Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/2sz7XXaQR044rc-q4fD0WIzUxYQ.roa
File:                     2sz7XXaQR044rc-q4fD0WIzUxYQ.roa (raw, json)
Hash identifier:          pi07prhyU4hZ/cG1dB+HetMAgpuPmtLhNCb2plULwQE=
Subject key identifier:   DA:CC:FB:5D:76:90:47:4E:38:AD:CF:AA:E1:F0:F4:58:8C:D4:C5:84
Certificate issuer:       /CN=9e42ca46688a837b575234ce6a1a326587d6c204
Certificate serial:       019420D62568A7D92920E265F2702E70D085
Authority key identifier: 9E:42:CA:46:68:8A:83:7B:57:52:34:CE:6A:1A:32:65:87:D6:C2:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/2sz7XXaQR044rc-q4fD0WIzUxYQ.roa
Signing time:             Wed 01 Jan 2025 07:48:12 +0000
ROA not before:           Wed 01 Jan 2025 07:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207790
IP address blocks:        45.13.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:25:68:a7:d9:29:20:e2:65:f2:70:2e:70:d0:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e42ca46688a837b575234ce6a1a326587d6c204
        Validity
            Not Before: Jan  1 07:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=daccfb5d7690474e38adcfaae1f0f4588cd4c584
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:11:1b:40:b8:33:36:f1:8c:5a:85:8c:d4:33:
                    87:16:e8:f4:1a:9a:4b:80:45:ec:d0:35:79:4a:9a:
                    fa:35:47:1b:7f:d4:c5:62:62:37:da:85:9e:f2:cf:
                    b1:5f:e5:b3:31:2f:a0:30:05:d9:10:2a:3b:43:ee:
                    9c:b7:85:9a:d8:31:5c:79:48:9d:5b:8c:7c:a3:4d:
                    00:b9:1d:90:53:c2:3a:50:b4:c3:06:77:3e:60:3b:
                    c8:21:74:63:da:e8:ad:d0:f8:02:ce:f4:1c:63:87:
                    b0:2a:3c:de:11:2f:3a:1b:fc:c1:36:ea:8b:1d:bb:
                    89:c8:ac:3c:a7:c9:4e:fd:b2:ca:01:65:03:43:b5:
                    a0:f8:0f:77:99:05:f5:88:50:0b:1a:f5:21:bc:07:
                    d3:7c:ef:71:79:40:b4:d7:94:18:b4:d4:73:8f:0a:
                    ec:85:f4:dd:f5:b6:65:38:ba:84:48:e9:9a:db:fa:
                    0f:fb:8f:87:c6:8a:b5:20:18:c6:10:23:d5:36:b2:
                    57:fb:40:eb:20:7d:9e:f4:2c:c2:60:7d:fb:d7:5b:
                    c4:c6:4a:29:59:6d:0b:4e:73:79:a0:e5:98:7c:24:
                    a1:e8:e5:34:9e:e0:79:16:07:00:12:4c:fd:8d:ac:
                    ab:be:d9:2f:b6:af:9d:7a:09:c0:d2:4a:ef:db:19:
                    ba:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:CC:FB:5D:76:90:47:4E:38:AD:CF:AA:E1:F0:F4:58:8C:D4:C5:84
            X509v3 Authority Key Identifier:
                keyid:9E:42:CA:46:68:8A:83:7B:57:52:34:CE:6A:1A:32:65:87:D6:C2:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/2sz7XXaQR044rc-q4fD0WIzUxYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:ed:ae:2f:5c:3d:b7:87:bc:d0:2e:e6:35:b9:63:3a:50:6f:
