Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/41fe89-08d6-44f8-b754-e08505c91066/1/ZrKS833-z3Eio1cEs6mC2u69XvI.roa
File:                     ZrKS833-z3Eio1cEs6mC2u69XvI.roa (raw, json)
Hash identifier:          z4A6aCJBnlDjwJixWl3FAWoiLh9JN5kfRWL7hdBFHkM=
Subject key identifier:   66:B2:92:F3:7D:FE:CF:71:22:A3:57:04:B3:A9:82:DA:EE:BD:5E:F2
Certificate issuer:       /CN=8a72b60f5fb4930016ceb860cc174a53135f1616
Certificate serial:       019423D6A6CCE3ACDF104336E7898E485C58
Authority key identifier: 8A:72:B6:0F:5F:B4:93:00:16:CE:B8:60:CC:17:4A:53:13:5F:16:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/inK2D1-0kwAWzrhgzBdKUxNfFhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/41fe89-08d6-44f8-b754-e08505c91066/1/ZrKS833-z3Eio1cEs6mC2u69XvI.roa
Signing time:             Wed 01 Jan 2025 21:47:37 +0000
ROA not before:           Wed 01 Jan 2025 21:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61421
IP address blocks:        45.150.43.0/24 maxlen: 24
                          2a0f:9207:24::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/41fe89-08d6-44f8-b754-e08505c91066/1/inK2D1-0kwAWzrhgzBdKUxNfFhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/41fe89-08d6-44f8-b754-e08505c91066/1/inK2D1-0kwAWzrhgzBdKUxNfFhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/inK2D1-0kwAWzrhgzBdKUxNfFhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:a6:cc:e3:ac:df:10:43:36:e7:89:8e:48:5c:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a72b60f5fb4930016ceb860cc174a53135f1616
        Validity
            Not Before: Jan  1 21:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66b292f37dfecf7122a35704b3a982daeebd5ef2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:3a:42:33:d9:51:59:ca:e5:6b:81:bd:e9:cc:
                    7c:5a:cd:ae:97:a5:da:c6:4a:f7:6c:84:f6:5e:f1:
                    51:8f:18:da:7d:70:65:0d:92:79:6f:68:3e:79:d8:
                    13:8c:e0:c8:66:64:61:fd:04:de:91:b5:40:99:8a:
                    79:e7:50:6e:15:18:2f:b8:d0:ef:83:ad:87:08:ad:
                    ae:6c:55:f8:40:ad:85:aa:b4:1e:25:6e:b0:31:15:
                    00:8f:f0:01:81:84:b1:54:69:21:03:e7:97:83:76:
                    e2:3e:a4:67:ea:33:96:71:0a:83:ad:a5:a9:e7:51:
                    b0:1e:74:8c:52:55:09:73:22:36:41:98:eb:54:d9:
                    5e:82:6b:75:42:44:b4:3f:c5:14:ef:05:db:4a:e7:
                    e3:69:75:d0:36:4f:64:90:be:06:c4:e4:35:ac:89:
                    dd:e2:db:ae:ac:ae:dd:2e:2a:0e:de:eb:a6:01:cf:
                    0d:29:9e:f9:ce:2d:db:a1:76:7d:61:29:05:6e:cb:
                    9b:5a:fe:04:a3:60:6e:b2:87:d0:ce:ff:3a:44:48:
                    43:9d:89:4e:eb:d5:7c:05:82:5f:d3:61:d6:9a:0b:
                    66:84:c1:da:63:20:6d:91:a7:2b:94:cb:03:b2:90:
                    06:75:72:5e:ef:dd:3c:45:0f:48:28:dc:55:0d:72:
                    85:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:B2:92:F3:7D:FE:CF:71:22:A3:57:04:B3:A9:82:DA:EE:BD:5E:F2
            X509v3 Authority Key Identifier:
