Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/ZoIewHefhjHP2Vd9cNeP-TAR-vM.roa
File:                     ZoIewHefhjHP2Vd9cNeP-TAR-vM.roa (raw, json)
Hash identifier:          IG+hitjDPUIZMjcFs/DHXrxqndBqaN9wlOddbrMn1eM=
Subject key identifier:   66:82:1E:C0:77:9F:86:31:CF:D9:57:7D:70:D7:8F:F9:30:11:FA:F3
Certificate issuer:       /CN=f3b2805d8776eedeb7aa4cbe5af568cdb2629fc2
Certificate serial:       01970B30C5BD9D1508E05DED7F1DF0AE8306
Authority key identifier: F3:B2:80:5D:87:76:EE:DE:B7:AA:4C:BE:5A:F5:68:CD:B2:62:9F:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/ZoIewHefhjHP2Vd9cNeP-TAR-vM.roa
Signing time:             Mon 26 May 2025 06:03:55 +0000
ROA not before:           Mon 26 May 2025 06:03:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212384
IP address blocks:        45.9.124.0/22 maxlen: 22
                          45.9.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Jun 2025 23:47:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0b:30:c5:bd:9d:15:08:e0:5d:ed:7f:1d:f0:ae:83:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3b2805d8776eedeb7aa4cbe5af568cdb2629fc2
        Validity
            Not Before: May 26 06:03:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66821ec0779f8631cfd9577d70d78ff93011faf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ee:eb:ed:55:6c:6c:60:ac:f9:cb:09:c8:5b:
                    50:35:77:3d:24:4c:4e:6f:eb:da:aa:64:3f:10:bd:
                    c3:4b:e6:b7:50:60:f2:b3:41:83:52:61:0c:5d:3c:
                    8c:02:f2:ce:de:41:bf:5b:cd:c3:78:0b:64:9e:41:
                    6f:10:e0:de:e2:96:9d:7b:30:3e:a3:fe:0d:4f:75:
                    36:90:bc:e4:44:d3:08:08:53:f8:3e:e8:cc:4a:64:
                    76:d7:5c:65:fc:21:44:0a:e6:e0:4a:0a:8f:13:df:
                    21:03:bd:9a:74:64:74:86:e8:d0:10:71:80:43:3a:
                    2b:9e:69:2a:a5:04:c8:49:d5:f9:0a:1d:46:6a:70:
                    95:85:f0:87:ad:35:ba:a2:fe:5d:66:ca:d2:de:27:
                    b7:86:70:92:c0:c2:18:61:2b:1c:0a:e9:7a:09:be:
                    d2:d9:b9:47:65:f5:13:6c:db:5e:7e:95:b1:1b:71:
                    19:50:d5:35:33:b7:7e:e7:ca:cd:c6:5b:42:36:b2:
                    8e:59:3e:53:43:db:27:04:6d:28:15:3b:3f:09:71:
                    40:64:bd:54:20:a6:69:ed:20:de:a7:4a:b1:06:dd:
                    98:1f:df:0c:42:13:3b:bf:d0:99:a9:5c:39:68:61:
                    5e:b7:87:c4:b3:30:41:dc:32:9f:fb:db:b3:f8:9f:
                    bb:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:82:1E:C0:77:9F:86:31:CF:D9:57:7D:70:D7:8F:F9:30:11:FA:F3
            X509v3 Authority Key Identifier:
