Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/z1jefElvYPl9Sfmvcp2a9URr2is.roa
File:                     z1jefElvYPl9Sfmvcp2a9URr2is.roa (raw, json)
Hash identifier:          DtsIp4KhgR8Ypfp85VOHNIvzac6O/djvZVh4xZ/7Izc=
Subject key identifier:   CF:58:DE:7C:49:6F:60:F9:7D:49:F9:AF:72:9D:9A:F5:44:6B:DA:2B
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01942220166552F581DBFC1A467D878BBAF2
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/z1jefElvYPl9Sfmvcp2a9URr2is.roa
Signing time:             Wed 01 Jan 2025 13:48:35 +0000
ROA not before:           Wed 01 Jan 2025 13:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        45.131.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 19:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:16:65:52:f5:81:db:fc:1a:46:7d:87:8b:ba:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf58de7c496f60f97d49f9af729d9af5446bda2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:13:98:90:cf:21:18:9f:c2:47:54:60:f2:24:
                    09:b9:86:f6:2f:0f:1c:0c:0c:a1:8b:4b:17:32:bc:
                    17:d9:17:a7:a2:cb:96:44:ba:5a:6f:3e:2c:37:57:
                    ac:2b:0c:9d:1e:bd:2b:24:a0:24:e9:b3:d1:d1:1c:
                    b7:6d:f2:10:a6:0b:b8:8f:ef:3a:53:1b:7d:bc:55:
                    69:3e:df:e7:02:32:c0:35:97:1c:5c:df:f4:93:fd:
                    1e:04:24:c2:6c:41:41:4a:69:5e:25:85:76:5c:c0:
                    76:97:f7:75:ed:70:60:66:45:13:65:a0:f6:50:05:
                    ee:33:02:46:ba:fb:02:c1:f6:c8:8c:d4:7b:60:70:
                    63:9d:d7:59:8d:1c:af:6a:03:1b:28:db:4f:16:9a:
                    e3:4f:5f:d3:aa:f9:c8:cc:44:e6:c9:d3:8e:22:d2:
                    0a:d1:d2:1b:4c:f5:18:c2:e7:f7:ac:75:c2:50:5f:
                    b6:50:16:32:20:84:6c:7c:e9:68:da:14:52:5e:aa:
                    a2:39:0f:cb:de:90:48:92:8c:d7:eb:2f:f3:84:9c:
                    db:a1:07:fa:6f:33:57:53:d5:b0:e3:97:b3:32:5a:
                    d6:30:01:d0:04:2d:3d:08:13:fa:d3:e6:c9:46:61:
                    9b:90:36:ae:4d:54:bc:2f:68:d3:9c:02:41:03:0f:
                    32:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:58:DE:7C:49:6F:60:F9:7D:49:F9:AF:72:9D:9A:F5:44:6B:DA:2B
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/z1jefElvYPl9Sfmvcp2a9URr2is.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:90:92:cc:69:52:d3:13:af:f8:5c:ca:f1:b0:ea:ab:32:69:
         5f:96:93:fd:68:f2:a4:0b:69:33:3b:f6:a4:ae:44:d3:dd:6a:
         40:fb:d9:a5:a3:ed:50:ac:57:c0:cd:e7:e7:81:40:23:49:46:
         2d:5e:9f:52:8d:79:a1:06:f9:2a:d6:2c:53:81:96:f1:dd:26:
         01:0c:6f:da:7e:0a:3e:8d:ab:f6:f0:c6:54:20:f2:5c:d1:10:
         fb:e6:d9:40:13:84:f1:ca:f9:fd:15:c9:ab:fc:6a:48:46:28:
         bd:59:39:2c:27:23:6e:22:cf:80:1d:c5:d3:2b:be:f1:fe:b9:
         16:c8:17:23:aa:22:5b:7c:01:33:b0:bb:a1:c9:79:c7:da:a8:
         fd:a6:bc:81:34:69:49:6b:2a:7d:d9:54:96:b6:da:06:a3:c7:
         0a:65:c1:fb:38:6b:a7:15:ea:ed:d8:c8:3e:de:d3:d6:3f:c9:
         03:84:28:cd:0a:7e:8e:74:9e:59:ac:33:e6:0d:ac:a3:4e:99:
         3f:2e:67:0a:21:6f:e5:d3:6e:83:4d:92:c6:b0:d2:12:b1:46:
         ec:98:46:e0:ba:a2:79:2c:80:bf:ae:20:c2:85:4f:61:e7:67:
         4a:a5:42:5b:38:7a:dd:e2:df:85:6a:7d:da:4e:ba:df:36:89:
         d6:f2:02:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIBZlUvWB2/waRn2Hi7ryMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjU4ZGU3YzQ5NmY2MGY5N2Q0OWY5YWY3MjlkOWFmNTQ0NmJkYTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1hOYkM8hGJ/CR1Rg8iQJuYb2Lw8c
DAyhi0sXMrwX2RenosuWRLpabz4sN1esKwydHr0rJKAk6bPR0Ry3bfIQpgu4j+86
Uxt9vFVpPt/nAjLANZccXN/0k/0eBCTCbEFBSmleJYV2XMB2l/d17XBgZkUTZaD2
UAXuMwJGuvsCwfbIjNR7YHBjnddZjRyvagMbKNtPFprjT1/TqvnIzETmydOOItIK
0dIbTPUYwuf3rHXCUF+2UBYyIIRsfOlo2hRSXqqiOQ/L3pBIkozX6y/zhJzboQf6
bzNXU9Ww45ezMlrWMAHQBC09CBP60+bJRmGbkDauTVS8L2jTnAJBAw8yTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9Y3nxJb2D5fUn5r3KdmvVEa9orMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvejFqZWZFbHZZUGw5U2ZtdmNwMmE5VVJyMmlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYOGMA0G
CSqGSIb3DQEBCwUAA4IBAQDAkJLMaVLTE6/4XMrxsOqrMmlflpP9aPKkC2kzO/ak
rkTT3WpA+9mlo+1QrFfAzefngUAjSUYtXp9SjXmhBvkq1ixTgZbx3SYBDG/afgo+
jav28MZUIPJc0RD75tlAE4Txyvn9Fcmr/GpIRii9WTksJyNuIs+AHcXTK77x/rkW
yBcjqiJbfAEzsLuhyXnH2qj9pryBNGlJayp92VSWttoGo8cKZcH7OGunFert2Mg+
3tPWP8kDhCjNCn6OdJ5ZrDPmDayjTpk/LmcKIW/l026DTZLGsNISsUbsmEbguqJ5
LIC/riDChU9h52dKpUJbOHrd4t+Fan3aTrrfNonW8gI3
-----END CERTIFICATE-----