Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/zC5qQAr1NH8TWMnKZTFLrXEquxw.roa
File:                     zC5qQAr1NH8TWMnKZTFLrXEquxw.roa (raw, json)
Hash identifier:          p9nwz/HJCgnc5FZXpmGWtTKanzU2+2yGdiNXNP6y+Q0=
Subject key identifier:   CC:2E:6A:40:0A:F5:34:7F:13:58:C9:CA:65:31:4B:AD:71:2A:BB:1C
Certificate issuer:       /CN=55fad96dd05af8c2d26192c841131f2f97459fed
Certificate serial:       0194266A2BA33DA8FE9EF8AA0C32824FCE86
Authority key identifier: 55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/zC5qQAr1NH8TWMnKZTFLrXEquxw.roa
Signing time:             Thu 02 Jan 2025 09:47:59 +0000
ROA not before:           Thu 02 Jan 2025 09:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59514
IP address blocks:        45.10.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:2b:a3:3d:a8:fe:9e:f8:aa:0c:32:82:4f:ce:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55fad96dd05af8c2d26192c841131f2f97459fed
        Validity
            Not Before: Jan  2 09:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc2e6a400af5347f1358c9ca65314bad712abb1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f9:49:6a:e2:4d:db:1e:35:66:a7:44:a6:12:
                    80:64:8a:e3:3c:27:23:a5:a4:f5:9a:c7:93:f0:f9:
                    f5:89:1b:33:a3:d3:1f:3e:3c:a5:db:78:1e:e1:2b:
                    36:38:47:b6:50:14:32:23:bc:d3:a8:e6:e5:76:36:
                    be:2e:d8:72:96:c4:46:13:a7:08:34:84:fc:99:46:
                    f6:25:3a:bc:f2:c4:72:ec:fd:02:40:e8:bf:a1:9f:
                    45:90:5f:ab:a9:fe:f6:da:85:cb:9b:1d:23:55:5c:
                    51:5d:39:7d:22:b6:e4:64:1d:ee:55:a9:76:50:45:
                    a7:87:21:ce:22:ab:16:57:64:6d:dc:92:a4:0f:be:
                    60:78:26:97:35:23:92:54:88:b3:96:7e:62:ed:9a:
                    ac:f9:79:20:bf:1c:84:bc:fe:68:e9:d2:b8:cd:ec:
                    97:b7:fb:70:fd:45:67:0c:c2:65:b4:20:4c:39:10:
                    05:92:a6:4f:81:37:4f:19:ca:8e:20:e7:a8:a8:ab:
                    e4:ba:7f:d9:4b:0b:f5:98:04:6b:30:96:11:e6:da:
                    bc:d5:ba:cc:e5:bb:8b:0c:70:0e:35:f7:17:10:09:
                    54:69:86:aa:80:e4:a5:76:e5:65:c1:82:6d:8c:35:
                    cf:62:66:ef:d1:b7:7f:a1:a9:0a:8b:f6:ac:64:86:
                    8e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:2E:6A:40:0A:F5:34:7F:13:58:C9:CA:65:31:4B:AD:71:2A:BB:1C
            X509v3 Authority Key Identifier:
                keyid:55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/zC5qQAr1NH8TWMnKZTFLrXEquxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:1f:9b:f6:62:35:3c:0a:3a:e2:5e:c1:cc:19:5e:c1:8a:32:
         d8:47:c8:f7:b4:6b:3d:5e:73:b5:f1:72:89:0d:41:cb:cc:e8:
         58:de:94:64:32:ad:48:44:32:ae:c6:fa:2c:e6:ca:fd:f2:0b:
         05:d9:aa:70:a6:e4:25:60:00:ae:96:ff:bf:3a:f5:ae:5b:d2:
         8d:c6:09:45:8c:01:27:f5:85:62:66:3d:24:72:5d:5f:b7:92:
         fa:62:63:85:83:5a:7b:4a:55:5c:14:be:53:0c:0b:99:a4:77:
         55:64:d6:6e:0a:ed:27:f4:c3:d4:93:34:61:2a:04:6e:b7:03:
         56:f9:0f:62:26:10:f4:1b:89:d2:3a:3f:c9:42:91:b7:d2:df:
         fb:a7:22:14:8b:b0:c5:46:f6:38:f7:ee:c5:20:76:65:56:df:
         91:eb:7b:ea:d4:96:31:d3:f8:c7:98:f7:85:7d:9b:6a:6b:87:
         e0:d2:b6:27:ac:4d:e8:2f:a6:c0:eb:d0:0c:02:3d:4d:64:c5:
         a0:2e:55:2b:8e:8c:99:a0:ac:78:34:46:13:84:22:f6:c2:18:
         65:30:81:d8:a5:4c:24:e3:3f:45:b8:2e:9f:34:54:fd:b6:49:
         56:be:c1:48:1d:87:57:72:df:ed:0c:39:78:9b:66:bb:60:1f:
         8c:cb:a6:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmaiujPaj+nviqDDKCT86GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZmFkOTZkZDA1YWY4YzJkMjYxOTJjODQxMTMxZjJmOTc0
NTlmZWQwHhcNMjUwMTAyMDk0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzJlNmE0MDBhZjUzNDdmMTM1OGM5Y2E2NTMxNGJhZDcxMmFiYjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/lJauJN2x41ZqdEphKAZIrjPCcj
paT1mseT8Pn1iRszo9MfPjyl23ge4Ss2OEe2UBQyI7zTqObldja+LthylsRGE6cI
NIT8mUb2JTq88sRy7P0CQOi/oZ9FkF+rqf722oXLmx0jVVxRXTl9IrbkZB3uVal2
UEWnhyHOIqsWV2Rt3JKkD75geCaXNSOSVIizln5i7Zqs+XkgvxyEvP5o6dK4zeyX
t/tw/UVnDMJltCBMORAFkqZPgTdPGcqOIOeoqKvkun/ZSwv1mARrMJYR5tq81brM
5buLDHAONfcXEAlUaYaqgOSlduVlwYJtjDXPYmbv0bd/oakKi/asZIaOPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMwuakAK9TR/E1jJymUxS61xKrscMB8GA1UdIwQY
MBaAFFX62W3QWvjC0mGSyEETHy+XRZ/tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAt
MzBmZjJjODNmMDAxLzEvekM1cVFBcjFOSDhUV01uS1pURkxyWEVxdXh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAtMzBmZjJjODNmMDAx
LzEvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQpYMA0G
CSqGSIb3DQEBCwUAA4IBAQB+H5v2YjU8CjriXsHMGV7BijLYR8j3tGs9XnO18XKJ
DUHLzOhY3pRkMq1IRDKuxvos5sr98gsF2apwpuQlYACulv+/OvWuW9KNxglFjAEn
9YViZj0kcl1ft5L6YmOFg1p7SlVcFL5TDAuZpHdVZNZuCu0n9MPUkzRhKgRutwNW
+Q9iJhD0G4nSOj/JQpG30t/7pyIUi7DFRvY49+7FIHZlVt+R63vq1JYx0/jHmPeF
fZtqa4fg0rYnrE3oL6bA69AMAj1NZMWgLlUrjoyZoKx4NEYThCL2whhlMIHYpUwk
4z9FuC6fNFT9tklWvsFIHYdXct/tDDl4m2a7YB+My6bL
-----END CERTIFICATE-----