Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/f601d3-23d4-4feb-96fa-f1451ba884b8/1/DzVVrFISV3SBn05LsG8ndsYg1aE.roa
File:                     DzVVrFISV3SBn05LsG8ndsYg1aE.roa (raw, json)
Hash identifier:          hA/w0PY+vo1QpcIrf2hV7eRwasuyeWDku9nC2cWOSxo=
Subject key identifier:   0F:35:55:AC:52:12:57:74:81:9F:4E:4B:B0:6F:27:76:C6:20:D5:A1
Certificate issuer:       /CN=449d812bdf4c5fb08ed6120dcd0619abf3530520
Certificate serial:       01942747C09AD3155214A168DCEF6D1E6270
Authority key identifier: 44:9D:81:2B:DF:4C:5F:B0:8E:D6:12:0D:CD:06:19:AB:F3:53:05:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RJ2BK99MX7CO1hINzQYZq_NTBSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/f601d3-23d4-4feb-96fa-f1451ba884b8/1/DzVVrFISV3SBn05LsG8ndsYg1aE.roa
Signing time:             Thu 02 Jan 2025 13:50:01 +0000
ROA not before:           Thu 02 Jan 2025 13:50:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50135
IP address blocks:        92.42.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/f601d3-23d4-4feb-96fa-f1451ba884b8/1/RJ2BK99MX7CO1hINzQYZq_NTBSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/f601d3-23d4-4feb-96fa-f1451ba884b8/1/RJ2BK99MX7CO1hINzQYZq_NTBSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RJ2BK99MX7CO1hINzQYZq_NTBSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:c0:9a:d3:15:52:14:a1:68:dc:ef:6d:1e:62:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=449d812bdf4c5fb08ed6120dcd0619abf3530520
        Validity
            Not Before: Jan  2 13:50:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f3555ac52125774819f4e4bb06f2776c620d5a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7e:47:1d:9a:d9:98:c8:84:51:d8:f4:86:26:
                    b9:79:ae:a1:86:fa:a5:b9:47:fe:4b:f3:74:08:49:
                    8d:85:cd:1f:3b:00:2f:45:0f:10:c1:f1:de:3d:7b:
                    bf:73:65:f1:ab:c5:99:25:23:da:0a:a3:4d:3c:1f:
                    33:b0:a7:53:6c:6b:ea:e6:a5:5a:d3:89:8b:01:ce:
                    4e:73:a9:9f:13:96:a6:1c:94:55:02:e1:78:bf:e0:
                    4b:91:3e:d9:f3:b4:5a:49:fe:b2:81:4f:5e:d7:3a:
                    57:d0:7c:0b:71:d8:26:21:80:ab:2a:70:aa:0b:0f:
                    e4:78:77:79:30:eb:91:00:de:99:70:08:18:c3:4a:
                    b4:3c:6b:61:c5:43:bf:59:12:3b:a3:46:53:52:28:
                    c3:90:84:4f:a3:52:71:38:e7:a1:07:f8:e9:05:a7:
                    6c:37:93:b8:29:6e:e2:9c:10:ee:1d:10:a9:52:26:
                    47:d9:29:73:67:bc:3e:26:a9:af:2b:dc:5d:e8:16:
                    aa:56:f1:76:b0:f1:4b:da:c8:1e:4f:c1:dc:99:2f:
                    1f:b5:f5:c1:79:be:70:fa:4b:40:9d:51:e8:79:e7:
                    e4:6d:25:8d:d9:f3:d5:74:6d:c6:6a:65:88:b4:39:
                    d3:7d:06:1c:dc:5a:90:ad:9e:0e:5a:a4:f8:d4:04:
                    cf:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:35:55:AC:52:12:57:74:81:9F:4E:4B:B0:6F:27:76:C6:20:D5:A1
            X509v3 Authority Key Identifier:
                keyid:44:9D:81:2B:DF:4C:5F:B0:8E:D6:12:0D:CD:06:19:AB:F3:53:05:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RJ2BK99MX7CO1hINzQYZq_NTBSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/f601d3-23d4-4feb-96fa-f1451ba884b8/1/DzVVrFISV3SBn05LsG8ndsYg1aE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/f601d3-23d4-4feb-96fa-f1451ba884b8/1/RJ2BK99MX7CO1hINzQYZq_NTBSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:8f:e8:27:50:cb:4d:03:f7:f2:16:00:2d:3e:db:09:ef:81:
         ef:d0:0a:94:01:f4:95:85:99:53:db:69:b8:3c:63:e3:5a:99:
         a7:40:2a:da:4d:57:e8:2c:aa:0f:9f:bf:72:ae:db:da:85:42:
         9e:37:89:f8:0b:79:78:29:1f:89:f0:d8:e2:83:72:71:16:63:
         e5:55:0e:d0:9c:37:e9:10:05:25:6f:b4:be:61:1f:b9:c5:f3:
         f1:bc:b9:22:e8:3a:6c:a0:c4:0b:82:dc:f4:ed:bd:43:73:a1:
         1c:bb:51:83:81:24:bf:57:c8:bc:13:a9:32:b3:dd:0a:48:a0:
         9e:d6:b7:2e:3f:cf:76:5b:19:89:af:67:48:e8:cc:fe:a5:94:
         45:8f:9a:0e:1a:46:41:84:c4:a5:3f:eb:e2:ed:af:f8:67:3a:
         28:be:34:6f:b3:68:c6:bc:5b:1d:b3:14:59:b5:42:20:84:65:
         6e:40:ac:92:50:c5:34:7e:84:7d:06:ad:3c:a0:05:4d:f5:f1:
         c8:f6:7e:b4:7d:f3:51:e9:15:4c:5c:73:2c:99:8c:26:bd:04:
         ac:3d:77:66:32:e1:97:b2:98:f0:2d:26:3b:b4:0f:2d:ed:b8:
         2f:55:15:23:ec:81:4a:d4:37:b2:28:88:ee:bd:7b:9b:45:3f:
         88:6b:07:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR8Ca0xVSFKFo3O9tHmJwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0OWQ4MTJiZGY0YzVmYjA4ZWQ2MTIwZGNkMDYxOWFiZjM1
MzA1MjAwHhcNMjUwMTAyMTM1MDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjM1NTVhYzUyMTI1Nzc0ODE5ZjRlNGJiMDZmMjc3NmM2MjBkNWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr35HHZrZmMiEUdj0hia5ea6hhvql
uUf+S/N0CEmNhc0fOwAvRQ8QwfHePXu/c2Xxq8WZJSPaCqNNPB8zsKdTbGvq5qVa
04mLAc5Oc6mfE5amHJRVAuF4v+BLkT7Z87RaSf6ygU9e1zpX0HwLcdgmIYCrKnCq
Cw/keHd5MOuRAN6ZcAgYw0q0PGthxUO/WRI7o0ZTUijDkIRPo1JxOOehB/jpBads
N5O4KW7inBDuHRCpUiZH2SlzZ7w+JqmvK9xd6BaqVvF2sPFL2sgeT8HcmS8ftfXB
eb5w+ktAnVHoeefkbSWN2fPVdG3GamWItDnTfQYc3FqQrZ4OWqT41ATPTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA81VaxSEld0gZ9OS7BvJ3bGINWhMB8GA1UdIwQY
MBaAFESdgSvfTF+wjtYSDc0GGavzUwUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkoyQks5OU1YN0NPMWhJTnpRWVpxX05UQlNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9mNjAxZDMtMjNkNC00ZmViLTk2ZmEt
ZjE0NTFiYTg4NGI4LzEvRHpWVnJGSVNWM1NCbjA1THNHOG5kc1lnMWFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9mNjAxZDMtMjNkNC00ZmViLTk2ZmEtZjE0NTFiYTg4NGI4
LzEvUkoyQks5OU1YN0NPMWhJTnpRWVpxX05UQlNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCoEMA0G
CSqGSIb3DQEBCwUAA4IBAQBWj+gnUMtNA/fyFgAtPtsJ74Hv0AqUAfSVhZlT22m4
PGPjWpmnQCraTVfoLKoPn79yrtvahUKeN4n4C3l4KR+J8Njig3JxFmPlVQ7QnDfp
EAUlb7S+YR+5xfPxvLki6DpsoMQLgtz07b1Dc6Ecu1GDgSS/V8i8E6kys90KSKCe
1rcuP892WxmJr2dI6Mz+pZRFj5oOGkZBhMSlP+vi7a/4ZzoovjRvs2jGvFsdsxRZ
tUIghGVuQKySUMU0foR9Bq08oAVN9fHI9n60ffNR6RVMXHMsmYwmvQSsPXdmMuGX
spjwLSY7tA8t7bgvVRUj7IFK1DeyKIjuvXubRT+IawcL
-----END CERTIFICATE-----