         39:b5:7f:16:2e:f8:3a:9b:0a:f2:24:14:51:45:d9:02:72:73:
         8d:a5:2b:d7:6f:d2:0e:d6:8c:78:44:1e:93:2a:ca:04:8b:66:
         1e:dc:f6:62:0d:13:6c:18:ec:6c:50:cb:17:c6:cd:01:c8:de:
         aa:18:41:e0:28:04:7b:da:d8:a8:9b:74:a7:6e:16:c2:ec:4d:
         1d:d3:5d:39:16:f3:78:31:d4:06:f7:d7:29:c6:23:88:79:cc:
         f1:c0:e6:ec:ab:3c:fc:aa:09:e2:2a:52:73:21:68:44:99:85:
         f6:7e:05:d4:ea:c8:72:93:90:f0:54:47:a4:8c:56:f0:ee:49:
         05:d1:22:70:98:8b:33:d4:82:58:6e:53:82:53:7d:aa:23:82:
         1e:c8:5c:4c:8e:70:cc:69:b9:1a:a2:72:eb:df:95:77:ab:9f:
         9a:54:2f:bf:85:32:5b:f4:c2:13:19:e0:f4:1e:36:f7:8d:cc:
         5d:a9:33:90:cf:67:f2:12:d3:f3:09:b2:c7:a2:4f:14:81:30:
         42:28:29:8f:94:5f:84:9e:d9:e2:e7:a1:7d:5c:10:93:37:7f:
         41:60:33:b5:4b:9c:ff:40:19:5f:71:a5:1e:3e:e7:44:71:c4:
         88:e4:77:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1iVop9kpIOJl8nAucNCFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDJjYTQ2Njg4YTgzN2I1NzUyMzRjZTZhMWEzMjY1ODdk
NmMyMDQwHhcNMjUwMTAxMDc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWNjZmI1ZDc2OTA0NzRlMzhhZGNmYWFlMWYwZjQ1ODhjZDRjNTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxEbQLgzNvGMWoWM1DOHFuj0GppL
gEXs0DV5Spr6NUcbf9TFYmI32oWe8s+xX+WzMS+gMAXZECo7Q+6ct4Wa2DFceUid
W4x8o00AuR2QU8I6ULTDBnc+YDvIIXRj2uit0PgCzvQcY4ewKjzeES86G/zBNuqL
HbuJyKw8p8lO/bLKAWUDQ7Wg+A93mQX1iFALGvUhvAfTfO9xeUC015QYtNRzjwrs
hfTd9bZlOLqESOma2/oP+4+Hxoq1IBjGECPVNrJX+0DrIH2e9CzCYH3711vExkop
WW0LTnN5oOWYfCSh6OU0nuB5FgcAEkz9jayrvtkvtq+degnA0krv2xm61QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrM+112kEdOOK3PquHw9FiM1MWEMB8GA1UdIwQY
MBaAFJ5CykZoioN7V1I0zmoaMmWH1sIEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtMS1JtaUtnM3RYVWpUT2Fob3laWWZXd2dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9lZTI3OTMtYTBjOS00MmRjLWE2YTIt
MzI5YmEzODhiN2NmLzEvMnN6N1hYYVFSMDQ0cmMtcTRmRDBXSXpVeFlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9lZTI3OTMtYTBjOS00MmRjLWE2YTItMzI5YmEzODhiN2Nm
LzEvbmtMS1JtaUtnM3RYVWpUT2Fob3laWWZXd2dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ0MMA0G
CSqGSIb3DQEBCwUAA4IBAQCV7a4vXD23h7zQLuY1uWM6UG85tX8WLvg6mwryJBRR
RdkCcnONpSvXb9IO1ox4RB6TKsoEi2Ye3PZiDRNsGOxsUMsXxs0ByN6qGEHgKAR7
2tiom3SnbhbC7E0d0105FvN4MdQG99cpxiOIeczxwObsqzz8qgniKlJzIWhEmYX2
fgXU6shyk5DwVEekjFbw7kkF0SJwmIsz1IJYblOCU32qI4IeyFxMjnDMabkaonLr
35V3q5+aVC+/hTJb9MITGeD0Hjb3jcxdqTOQz2fyEtPzCbLHok8UgTBCKCmPlF+E
ntni56F9XBCTN39BYDO1S5z/QBlfcaUePudEccSI5Hd6
-----END CERTIFICATE-----