Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/a08748-8622-4e86-82ef-3bdaacb9d08d/1/zkzE4pxdQpJt7dAJu47CepFPhJY.roa
File:                     zkzE4pxdQpJt7dAJu47CepFPhJY.roa (raw, json)
Hash identifier:          5/FiNHfZXsYfB/M4USeBdpbsgF1nnMamxKwkevBs2lA=
Subject key identifier:   CE:4C:C4:E2:9C:5D:42:92:6D:ED:D0:09:BB:8E:C2:7A:91:4F:84:96
Certificate issuer:       /CN=d05581472b92a85a90caa1e47d7223d788ae0148
Certificate serial:       01963DCF2FEA7AAD12614C776A7B6385487A
Authority key identifier: D0:55:81:47:2B:92:A8:5A:90:CA:A1:E4:7D:72:23:D7:88:AE:01:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0FWBRyuSqFqQyqHkfXIj14iuAUg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/a08748-8622-4e86-82ef-3bdaacb9d08d/1/zkzE4pxdQpJt7dAJu47CepFPhJY.roa
Signing time:             Wed 16 Apr 2025 08:55:10 +0000
ROA not before:           Wed 16 Apr 2025 08:55:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13237
IP address blocks:        85.8.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/a08748-8622-4e86-82ef-3bdaacb9d08d/1/0FWBRyuSqFqQyqHkfXIj14iuAUg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/a08748-8622-4e86-82ef-3bdaacb9d08d/1/0FWBRyuSqFqQyqHkfXIj14iuAUg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0FWBRyuSqFqQyqHkfXIj14iuAUg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3d:cf:2f:ea:7a:ad:12:61:4c:77:6a:7b:63:85:48:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d05581472b92a85a90caa1e47d7223d788ae0148
        Validity
            Not Before: Apr 16 08:55:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce4cc4e29c5d42926dedd009bb8ec27a914f8496
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:fa:3c:37:8d:e6:e3:5b:fe:25:e9:54:b7:ff:
                    08:6e:6b:2b:66:46:29:2f:e0:0e:32:5b:7f:c1:91:
                    e9:78:74:07:1c:c4:51:7f:e8:68:f7:37:ff:3d:0e:
                    49:7d:d8:bf:fc:78:6b:56:31:95:58:9b:54:f8:82:
                    21:40:0f:05:85:af:99:06:84:70:12:6a:5e:41:25:
                    39:b3:d8:06:d9:47:11:13:af:54:22:01:cf:55:d6:
                    36:55:01:db:46:55:c9:f8:d3:5b:c3:27:48:e5:f8:
                    5a:1a:f4:05:27:de:a5:ce:12:2d:66:d4:6a:64:ef:
                    a2:91:15:7f:88:08:5a:41:b5:8e:ce:2e:44:f0:85:
                    ec:d3:ec:cc:67:4b:fe:b6:7b:e2:8b:6e:3f:ee:6c:
                    ab:c8:e5:7f:5d:9c:a9:44:4d:83:21:eb:7b:19:ce:
                    7c:22:46:c8:34:4b:44:41:3e:2e:90:b3:b7:09:82:
                    25:ef:50:c1:8c:ff:41:33:77:8d:a3:cd:8a:3c:a0:
                    05:b1:c5:96:1f:15:15:2c:37:96:91:1a:0a:49:ee:
                    c5:08:a1:eb:2d:bf:b8:30:0e:d6:07:00:f7:4e:f5:
                    48:fa:8d:34:c9:0d:d1:f1:cf:20:44:51:c0:f9:64:
                    cc:98:4b:bd:89:e1:f7:37:71:29:50:0f:9e:20:c5:
                    23:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:4C:C4:E2:9C:5D:42:92:6D:ED:D0:09:BB:8E:C2:7A:91:4F:84:96
            X509v3 Authority Key Identifier:
