Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/083198-49a7-4864-a46d-6375e1645604/1/RRZa9Q054kEMSroT3AuPzC585XQ.roa
File:                     RRZa9Q054kEMSroT3AuPzC585XQ.roa (raw, json)
Hash identifier:          7iVMMtB+9zg3QA2J8+DzasUBkyEpZ63pEDBVLFDl2DE=
Subject key identifier:   45:16:5A:F5:0D:39:E2:41:0C:4A:BA:13:DC:0B:8F:CC:2E:7C:E5:74
Certificate issuer:       /CN=57b89f5cc78219ea1273f9f53c5b9e33bc5dbeb5
Certificate serial:       0195D1FBB976DC68CE33F895525CF6CC7C0C
Authority key identifier: 57:B8:9F:5C:C7:82:19:EA:12:73:F9:F5:3C:5B:9E:33:BC:5D:BE:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V7ifXMeCGeoSc_n1PFueM7xdvrU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/083198-49a7-4864-a46d-6375e1645604/1/RRZa9Q054kEMSroT3AuPzC585XQ.roa
Signing time:             Wed 26 Mar 2025 10:24:49 +0000
ROA not before:           Wed 26 Mar 2025 10:24:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201150
IP address blocks:        80.75.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/083198-49a7-4864-a46d-6375e1645604/1/V7ifXMeCGeoSc_n1PFueM7xdvrU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/083198-49a7-4864-a46d-6375e1645604/1/V7ifXMeCGeoSc_n1PFueM7xdvrU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V7ifXMeCGeoSc_n1PFueM7xdvrU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 01:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d1:fb:b9:76:dc:68:ce:33:f8:95:52:5c:f6:cc:7c:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57b89f5cc78219ea1273f9f53c5b9e33bc5dbeb5
        Validity
            Not Before: Mar 26 10:24:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45165af50d39e2410c4aba13dc0b8fcc2e7ce574
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:9a:11:4f:26:92:0d:56:3c:9b:fb:75:98:89:
                    1d:13:00:1a:17:78:6e:87:ba:0c:29:3d:46:f8:5e:
                    0b:2f:e7:9c:fa:5a:0e:cc:62:b1:30:16:f6:bb:e6:
                    ed:2c:71:d9:3a:f9:95:3b:46:c1:7b:37:b2:ae:87:
                    07:57:47:bf:73:a9:29:ce:a2:7e:f5:dc:04:86:22:
                    75:92:1f:f3:28:c2:86:46:b3:de:b0:cb:ef:04:f7:
                    b1:9c:a6:74:d8:c3:eb:62:94:31:4a:93:d2:dd:a4:
                    e1:af:eb:6c:80:02:e1:08:c7:a6:a6:d6:da:a9:07:
                    ed:c1:2a:c3:80:9d:31:21:15:94:bf:04:55:b7:fd:
                    93:0f:f7:92:42:22:b4:2e:f8:83:88:0c:70:80:dd:
                    8e:a8:06:67:12:c8:94:82:79:a8:92:57:27:21:60:
                    d0:af:7e:5c:8c:d8:00:dd:4b:27:ed:84:aa:05:9d:
                    2b:9e:3a:00:78:56:01:84:00:58:b8:7b:67:de:e0:
                    9e:2a:92:c6:cb:76:7c:c6:1f:ec:ed:a7:f4:bc:1c:
                    6e:9e:4f:2d:31:0f:46:62:80:e5:54:4a:1e:71:50:
                    db:c7:27:e9:f5:00:05:5c:27:7a:8a:5b:02:9e:6e:
                    54:c5:72:e8:57:62:79:9e:1a:e6:cc:cd:7c:7f:4b:
                    22:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:16:5A:F5:0D:39:E2:41:0C:4A:BA:13:DC:0B:8F:CC:2E:7C:E5:74
            X509v3 Authority Key Identifier:
