Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/ZTow9Q2QDm50HI6UqwjUakhxcuE.roa
File:                     ZTow9Q2QDm50HI6UqwjUakhxcuE.roa (raw, json)
Hash identifier:          gbfVOQH5TpBSHlOcJjEyRF1+crH/NLpR1RYGJ2lBo+U=
Subject key identifier:   65:3A:30:F5:0D:90:0E:6E:74:1C:8E:94:AB:08:D4:6A:48:71:72:E1
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018CC86FB4FF2D65A8FC2BE24939A2AC19FF
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/ZTow9Q2QDm50HI6UqwjUakhxcuE.roa
Signing time:             Tue 02 Jan 2024 04:30:13 +0000
ROA not before:           Tue 02 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210558
IP address blocks:        45.94.31.0/24 maxlen: 24
                          91.206.169.0/24 maxlen: 24
                          45.138.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b4:ff:2d:65:a8:fc:2b:e2:49:39:a2:ac:19:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=653a30f50d900e6e741c8e94ab08d46a487172e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:9b:7d:ed:bf:a1:f9:36:72:1b:af:94:15:7d:
                    b3:e7:c0:d5:27:8e:0e:bb:f9:97:02:12:d4:eb:21:
                    b4:2f:7a:c1:44:2e:27:c0:97:44:95:6f:15:e1:6e:
                    e2:58:be:4e:f2:c7:39:a5:2a:27:f9:db:76:96:9b:
                    5b:b7:7e:7c:1c:02:6e:57:e6:d2:af:94:a4:30:65:
                    af:3f:9d:2d:7c:e8:c8:6d:d2:24:1b:95:f1:35:7a:
                    9a:ca:62:c8:93:91:a5:a6:8f:86:82:52:a9:95:5f:
                    30:e9:83:88:8e:01:53:8c:b1:f0:2a:45:da:91:d0:
                    ce:dd:b6:14:39:01:6d:bc:8b:fc:80:07:24:24:e9:
                    55:2f:54:65:aa:02:38:c8:dc:43:85:43:a8:31:9e:
                    d0:09:c5:95:7e:37:25:ea:9b:27:a1:d7:22:01:a9:
                    3f:19:e8:0c:8a:eb:b4:d5:9e:e3:19:8f:d3:5f:d7:
                    d6:47:4b:f3:88:16:20:a3:4c:37:96:d5:f8:11:9f:
                    75:1e:3d:d3:74:ca:75:a4:27:59:ab:84:08:97:e6:
                    c0:43:e8:09:4e:e3:55:eb:31:73:a1:85:3b:4a:41:
                    b0:ce:04:9c:f9:92:76:64:9e:90:51:f3:75:85:d8:
                    f7:38:60:d6:93:17:04:6a:bd:50:5c:4f:26:e5:79:
                    03:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:3A:30:F5:0D:90:0E:6E:74:1C:8E:94:AB:08:D4:6A:48:71:72:E1
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/ZTow9Q2QDm50HI6UqwjUakhxcuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.31.0/24
                  45.138.16.0/24
                  91.206.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:d4:4a:92:04:0b:9a:8c:46:78:8a:e3:de:f6:70:c5:31:3d:
         77:6f:f2:9a:53:91:53:5d:1f:3c:7e:08:b1:ef:c4:a4:49:5c:
         64:08:48:43:7e:a7:da:90:0a:1c:e4:ab:49:11:bf:a8:cf:9d:
         f1:dc:5c:26:62:91:76:8f:4f:c5:92:bf:b5:16:d4:7c:13:82:
         43:55:77:71:34:95:0c:5f:12:4f:b0:36:4f:e4:c7:47:13:d8:
         07:90:60:d1:1c:89:56:0e:d4:cd:5e:d3:8f:42:81:97:fd:96:
         4c:4d:75:67:74:38:63:c6:38:dc:b9:72:8b:b8:7b:89:22:f0:
         cf:a3:9e:62:0d:1f:f2:00:d5:2e:a8:91:d7:0b:f3:0e:48:89:
         91:60:fb:64:6a:09:0e:c0:87:56:9d:15:d6:5a:fc:c7:1f:43:
         35:3c:f3:95:e4:dd:63:88:9a:8a:da:36:2e:e0:a1:04:28:7d:
         0b:fc:af:d7:f8:9a:0d:d8:3a:95:fb:57:fd:0b:af:88:be:b0:
         c6:c2:e7:ac:c6:70:33:c5:59:80:34:45:d3:d9:8d:78:fe:b6:
         bf:ca:13:31:46:92:36:85:ce:37:ab:ff:08:d2:a3:ff:40:35:
         f9:ef:bf:ea:4f:b4:f3:4b:ff:8a:76:82:35:1c:58:34:46:02:
         1f:c3:ef:6b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIb7T/LWWo/CviSTmirBn/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwMTAyMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTNhMzBmNTBkOTAwZTZlNzQxYzhlOTRhYjA4ZDQ2YTQ4NzE3MmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpt97b+h+TZyG6+UFX2z58DVJ44O
u/mXAhLU6yG0L3rBRC4nwJdElW8V4W7iWL5O8sc5pSon+dt2lptbt358HAJuV+bS
r5SkMGWvP50tfOjIbdIkG5XxNXqaymLIk5Glpo+GglKplV8w6YOIjgFTjLHwKkXa
kdDO3bYUOQFtvIv8gAckJOlVL1RlqgI4yNxDhUOoMZ7QCcWVfjcl6psnodciAak/
GegMiuu01Z7jGY/TX9fWR0vziBYgo0w3ltX4EZ91Hj3TdMp1pCdZq4QIl+bAQ+gJ
TuNV6zFzoYU7SkGwzgSc+ZJ2ZJ6QUfN1hdj3OGDWkxcEar1QXE8m5XkDnwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGU6MPUNkA5udByOlKsI1GpIcXLhMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvWlRvdzlRMlFEbTUwSEk2VXF3alVha2h4Y3VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALV4fAwQA
LYoQAwQAW86pMA0GCSqGSIb3DQEBCwUAA4IBAQA/1EqSBAuajEZ4iuPe9nDFMT13
b/KaU5FTXR88fgix78SkSVxkCEhDfqfakAoc5KtJEb+oz53x3FwmYpF2j0/Fkr+1
FtR8E4JDVXdxNJUMXxJPsDZP5MdHE9gHkGDRHIlWDtTNXtOPQoGX/ZZMTXVndDhj
xjjcuXKLuHuJIvDPo55iDR/yANUuqJHXC/MOSImRYPtkagkOwIdWnRXWWvzHH0M1
PPOV5N1jiJqK2jYu4KEEKH0L/K/X+JoN2DqV+1f9C6+IvrDGwuesxnAzxVmANEXT
2Y14/ra/yhMxRpI2hc43q/8I0qP/QDX577/qT7TzS/+KdoI1HFg0RgIfw+9r
-----END CERTIFICATE-----