Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/azDvVJUoNvYqaEaZIhu9OqWr21Q.roa
File:                     azDvVJUoNvYqaEaZIhu9OqWr21Q.roa (raw, json)
Hash identifier:          JWxoJDpKURHEm1uFBb309inT9x2eVZK63cqhRvZkCeo=
Subject key identifier:   6B:30:EF:54:95:28:36:F6:2A:68:46:99:22:1B:BD:3A:A5:AB:DB:54
Certificate issuer:       /CN=44fc887c977393575de6257e75fa99cde2037c6c
Certificate serial:       0194C093E96A1CEFC570F4797E11DFB2DC9A
Authority key identifier: 44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/azDvVJUoNvYqaEaZIhu9OqWr21Q.roa
Signing time:             Sat 01 Feb 2025 08:15:06 +0000
ROA not before:           Sat 01 Feb 2025 08:15:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.85.12.0/24 maxlen: 24
                          45.85.13.0/24 maxlen: 24
                          193.43.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:c0:93:e9:6a:1c:ef:c5:70:f4:79:7e:11:df:b2:dc:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44fc887c977393575de6257e75fa99cde2037c6c
        Validity
            Not Before: Feb  1 08:15:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b30ef54952836f62a684699221bbd3aa5abdb54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:9e:3c:5a:48:db:38:d2:19:3e:83:54:cc:b5:
                    78:81:f7:fd:4d:52:6b:27:70:bb:ea:d1:94:bf:44:
                    ee:89:ae:54:23:42:15:27:60:7f:a8:aa:8d:55:c9:
                    61:af:a3:17:07:8b:a5:2d:51:dd:11:8a:6d:db:73:
                    a3:c6:00:18:a9:b3:f5:cc:87:cd:d0:85:65:84:3a:
                    32:4c:b1:17:38:39:aa:6a:55:d5:2a:c9:55:50:e7:
                    52:6b:cc:2c:22:ab:bb:5c:6f:7a:f2:81:c8:8d:e3:
                    0e:b2:7c:db:05:3a:de:30:5a:50:5d:cc:8f:e4:3f:
                    da:a5:d4:ed:00:89:5b:1f:91:36:47:a3:39:24:94:
                    f0:a0:d9:a3:b7:fa:21:9c:43:65:0b:8a:2e:38:1f:
                    65:2d:48:3c:e7:12:02:43:22:71:b3:28:9d:63:3c:
                    35:c2:17:65:58:8e:fc:61:9d:dd:a3:5b:bd:c7:30:
                    1c:48:5e:04:1d:6c:ae:8d:0e:1b:1a:b5:00:c0:46:
                    cb:6e:03:4e:33:b5:34:97:a7:b0:8a:83:0f:8f:9d:
                    ac:60:29:d8:b7:6c:ab:86:5f:59:f8:a0:91:25:b8:
                    dd:11:41:34:db:42:6f:fc:80:8b:20:c1:35:f5:57:
                    83:1b:50:bd:09:49:91:c6:b3:d7:1e:8a:f0:4b:e1:
                    09:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:30:EF:54:95:28:36:F6:2A:68:46:99:22:1B:BD:3A:A5:AB:DB:54
            X509v3 Authority Key Identifier:
                keyid:44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/azDvVJUoNvYqaEaZIhu9OqWr21Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.12.0/23
                  193.43.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:78:ee:0f:46:6d:0d:ff:42:d1:89:f4:6b:ac:cf:59:3e:c0:
         8c:c4:82:25:bb:4a:5f:f0:a1:cd:8b:d3:69:ba:4f:08:49:8a:
         10:0f:19:c8:77:66:67:d3:69:7e:65:9c:23:a8:18:21:c2:69:
         fa:87:4d:50:f2:0e:27:2d:ed:3a:10:fa:17:b3:5c:6a:2b:a4:
         b7:cf:d9:ae:75:51:14:31:c4:1f:f5:19:32:69:e8:b9:11:09:
         2d:66:98:0f:31:1a:46:49:77:37:27:a0:12:a5:46:f7:2a:0e:
         57:72:93:b0:a5:ab:01:ac:7f:53:94:33:eb:94:b3:09:2b:8c:
         5b:1a:7c:45:73:fa:e0:2c:a5:75:db:a5:a2:17:68:24:e3:bb:
         7d:62:31:03:ea:3e:d7:e0:a5:7e:f4:e7:63:2a:4d:a8:78:0d:
         68:b7:e7:f0:bb:08:76:92:fd:12:e9:b7:d3:cc:a5:dd:e0:4b:
         c1:77:81:d4:da:67:3c:dc:17:ba:15:f0:1f:29:c5:11:c4:ed:
         6a:d5:5a:f6:86:37:3c:09:69:63:1c:10:27:59:78:fc:0e:12:
         4d:0e:00:3a:6f:3f:24:d6:1a:bc:bd:0c:1f:a5:d3:66:5e:52:
         d9:7b:f0:1f:b3:27:aa:32:52:98:5d:54:b4:22:61:ee:da:1a:
         44:d5:96:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZTAk+lqHO/FcPR5fhHfstyaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZmM4ODdjOTc3MzkzNTc1ZGU2MjU3ZTc1ZmE5OWNkZTIw
MzdjNmMwHhcNMjUwMjAxMDgxNTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjMwZWY1NDk1MjgzNmY2MmE2ODQ2OTkyMjFiYmQzYWE1YWJkYjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkp48WkjbONIZPoNUzLV4gff9TVJr
J3C76tGUv0Tuia5UI0IVJ2B/qKqNVclhr6MXB4ulLVHdEYpt23OjxgAYqbP1zIfN
0IVlhDoyTLEXODmqalXVKslVUOdSa8wsIqu7XG968oHIjeMOsnzbBTreMFpQXcyP
5D/apdTtAIlbH5E2R6M5JJTwoNmjt/ohnENlC4ouOB9lLUg85xICQyJxsyidYzw1
whdlWI78YZ3do1u9xzAcSF4EHWyujQ4bGrUAwEbLbgNOM7U0l6ewioMPj52sYCnY
t2yrhl9Z+KCRJbjdEUE020Jv/ICLIME19VeDG1C9CUmRxrPXHorwS+EJNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGsw71SVKDb2KmhGmSIbvTqlq9tUMB8GA1UdIwQY
MBaAFET8iHyXc5NXXeYlfnX6mc3iA3xsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMt
YzM2OWMxZDRjMzM3LzEvYXpEdlZKVW9OdllxYUVhWklodTlPcVdyMjFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMtYzM2OWMxZDRjMzM3
LzEvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLVUMAwQA
wSuOMA0GCSqGSIb3DQEBCwUAA4IBAQAReO4PRm0N/0LRifRrrM9ZPsCMxIIlu0pf
8KHNi9Npuk8ISYoQDxnId2Zn02l+ZZwjqBghwmn6h01Q8g4nLe06EPoXs1xqK6S3
z9mudVEUMcQf9Rkyaei5EQktZpgPMRpGSXc3J6ASpUb3Kg5XcpOwpasBrH9TlDPr
lLMJK4xbGnxFc/rgLKV126WiF2gk47t9YjED6j7X4KV+9OdjKk2oeA1ot+fwuwh2
kv0S6bfTzKXd4EvBd4HU2mc83Be6FfAfKcURxO1q1Vr2hjc8CWljHBAnWXj8DhJN
DgA6bz8k1hq8vQwfpdNmXlLZe/AfsyeqMlKYXVS0ImHu2hpE1ZY0
-----END CERTIFICATE-----