                keyid:F3:B2:80:5D:87:76:EE:DE:B7:AA:4C:BE:5A:F5:68:CD:B2:62:9F:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/ZoIewHefhjHP2Vd9cNeP-TAR-vM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:e9:24:6d:98:98:40:db:02:07:02:aa:e7:14:64:b2:c4:56:
         b3:ee:fb:d7:ba:7e:da:af:ca:65:3a:0d:f6:d0:4e:5a:71:4c:
         93:d5:c4:e8:5d:dd:d7:2c:6b:ca:fa:7f:e4:50:d9:9f:cd:52:
         a7:7b:9c:49:36:02:3f:cc:14:72:a2:5a:8e:17:c4:11:42:4d:
         c3:bc:6d:be:af:3b:b4:ad:b0:17:f7:e3:e2:70:59:be:6a:14:
         a8:09:3b:9e:2f:84:7f:26:b6:c1:29:a8:51:9a:af:16:3f:f4:
         bf:18:c8:cc:d9:61:73:ae:cd:f5:14:1d:16:79:c8:21:db:29:
         70:cc:72:fa:a3:46:d1:71:f1:4e:17:32:ae:15:3b:3e:63:3c:
         a9:ba:4d:51:0e:52:71:fe:97:97:43:bc:f4:7e:83:e1:44:dc:
         78:87:97:af:a2:76:68:a7:44:26:1b:a1:a8:46:f2:23:16:2a:
         8c:36:36:ac:27:3a:f1:97:b5:b5:9d:be:87:e0:ab:49:3d:72:
         32:80:4b:a2:6a:c4:a5:08:13:bb:41:4e:48:27:93:8d:8a:ee:
         ec:87:87:56:be:44:ef:1c:07:a2:4a:ba:ce:83:a3:46:8b:74:
         00:0a:cf:e7:7b:76:6f:45:23:79:00:7b:e4:c2:17:83:da:f1:
         f9:92:89:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcLMMW9nRUI4F3tfx3wroMGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYjI4MDVkODc3NmVlZGViN2FhNGNiZTVhZjU2OGNkYjI2
MjlmYzIwHhcNMjUwNTI2MDYwMzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjgyMWVjMDc3OWY4NjMxY2ZkOTU3N2Q3MGQ3OGZmOTMwMTFmYWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjO7r7VVsbGCs+csJyFtQNXc9JExO
b+vaqmQ/EL3DS+a3UGDys0GDUmEMXTyMAvLO3kG/W83DeAtknkFvEODe4padezA+
o/4NT3U2kLzkRNMICFP4PujMSmR211xl/CFECubgSgqPE98hA72adGR0hujQEHGA
QzornmkqpQTISdX5Ch1GanCVhfCHrTW6ov5dZsrS3ie3hnCSwMIYYSscCul6Cb7S
2blHZfUTbNtefpWxG3EZUNU1M7d+58rNxltCNrKOWT5TQ9snBG0oFTs/CXFAZL1U
IKZp7SDep0qxBt2YH98MQhM7v9CZqVw5aGFet4fEszBB3DKf+9uz+J+7qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGaCHsB3n4Yxz9lXfXDXj/kwEfrzMB8GA1UdIwQY
MBaAFPOygF2Hdu7et6pMvlr1aM2yYp/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODdLQVhZZDI3dDYzcWt5LVd2Vm96YkppbjhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9iODYyZDMtNjg0NC00NmY3LWJkOTgt
ODNiYzc5NzI3OGUyLzEvWm9JZXdIZWZoakhQMlZkOWNOZVAtVEFSLXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9iODYyZDMtNjg0NC00NmY3LWJkOTgtODNiYzc5NzI3OGUy
LzEvODdLQVhZZDI3dDYzcWt5LVd2Vm96YkppbjhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQl8MA0G
CSqGSIb3DQEBCwUAA4IBAQBg6SRtmJhA2wIHAqrnFGSyxFaz7vvXun7ar8plOg32
0E5acUyT1cToXd3XLGvK+n/kUNmfzVKne5xJNgI/zBRyolqOF8QRQk3DvG2+rzu0
rbAX9+PicFm+ahSoCTueL4R/JrbBKahRmq8WP/S/GMjM2WFzrs31FB0Wecgh2ylw
zHL6o0bRcfFOFzKuFTs+Yzypuk1RDlJx/peXQ7z0foPhRNx4h5evonZop0QmG6Go
RvIjFiqMNjasJzrxl7W1nb6H4KtJPXIygEuiasSlCBO7QU5IJ5ONiu7sh4dWvkTv
HAeiSrrOg6NGi3QACs/ne3ZvRSN5AHvkwheD2vH5kokG
-----END CERTIFICATE-----