19:b4:24:fd:4a:81:23:3c:06:
         db:e1:2c:cb:bc:c6:c6:6b:c5:5f:a3:7e:4c:2e:f1:b0:45:c0:
         07:6d:5a:a1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIC+6SFb1aMaGFwkXRTDNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjUwMTAxMTM0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTk2NDFhZWFmMTE2ZTQ2NDM0YmQ0NDZkOTNjNjljMTcxYWUyYzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiwZU9cIWOIJUg43gEwh0Rvr/o0s
Ffqanh7g0k18sU+DDsGcObwJLH4HFutAV4h0uC/jJrlET25URzt/nO+68KLq71vv
jG35Tsy1ipQlaq89I6MYKgeQX6YJNn0Xq4yNIA9FWL8u7GMf6GkiLGLjzpeF2Nh4
JnfzxjVQa+RqkAVWkKLR4Q5G00vXHL6Xjrk61Bv2lfg5A5lhE+kZ2txEpwjQiH6+
1B9im1D5Avt24sj/eYTh3f+y3gtTqnaUn2u1A6PKVyMhPBpZzZWHf18H0Z9YaHFC
FYFf2XFLgS3eFr2C1643k4NHZpyZjEUEiCaJPTmKw59QX1sHoIQ2e/mjjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM6WQa6vEW5GQ0vURtk8acFxriwvMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvenBaQnJxOFJia1pEUzlSRzJUeHB3WEd1TEM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLY3QAwQC
LZYIMA0GCSqGSIb3DQEBCwUAA4IBAQDNSFM1vDPWaoGJM12VZbmnAB/JSwRCfPIS
cHSnouJVa8dY+b+wuK8fwVbN7P8wi/2GJgYlbcW8wVRnSE5/lgsj2uNSM7Hi5eQv
7LlxAHjexI2naPCly9vUs7oor7AgrJmkP4HTH9ggmxsFoOE0bWxjLh3A/VMCKYWs
fBikqhE+B/IIbB8ESKaxSZqSZQijJXJSTCW4BChoex+Amgrf2JzifWQW/0uzydD4
eZUn/NyEZBbiNhqE0z/GTV476h9PwmBed7ZmKa/P9o3hYs1K/yitfSgz30jXUC/M
iLuAaFGVJAkZtCT9SoEjPAbb4SzLvMbGa8Vfo35MLvGwRcAHbVqh
-----END CERTIFICATE-----