Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/n6ANVJpjfADW-mInHpVlhLdkL5w.roa
File:                     n6ANVJpjfADW-mInHpVlhLdkL5w.roa (raw, json)
Hash identifier:          E28ZlsfhOnBkyIyOKkYfx6xyMrKE5R52d/SAANOKtIs=
Subject key identifier:   9F:A0:0D:54:9A:63:7C:00:D6:FA:62:27:1E:95:65:84:B7:64:2F:9C
Certificate issuer:       /CN=66104e4f7d9f38d8e22a2d32be019031930c1a47
Certificate serial:       019421B1D66353CE149C147DA2B0DBBF5244
Authority key identifier: 66:10:4E:4F:7D:9F:38:D8:E2:2A:2D:32:BE:01:90:31:93:0C:1A:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZhBOT32fONjiKi0yvgGQMZMMGkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/n6ANVJpjfADW-mInHpVlhLdkL5w.roa
Signing time:             Wed 01 Jan 2025 11:48:10 +0000
ROA not before:           Wed 01 Jan 2025 11:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15615
IP address blocks:        92.63.87.0/24 maxlen: 24
                          185.129.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/ZhBOT32fONjiKi0yvgGQMZMMGkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/ZhBOT32fONjiKi0yvgGQMZMMGkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZhBOT32fONjiKi0yvgGQMZMMGkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d6:63:53:ce:14:9c:14:7d:a2:b0:db:bf:52:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66104e4f7d9f38d8e22a2d32be019031930c1a47
        Validity
            Not Before: Jan  1 11:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9fa00d549a637c00d6fa62271e956584b7642f9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:8e:f1:5a:33:8d:57:51:a2:45:e9:65:1e:f8:
                    a2:3c:af:75:aa:0f:74:4d:b8:d4:d4:da:b1:e5:8e:
                    3e:86:01:b8:4c:4a:5e:13:f3:ad:be:94:c4:ed:98:
                    c2:95:9f:e6:e4:9e:58:58:04:be:22:7a:47:90:19:
                    2f:67:58:67:cb:36:2f:b8:e2:90:b2:0c:53:92:bf:
                    df:b2:a9:1d:7d:7c:a4:f0:88:7c:8e:87:1e:44:c8:
                    48:b0:8c:2b:02:d1:04:85:16:16:3a:e3:7d:df:29:
                    bf:3a:c5:c1:f6:92:ba:23:1e:fe:1f:9a:b0:e1:57:
                    5c:33:3c:7a:6b:7a:c5:1f:49:02:96:23:f8:3f:a4:
                    13:76:b5:b3:8d:ae:92:da:e2:da:05:4e:72:c2:4b:
                    0a:0d:c9:40:35:09:dd:87:f1:2e:84:c3:59:97:be:
                    2b:be:2d:d2:e9:18:b2:8e:4b:9c:01:2c:6e:f9:f2:
                    62:68:22:84:ea:df:56:c7:05:6d:65:9d:81:33:56:
                    7c:18:bf:39:5c:db:d3:0f:d3:30:f7:cd:59:f9:16:
                    ac:8b:4e:e6:15:a1:98:2c:25:23:8f:4c:31:c5:90:
                    9e:ee:9c:f5:07:5d:9c:20:b5:bb:3f:9a:07:50:aa:
                    2c:b9:36:e0:89:40:2b:da:c3:63:35:5c:de:51:e9:
                    03:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:A0:0D:54:9A:63:7C:00:D6:FA:62:27:1E:95:65:84:B7:64:2F:9C
            X509v3 Authority Key Identifier:
