Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/a5b12e-d90e-44d4-b63a-95d105a70c94/1/ZWzMusszmsy4UaWcCS9_rq-Knr8.roa
File:                     ZWzMusszmsy4UaWcCS9_rq-Knr8.roa (raw, json)
Hash identifier:          VUrGGf9efoi6v3qnwdA+7nmE0j9PKTICArLKCLrSD9U=
Subject key identifier:   65:6C:CC:BA:CB:33:9A:CC:B8:51:A5:9C:09:2F:7F:AE:AF:8A:9E:BF
Certificate issuer:       /CN=11e9171ff8313da641be13d490ad698dc16c366a
Certificate serial:       01941F8C52F5E77FAF76D72BFC4D388C47D3
Authority key identifier: 11:E9:17:1F:F8:31:3D:A6:41:BE:13:D4:90:AD:69:8D:C1:6C:36:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EekXH_gxPaZBvhPUkK1pjcFsNmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/a5b12e-d90e-44d4-b63a-95d105a70c94/1/ZWzMusszmsy4UaWcCS9_rq-Knr8.roa
Signing time:             Wed 01 Jan 2025 01:47:57 +0000
ROA not before:           Wed 01 Jan 2025 01:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49981
IP address blocks:        45.93.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/a5b12e-d90e-44d4-b63a-95d105a70c94/1/EekXH_gxPaZBvhPUkK1pjcFsNmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/a5b12e-d90e-44d4-b63a-95d105a70c94/1/EekXH_gxPaZBvhPUkK1pjcFsNmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EekXH_gxPaZBvhPUkK1pjcFsNmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:52:f5:e7:7f:af:76:d7:2b:fc:4d:38:8c:47:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11e9171ff8313da641be13d490ad698dc16c366a
        Validity
            Not Before: Jan  1 01:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=656cccbacb339accb851a59c092f7faeaf8a9ebf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:13:ca:fa:86:aa:80:29:db:a7:db:c8:ee:fc:
                    32:f3:82:e0:fe:cd:6a:db:3c:54:74:de:95:15:a5:
                    3a:56:81:28:f3:12:2b:9e:d8:f0:a5:e7:e6:13:1e:
                    68:9d:8a:cb:b9:8a:f0:45:03:0b:aa:b9:2c:ab:d7:
                    9d:34:9f:5b:59:7f:04:3f:32:51:3a:25:f0:d9:0c:
                    fc:3c:97:51:15:1f:e5:89:95:41:01:cd:7e:19:13:
                    05:69:7c:b4:f5:34:c6:0d:28:67:ad:73:45:d7:ba:
                    0d:8a:00:fc:92:8b:8c:7c:1d:9c:84:cc:bb:e9:24:
                    b0:a9:9b:a3:16:9a:51:2b:96:33:1b:9d:9f:f9:3c:
                    98:80:a6:82:0e:e5:2d:e8:4b:4e:b3:eb:1c:2b:a9:
                    e1:b6:4a:3e:bb:4b:da:6a:5f:7a:b9:46:86:f5:21:
                    d9:7b:a3:ea:e5:83:83:cd:f8:8d:5f:14:50:51:b5:
                    21:15:34:56:f6:9b:c0:5f:1f:10:c0:cd:13:eb:d7:
                    81:ab:94:b1:88:14:5a:3a:ba:2a:04:e4:4e:b1:e5:
                    11:75:30:cc:d9:9f:42:cb:95:af:f5:8a:c8:d4:e9:
                    7e:aa:eb:18:fa:6e:65:23:5a:48:c8:8a:b5:bc:3f:
                    85:9e:ba:f3:0d:b7:36:6f:33:25:46:0a:a7:d6:9d:
                    40:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:6C:CC:BA:CB:33:9A:CC:B8:51:A5:9C:09:2F:7F:AE:AF:8A:9E:BF
            X509v3 Authority Key Identifier:
                keyid:11:E9:17:1F:F8:31:3D:A6:41:BE:13:D4:90:AD:69:8D:C1:6C:36:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EekXH_gxPaZBvhPUkK1pjcFsNmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/a5b12e-d90e-44d4-b63a-95d105a70c94/1/ZWzMusszmsy4UaWcCS9_rq-Knr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/a5b12e-d90e-44d4-b63a-95d105a70c94/1/EekXH_gxPaZBvhPUkK1pjcFsNmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:05:71:bd:a3:a6:52:62:7d:24:75:e5:6e:3e:12:1b:ab:e5:
         95:03:8b:80:6a:2c:9f:2d:45:8c:b9:0f:ef:38:f8:91:be:e5:
         c0:8a:fe:5e:08:74:7a:2c:f6:0a:47:c5:f9:ff:81:b2:6f:7b:
         9d:8c:38:e0:2d:ba:04:e6:4c:26:a1:d3:37:f6:9b:79:34:ec:
         ff:84:eb:2f:19:4f:57:6f:cb:4d:32:d8:15:48:c8:fb:c9:f3:
         b5:8f:49:0b:0c:d0:55:f5:af:97:91:9d:d6:1c:4f:e6:71:75:
         6f:5f:d5:fe:13:82:49:ce:ab:8a:a6:ea:e0:99:58:de:eb:c8:
         fb:2c:f2:3b:14:22:17:da:ce:63:95:14:4b:3f:a4:c8:bc:8f:
         c4:7a:5c:56:20:c2:1f:8e:c8:bc:be:2a:09:f4:13:43:28:69:
         ce:4d:55:f0:95:df:25:8b:f1:17:3c:1a:0a:16:82:cb:34:55:
         d6:0c:39:1a:a6:42:74:6d:ec:03:b1:b5:a0:2c:17:99:ba:42:
         9d:d2:cd:b5:bd:75:91:7a:44:e7:cf:db:96:eb:65:2b:c6:e9:
         42:32:cf:8b:91:ac:e0:47:fa:d1:b7:39:90:54:c1:0c:3a:f7:
         4a:67:f7:f7:cb:ef:d5:86:f4:d2:2f:37:00:f1:a6:16:a7:d2:
         09:3a:32:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjFL153+vdtcr/E04jEfTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZTkxNzFmZjgzMTNkYTY0MWJlMTNkNDkwYWQ2OThkYzE2
YzM2NmEwHhcNMjUwMTAxMDE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTZjY2NiYWNiMzM5YWNjYjg1MWE1OWMwOTJmN2ZhZWFmOGE5ZWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRPK+oaqgCnbp9vI7vwy84Lg/s1q
2zxUdN6VFaU6VoEo8xIrntjwpefmEx5onYrLuYrwRQMLqrksq9edNJ9bWX8EPzJR
OiXw2Qz8PJdRFR/liZVBAc1+GRMFaXy09TTGDShnrXNF17oNigD8kouMfB2chMy7
6SSwqZujFppRK5YzG52f+TyYgKaCDuUt6EtOs+scK6nhtko+u0vaal96uUaG9SHZ
e6Pq5YODzfiNXxRQUbUhFTRW9pvAXx8QwM0T69eBq5SxiBRaOroqBOROseURdTDM
2Z9Cy5Wv9YrI1Ol+qusY+m5lI1pIyIq1vD+FnrrzDbc2bzMlRgqn1p1AmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGVszLrLM5rMuFGlnAkvf66vip6/MB8GA1UdIwQY
MBaAFBHpFx/4MT2mQb4T1JCtaY3BbDZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWVrWEhfZ3hQYVpCdmhQVWtLMXBqY0ZzTm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS9hNWIxMmUtZDkwZS00NGQ0LWI2M2Et
OTVkMTA1YTcwYzk0LzEvWld6TXVzc3ptc3k0VWFXY0NTOV9ycS1LbnI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS9hNWIxMmUtZDkwZS00NGQ0LWI2M2EtOTVkMTA1YTcwYzk0
LzEvRWVrWEhfZ3hQYVpCdmhQVWtLMXBqY0ZzTm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV0XMA0G
CSqGSIb3DQEBCwUAA4IBAQCCBXG9o6ZSYn0kdeVuPhIbq+WVA4uAaiyfLUWMuQ/v
OPiRvuXAiv5eCHR6LPYKR8X5/4Gyb3udjDjgLboE5kwmodM39pt5NOz/hOsvGU9X
b8tNMtgVSMj7yfO1j0kLDNBV9a+XkZ3WHE/mcXVvX9X+E4JJzquKpurgmVje68j7
LPI7FCIX2s5jlRRLP6TIvI/EelxWIMIfjsi8vioJ9BNDKGnOTVXwld8li/EXPBoK
FoLLNFXWDDkapkJ0bewDsbWgLBeZukKd0s21vXWRekTnz9uW62UrxulCMs+Lkazg
R/rRtzmQVMEMOvdKZ/f3y+/VhvTSLzcA8aYWp9IJOjJH
-----END CERTIFICATE-----