Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/qzf4ixrnxlyPY4M6OFwxuufPZUc.roa
File:                     qzf4ixrnxlyPY4M6OFwxuufPZUc.roa (raw, json)
Hash identifier:          rG1VVszLG5WVVKQGvdxln4lBNhFM2JRMyRjEPbVzG7A=
Subject key identifier:   AB:37:F8:8B:1A:E7:C6:5C:8F:63:83:3A:38:5C:31:BA:E7:CF:65:47
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019428277A2998B7303AB3E0E8D682CC5789
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/qzf4ixrnxlyPY4M6OFwxuufPZUc.roa
Signing time:             Thu 02 Jan 2025 17:54:23 +0000
ROA not before:           Thu 02 Jan 2025 17:54:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398343
IP address blocks:        45.88.12.0/24 maxlen: 24
                          91.216.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:7a:29:98:b7:30:3a:b3:e0:e8:d6:82:cc:57:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab37f88b1ae7c65c8f63833a385c31bae7cf6547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:bd:01:79:62:cc:c3:3e:66:00:4a:fd:24:7f:
                    25:92:20:e5:44:57:c6:89:f8:a0:83:e6:65:9f:d2:
                    34:b9:67:22:87:4e:5d:80:25:ab:a4:fb:d3:b2:f3:
                    f6:f3:4f:42:ce:35:cb:4a:cc:e7:95:0d:0d:f5:2b:
                    fd:11:a3:bf:98:b1:a2:77:74:36:ac:65:b2:9f:f2:
                    58:8f:82:eb:ff:25:71:d8:46:06:ef:42:cd:26:47:
                    4b:93:52:86:5d:68:3f:fc:f0:15:fe:78:dc:b4:4a:
                    bb:05:2b:fb:48:93:fd:2e:ee:be:b8:62:7b:f2:a0:
                    4b:02:cb:fb:6d:4e:7c:77:aa:30:cf:2a:8b:e9:7b:
                    1f:ef:c4:92:98:e9:6a:f5:c5:b9:45:db:db:4b:9f:
                    37:26:80:54:a4:2c:1a:aa:a4:2f:c0:25:d2:42:3d:
                    40:1f:2e:36:92:5e:6b:f0:a0:cd:5b:69:a0:f6:04:
                    07:79:63:ce:df:29:f6:ab:17:3c:00:28:3e:b4:bc:
                    18:1e:86:ca:43:29:68:73:c3:04:73:a3:08:d9:d6:
                    2b:81:44:a8:6d:07:0a:ec:1c:2b:67:04:63:b6:a2:
                    a0:ea:d9:24:82:aa:8a:eb:a5:a8:11:b8:ef:5e:b2:
                    70:5e:e0:da:3d:ec:32:dd:4b:34:ba:1c:c9:ec:84:
                    a0:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:37:F8:8B:1A:E7:C6:5C:8F:63:83:3A:38:5C:31:BA:E7:CF:65:47
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/qzf4ixrnxlyPY4M6OFwxuufPZUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.12.0/24
                  91.216.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:fb:26:03:56:9b:98:1f:97:54:62:b2:a0:84:35:05:e6:09:
         f5:01:e2:18:8e:95:79:c4:8a:af:b1:aa:2c:7e:0e:34:3c:f5:
         0e:b7:99:72:bd:74:9a:ad:5b:9d:26:2f:77:8f:fe:18:2e:cc:
         43:22:4f:22:c9:e0:4b:b9:9b:bf:57:40:a2:ce:34:11:b0:3c:
         57:77:05:04:74:77:9d:ad:de:de:3d:03:46:fd:ad:58:fe:0b:
         8b:d8:08:f7:d2:b1:fe:b7:12:df:47:da:67:e6:bd:01:20:9a:
         82:53:ed:f8:07:7c:68:95:13:14:f3:80:39:82:fe:6e:28:d4:
         31:80:fe:61:90:ad:05:bd:bb:4c:ad:00:1a:23:5e:04:cc:fb:
         f7:2d:5a:06:e0:b0:4e:ac:18:84:7a:62:e4:b5:ec:2b:5b:60:
         21:e9:6f:f3:7c:96:f3:17:a6:89:77:5b:3e:98:2c:c7:32:55:
         a1:f0:f5:75:ca:03:c4:ac:ce:e6:2a:48:3b:3e:7f:87:9d:bd:
         aa:12:14:b9:e6:03:a5:5f:fe:41:0d:46:b0:9b:25:35:21:37:
         16:86:13:3a:e1:86:d7:9a:70:f6:ed:de:63:71:b1:86:67:40:
         06:16:68:e0:7f:3f:97:3f:99:d1:d4:96:6c:9c:84:8d:ea:e4:
         7a:af:d8:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJ3opmLcwOrPg6NaCzFeJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjM3Zjg4YjFhZTdjNjVjOGY2MzgzM2EzODVjMzFiYWU3Y2Y2NTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsL0BeWLMwz5mAEr9JH8lkiDlRFfG
ifigg+Zln9I0uWcih05dgCWrpPvTsvP2809CzjXLSsznlQ0N9Sv9EaO/mLGid3Q2
rGWyn/JYj4Lr/yVx2EYG70LNJkdLk1KGXWg//PAV/njctEq7BSv7SJP9Lu6+uGJ7
8qBLAsv7bU58d6owzyqL6Xsf78SSmOlq9cW5RdvbS583JoBUpCwaqqQvwCXSQj1A
Hy42kl5r8KDNW2mg9gQHeWPO3yn2qxc8ACg+tLwYHobKQyloc8MEc6MI2dYrgUSo
bQcK7BwrZwRjtqKg6tkkgqqK66WoEbjvXrJwXuDaPewy3Us0uhzJ7ISgHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKs3+Isa58Zcj2ODOjhcMbrnz2VHMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvcXpmNGl4cm54bHlQWTRNNk9Gd3h1dWZQWlVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVgMAwQA
W9i5MA0GCSqGSIb3DQEBCwUAA4IBAQAu+yYDVpuYH5dUYrKghDUF5gn1AeIYjpV5
xIqvsaosfg40PPUOt5lyvXSarVudJi93j/4YLsxDIk8iyeBLuZu/V0CizjQRsDxX
dwUEdHedrd7ePQNG/a1Y/guL2Aj30rH+txLfR9pn5r0BIJqCU+34B3xolRMU84A5
gv5uKNQxgP5hkK0FvbtMrQAaI14EzPv3LVoG4LBOrBiEemLktewrW2Ah6W/zfJbz
F6aJd1s+mCzHMlWh8PV1ygPErM7mKkg7Pn+Hnb2qEhS55gOlX/5BDUawmyU1ITcW
hhM64YbXmnD27d5jcbGGZ0AGFmjgfz+XP5nR1JZsnISN6uR6r9hq
-----END CERTIFICATE-----