                keyid:66:10:4E:4F:7D:9F:38:D8:E2:2A:2D:32:BE:01:90:31:93:0C:1A:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZhBOT32fONjiKi0yvgGQMZMMGkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/n6ANVJpjfADW-mInHpVlhLdkL5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/ZhBOT32fONjiKi0yvgGQMZMMGkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.63.87.0/24
                  185.129.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:b5:b8:93:60:94:4a:22:17:85:4f:48:00:59:f3:e0:01:3a:
         bf:e6:99:90:09:d7:a5:b0:e6:21:a3:23:45:cb:24:70:f8:97:
         ed:9f:0b:e1:2e:69:99:dc:35:da:c5:c8:79:33:e6:e4:70:86:
         de:ed:53:d1:c3:21:3e:b9:ee:bc:fa:86:af:98:0c:27:86:72:
         f3:97:ce:b2:b5:9f:cd:b0:69:51:1b:fb:9b:9f:e6:f3:18:c4:
         bb:22:ca:29:49:b1:68:ca:6e:dc:2f:d3:23:07:8e:01:5f:03:
         89:fb:25:22:9a:49:46:fc:7d:43:d5:93:da:22:b1:c9:8c:f3:
         d2:c1:8c:93:f9:92:61:dc:e9:9e:32:13:17:dd:b7:e8:21:95:
         af:01:9c:51:46:86:d8:81:f5:39:7e:06:f1:1f:62:d4:45:36:
         54:86:18:6c:db:c4:be:0f:e4:ee:f8:a5:5d:d5:ca:02:c7:01:
         1f:58:02:16:49:8b:84:4b:7a:59:a8:2e:42:6d:36:a3:2a:cd:
         3b:0f:63:c0:65:fe:8b:ad:55:e1:89:bc:4d:dd:cf:1b:8b:20:
         dd:2f:8d:90:3e:42:1e:f9:c9:d8:5b:3d:4f:77:6a:7a:98:aa:
         4e:77:c5:dc:58:22:9f:f6:8e:32:9e:2d:ff:61:52:a5:39:d5:
         d3:de:cc:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsdZjU84UnBR9orDbv1JEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MTA0ZTRmN2Q5ZjM4ZDhlMjJhMmQzMmJlMDE5MDMxOTMw
YzFhNDcwHhcNMjUwMTAxMTE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmEwMGQ1NDlhNjM3YzAwZDZmYTYyMjcxZTk1NjU4NGI3NjQyZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzo7xWjONV1GiRellHviiPK91qg90
TbjU1Nqx5Y4+hgG4TEpeE/OtvpTE7ZjClZ/m5J5YWAS+InpHkBkvZ1hnyzYvuOKQ
sgxTkr/fsqkdfXyk8Ih8joceRMhIsIwrAtEEhRYWOuN93ym/OsXB9pK6Ix7+H5qw
4VdcMzx6a3rFH0kCliP4P6QTdrWzja6S2uLaBU5ywksKDclANQndh/EuhMNZl74r
vi3S6RiyjkucASxu+fJiaCKE6t9WxwVtZZ2BM1Z8GL85XNvTD9Mw981Z+Rasi07m
FaGYLCUjj0wxxZCe7pz1B12cILW7P5oHUKosuTbgiUAr2sNjNVzeUekDgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ+gDVSaY3wA1vpiJx6VZYS3ZC+cMB8GA1UdIwQY
MBaAFGYQTk99nzjY4iotMr4BkDGTDBpHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmhCT1QzMmZPTmppS2kweXZnR1FNWk1NR2tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS84MmQyMjItMjIwMi00NWYyLWI5MDQt
NDc0NzJlZDNiZWNiLzEvbjZBTlZKcGpmQURXLW1JbkhwVmxoTGRrTDV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS84MmQyMjItMjIwMi00NWYyLWI5MDQtNDc0NzJlZDNiZWNi
LzEvWmhCT1QzMmZPTmppS2kweXZnR1FNWk1NR2tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXD9XAwQA
uYGUMA0GCSqGSIb3DQEBCwUAA4IBAQCytbiTYJRKIheFT0gAWfPgATq/5pmQCdel
sOYhoyNFyyRw+JftnwvhLmmZ3DXaxch5M+bkcIbe7VPRwyE+ue68+oavmAwnhnLz
l86ytZ/NsGlRG/ubn+bzGMS7IsopSbFoym7cL9MjB44BXwOJ+yUimklG/H1D1ZPa
IrHJjPPSwYyT+ZJh3OmeMhMX3bfoIZWvAZxRRobYgfU5fgbxH2LURTZUhhhs28S+
D+Tu+KVd1coCxwEfWAIWSYuES3pZqC5CbTajKs07D2PAZf6LrVXhibxN3c8biyDd
L42QPkIe+cnYWz1Pd2p6mKpOd8XcWCKf9o4yni3/YVKlOdXT3swR
-----END CERTIFICATE-----