Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/AOIzdEpzhrNXngdse05fFibSA0A.roa
File:                     AOIzdEpzhrNXngdse05fFibSA0A.roa (raw, json)
Hash identifier:          WqQWeseGgOQCBOZ7LOgpYVoh0NQJwl9PKyOGFJF4SYo=
Subject key identifier:   00:E2:33:74:4A:73:86:B3:57:9E:07:6C:7B:4E:5F:16:26:D2:03:40
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       019789DCE087E90224421D29ADA256F16A88
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/AOIzdEpzhrNXngdse05fFibSA0A.roa
Signing time:             Thu 19 Jun 2025 20:24:03 +0000
ROA not before:           Thu 19 Jun 2025 20:24:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.145.154.0/23 maxlen: 24
                          80.83.88.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:89:dc:e0:87:e9:02:24:42:1d:29:ad:a2:56:f1:6a:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jun 19 20:24:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00e233744a7386b3579e076c7b4e5f1626d20340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:53:9b:df:89:40:63:c8:04:0a:be:40:6c:bd:
                    64:e2:97:e3:24:3a:dc:3c:7a:66:45:06:77:a3:ce:
                    a5:58:50:5b:2a:b7:27:88:12:35:c1:17:f1:8f:07:
                    e0:a6:75:b5:19:80:91:ed:28:5d:9f:6e:1f:54:67:
                    b1:67:00:8e:83:1a:2f:4f:0d:cc:ee:fd:ba:38:ac:
                    4e:44:d9:42:29:2b:19:92:65:d4:07:7f:37:15:29:
                    77:27:7d:22:a8:b2:d5:0d:96:c2:24:0b:fb:42:59:
                    3b:6a:6e:b5:b9:6d:28:79:9c:a5:42:5d:08:fb:b3:
                    d8:6d:6a:7e:e3:c9:de:4c:4d:8c:bb:d9:dc:3e:bc:
                    87:b3:79:d6:08:e6:ab:3a:a3:e5:21:f1:65:99:33:
                    c3:c4:21:7d:17:a8:98:7e:db:1b:92:a2:cd:8b:2f:
                    d8:89:64:d7:77:3f:a6:8d:de:49:2f:7b:d7:7e:51:
                    5d:5a:d6:07:1b:cd:32:fd:6c:a0:6b:b5:d4:d5:05:
                    5a:1e:9e:2c:32:e7:e8:96:bf:6f:6b:b8:2e:bd:aa:
                    8b:54:cf:ee:9b:ad:0d:83:77:a3:9d:a8:05:78:5c:
                    47:29:ec:6a:c8:58:db:82:be:a7:b3:f6:03:89:ef:
                    03:49:cf:1c:6b:e7:ee:02:cf:cf:60:be:66:18:06:
                    c8:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:E2:33:74:4A:73:86:B3:57:9E:07:6C:7B:4E:5F:16:26:D2:03:40
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/AOIzdEpzhrNXngdse05fFibSA0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.154.0/23
                  80.83.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         08:ce:da:7f:c0:1e:56:9e:11:8e:f2:79:3b:eb:cc:f2:35:89:
         3b:11:34:e0:a0:26:b5:7f:d1:ea:e7:6e:b9:8b:a0:49:da:3d:
         ae:e2:82:b0:4e:88:cb:de:f4:93:66:a4:f9:ea:88:03:e7:46:
         6e:25:78:84:82:ec:36:ba:99:68:71:40:c2:d9:e2:a1:20:81:
         e5:dc:41:0c:9e:c5:04:54:d2:01:87:1e:33:36:3c:f3:a9:27:
         7e:de:0f:b8:7b:f7:d5:32:7b:87:00:59:cd:c1:b1:57:a1:ef:
         14:40:ae:68:f3:54:31:78:71:04:d8:6b:88:6d:45:84:a3:85:
         2f:b6:04:bc:90:21:d2:9a:77:ac:69:20:c3:28:c0:4c:23:11:
         c9:8f:3e:01:1d:54:1b:2f:15:38:b3:5e:7d:d4:98:6e:ed:7c:
         58:d9:14:42:75:8e:3d:13:27:b8:9b:d3:23:57:2b:2c:ec:f9:
         c7:f7:cf:12:1b:c0:5e:9a:67:ac:ab:9e:de:8f:ab:c8:f6:f8:
         9b:d4:3a:c1:e4:ce:47:d3:03:4a:39:ab:e5:cf:e8:43:cb:54:
         69:d3:ca:53:98:4d:09:19:af:17:b3:98:d9:2b:0c:88:e6:cd:
         50:27:c3:22:a2:74:5b:3b:b4:c6:cc:61:a7:79:6b:20:1d:bb:
         cf:14:91:d6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeJ3OCH6QIkQh0praJW8WqIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjUwNjE5MjAyNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGUyMzM3NDRhNzM4NmIzNTc5ZTA3NmM3YjRlNWYxNjI2ZDIwMzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylOb34lAY8gECr5AbL1k4pfjJDrc
PHpmRQZ3o86lWFBbKrcniBI1wRfxjwfgpnW1GYCR7Shdn24fVGexZwCOgxovTw3M
7v26OKxORNlCKSsZkmXUB383FSl3J30iqLLVDZbCJAv7Qlk7am61uW0oeZylQl0I
+7PYbWp+48neTE2Mu9ncPryHs3nWCOarOqPlIfFlmTPDxCF9F6iYftsbkqLNiy/Y
iWTXdz+mjd5JL3vXflFdWtYHG80y/Wyga7XU1QVaHp4sMufolr9va7guvaqLVM/u
m60Ng3ejnagFeFxHKexqyFjbgr6ns/YDie8DSc8ca+fuAs/PYL5mGAbI/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFADiM3RKc4azV54HbHtOXxYm0gNAMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvQU9JemRFcHpock5Ybmdkc2UwNWZGaWJTQTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLZGaAwQB
UFNYMA0GCSqGSIb3DQEBCwUAA4IBAQAIztp/wB5WnhGO8nk768zyNYk7ETTgoCa1
f9Hq5265i6BJ2j2u4oKwTojL3vSTZqT56ogD50ZuJXiEguw2uplocUDC2eKhIIHl
3EEMnsUEVNIBhx4zNjzzqSd+3g+4e/fVMnuHAFnNwbFXoe8UQK5o81QxeHEE2GuI
bUWEo4UvtgS8kCHSmnesaSDDKMBMIxHJjz4BHVQbLxU4s1591Jhu7XxY2RRCdY49
Eye4m9MjVyss7PnH988SG8Bemmesq57ej6vI9vib1DrB5M5H0wNKOavlz+hDy1Rp
08pTmE0JGa8Xs5jZKwyI5s1QJ8MionRbO7TGzGGneWsgHbvPFJHW
-----END CERTIFICATE-----