Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/ZLwRkKQh_7POyioEYrZ3Uz23ZrM.roa
File:                     ZLwRkKQh_7POyioEYrZ3Uz23ZrM.roa (raw, json)
Hash identifier:          9P6WXqns21QO/p0vnb7Lim3P8BNFktkGNpHdprvdTDc=
Subject key identifier:   64:BC:11:90:A4:21:FF:B3:CE:CA:2A:04:62:B6:77:53:3D:B7:66:B3
Certificate issuer:       /CN=333361fba8409174fb3c482b8ca26f235ebd22c2
Certificate serial:       018CCA2B4508DF2516DB36C68A08A4626861
Authority key identifier: 33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/ZLwRkKQh_7POyioEYrZ3Uz23ZrM.roa
Signing time:             Tue 02 Jan 2024 12:34:42 +0000
ROA not before:           Tue 02 Jan 2024 12:34:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139659
IP address blocks:        45.145.228.0/24 maxlen: 24
                          45.145.228.0/23 maxlen: 23
                          45.145.229.0/24 maxlen: 24
                          45.152.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:45:08:df:25:16:db:36:c6:8a:08:a4:62:68:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=333361fba8409174fb3c482b8ca26f235ebd22c2
        Validity
            Not Before: Jan  2 12:34:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64bc1190a421ffb3ceca2a0462b677533db766b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6e:9a:9c:a8:1b:06:c0:7e:81:2b:d5:ae:5f:
                    41:97:33:68:da:df:75:10:b5:41:3b:97:55:95:25:
                    8f:4f:c0:d7:0a:60:b9:46:b7:07:a2:26:81:88:02:
                    27:3d:91:47:56:6a:b1:ed:62:bf:40:36:9d:f6:50:
                    e8:34:06:c6:85:23:a8:38:43:62:46:49:8d:a1:c2:
                    91:cf:9d:74:ff:94:6e:ae:8e:4d:29:f0:1b:fb:e6:
                    45:42:26:4a:b8:d7:8c:2d:dd:93:19:79:43:28:a6:
                    a0:93:b2:28:68:0a:d4:44:66:e7:91:b8:96:86:ed:
                    45:42:75:f8:80:ba:56:e6:2d:99:56:2a:2a:05:fd:
                    82:d8:0d:c7:2c:8a:04:b8:88:4b:dd:74:55:08:54:
                    82:c5:ff:53:b8:f2:99:4b:48:42:b1:50:e1:ce:11:
                    03:e5:1b:60:40:1e:5b:ed:15:2f:34:92:63:6e:11:
                    8b:93:34:67:05:e9:ee:6e:f4:f2:51:c3:bf:f4:f0:
                    f3:f7:e0:36:84:d4:d7:fb:16:11:02:d6:3c:f2:1c:
                    2b:1e:bd:ed:30:ab:f9:78:f4:f1:39:92:0f:f6:17:
                    8e:aa:e8:61:79:e9:3d:2a:81:5c:25:cc:02:22:40:
                    86:09:94:8a:f9:c7:cd:ba:a7:4c:ab:59:3c:35:3f:
                    9b:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:BC:11:90:A4:21:FF:B3:CE:CA:2A:04:62:B6:77:53:3D:B7:66:B3
            X509v3 Authority Key Identifier:
                keyid:33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/ZLwRkKQh_7POyioEYrZ3Uz23ZrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.228.0/23
                  45.152.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:c4:1a:1e:d8:82:89:10:9c:7b:91:3a:51:69:1e:39:00:8b:
         30:09:12:11:ba:ba:fe:af:7d:02:3c:57:9e:8c:75:63:5a:67:
         fe:f9:62:03:1f:0a:8d:9e:33:4b:15:f6:bd:7b:b4:0e:c5:c8:
         92:df:d6:61:d1:94:56:fa:0a:f6:f8:89:4f:53:6d:17:3d:a0:
         f3:ed:e1:c8:eb:eb:b5:20:fe:96:26:bd:92:0e:6e:7a:a0:4e:
         a9:fa:52:28:72:f6:9e:3c:ed:f8:85:09:00:d5:cf:ce:6a:cc:
         23:51:71:82:d6:12:8b:77:fa:bd:19:f1:88:99:17:6d:7e:1a:
         58:4a:0c:3e:7e:02:82:4f:0b:9b:9d:08:47:31:52:42:a0:dd:
         84:5a:d5:68:6b:eb:4d:3a:3a:6e:e4:c5:f4:14:2f:1c:3d:db:
         4b:72:ea:b9:a2:e3:cc:92:95:50:5b:4c:ae:16:ec:98:43:6d:
         fd:99:1a:1d:b1:ca:45:99:df:c4:df:93:df:29:6d:52:d4:75:
         24:4d:c3:a0:fc:61:7c:af:84:33:de:f5:b9:4b:4b:4d:37:68:
         88:20:c7:f5:63:98:f3:71:c6:62:f2:9c:b0:f8:8e:51:67:bd:
         8a:a6:66:4d:3f:97:dc:f9:61:0b:c3:f6:2e:73:56:e6:10:29:
         7d:1e:23:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKK0UI3yUW2zbGigikYmhhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMzM2MWZiYTg0MDkxNzRmYjNjNDgyYjhjYTI2ZjIzNWVi
ZDIyYzIwHhcNMjQwMTAyMTIzNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGJjMTE5MGE0MjFmZmIzY2VjYTJhMDQ2MmI2Nzc1MzNkYjc2NmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW6anKgbBsB+gSvVrl9BlzNo2t91
ELVBO5dVlSWPT8DXCmC5RrcHoiaBiAInPZFHVmqx7WK/QDad9lDoNAbGhSOoOENi
RkmNocKRz510/5Ruro5NKfAb++ZFQiZKuNeMLd2TGXlDKKagk7IoaArURGbnkbiW
hu1FQnX4gLpW5i2ZVioqBf2C2A3HLIoEuIhL3XRVCFSCxf9TuPKZS0hCsVDhzhED
5RtgQB5b7RUvNJJjbhGLkzRnBenubvTyUcO/9PDz9+A2hNTX+xYRAtY88hwrHr3t
MKv5ePTxOZIP9heOquhheek9KoFcJcwCIkCGCZSK+cfNuqdMq1k8NT+brwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGS8EZCkIf+zzsoqBGK2d1M9t2azMB8GA1UdIwQY
MBaAFDMzYfuoQJF0+zxIK4yibyNevSLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjkt
YjJjY2NmMGVhZGFiLzEvWkx3UmtLUWhfN1BPeWlvRVlyWjNVejIzWnJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjktYjJjY2NmMGVhZGFi
LzEvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLZHkAwQC
LZhAMA0GCSqGSIb3DQEBCwUAA4IBAQAFxBoe2IKJEJx7kTpRaR45AIswCRIRurr+
r30CPFeejHVjWmf++WIDHwqNnjNLFfa9e7QOxciS39Zh0ZRW+gr2+IlPU20XPaDz
7eHI6+u1IP6WJr2SDm56oE6p+lIocvaePO34hQkA1c/OaswjUXGC1hKLd/q9GfGI
mRdtfhpYSgw+fgKCTwubnQhHMVJCoN2EWtVoa+tNOjpu5MX0FC8cPdtLcuq5ouPM
kpVQW0yuFuyYQ239mRodscpFmd/E35PfKW1S1HUkTcOg/GF8r4Qz3vW5S0tNN2iI
IMf1Y5jzccZi8pyw+I5RZ72KpmZNP5fc+WELw/Yuc1bmECl9HiMx
-----END CERTIFICATE-----