Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/0e1607-8ef0-4ed5-a68b-8b12b1f1b5ae/1/ZF1NBVygwczrv-VrbnsMrwKxoPE.roa
File:                     ZF1NBVygwczrv-VrbnsMrwKxoPE.roa (raw, json)
Hash identifier:          /o12xb9vdZSayHPZ8WzqR3hjycfpesp9WuNC4Et2XGY=
Subject key identifier:   64:5D:4D:05:5C:A0:C1:CC:EB:BF:E5:6B:6E:7B:0C:AF:02:B1:A0:F1
Certificate issuer:       /CN=df0f32e5f098b86a8794825c81122da953466284
Certificate serial:       018CC500FDF338CA197EA9191B71682C9406
Authority key identifier: DF:0F:32:E5:F0:98:B8:6A:87:94:82:5C:81:12:2D:A9:53:46:62:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3w8y5fCYuGqHlIJcgRItqVNGYoQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/0e1607-8ef0-4ed5-a68b-8b12b1f1b5ae/1/ZF1NBVygwczrv-VrbnsMrwKxoPE.roa
Signing time:             Mon 01 Jan 2024 12:30:25 +0000
ROA not before:           Mon 01 Jan 2024 12:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201902
IP address blocks:        45.141.164.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/0e1607-8ef0-4ed5-a68b-8b12b1f1b5ae/1/3w8y5fCYuGqHlIJcgRItqVNGYoQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/0e1607-8ef0-4ed5-a68b-8b12b1f1b5ae/1/3w8y5fCYuGqHlIJcgRItqVNGYoQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3w8y5fCYuGqHlIJcgRItqVNGYoQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:fd:f3:38:ca:19:7e:a9:19:1b:71:68:2c:94:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df0f32e5f098b86a8794825c81122da953466284
        Validity
            Not Before: Jan  1 12:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=645d4d055ca0c1ccebbfe56b6e7b0caf02b1a0f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fa:89:ff:2a:87:4c:b5:5d:81:e3:37:32:09:
                    de:be:b1:7c:30:25:8b:ec:93:f1:6f:39:c0:7c:ab:
                    68:51:ac:80:1c:2b:c2:f4:5a:47:6a:4e:d7:b5:87:
                    9b:cf:6f:75:54:c3:fb:be:17:df:b3:81:7e:5e:9d:
                    33:a0:b1:db:f9:9f:d0:bf:19:d6:a7:2a:46:0d:b2:
                    4c:86:a6:a6:06:63:c9:dd:14:a7:d7:4f:e5:86:f0:
                    24:75:3b:8d:5f:41:a8:d1:69:31:c4:89:ea:43:4c:
                    25:c9:07:9f:7c:5f:2b:03:33:78:54:b9:dd:6c:de:
                    e5:1c:cb:25:f3:7c:b0:2e:46:3f:91:2d:b7:0f:02:
                    fb:1a:55:96:98:73:76:df:c3:10:d1:ee:7c:ba:9a:
                    2e:70:94:08:67:06:a9:83:19:ec:a5:eb:81:2a:83:
                    19:5f:2f:05:be:0e:1f:a3:25:5a:7f:ba:ac:47:87:
                    69:f9:3b:97:e5:f9:55:92:cb:2b:86:a7:ad:28:96:
                    00:2f:e6:6b:4c:1c:b0:d9:0e:73:bb:bd:76:7e:d3:
                    18:42:d8:dd:b9:45:75:6c:0a:6f:5b:40:94:c9:17:
                    27:cd:0e:ba:1b:17:89:b7:04:c8:cd:84:60:e4:8f:
                    9e:2c:19:ce:a9:e3:5b:86:00:0c:64:db:2a:4f:95:
                    62:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:5D:4D:05:5C:A0:C1:CC:EB:BF:E5:6B:6E:7B:0C:AF:02:B1:A0:F1
            X509v3 Authority Key Identifier:
                keyid:DF:0F:32:E5:F0:98:B8:6A:87:94:82:5C:81:12:2D:A9:53:46:62:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3w8y5fCYuGqHlIJcgRItqVNGYoQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/0e1607-8ef0-4ed5-a68b-8b12b1f1b5ae/1/ZF1NBVygwczrv-VrbnsMrwKxoPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/0e1607-8ef0-4ed5-a68b-8b12b1f1b5ae/1/3w8y5fCYuGqHlIJcgRItqVNGYoQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:ff:8a:6b:61:1b:bd:15:d3:1a:40:5a:a3:f5:a4:b2:61:b6:
         ca:1c:df:b7:7d:bb:97:93:e1:bf:ac:b6:0a:5c:cf:f6:97:36:
         2a:e7:6d:5b:da:a0:12:8c:08:47:51:77:90:49:02:71:b5:ab:
         e1:61:d9:f0:8b:b3:52:1e:42:84:e9:e9:77:b0:84:8b:c6:99:
         61:07:ea:83:e6:d1:5b:00:af:ad:27:44:47:89:89:4e:34:80:
         17:36:9d:5c:36:d0:1f:f5:1c:64:fe:80:e1:ac:aa:d7:37:bc:
         44:c2:41:bd:6a:bc:75:81:12:54:d9:49:a5:20:85:d2:c6:ad:
         1d:ae:4f:a2:df:1b:47:62:6a:23:8a:d0:75:71:12:99:d0:8a:
         5d:c7:22:f5:90:4b:20:0f:da:dc:89:70:20:3f:a3:89:68:8a:
         39:f6:3e:36:1d:6e:21:19:88:0c:70:12:85:f4:3a:75:d9:3b:
         75:39:28:88:af:ba:df:6e:9b:07:82:6c:f1:31:11:14:7c:01:
         dc:7a:e8:da:d5:f5:b2:97:6a:02:70:e0:23:b9:ac:5a:49:4f:
         5a:60:35:cc:55:61:12:05:20:df:27:f9:45:61:a7:42:71:2c:
         e5:be:4c:d3:92:2b:8a:a9:6e:17:62:a9:c3:c2:9e:3b:ad:4a:
         fb:a2:1d:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAP3zOMoZfqkZG3FoLJQGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMGYzMmU1ZjA5OGI4NmE4Nzk0ODI1YzgxMTIyZGE5NTM0
NjYyODQwHhcNMjQwMTAxMTIzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDVkNGQwNTVjYTBjMWNjZWJiZmU1NmI2ZTdiMGNhZjAyYjFhMGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfqJ/yqHTLVdgeM3MgnevrF8MCWL
7JPxbznAfKtoUayAHCvC9FpHak7XtYebz291VMP7vhffs4F+Xp0zoLHb+Z/QvxnW
pypGDbJMhqamBmPJ3RSn10/lhvAkdTuNX0Go0WkxxInqQ0wlyQeffF8rAzN4VLnd
bN7lHMsl83ywLkY/kS23DwL7GlWWmHN238MQ0e58upoucJQIZwapgxnspeuBKoMZ
Xy8Fvg4foyVaf7qsR4dp+TuX5flVkssrhqetKJYAL+ZrTByw2Q5zu712ftMYQtjd
uUV1bApvW0CUyRcnzQ66GxeJtwTIzYRg5I+eLBnOqeNbhgAMZNsqT5Vi2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRdTQVcoMHM67/la257DK8CsaDxMB8GA1UdIwQY
MBaAFN8PMuXwmLhqh5SCXIESLalTRmKEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3c4eTVmQ1l1R3FIbElKY2dSSXRxVk5HWW9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8wZTE2MDctOGVmMC00ZWQ1LWE2OGIt
OGIxMmIxZjFiNWFlLzEvWkYxTkJWeWd3Y3pydi1WcmJuc01yd0t4b1BFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8wZTE2MDctOGVmMC00ZWQ1LWE2OGItOGIxMmIxZjFiNWFl
LzEvM3c4eTVmQ1l1R3FIbElKY2dSSXRxVk5HWW9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLY2kMA0G
CSqGSIb3DQEBCwUAA4IBAQCt/4prYRu9FdMaQFqj9aSyYbbKHN+3fbuXk+G/rLYK
XM/2lzYq521b2qASjAhHUXeQSQJxtavhYdnwi7NSHkKE6el3sISLxplhB+qD5tFb
AK+tJ0RHiYlONIAXNp1cNtAf9Rxk/oDhrKrXN7xEwkG9arx1gRJU2UmlIIXSxq0d
rk+i3xtHYmojitB1cRKZ0IpdxyL1kEsgD9rciXAgP6OJaIo59j42HW4hGYgMcBKF
9Dp12Tt1OSiIr7rfbpsHgmzxMREUfAHceuja1fWyl2oCcOAjuaxaSU9aYDXMVWES
BSDfJ/lFYadCcSzlvkzTkiuKqW4XYqnDwp47rUr7oh2f
-----END CERTIFICATE-----