Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/zAwP-QQXcGtOUVeoBnbHQ2-N3qI.roa
File:                     zAwP-QQXcGtOUVeoBnbHQ2-N3qI.roa (raw, json)
Hash identifier:          jrDsPH/FRwp2E/YkqkoWTRtb5BnAJy1RDV1k/VtZyOs=
Subject key identifier:   CC:0C:0F:F9:04:17:70:6B:4E:51:57:A8:06:76:C7:43:6F:8D:DE:A2
Certificate issuer:       /CN=25cf9d8d552cdc7d8c0dc6f649b301f2351409ee
Certificate serial:       01914B67CC9F2666E106171EA12BA5FDB56B
Authority key identifier: 25:CF:9D:8D:55:2C:DC:7D:8C:0D:C6:F6:49:B3:01:F2:35:14:09:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/zAwP-QQXcGtOUVeoBnbHQ2-N3qI.roa
Signing time:             Tue 13 Aug 2024 11:02:59 +0000
ROA not before:           Tue 13 Aug 2024 11:02:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49127
IP address blocks:        45.66.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4b:67:cc:9f:26:66:e1:06:17:1e:a1:2b:a5:fd:b5:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25cf9d8d552cdc7d8c0dc6f649b301f2351409ee
        Validity
            Not Before: Aug 13 11:02:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc0c0ff90417706b4e5157a80676c7436f8ddea2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:fb:e9:7b:af:b7:32:eb:72:2a:d0:36:3f:b7:
                    7d:b9:16:72:c8:a7:fb:39:2c:0c:70:a6:37:4d:5a:
                    42:d4:dd:a1:1b:47:57:ac:cd:6f:f1:8d:5c:2b:71:
                    3e:d9:82:6e:3e:3d:74:52:8c:e1:e6:71:6a:c9:5b:
                    13:15:1d:55:5e:a8:7d:ab:81:93:c3:68:c4:a9:60:
                    8d:80:3c:f6:37:55:b1:51:0e:6e:f2:d2:ba:90:24:
                    61:a1:f6:d6:11:91:ea:1b:66:f4:11:c5:8e:55:2c:
                    ef:3f:f4:c9:63:cb:5a:07:44:4d:9c:f9:53:1d:0a:
                    1d:b8:6d:b1:cd:17:55:60:2b:73:43:c6:5e:59:81:
                    47:0c:51:ea:7a:56:55:03:bf:c0:20:6c:2c:ca:96:
                    71:27:7c:ab:78:1a:3b:7f:84:cc:81:ee:e0:e3:ab:
                    ed:0a:2a:b8:d9:f8:0a:c3:de:4c:12:7c:45:ed:c1:
                    d0:91:b0:9d:fa:17:27:a7:6f:1d:36:5d:0d:25:d4:
                    f8:37:fc:e4:ca:c6:54:ff:0f:87:17:86:7f:ac:77:
                    a0:e4:05:4e:43:8c:8e:27:d6:32:84:38:94:d1:67:
                    7a:c7:72:b0:f6:05:81:30:dd:2f:bf:1c:76:4c:4a:
                    30:93:17:ba:39:41:24:01:17:bc:ec:3b:e3:ea:c1:
                    62:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:0C:0F:F9:04:17:70:6B:4E:51:57:A8:06:76:C7:43:6F:8D:DE:A2
            X509v3 Authority Key Identifier:
                keyid:25:CF:9D:8D:55:2C:DC:7D:8C:0D:C6:F6:49:B3:01:F2:35:14:09:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/zAwP-QQXcGtOUVeoBnbHQ2-N3qI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:3c:7d:6f:cf:c8:9f:75:22:c5:45:6a:11:70:ba:52:2f:6b:
         37:cd:23:e5:77:7c:a0:18:3c:27:22:8a:31:be:85:92:bc:64:
         c3:13:aa:d3:f0:62:d7:2c:a7:9a:0d:18:e7:50:f2:12:df:05:
         7a:0a:15:5b:2a:b0:96:61:b9:a2:a7:d8:14:f0:59:3e:3a:83:
         8e:82:d4:c6:3b:7d:04:83:3d:5b:59:50:fa:74:cb:7f:a9:e9:
         df:96:73:bb:6d:67:5a:7d:24:08:b1:f9:c9:54:30:40:31:a3:
         15:dd:76:27:cb:50:c3:c5:94:aa:a4:3f:80:d2:02:8d:5c:6e:
         ba:e9:c3:10:55:51:2d:60:6a:ba:f3:16:f9:5f:37:2e:d8:0e:
         8f:da:55:14:34:28:6c:41:6e:21:12:d4:76:4b:bd:75:13:53:
         36:cc:63:a1:da:28:d6:92:a8:4a:ef:f0:14:55:7d:e5:fb:4e:
         d1:b0:82:60:2e:c9:86:56:cb:6f:6e:de:67:59:9f:d1:69:e0:
         9e:97:ea:33:58:6e:49:ad:21:bf:d3:2d:f7:22:96:45:d2:d0:
         90:0b:66:61:5d:e8:62:dc:29:2a:cf:8c:6a:4e:c2:3a:c0:22:
         46:69:71:58:7b:2a:d0:b4:b3:a6:9f:3b:a0:95:4d:f0:92:f8:
         fe:55:bd:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFLZ8yfJmbhBhceoSul/bVrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Y2Y5ZDhkNTUyY2RjN2Q4YzBkYzZmNjQ5YjMwMWYyMzUx
NDA5ZWUwHhcNMjQwODEzMTEwMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzBjMGZmOTA0MTc3MDZiNGU1MTU3YTgwNjc2Yzc0MzZmOGRkZWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/vpe6+3MutyKtA2P7d9uRZyyKf7
OSwMcKY3TVpC1N2hG0dXrM1v8Y1cK3E+2YJuPj10Uozh5nFqyVsTFR1VXqh9q4GT
w2jEqWCNgDz2N1WxUQ5u8tK6kCRhofbWEZHqG2b0EcWOVSzvP/TJY8taB0RNnPlT
HQoduG2xzRdVYCtzQ8ZeWYFHDFHqelZVA7/AIGwsypZxJ3yreBo7f4TMge7g46vt
Ciq42fgKw95MEnxF7cHQkbCd+hcnp28dNl0NJdT4N/zkysZU/w+HF4Z/rHeg5AVO
Q4yOJ9YyhDiU0Wd6x3Kw9gWBMN0vvxx2TEowkxe6OUEkARe87Dvj6sFiGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMwMD/kEF3BrTlFXqAZ2x0Nvjd6iMB8GA1UdIwQY
MBaAFCXPnY1VLNx9jA3G9kmzAfI1FAnuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmMtZGpWVXMzSDJNRGNiMlNiTUI4alVVQ2U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9hMGUwOGEtOWZmMC00NGI0LWJjYzQt
YTEwNjkwYTc0NGU0LzEvekF3UC1RUVhjR3RPVVZlb0JuYkhRMi1OM3FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9hMGUwOGEtOWZmMC00NGI0LWJjYzQtYTEwNjkwYTc0NGU0
LzEvSmMtZGpWVXMzSDJNRGNiMlNiTUI4alVVQ2U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUIiMA0G
CSqGSIb3DQEBCwUAA4IBAQAEPH1vz8ifdSLFRWoRcLpSL2s3zSPld3ygGDwnIoox
voWSvGTDE6rT8GLXLKeaDRjnUPIS3wV6ChVbKrCWYbmip9gU8Fk+OoOOgtTGO30E
gz1bWVD6dMt/qenflnO7bWdafSQIsfnJVDBAMaMV3XYny1DDxZSqpD+A0gKNXG66
6cMQVVEtYGq68xb5Xzcu2A6P2lUUNChsQW4hEtR2S711E1M2zGOh2ijWkqhK7/AU
VX3l+07RsIJgLsmGVstvbt5nWZ/RaeCel+ozWG5JrSG/0y33IpZF0tCQC2ZhXehi
3Ckqz4xqTsI6wCJGaXFYeyrQtLOmnzuglU3wkvj+Vb03
-----END CERTIFICATE-----