                keyid:D0:55:81:47:2B:92:A8:5A:90:CA:A1:E4:7D:72:23:D7:88:AE:01:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0FWBRyuSqFqQyqHkfXIj14iuAUg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/a08748-8622-4e86-82ef-3bdaacb9d08d/1/zkzE4pxdQpJt7dAJu47CepFPhJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/a08748-8622-4e86-82ef-3bdaacb9d08d/1/0FWBRyuSqFqQyqHkfXIj14iuAUg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.8.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:4a:3a:72:9d:94:e9:5e:99:de:13:cc:bb:9b:71:88:b9:c6:
         9d:dc:2b:6b:40:f2:56:9c:3b:72:77:14:75:be:bf:b1:38:43:
         a0:ce:1c:80:6d:02:84:e0:84:c6:33:88:8d:44:75:f3:d7:6a:
         12:27:85:4f:b9:b4:94:f7:91:c7:f6:30:b1:d6:f0:24:c5:9d:
         9e:ce:33:54:d5:d6:55:0b:b3:52:4d:90:21:03:65:25:96:48:
         3b:aa:36:54:e4:68:7b:83:df:0a:76:af:3c:09:88:8f:41:e3:
         85:d7:9d:d2:aa:56:f7:70:db:b8:a3:e9:d6:58:af:a5:89:ad:
         7c:a9:67:04:21:87:13:12:cc:bd:b2:75:5c:31:72:9a:c8:2c:
         48:0f:dc:d3:c0:72:9a:36:6d:ec:35:77:8c:90:c6:03:37:e9:
         30:a5:63:56:ba:92:03:b3:f8:6d:fb:59:cc:af:1f:48:bc:3c:
         9a:c6:c5:aa:e2:6b:6e:f1:ae:ae:dd:e7:26:64:59:93:04:b7:
         00:3a:d3:7a:1c:7f:59:ff:d2:65:a4:d5:76:f8:a9:ac:70:86:
         d5:29:0a:74:ae:a6:ef:e1:7d:a9:b7:2a:32:0c:00:26:71:8f:
         41:62:29:d3:0c:93:7b:18:bd:0d:9e:55:46:54:67:a6:11:c2:
         c6:d4:be:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY9zy/qeq0SYUx3antjhUh6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNTU4MTQ3MmI5MmE4NWE5MGNhYTFlNDdkNzIyM2Q3ODhh
ZTAxNDgwHhcNMjUwNDE2MDg1NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTRjYzRlMjljNWQ0MjkyNmRlZGQwMDliYjhlYzI3YTkxNGY4NDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vo8N43m41v+JelUt/8IbmsrZkYp
L+AOMlt/wZHpeHQHHMRRf+ho9zf/PQ5Jfdi//HhrVjGVWJtU+IIhQA8Fha+ZBoRw
EmpeQSU5s9gG2UcRE69UIgHPVdY2VQHbRlXJ+NNbwydI5fhaGvQFJ96lzhItZtRq
ZO+ikRV/iAhaQbWOzi5E8IXs0+zMZ0v+tnvii24/7myryOV/XZypRE2DIet7Gc58
IkbINEtEQT4ukLO3CYIl71DBjP9BM3eNo82KPKAFscWWHxUVLDeWkRoKSe7FCKHr
Lb+4MA7WBwD3TvVI+o00yQ3R8c8gRFHA+WTMmEu9ieH3N3EpUA+eIMUjPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5MxOKcXUKSbe3QCbuOwnqRT4SWMB8GA1UdIwQY
MBaAFNBVgUcrkqhakMqh5H1yI9eIrgFIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEZXQlJ5dVNxRnFReXFIa2ZYSWoxNGl1QVVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9hMDg3NDgtODYyMi00ZTg2LTgyZWYt
M2JkYWFjYjlkMDhkLzEvemt6RTRweGRRcEp0N2RBSnU0N0NlcEZQaEpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9hMDg3NDgtODYyMi00ZTg2LTgyZWYtM2JkYWFjYjlkMDhk
LzEvMEZXQlJ5dVNxRnFReXFIa2ZYSWoxNGl1QVVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVQiaMA0G
CSqGSIb3DQEBCwUAA4IBAQCFSjpynZTpXpneE8y7m3GIucad3CtrQPJWnDtydxR1
vr+xOEOgzhyAbQKE4ITGM4iNRHXz12oSJ4VPubSU95HH9jCx1vAkxZ2ezjNU1dZV
C7NSTZAhA2Ullkg7qjZU5Gh7g98Kdq88CYiPQeOF153Sqlb3cNu4o+nWWK+lia18
qWcEIYcTEsy9snVcMXKayCxID9zTwHKaNm3sNXeMkMYDN+kwpWNWupIDs/ht+1nM
rx9IvDyaxsWq4mtu8a6u3ecmZFmTBLcAOtN6HH9Z/9JlpNV2+KmscIbVKQp0rqbv
4X2ptyoyDAAmcY9BYinTDJN7GL0NnlVGVGemEcLG1L5S
-----END CERTIFICATE-----