Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/ziWOGVzc91RDjHDHhPd1qawwCoQ.roa
File:                     ziWOGVzc91RDjHDHhPd1qawwCoQ.roa (raw, json)
Hash identifier:          MaCT2em34JjV5QJZwshEC6RNemddpDFN1wmBFpOjty8=
Subject key identifier:   CE:25:8E:19:5C:DC:F7:54:43:8C:70:C7:84:F7:75:A9:AC:30:0A:84
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       01941FFA04AE3F14FFB849B85BA014CC043C
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/ziWOGVzc91RDjHDHhPd1qawwCoQ.roa
Signing time:             Wed 01 Jan 2025 03:47:46 +0000
ROA not before:           Wed 01 Jan 2025 03:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198037
IP address blocks:        80.76.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 14:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:04:ae:3f:14:ff:b8:49:b8:5b:a0:14:cc:04:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Jan  1 03:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce258e195cdcf754438c70c784f775a9ac300a84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:cb:e1:d0:c6:b5:ab:d0:ac:84:e0:fc:be:f3:
                    7e:b1:83:f6:d9:9c:10:f6:c1:d2:53:24:51:ab:c5:
                    98:0f:43:1a:48:fb:ef:4a:c4:57:d5:52:a4:7f:06:
                    f6:ed:6f:c9:d3:aa:96:9d:d9:3b:ca:64:73:0b:1a:
                    87:6a:3e:0b:5f:ab:fc:6b:f5:45:c4:8a:40:a3:0f:
                    1c:3d:f7:b2:6c:ee:38:49:67:58:9c:77:a2:80:df:
                    f4:53:dc:5e:40:80:03:a4:fc:82:26:6c:aa:63:e3:
                    fb:2d:c9:a2:37:d7:ca:a2:9b:f1:d6:02:0e:b7:90:
                    43:59:88:38:9b:91:41:06:a1:ec:be:ea:5f:85:d5:
                    5a:af:11:33:df:93:ac:89:e9:8a:5a:44:77:32:20:
                    15:ee:c7:45:75:21:fc:8a:9d:fc:ba:cd:79:64:f5:
                    f5:aa:dc:42:1c:b7:65:16:65:a5:ea:4d:9a:42:c5:
                    a9:de:12:ed:2c:ee:85:3c:12:33:a8:91:d6:44:81:
                    bc:2d:81:64:c6:4a:a9:cc:da:fb:46:22:63:7f:b2:
                    d1:42:0e:a9:3d:79:09:93:ff:97:98:96:8c:e8:ad:
                    66:3d:ce:aa:67:d3:cd:d0:50:ef:b2:5d:a5:68:f2:
                    9d:06:11:fa:82:6a:72:b2:e5:0a:1e:76:18:ca:cd:
                    da:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:25:8E:19:5C:DC:F7:54:43:8C:70:C7:84:F7:75:A9:AC:30:0A:84
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/ziWOGVzc91RDjHDHhPd1qawwCoQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:13:3a:51:b0:ce:80:5c:5f:c9:df:0a:c3:7f:9b:1a:bc:56:
         c7:17:89:00:82:f7:ff:04:0c:32:de:a8:2d:d3:2d:3a:77:1d:
         e4:4f:15:17:15:2e:d8:48:4e:1f:4a:2f:67:78:7a:d4:15:9a:
         f3:d2:95:11:00:51:f2:d8:29:6a:74:a3:6b:39:f9:75:b5:4a:
         51:59:19:ea:61:fb:59:e2:75:08:0b:8a:6f:98:50:54:bf:ab:
         42:1a:5f:0b:fe:3f:09:e7:3d:49:b7:1b:e1:9a:ce:17:54:05:
         12:c3:1b:c4:74:1e:58:2f:7e:ae:a9:59:1b:8e:ad:29:b5:97:
         05:a9:ac:45:8c:71:6a:6c:96:6e:d8:65:c6:c8:2b:3f:f6:b2:
         ab:90:f5:bd:d9:1d:6c:87:16:9b:a0:bc:2a:d4:2f:99:1b:bc:
         4b:cf:fa:0b:77:0a:68:6e:87:d7:b9:c1:e9:8a:51:74:0b:db:
         94:f7:74:58:99:9f:a9:e4:ff:8e:1d:55:40:c0:61:81:19:44:
         82:bb:92:5e:53:a4:c4:d1:0c:07:2e:08:69:6e:1d:e5:e0:d7:
         da:30:0d:41:90:01:4a:0a:98:4e:e9:72:7e:46:87:67:bd:c0:
         5f:42:89:51:72:fb:31:5e:03:13:5e:5d:3c:5a:f2:c8:5b:a0:
         8d:88:94:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+gSuPxT/uEm4W6AUzAQ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjUwMTAxMDM0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTI1OGUxOTVjZGNmNzU0NDM4YzcwYzc4NGY3NzVhOWFjMzAwYTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsvh0Ma1q9CshOD8vvN+sYP22ZwQ
9sHSUyRRq8WYD0MaSPvvSsRX1VKkfwb27W/J06qWndk7ymRzCxqHaj4LX6v8a/VF
xIpAow8cPfeybO44SWdYnHeigN/0U9xeQIADpPyCJmyqY+P7LcmiN9fKopvx1gIO
t5BDWYg4m5FBBqHsvupfhdVarxEz35OsiemKWkR3MiAV7sdFdSH8ip38us15ZPX1
qtxCHLdlFmWl6k2aQsWp3hLtLO6FPBIzqJHWRIG8LYFkxkqpzNr7RiJjf7LRQg6p
PXkJk/+XmJaM6K1mPc6qZ9PN0FDvsl2laPKdBhH6gmpysuUKHnYYys3a0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4ljhlc3PdUQ4xwx4T3damsMAqEMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvemlXT0dWemM5MVJEakhESGhQZDFxYXd3Q29RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEwrMA0G
CSqGSIb3DQEBCwUAA4IBAQCREzpRsM6AXF/J3wrDf5savFbHF4kAgvf/BAwy3qgt
0y06dx3kTxUXFS7YSE4fSi9neHrUFZrz0pURAFHy2ClqdKNrOfl1tUpRWRnqYftZ
4nUIC4pvmFBUv6tCGl8L/j8J5z1Jtxvhms4XVAUSwxvEdB5YL36uqVkbjq0ptZcF
qaxFjHFqbJZu2GXGyCs/9rKrkPW92R1shxaboLwq1C+ZG7xLz/oLdwpobofXucHp
ilF0C9uU93RYmZ+p5P+OHVVAwGGBGUSCu5JeU6TE0QwHLghpbh3l4NfaMA1BkAFK
CphO6XJ+RodnvcBfQolRcvsxXgMTXl08WvLIW6CNiJTu
-----END CERTIFICATE-----