Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zfnil5ZcScZi_sxK_DJ1m0A4xo4.roa
File:                     zfnil5ZcScZi_sxK_DJ1m0A4xo4.roa (raw, json)
Hash identifier:          TJfrEUMgKhuZtqAVNippZ43wi+XXpgW5XPWn05bRQ/8=
Subject key identifier:   CD:F9:E2:97:96:5C:49:C6:62:FE:CC:4A:FC:32:75:9B:40:38:C6:8E
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422203A472E7D47F90ED0409C71C233C7
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zfnil5ZcScZi_sxK_DJ1m0A4xo4.roa
Signing time:             Wed 01 Jan 2025 13:48:44 +0000
ROA not before:           Wed 01 Jan 2025 13:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202513
IP address blocks:        45.90.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:3a:47:2e:7d:47:f9:0e:d0:40:9c:71:c2:33:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cdf9e297965c49c662fecc4afc32759b4038c68e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ef:d8:a4:56:17:18:f3:30:9a:b4:1b:15:5f:
                    a6:c0:10:9b:f1:76:d1:cc:a2:05:2d:d6:4a:bc:22:
                    41:21:97:23:9a:37:89:cd:3c:f3:6a:0c:00:10:b9:
                    51:5b:21:d0:5a:b9:8f:18:c8:f7:48:e2:23:b9:dd:
                    fa:bd:fc:2d:cd:2a:95:69:d3:dc:1b:e3:2d:98:6d:
                    85:ad:64:11:4d:31:54:e9:84:21:64:9c:5c:81:a6:
                    a7:77:ed:86:11:c4:23:86:a1:3c:9e:f1:65:0b:50:
                    b5:30:f3:75:29:a2:5c:ea:42:05:97:ab:13:db:90:
                    6b:8e:52:6d:be:ca:40:78:9c:07:43:03:75:6a:ea:
                    cc:5e:fb:e6:06:86:e5:28:3b:cc:c5:ea:22:77:37:
                    3c:86:6b:2a:e9:ff:c6:9a:34:48:44:6b:59:b8:92:
                    7c:48:de:f8:22:81:42:d7:00:0f:05:00:4d:fe:1f:
                    cd:09:06:2f:31:a2:9d:e7:1b:58:05:0c:b6:27:46:
                    a2:a0:35:1e:b7:bb:32:89:06:2d:15:d9:f6:ee:8d:
                    65:50:91:7f:45:bd:a7:26:53:e4:2b:d2:78:73:09:
                    d2:a7:7f:3f:d0:1f:91:ad:8b:59:ac:59:ff:1b:e6:
                    bb:55:6d:8e:a6:db:ac:59:f2:3f:38:e5:61:ec:95:
                    62:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:F9:E2:97:96:5C:49:C6:62:FE:CC:4A:FC:32:75:9B:40:38:C6:8E
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zfnil5ZcScZi_sxK_DJ1m0A4xo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:4e:1c:53:10:e5:9b:88:06:4a:63:58:1b:23:b9:a1:d1:1c:
         28:74:8a:00:b5:d6:7e:8f:c5:96:23:4f:2e:00:ac:62:39:b8:
         bb:94:79:fc:b7:77:3f:b1:1c:be:e9:28:b5:2f:05:74:ad:8d:
         10:95:bc:e6:83:00:5d:41:84:78:ce:02:3e:99:27:87:0b:b3:
         0f:54:c8:92:1e:48:e6:d2:d6:47:f7:8e:2f:00:a3:4b:da:5b:
         fb:56:27:9a:01:86:20:4e:19:00:04:c6:a8:c2:99:08:10:27:
         3a:67:06:1d:ef:72:78:de:21:42:06:c9:bf:eb:84:6f:1a:be:
         49:fb:80:a0:39:b7:f1:2d:70:40:f7:e4:6b:19:b8:76:29:f2:
         8e:33:07:48:1f:a4:9e:55:25:42:61:f8:18:15:e9:ed:25:00:
         bc:84:29:f1:c1:93:58:26:17:3a:0c:e5:76:a8:4a:3a:65:b0:
         b9:4d:17:0a:2b:71:8c:5c:42:85:0f:50:2a:16:bf:10:ae:1a:
         59:89:1c:0c:a9:ce:0f:78:2d:43:17:47:d9:25:bc:22:4f:3d:
         65:b3:b5:e5:a5:be:85:27:29:9f:88:d9:d3:78:30:c3:19:da:
         f3:2a:8a:ca:31:c0:6a:96:62:a8:d7:de:2d:9a:c7:6b:95:3f:
         e4:c1:84:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIDpHLn1H+Q7QQJxxwjPHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGY5ZTI5Nzk2NWM0OWM2NjJmZWNjNGFmYzMyNzU5YjQwMzhjNjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwu/YpFYXGPMwmrQbFV+mwBCb8XbR
zKIFLdZKvCJBIZcjmjeJzTzzagwAELlRWyHQWrmPGMj3SOIjud36vfwtzSqVadPc
G+MtmG2FrWQRTTFU6YQhZJxcgaand+2GEcQjhqE8nvFlC1C1MPN1KaJc6kIFl6sT
25BrjlJtvspAeJwHQwN1aurMXvvmBoblKDvMxeoidzc8hmsq6f/GmjRIRGtZuJJ8
SN74IoFC1wAPBQBN/h/NCQYvMaKd5xtYBQy2J0aioDUet7syiQYtFdn27o1lUJF/
Rb2nJlPkK9J4cwnSp38/0B+RrYtZrFn/G+a7VW2OptusWfI/OOVh7JViJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM354peWXEnGYv7MSvwydZtAOMaOMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvemZuaWw1WmNTY1ppX3N4S19ESjFtMEE0eG80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVrtMA0G
CSqGSIb3DQEBCwUAA4IBAQA8ThxTEOWbiAZKY1gbI7mh0RwodIoAtdZ+j8WWI08u
AKxiObi7lHn8t3c/sRy+6Si1LwV0rY0QlbzmgwBdQYR4zgI+mSeHC7MPVMiSHkjm
0tZH944vAKNL2lv7VieaAYYgThkABMaowpkIECc6ZwYd73J43iFCBsm/64RvGr5J
+4CgObfxLXBA9+RrGbh2KfKOMwdIH6SeVSVCYfgYFentJQC8hCnxwZNYJhc6DOV2
qEo6ZbC5TRcKK3GMXEKFD1AqFr8QrhpZiRwMqc4PeC1DF0fZJbwiTz1ls7Xlpb6F
JymfiNnTeDDDGdrzKorKMcBqlmKo194tmsdrlT/kwYSI
-----END CERTIFICATE-----