Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/xWzjOiU4GIbFmqwyeVmah8vO8F0.roa
File:                     xWzjOiU4GIbFmqwyeVmah8vO8F0.roa (raw, json)
Hash identifier:          S4iCzl3PC4M/IRKSKX7IIQOXaSNab8mVow5IXg2rGLA=
Subject key identifier:   C5:6C:E3:3A:25:38:18:86:C5:9A:AC:32:79:59:9A:87:CB:CE:F0:5D
Certificate issuer:       /CN=44fc887c977393575de6257e75fa99cde2037c6c
Certificate serial:       019424B38529BD4F19D0D272CE0913BFC750
Authority key identifier: 44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/xWzjOiU4GIbFmqwyeVmah8vO8F0.roa
Signing time:             Thu 02 Jan 2025 01:48:52 +0000
ROA not before:           Thu 02 Jan 2025 01:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        45.85.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:85:29:bd:4f:19:d0:d2:72:ce:09:13:bf:c7:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44fc887c977393575de6257e75fa99cde2037c6c
        Validity
            Not Before: Jan  2 01:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c56ce33a25381886c59aac3279599a87cbcef05d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b7:9e:c8:e1:b6:e0:8e:86:41:89:15:63:1a:
                    93:d9:a3:d7:37:f1:f1:6a:07:35:16:f6:ac:82:e6:
                    15:28:17:84:10:cd:82:a4:0a:b7:47:a3:0c:e1:c3:
                    a4:75:86:17:be:cd:6e:ee:45:d2:bb:65:f4:0f:bc:
                    07:1d:27:80:b2:c7:1b:95:7b:8a:3d:a9:a2:31:61:
                    88:be:6a:dd:23:c5:d2:74:19:93:2d:f6:76:66:9a:
                    be:21:20:ca:4e:3e:a9:e7:d2:c2:d1:e5:c7:10:b0:
                    a6:5f:c2:c1:9d:79:b3:14:32:2d:d0:a7:c1:d9:83:
                    c1:8b:69:5e:de:1a:37:a5:32:82:20:0b:48:49:b9:
                    bf:ce:ac:0f:ed:54:22:e3:c1:f2:ec:02:42:33:b1:
                    54:f4:2e:a2:7b:de:bd:3e:04:8c:23:fe:4a:32:db:
                    f0:e2:12:45:ae:24:99:f7:f0:f9:9f:7b:a2:36:67:
                    78:3a:5d:58:f1:98:4c:0c:dd:ab:ae:1a:f5:8d:62:
                    41:fc:c8:d2:6f:64:a9:10:5d:86:6b:9c:7f:8c:61:
                    ca:56:a5:ba:30:36:4b:6c:ce:93:48:a2:2b:68:d8:
                    1e:73:e7:0a:36:c1:6d:a5:50:2c:4c:e6:fe:f0:ce:
                    92:59:17:08:fd:73:48:89:af:4c:d0:52:8c:2a:45:
                    56:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:6C:E3:3A:25:38:18:86:C5:9A:AC:32:79:59:9A:87:CB:CE:F0:5D
            X509v3 Authority Key Identifier:
                keyid:44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/xWzjOiU4GIbFmqwyeVmah8vO8F0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:03:6d:b0:e2:e7:72:ec:29:60:e1:ff:8b:c0:f8:39:5b:86:
         9e:25:1b:01:1b:e9:62:6a:8f:45:91:d6:0a:e0:98:b1:43:10:
         f7:b8:78:ad:30:5c:82:7a:72:d8:1d:4f:74:6f:5c:b4:1b:d8:
         fd:90:83:e1:79:30:ba:82:16:d6:dd:8c:d8:15:83:c6:c7:cc:
         6d:73:2f:a0:9b:74:fb:51:cc:09:57:7b:03:65:a6:06:a9:65:
         55:33:85:04:1c:39:10:23:20:04:af:a0:17:0a:11:5f:57:4d:
         41:b0:1c:b0:92:6c:fa:b5:ef:0c:55:b7:a4:1a:bf:86:4b:b2:
         90:85:73:14:26:f2:d2:41:3b:08:95:a9:de:a8:34:1d:cd:65:
         9e:a5:99:51:83:9d:53:39:8c:32:6d:93:7a:91:2c:75:0b:cf:
         aa:fd:1f:c3:3f:ef:2e:1e:e0:67:02:93:c0:8d:8e:c1:31:77:
         86:a0:8e:e1:ed:95:b6:9c:79:08:2a:c1:15:33:85:95:72:aa:
         3f:47:cc:8a:42:1a:92:4e:28:72:dc:27:51:98:3a:a3:b9:70:
         c8:cc:78:17:3f:f0:ae:80:62:b7:21:58:74:02:29:ce:e4:23:
         f8:88:08:ed:52:8a:5a:97:ff:bf:df:44:bc:38:fe:c8:94:19:
         38:9d:34:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks4UpvU8Z0NJyzgkTv8dQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZmM4ODdjOTc3MzkzNTc1ZGU2MjU3ZTc1ZmE5OWNkZTIw
MzdjNmMwHhcNMjUwMTAyMDE0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTZjZTMzYTI1MzgxODg2YzU5YWFjMzI3OTU5OWE4N2NiY2VmMDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLeeyOG24I6GQYkVYxqT2aPXN/Hx
agc1FvasguYVKBeEEM2CpAq3R6MM4cOkdYYXvs1u7kXSu2X0D7wHHSeAsscblXuK
PamiMWGIvmrdI8XSdBmTLfZ2Zpq+ISDKTj6p59LC0eXHELCmX8LBnXmzFDIt0KfB
2YPBi2le3ho3pTKCIAtISbm/zqwP7VQi48Hy7AJCM7FU9C6ie969PgSMI/5KMtvw
4hJFriSZ9/D5n3uiNmd4Ol1Y8ZhMDN2rrhr1jWJB/MjSb2SpEF2Ga5x/jGHKVqW6
MDZLbM6TSKIraNgec+cKNsFtpVAsTOb+8M6SWRcI/XNIia9M0FKMKkVW7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMVs4zolOBiGxZqsMnlZmofLzvBdMB8GA1UdIwQY
MBaAFET8iHyXc5NXXeYlfnX6mc3iA3xsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMt
YzM2OWMxZDRjMzM3LzEveFd6ak9pVTRHSWJGbXF3eWVWbWFoOHZPOEYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMtYzM2OWMxZDRjMzM3
LzEvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVUOMA0G
CSqGSIb3DQEBCwUAA4IBAQCQA22w4udy7Clg4f+LwPg5W4aeJRsBG+liao9FkdYK
4JixQxD3uHitMFyCenLYHU90b1y0G9j9kIPheTC6ghbW3YzYFYPGx8xtcy+gm3T7
UcwJV3sDZaYGqWVVM4UEHDkQIyAEr6AXChFfV01BsBywkmz6te8MVbekGr+GS7KQ
hXMUJvLSQTsIlaneqDQdzWWepZlRg51TOYwybZN6kSx1C8+q/R/DP+8uHuBnApPA
jY7BMXeGoI7h7ZW2nHkIKsEVM4WVcqo/R8yKQhqSTihy3CdRmDqjuXDIzHgXP/Cu
gGK3IVh0AinO5CP4iAjtUopal/+/30S8OP7IlBk4nTTk
-----END CERTIFICATE-----