                keyid:57:B8:9F:5C:C7:82:19:EA:12:73:F9:F5:3C:5B:9E:33:BC:5D:BE:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V7ifXMeCGeoSc_n1PFueM7xdvrU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/083198-49a7-4864-a46d-6375e1645604/1/RRZa9Q054kEMSroT3AuPzC585XQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/083198-49a7-4864-a46d-6375e1645604/1/V7ifXMeCGeoSc_n1PFueM7xdvrU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:66:51:44:3d:57:5d:27:b2:e0:a5:ad:53:1e:7a:92:7c:5a:
         35:69:10:91:b2:61:53:f6:70:32:fa:de:ef:91:34:4f:f1:e2:
         40:74:9b:cf:32:78:cd:b3:16:86:f8:47:39:16:a8:87:c7:76:
         87:4b:21:32:ce:ea:e7:99:a1:19:e6:1f:d9:c7:5e:b0:a1:f9:
         2c:e0:81:e7:60:0b:fa:5f:ec:d0:f9:c9:05:d8:f7:fe:9b:73:
         9f:5b:4c:30:e8:f0:db:2e:27:01:09:f3:9d:41:d7:66:be:cd:
         1e:67:c2:46:ec:88:c0:16:bb:2c:d2:d0:df:36:a8:29:50:3b:
         3f:67:dd:66:e3:e5:01:69:67:20:c5:aa:93:35:9e:46:b8:da:
         dc:16:b6:07:c3:bb:97:e4:35:54:7a:43:31:f6:85:74:91:76:
         8e:f7:19:ff:e1:e8:9a:e3:cc:f2:92:5c:8c:57:58:2e:4c:2a:
         7d:9f:13:fd:91:8a:d7:c3:26:0d:0d:4f:54:d3:47:ca:43:0c:
         db:cb:cb:ba:69:cd:fb:22:d5:e1:98:ba:e3:50:99:1d:1e:84:
         8f:5d:59:71:ec:ec:41:ec:d4:db:21:ec:3d:fe:b9:48:ab:d8:
         90:f1:e7:f5:d7:d2:a1:54:c6:f6:c1:eb:bf:d6:fd:f8:8d:03:
         59:85:a4:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXR+7l23GjOM/iVUlz2zHwMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3Yjg5ZjVjYzc4MjE5ZWExMjczZjlmNTNjNWI5ZTMzYmM1
ZGJlYjUwHhcNMjUwMzI2MTAyNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTE2NWFmNTBkMzllMjQxMGM0YWJhMTNkYzBiOGZjYzJlN2NlNTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5oRTyaSDVY8m/t1mIkdEwAaF3hu
h7oMKT1G+F4LL+ec+loOzGKxMBb2u+btLHHZOvmVO0bBezeyrocHV0e/c6kpzqJ+
9dwEhiJ1kh/zKMKGRrPesMvvBPexnKZ02MPrYpQxSpPS3aThr+tsgALhCMemptba
qQftwSrDgJ0xIRWUvwRVt/2TD/eSQiK0LviDiAxwgN2OqAZnEsiUgnmoklcnIWDQ
r35cjNgA3Usn7YSqBZ0rnjoAeFYBhABYuHtn3uCeKpLGy3Z8xh/s7af0vBxunk8t
MQ9GYoDlVEoecVDbxyfp9QAFXCd6ilsCnm5UxXLoV2J5nhrmzM18f0siuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEUWWvUNOeJBDEq6E9wLj8wufOV0MB8GA1UdIwQY
MBaAFFe4n1zHghnqEnP59TxbnjO8Xb61MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjdpZlhNZUNHZW9TY19uMVBGdWVNN3hkdnJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wODMxOTgtNDlhNy00ODY0LWE0NmQt
NjM3NWUxNjQ1NjA0LzEvUlJaYTlRMDU0a0VNU3JvVDNBdVB6QzU4NVhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wODMxOTgtNDlhNy00ODY0LWE0NmQtNjM3NWUxNjQ1NjA0
LzEvVjdpZlhNZUNHZW9TY19uMVBGdWVNN3hkdnJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEvXMA0G
CSqGSIb3DQEBCwUAA4IBAQAeZlFEPVddJ7Lgpa1THnqSfFo1aRCRsmFT9nAy+t7v
kTRP8eJAdJvPMnjNsxaG+Ec5FqiHx3aHSyEyzurnmaEZ5h/Zx16wofks4IHnYAv6
X+zQ+ckF2Pf+m3OfW0ww6PDbLicBCfOdQddmvs0eZ8JG7IjAFrss0tDfNqgpUDs/
Z91m4+UBaWcgxaqTNZ5GuNrcFrYHw7uX5DVUekMx9oV0kXaO9xn/4eia48zyklyM
V1guTCp9nxP9kYrXwyYNDU9U00fKQwzby8u6ac37ItXhmLrjUJkdHoSPXVlx7OxB
7NTbIew9/rlIq9iQ8ef119KhVMb2weu/1v34jQNZhaSU
-----END CERTIFICATE-----