Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/ZPnSp5toQpthOZvn7vrTi1PIJ0A.roa
File:                     ZPnSp5toQpthOZvn7vrTi1PIJ0A.roa (raw, json)
Hash identifier:          2xJoiopsp/aP4IfMiv71h2CCh2maxmce9cHqGdAd1jM=
Subject key identifier:   64:F9:D2:A7:9B:68:42:9B:61:39:9B:E7:EE:FA:D3:8B:53:C8:27:40
Certificate issuer:       /CN=3545a7200164912041bb931efb1feac123b43a18
Certificate serial:       019425219C8E29CA8AEC54A0CD2FF878B573
Authority key identifier: 35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/ZPnSp5toQpthOZvn7vrTi1PIJ0A.roa
Signing time:             Thu 02 Jan 2025 03:49:07 +0000
ROA not before:           Thu 02 Jan 2025 03:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20746
IP address blocks:        82.102.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 06:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:9c:8e:29:ca:8a:ec:54:a0:cd:2f:f8:78:b5:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3545a7200164912041bb931efb1feac123b43a18
        Validity
            Not Before: Jan  2 03:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64f9d2a79b68429b61399be7eefad38b53c82740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:99:dd:1f:6c:0d:2d:2f:48:cf:94:2b:1d:63:
                    49:f1:60:7d:a7:c7:eb:9b:a7:ab:55:07:4c:23:49:
                    db:96:aa:37:c9:94:8c:77:1f:48:48:16:c6:99:3b:
                    ca:4c:a9:f9:19:43:3e:7a:4c:47:bd:0b:52:fb:ab:
                    39:d4:c6:47:54:2e:57:d7:44:04:be:0f:c9:9d:d8:
                    87:1a:fe:94:35:0f:78:50:ef:2a:6d:c1:ec:59:c6:
                    f6:91:59:22:a3:b9:f9:b0:b4:f9:c6:59:fd:10:82:
                    5b:cb:fc:3a:ce:f5:fe:5d:1f:1c:37:bf:ed:ba:60:
                    cd:e1:8e:ca:69:d7:67:30:12:a4:dd:5b:97:ec:61:
                    f6:27:52:a9:53:0c:67:a7:f7:a4:56:9a:0d:c7:2c:
                    7f:71:be:ee:a2:36:95:ba:3c:bc:11:6d:75:7f:6d:
                    e5:14:02:2e:88:5d:be:ee:c1:40:9b:ba:93:4a:10:
                    6a:5e:06:0d:d5:8e:c4:07:51:50:0d:42:ea:49:84:
                    c4:cd:05:83:0f:64:5a:bb:ad:af:b5:5d:3f:23:b0:
                    17:01:3f:ea:38:0b:67:d5:94:00:e8:fe:71:84:33:
                    60:ac:26:bf:23:aa:e9:c2:92:17:7c:8d:73:db:25:
                    3b:88:45:29:3a:48:ba:91:e0:69:c7:29:59:4b:bc:
                    ff:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:F9:D2:A7:9B:68:42:9B:61:39:9B:E7:EE:FA:D3:8B:53:C8:27:40
            X509v3 Authority Key Identifier:
                keyid:35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/ZPnSp5toQpthOZvn7vrTi1PIJ0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.102.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:d5:85:78:1e:36:d0:a4:5d:ef:fd:72:75:8f:5e:0e:ab:4f:
         b9:fa:40:68:c7:8e:93:21:a8:80:26:13:36:23:81:ee:55:d2:
         87:f3:01:0b:0f:fe:83:40:17:d9:99:7b:64:0e:43:06:b8:44:
         c9:b2:57:87:08:6e:31:2f:fb:ec:eb:0e:e3:b0:54:df:bb:6b:
         4a:dd:58:99:35:52:52:47:52:45:b6:c1:f7:95:0b:71:8d:88:
         6a:d0:44:0e:58:56:61:58:23:74:79:1d:7d:04:46:cd:71:82:
         9f:de:81:ab:fd:66:66:17:8e:1a:fb:a1:05:a8:59:ad:aa:58:
         09:8e:10:89:87:df:d6:ec:2e:32:24:95:4d:24:ae:2b:6c:b0:
         0a:d3:20:70:a2:f3:ee:a5:05:10:b6:31:a4:75:bf:93:bd:84:
         64:81:d2:44:27:0c:d0:6d:2b:3e:8b:22:82:5c:cc:42:8c:77:
         97:c5:73:2e:ca:43:15:d5:34:17:bb:60:af:69:c9:e7:9c:fe:
         54:5e:4b:4a:f5:d1:08:35:4c:d0:d5:77:b0:d4:5b:23:1c:cf:
         d6:83:50:ed:0f:99:21:52:59:8d:cb:ee:b5:66:a2:2d:4d:a4:
         7a:3c:6b:3d:fb:6d:d4:fb:e2:ed:76:6b:31:68:b8:5a:6f:bd:
         f2:1c:fd:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIZyOKcqK7FSgzS/4eLVzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NDVhNzIwMDE2NDkxMjA0MWJiOTMxZWZiMWZlYWMxMjNi
NDNhMTgwHhcNMjUwMTAyMDM0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGY5ZDJhNzliNjg0MjliNjEzOTliZTdlZWZhZDM4YjUzYzgyNzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZndH2wNLS9Iz5QrHWNJ8WB9p8fr
m6erVQdMI0nblqo3yZSMdx9ISBbGmTvKTKn5GUM+ekxHvQtS+6s51MZHVC5X10QE
vg/JndiHGv6UNQ94UO8qbcHsWcb2kVkio7n5sLT5xln9EIJby/w6zvX+XR8cN7/t
umDN4Y7KaddnMBKk3VuX7GH2J1KpUwxnp/ekVpoNxyx/cb7uojaVujy8EW11f23l
FAIuiF2+7sFAm7qTShBqXgYN1Y7EB1FQDULqSYTEzQWDD2Rau62vtV0/I7AXAT/q
OAtn1ZQA6P5xhDNgrCa/I6rpwpIXfI1z2yU7iEUpOki6keBpxylZS7z/PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGT50qebaEKbYTmb5+7604tTyCdAMB8GA1UdIwQY
MBaAFDVFpyABZJEgQbuTHvsf6sEjtDoYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDkt
YWFiYjA2MmU0MGRiLzEvWlBuU3A1dG9RcHRoT1p2bjd2clRpMVBJSjBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDktYWFiYjA2MmU0MGRi
LzEvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUmYEMA0G
CSqGSIb3DQEBCwUAA4IBAQAH1YV4HjbQpF3v/XJ1j14Oq0+5+kBox46TIaiAJhM2
I4HuVdKH8wELD/6DQBfZmXtkDkMGuETJsleHCG4xL/vs6w7jsFTfu2tK3ViZNVJS
R1JFtsH3lQtxjYhq0EQOWFZhWCN0eR19BEbNcYKf3oGr/WZmF44a+6EFqFmtqlgJ
jhCJh9/W7C4yJJVNJK4rbLAK0yBwovPupQUQtjGkdb+TvYRkgdJEJwzQbSs+iyKC
XMxCjHeXxXMuykMV1TQXu2CvacnnnP5UXktK9dEINUzQ1Xew1FsjHM/Wg1DtD5kh
UlmNy+61ZqItTaR6PGs9+23U++LtdmsxaLhab73yHP2V
-----END CERTIFICATE-----