Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/Sza6sQo4SxIMxey9qB4eBTtIEPg.roa
File:                     Sza6sQo4SxIMxey9qB4eBTtIEPg.roa (raw, json)
Hash identifier:          C/1FfNF+TmksPsjo5TVeKV1X6wR0pQ31deypiIvzO+k=
Subject key identifier:   4B:36:BA:B1:0A:38:4B:12:0C:C5:EC:BD:A8:1E:1E:05:3B:48:10:F8
Certificate issuer:       /CN=44fc887c977393575de6257e75fa99cde2037c6c
Certificate serial:       019731887DD31E1BD44C87742DF5727390ED
Authority key identifier: 44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/Sza6sQo4SxIMxey9qB4eBTtIEPg.roa
Signing time:             Mon 02 Jun 2025 16:45:18 +0000
ROA not before:           Mon 02 Jun 2025 16:45:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        45.85.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:31:88:7d:d3:1e:1b:d4:4c:87:74:2d:f5:72:73:90:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44fc887c977393575de6257e75fa99cde2037c6c
        Validity
            Not Before: Jun  2 16:45:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b36bab10a384b120cc5ecbda81e1e053b4810f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:85:94:83:fd:dd:3a:7b:1e:f2:2a:16:90:17:
                    bd:40:45:4c:73:b3:9f:29:3d:60:be:0a:47:b9:cd:
                    4d:a9:d2:db:25:05:cd:cb:c3:2f:af:93:a0:f3:6e:
                    ee:0b:dd:4a:01:9a:10:2a:67:44:e1:45:a6:3c:7e:
                    c7:ab:ba:8d:f3:f5:de:d9:5f:b6:43:b6:5e:70:8e:
                    ff:45:22:d0:6a:3c:78:61:57:98:f7:74:15:36:51:
                    8e:d5:77:4e:50:d9:c6:a2:a3:dc:8e:59:0f:6d:b6:
                    a9:4c:6d:92:e6:80:df:4d:3c:42:cb:84:44:b7:29:
                    06:9a:60:37:3b:93:2f:21:89:a8:b2:c1:10:62:2d:
                    33:8b:c8:cc:ef:05:cb:f8:5d:86:aa:de:8c:47:2b:
                    50:30:a5:68:70:8d:c2:a0:c7:49:04:1e:cf:20:86:
                    01:ec:09:64:0f:b9:73:e4:3c:cf:2e:5f:d0:01:97:
                    06:9c:07:74:48:de:cf:ef:6b:58:cb:db:b1:e4:0a:
                    c2:00:3b:d5:7e:16:7c:eb:43:a4:f3:ff:1a:24:5e:
                    7f:16:db:49:8c:c6:4c:c0:4a:ed:fd:ca:e6:2e:33:
                    da:8b:29:7f:50:64:cd:ce:c9:d2:17:e0:d7:6e:cf:
                    62:1c:79:59:e6:7d:6c:f1:11:e2:1d:45:4f:10:20:
                    a7:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:36:BA:B1:0A:38:4B:12:0C:C5:EC:BD:A8:1E:1E:05:3B:48:10:F8
            X509v3 Authority Key Identifier:
                keyid:44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/Sza6sQo4SxIMxey9qB4eBTtIEPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:00:ed:77:c6:8b:0e:02:47:7c:5b:4e:9e:96:49:5e:1e:6a:
         6b:a1:1b:48:5e:d5:19:91:8c:13:22:d2:e5:0f:96:7e:40:2c:
         64:ad:30:7c:16:3c:df:8f:8d:7d:4b:43:d6:0f:6e:96:54:2f:
         df:d8:47:0e:bb:5a:35:0c:8f:5d:e0:18:70:96:a9:04:86:1c:
         2d:a9:ff:40:2d:06:35:9b:e4:ec:ea:c3:c2:62:97:7b:25:8e:
         ee:64:7d:e2:df:8b:04:c0:2f:c2:fd:bd:0d:da:a4:97:4e:7d:
         56:15:e6:ed:31:0b:3a:0b:2d:d4:bc:e0:8e:c2:c0:c7:bf:13:
         a1:59:11:be:3a:47:88:c4:4a:57:1f:84:b2:9a:33:eb:57:bb:
         7c:31:54:a4:76:11:d2:10:bd:4e:a9:e0:97:a7:a6:7b:06:96:
         06:a1:57:bd:1d:09:54:61:fb:f1:1d:05:5f:f5:2e:1a:9a:1e:
         dc:36:69:a0:58:63:a1:e2:26:2c:02:5c:2b:97:1c:22:2f:24:
         94:da:2a:07:57:8b:9e:8d:e1:a7:0b:ba:da:59:61:65:a6:cd:
         4b:2e:f3:61:f6:dc:65:70:d6:33:07:3f:62:fa:76:d6:07:06:
         0e:04:d1:76:61:1b:00:2e:1a:6c:6c:ac:c8:f7:cb:aa:cb:59:
         66:7b:ae:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcxiH3THhvUTId0LfVyc5DtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZmM4ODdjOTc3MzkzNTc1ZGU2MjU3ZTc1ZmE5OWNkZTIw
MzdjNmMwHhcNMjUwNjAyMTY0NTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjM2YmFiMTBhMzg0YjEyMGNjNWVjYmRhODFlMWUwNTNiNDgxMGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4WUg/3dOnse8ioWkBe9QEVMc7Of
KT1gvgpHuc1NqdLbJQXNy8Mvr5Og827uC91KAZoQKmdE4UWmPH7Hq7qN8/Xe2V+2
Q7ZecI7/RSLQajx4YVeY93QVNlGO1XdOUNnGoqPcjlkPbbapTG2S5oDfTTxCy4RE
tykGmmA3O5MvIYmossEQYi0zi8jM7wXL+F2Gqt6MRytQMKVocI3CoMdJBB7PIIYB
7AlkD7lz5DzPLl/QAZcGnAd0SN7P72tYy9ux5ArCADvVfhZ860Ok8/8aJF5/FttJ
jMZMwErt/crmLjPaiyl/UGTNzsnSF+DXbs9iHHlZ5n1s8RHiHUVPECCnAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEs2urEKOEsSDMXsvageHgU7SBD4MB8GA1UdIwQY
MBaAFET8iHyXc5NXXeYlfnX6mc3iA3xsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMt
YzM2OWMxZDRjMzM3LzEvU3phNnNRbzRTeElNeGV5OXFCNGVCVHRJRVBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMtYzM2OWMxZDRjMzM3
LzEvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVUMMA0G
CSqGSIb3DQEBCwUAA4IBAQAfAO13xosOAkd8W06elkleHmproRtIXtUZkYwTItLl
D5Z+QCxkrTB8Fjzfj419S0PWD26WVC/f2EcOu1o1DI9d4BhwlqkEhhwtqf9ALQY1
m+Ts6sPCYpd7JY7uZH3i34sEwC/C/b0N2qSXTn1WFebtMQs6Cy3UvOCOwsDHvxOh
WRG+OkeIxEpXH4SymjPrV7t8MVSkdhHSEL1OqeCXp6Z7BpYGoVe9HQlUYfvxHQVf
9S4amh7cNmmgWGOh4iYsAlwrlxwiLySU2ioHV4uejeGnC7raWWFlps1LLvNh9txl
cNYzBz9i+nbWBwYOBNF2YRsALhpsbKzI98uqy1lme65j
-----END CERTIFICATE-----