Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/07cd4d-7d35-44e1-aba3-c9b220a4d6f0/1/vzmyNrlx12Of6nkhjpCUrNuMnE0.roa
File:                     vzmyNrlx12Of6nkhjpCUrNuMnE0.roa (raw, json)
Hash identifier:          GZnGfQJ22BwvGawBRyPMAw4FcsQFgdQkm7oclrkMSK4=
Subject key identifier:   BF:39:B2:36:B9:71:D7:63:9F:EA:79:21:8E:90:94:AC:DB:8C:9C:4D
Certificate issuer:       /CN=a4c7bfe415604f6136ceaa216356495bf6d5cc41
Certificate serial:       019423D73B156260293C248EB706F3B91430
Authority key identifier: A4:C7:BF:E4:15:60:4F:61:36:CE:AA:21:63:56:49:5B:F6:D5:CC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pMe_5BVgT2E2zqohY1ZJW_bVzEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/07cd4d-7d35-44e1-aba3-c9b220a4d6f0/1/vzmyNrlx12Of6nkhjpCUrNuMnE0.roa
Signing time:             Wed 01 Jan 2025 21:48:15 +0000
ROA not before:           Wed 01 Jan 2025 21:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208230
IP address blocks:        45.152.108.0/24 maxlen: 24
                          45.152.109.0/24 maxlen: 24
                          45.152.110.0/24 maxlen: 24
                          45.152.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/07cd4d-7d35-44e1-aba3-c9b220a4d6f0/1/pMe_5BVgT2E2zqohY1ZJW_bVzEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/07cd4d-7d35-44e1-aba3-c9b220a4d6f0/1/pMe_5BVgT2E2zqohY1ZJW_bVzEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pMe_5BVgT2E2zqohY1ZJW_bVzEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:3b:15:62:60:29:3c:24:8e:b7:06:f3:b9:14:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4c7bfe415604f6136ceaa216356495bf6d5cc41
        Validity
            Not Before: Jan  1 21:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf39b236b971d7639fea79218e9094acdb8c9c4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:49:f1:f0:d2:46:84:de:aa:d0:de:ed:c3:91:
                    79:4a:fd:a4:64:87:2c:94:5d:d5:94:d7:65:67:fc:
                    79:04:5e:3a:f7:4f:24:59:aa:f2:0c:73:90:fe:fc:
                    fc:f4:a0:44:59:8f:35:ea:8e:d9:1b:94:ce:4c:8a:
                    ae:5d:f9:9f:46:75:14:81:f4:71:33:e0:f0:e9:8e:
                    b3:ee:db:07:68:28:ee:b8:f1:e9:6e:c4:34:12:76:
                    73:2c:0f:c2:14:92:17:3c:47:2e:ad:69:48:05:34:
                    5b:35:eb:25:50:0f:09:bc:0e:b4:06:29:73:1e:fe:
                    03:67:20:38:a3:95:d8:94:a8:76:1c:cb:8d:86:e4:
                    b6:6f:0b:1b:55:13:b0:67:5d:64:8e:55:0c:0c:16:
                    58:19:be:0c:99:2d:e1:43:bb:ad:96:fb:8a:ca:c9:
                    bf:d4:e8:c8:1f:36:78:44:91:f6:c7:7b:43:19:6d:
                    47:8a:a8:7d:2c:40:be:bd:65:10:7b:24:be:36:86:
                    81:df:c8:39:89:79:22:60:11:b0:60:e1:ea:24:f9:
                    53:1c:8a:8b:04:7a:11:cc:7e:04:ba:cd:27:4a:a8:
                    1b:92:41:82:63:18:2a:88:cd:c6:41:ee:a2:f0:25:
                    5e:e0:05:73:7d:53:4c:7c:dd:7f:f3:0b:92:e0:04:
                    6c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:39:B2:36:B9:71:D7:63:9F:EA:79:21:8E:90:94:AC:DB:8C:9C:4D
