Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/ZWCXXdfhMKu44PX-A6YEp2UiZPA.roa
File:                     ZWCXXdfhMKu44PX-A6YEp2UiZPA.roa (raw, json)
Hash identifier:          QZ9nw6Rb8b+5Ipz/WfFz/MQUV3NqW6gj+wcTZJ283/A=
Subject key identifier:   65:60:97:5D:D7:E1:30:AB:B8:E0:F5:FE:03:A6:04:A7:65:22:64:F0
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       01941FFA684C04E41CE1AA17C8B8B56A3903
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/ZWCXXdfhMKu44PX-A6YEp2UiZPA.roa
Signing time:             Wed 01 Jan 2025 03:48:11 +0000
ROA not before:           Wed 01 Jan 2025 03:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47376
IP address blocks:        37.32.44.0/24 maxlen: 24
                          37.32.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:68:4c:04:e4:1c:e1:aa:17:c8:b8:b5:6a:39:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jan  1 03:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6560975dd7e130abb8e0f5fe03a604a7652264f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ec:b3:85:62:cc:5d:5f:85:8e:4f:cb:76:d9:
                    27:7e:6c:1f:ed:2e:0a:fc:7f:79:a2:b9:b1:16:e7:
                    39:df:fc:a7:f2:a9:ab:b0:fc:73:ce:1a:cd:85:3c:
                    72:33:ef:eb:be:2e:d1:4d:a7:0e:c2:6d:16:97:78:
                    6b:24:8d:87:b9:92:7b:48:f8:67:a9:0d:ea:fd:b0:
                    70:22:2b:c3:21:47:3b:25:21:8a:fc:3b:5c:af:8c:
                    01:27:ab:3f:29:d8:9f:ba:be:53:5f:56:bf:e4:90:
                    79:45:c4:fe:10:da:c8:0d:34:39:a1:a1:a5:f8:62:
                    70:3b:a2:d8:ef:75:79:75:ee:3b:dd:9a:38:52:65:
                    7d:f8:e5:a2:62:12:69:93:81:33:3f:59:b7:2d:0c:
                    50:d2:ae:3f:6c:a1:da:a7:a9:58:b0:94:82:ce:e0:
                    89:48:af:2e:74:7e:30:bb:e7:b9:9c:25:26:c3:64:
                    a2:e9:34:f9:9c:57:d1:42:bc:67:76:2e:28:15:c4:
                    0b:cb:5a:18:0b:5d:f0:d6:c4:c4:42:85:9d:27:c3:
                    ce:bc:c9:c3:af:b6:5b:7c:87:71:b7:d1:d8:1e:e6:
                    45:7b:c3:8c:24:1e:69:e0:26:8a:2a:ff:66:08:69:
                    4e:22:23:04:06:48:d9:10:ed:7a:af:91:2e:06:5e:
                    fe:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:60:97:5D:D7:E1:30:AB:B8:E0:F5:FE:03:A6:04:A7:65:22:64:F0
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/ZWCXXdfhMKu44PX-A6YEp2UiZPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:93:e3:6a:f0:c6:72:a8:af:a6:f6:93:e9:f2:65:4a:6f:02:
         30:97:38:49:21:71:9c:ff:3c:4c:aa:15:e9:10:b5:1d:17:8f:
         80:7c:94:34:25:d2:dd:27:41:cc:65:47:6a:82:a8:69:c0:eb:
         77:6a:85:70:15:fb:1a:57:ac:cb:6e:8b:48:d4:33:b0:9e:38:
         9a:40:b4:16:9d:2c:43:cc:e8:73:81:42:78:a4:a2:be:9d:12:
         f1:44:b0:ab:2b:cf:99:75:d0:77:34:e3:23:90:c8:37:66:f3:
         19:ab:22:00:c7:dd:4c:2e:de:f7:15:fa:08:25:00:dd:d1:37:
         7c:0a:23:58:d0:34:a5:1f:52:77:ff:04:4c:12:7f:0e:0e:63:
         44:30:0c:5e:00:5d:d4:a9:e3:83:b0:e0:7d:bc:63:cb:d8:9b:
         45:bb:b0:0f:39:51:4e:d1:67:f7:51:03:0c:02:aa:20:01:28:
         b4:7c:0a:f7:71:5f:6a:bb:73:85:5e:0c:6e:3f:85:be:42:ff:
         11:d9:e7:21:52:94:7e:cf:c6:7a:8d:f4:b4:8a:a0:b6:ee:5b:
         94:9b:45:c2:86:83:f7:56:e1:1a:b2:92:35:df:86:81:18:3d:
         5a:1d:dc:d5:f5:2b:8b:0a:0b:98:4d:d4:7f:0d:5f:49:52:2b:
         99:b9:e0:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+mhMBOQc4aoXyLi1ajkDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwMTAxMDM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTYwOTc1ZGQ3ZTEzMGFiYjhlMGY1ZmUwM2E2MDRhNzY1MjI2NGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uyzhWLMXV+Fjk/Ldtknfmwf7S4K
/H95ormxFuc53/yn8qmrsPxzzhrNhTxyM+/rvi7RTacOwm0Wl3hrJI2HuZJ7SPhn
qQ3q/bBwIivDIUc7JSGK/Dtcr4wBJ6s/Kdifur5TX1a/5JB5RcT+ENrIDTQ5oaGl
+GJwO6LY73V5de473Zo4UmV9+OWiYhJpk4EzP1m3LQxQ0q4/bKHap6lYsJSCzuCJ
SK8udH4wu+e5nCUmw2Si6TT5nFfRQrxndi4oFcQLy1oYC13w1sTEQoWdJ8POvMnD
r7ZbfIdxt9HYHuZFe8OMJB5p4CaKKv9mCGlOIiMEBkjZEO16r5EuBl7+LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGVgl13X4TCruOD1/gOmBKdlImTwMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvWldDWFhkZmhNS3U0NFBYLUE2WUVwMlVpWlBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJSAsMA0G
CSqGSIb3DQEBCwUAA4IBAQCDk+Nq8MZyqK+m9pPp8mVKbwIwlzhJIXGc/zxMqhXp
ELUdF4+AfJQ0JdLdJ0HMZUdqgqhpwOt3aoVwFfsaV6zLbotI1DOwnjiaQLQWnSxD
zOhzgUJ4pKK+nRLxRLCrK8+ZddB3NOMjkMg3ZvMZqyIAx91MLt73FfoIJQDd0Td8
CiNY0DSlH1J3/wRMEn8ODmNEMAxeAF3UqeODsOB9vGPL2JtFu7APOVFO0Wf3UQMM
AqogASi0fAr3cV9qu3OFXgxuP4W+Qv8R2echUpR+z8Z6jfS0iqC27luUm0XChoP3
VuEaspI134aBGD1aHdzV9SuLCguYTdR/DV9JUiuZueBx
-----END CERTIFICATE-----