                keyid:8A:72:B6:0F:5F:B4:93:00:16:CE:B8:60:CC:17:4A:53:13:5F:16:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/inK2D1-0kwAWzrhgzBdKUxNfFhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/41fe89-08d6-44f8-b754-e08505c91066/1/ZrKS833-z3Eio1cEs6mC2u69XvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/41fe89-08d6-44f8-b754-e08505c91066/1/inK2D1-0kwAWzrhgzBdKUxNfFhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.43.0/24
                IPv6:
                  2a0f:9207:24::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:78:bd:a0:0d:ca:ca:4d:4d:11:72:48:0a:c7:b3:dc:78:47:
         11:da:09:31:5c:0d:4a:bc:b9:b8:e2:47:73:c3:82:b4:60:6c:
         0a:62:96:bf:18:a3:24:67:01:d8:23:2b:25:15:79:0d:d2:b3:
         af:19:85:e0:9b:cc:c4:bc:63:42:ba:d8:24:86:ad:01:94:40:
         24:c1:d2:41:4c:14:30:4c:b4:5b:1e:3b:73:48:6b:84:ed:87:
         38:a0:c4:07:01:16:d9:c2:04:01:b9:60:57:0f:cc:6b:b0:d3:
         0b:73:18:e1:30:19:47:78:8e:fb:a1:ea:d8:10:90:ee:55:7a:
         15:f9:46:c4:f1:9e:da:56:cf:48:f8:68:88:c1:b7:5e:81:14:
         4f:cb:0b:66:e2:0b:38:10:c0:8c:17:93:d0:3d:d1:26:57:43:
         f1:79:80:32:55:54:ac:3a:00:cb:7f:61:e0:42:e3:06:ea:42:
         a7:0b:71:82:89:ca:7a:70:09:cc:88:56:ca:e2:7a:54:47:21:
         ff:33:5b:99:17:da:1f:10:0d:d4:0d:bb:9b:bf:ea:da:e2:3a:
         97:d7:e9:73:6a:66:28:6e:9f:84:97:cc:d9:62:49:4c:56:9d:
         df:00:81:dc:ae:e5:90:e5:e5:88:df:d3:e1:32:e7:3d:6e:c8:
         a2:a8:c8:08
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQj1qbM46zfEEM254mOSFxYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNzJiNjBmNWZiNDkzMDAxNmNlYjg2MGNjMTc0YTUzMTM1
ZjE2MTYwHhcNMjUwMTAxMjE0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmIyOTJmMzdkZmVjZjcxMjJhMzU3MDRiM2E5ODJkYWVlYmQ1ZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTpCM9lRWcrla4G96cx8Ws2ul6Xa
xkr3bIT2XvFRjxjafXBlDZJ5b2g+edgTjODIZmRh/QTekbVAmYp551BuFRgvuNDv
g62HCK2ubFX4QK2FqrQeJW6wMRUAj/ABgYSxVGkhA+eXg3biPqRn6jOWcQqDraWp
51GwHnSMUlUJcyI2QZjrVNlegmt1QkS0P8UU7wXbSufjaXXQNk9kkL4GxOQ1rInd
4tuurK7dLioO3uumAc8NKZ75zi3boXZ9YSkFbsubWv4Eo2BusofQzv86REhDnYlO
69V8BYJf02HWmgtmhMHaYyBtkacrlMsDspAGdXJe7908RQ9IKNxVDXKFswIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGaykvN9/s9xIqNXBLOpgtruvV7yMB8GA1UdIwQY
MBaAFIpytg9ftJMAFs64YMwXSlMTXxYWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW5LMkQxLTBrd0FXenJoZ3pCZEtVeE5mRmhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80MWZlODktMDhkNi00NGY4LWI3NTQt
ZTA4NTA1YzkxMDY2LzEvWnJLUzgzMy16M0VpbzFjRXM2bUMydTY5WHZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80MWZlODktMDhkNi00NGY4LWI3NTQtZTA4NTA1YzkxMDY2
LzEvaW5LMkQxLTBrd0FXenJoZ3pCZEtVeE5mRmhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALZYrMA8E
AgACMAkDBwAqD5IHACQwDQYJKoZIhvcNAQELBQADggEBAF14vaANyspNTRFySArH
s9x4RxHaCTFcDUq8ubjiR3PDgrRgbApilr8YoyRnAdgjKyUVeQ3Ss68ZheCbzMS8
Y0K62CSGrQGUQCTB0kFMFDBMtFseO3NIa4TthzigxAcBFtnCBAG5YFcPzGuw0wtz
GOEwGUd4jvuh6tgQkO5VehX5RsTxntpWz0j4aIjBt16BFE/LC2biCzgQwIwXk9A9
0SZXQ/F5gDJVVKw6AMt/YeBC4wbqQqcLcYKJynpwCcyIVsrielRHIf8zW5kX2h8Q
DdQNu5u/6triOpfX6XNqZihun4SXzNliSUxWnd8Agdyu5ZDl5Yjf0+Ey5z1uyKKo
yAg=
-----END CERTIFICATE-----