            X509v3 Authority Key Identifier:
                keyid:A4:C7:BF:E4:15:60:4F:61:36:CE:AA:21:63:56:49:5B:F6:D5:CC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pMe_5BVgT2E2zqohY1ZJW_bVzEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/07cd4d-7d35-44e1-aba3-c9b220a4d6f0/1/vzmyNrlx12Of6nkhjpCUrNuMnE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/07cd4d-7d35-44e1-aba3-c9b220a4d6f0/1/pMe_5BVgT2E2zqohY1ZJW_bVzEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:0e:56:50:ec:d2:9b:1e:d6:7a:8d:e4:d6:3d:55:c6:81:97:
         a3:66:ac:d7:72:75:9c:32:32:a7:f2:48:01:cc:79:18:a7:38:
         5e:c4:8f:6c:1a:8f:55:b6:00:f4:b3:43:ab:98:68:ea:49:a3:
         98:f5:27:81:2a:45:98:32:a8:18:69:2f:94:86:8c:6a:9c:fd:
         e9:d0:5a:18:14:3c:10:c3:9d:d9:30:cc:10:36:4e:e1:4f:8c:
         a9:b8:71:74:32:7b:09:30:1c:aa:de:b8:74:d1:10:36:0d:66:
         17:d4:5d:42:99:b5:b7:71:0e:e5:4c:9b:92:01:7f:1a:0c:2f:
         ea:97:af:4a:05:5f:f6:5b:1c:61:3c:55:22:87:92:67:3f:0a:
         d7:95:1b:12:cc:fa:75:c2:4c:4b:2f:1c:fe:13:86:07:8a:e3:
         c7:da:d1:78:16:8e:d7:d5:61:41:8c:05:4b:3c:b9:89:6b:02:
         cb:9c:bd:2e:bb:75:24:46:07:5e:7a:cb:c7:05:80:4e:ee:50:
         0d:86:e2:43:44:39:fd:95:ed:a3:29:98:d9:fc:96:a8:59:d8:
         f4:f9:dc:b1:00:c2:e5:63:cb:73:c5:8c:57:89:67:c6:9a:06:
         15:4a:8a:4a:6e:1c:a1:a4:53:4f:a5:14:bb:90:cc:df:a9:48:
         c9:60:ab:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1zsVYmApPCSOtwbzuRQwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YzdiZmU0MTU2MDRmNjEzNmNlYWEyMTYzNTY0OTViZjZk
NWNjNDEwHhcNMjUwMTAxMjE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjM5YjIzNmI5NzFkNzYzOWZlYTc5MjE4ZTkwOTRhY2RiOGM5YzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUnx8NJGhN6q0N7tw5F5Sv2kZIcs
lF3VlNdlZ/x5BF46908kWaryDHOQ/vz89KBEWY816o7ZG5TOTIquXfmfRnUUgfRx
M+Dw6Y6z7tsHaCjuuPHpbsQ0EnZzLA/CFJIXPEcurWlIBTRbNeslUA8JvA60Bilz
Hv4DZyA4o5XYlKh2HMuNhuS2bwsbVROwZ11kjlUMDBZYGb4MmS3hQ7utlvuKysm/
1OjIHzZ4RJH2x3tDGW1Hiqh9LEC+vWUQeyS+NoaB38g5iXkiYBGwYOHqJPlTHIqL
BHoRzH4Eus0nSqgbkkGCYxgqiM3GQe6i8CVe4AVzfVNMfN1/8wuS4ARsAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL85sja5cddjn+p5IY6QlKzbjJxNMB8GA1UdIwQY
MBaAFKTHv+QVYE9hNs6qIWNWSVv21cxBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE1lXzVCVmdUMkUyenFvaFkxWkpXX2JWekVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8wN2NkNGQtN2QzNS00NGUxLWFiYTMt
YzliMjIwYTRkNmYwLzEvdnpteU5ybHgxMk9mNm5raGpwQ1VyTnVNbkUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8wN2NkNGQtN2QzNS00NGUxLWFiYTMtYzliMjIwYTRkNmYw
LzEvcE1lXzVCVmdUMkUyenFvaFkxWkpXX2JWekVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZhsMA0G
CSqGSIb3DQEBCwUAA4IBAQA6DlZQ7NKbHtZ6jeTWPVXGgZejZqzXcnWcMjKn8kgB
zHkYpzhexI9sGo9VtgD0s0OrmGjqSaOY9SeBKkWYMqgYaS+UhoxqnP3p0FoYFDwQ
w53ZMMwQNk7hT4ypuHF0MnsJMByq3rh00RA2DWYX1F1CmbW3cQ7lTJuSAX8aDC/q
l69KBV/2WxxhPFUih5JnPwrXlRsSzPp1wkxLLxz+E4YHiuPH2tF4Fo7X1WFBjAVL
PLmJawLLnL0uu3UkRgdeesvHBYBO7lANhuJDRDn9le2jKZjZ/JaoWdj0+dyxAMLl
Y8tzxYxXiWfGmgYVSopKbhyhpFNPpRS7kMzfqUjJYKsX
-----END CERTIFICATE-----