Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/2955fd-092a-4ecc-a92f-fbb33a54fade/1/cZzu9h7JCSpAe7ubMeZNqvU_k-M.roa
File:                     cZzu9h7JCSpAe7ubMeZNqvU_k-M.roa (raw, json)
Hash identifier:          9lLGwap+wzAcsgGorlbM31Osi8VLCiKaPunG1+P2vww=
Subject key identifier:   71:9C:EE:F6:1E:C9:09:2A:40:7B:BB:9B:31:E6:4D:AA:F5:3F:93:E3
Certificate issuer:       /CN=f6acb269fa8a554f5243a3abd68d5b8d76fe5ebb
Certificate serial:       0194228DD8F1C8D57BDD339EA0CCCBC43DFF
Authority key identifier: F6:AC:B2:69:FA:8A:55:4F:52:43:A3:AB:D6:8D:5B:8D:76:FE:5E:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9qyyafqKVU9SQ6Or1o1bjXb-Xrs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/2955fd-092a-4ecc-a92f-fbb33a54fade/1/cZzu9h7JCSpAe7ubMeZNqvU_k-M.roa
Signing time:             Wed 01 Jan 2025 15:48:28 +0000
ROA not before:           Wed 01 Jan 2025 15:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2635
IP address blocks:        185.64.140.0/22 maxlen: 32
                          2a04:fa80::/29 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/2955fd-092a-4ecc-a92f-fbb33a54fade/1/9qyyafqKVU9SQ6Or1o1bjXb-Xrs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/2955fd-092a-4ecc-a92f-fbb33a54fade/1/9qyyafqKVU9SQ6Or1o1bjXb-Xrs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9qyyafqKVU9SQ6Or1o1bjXb-Xrs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 09:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:d8:f1:c8:d5:7b:dd:33:9e:a0:cc:cb:c4:3d:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6acb269fa8a554f5243a3abd68d5b8d76fe5ebb
        Validity
            Not Before: Jan  1 15:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=719ceef61ec9092a407bbb9b31e64daaf53f93e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6f:53:f1:5e:06:1e:42:61:43:37:9a:c8:c5:
                    5f:bd:44:c8:f6:38:4f:15:17:0d:33:bf:f9:73:19:
                    82:66:d5:46:b6:e4:f9:1c:97:89:00:4b:da:f5:e8:
                    ab:5d:32:d2:83:bd:ca:f4:71:c6:19:23:4f:92:80:
                    66:7a:43:c6:3c:25:7d:e2:67:98:99:d0:92:14:4f:
                    24:f4:49:c1:0e:20:2c:12:cd:41:56:e7:e0:d0:22:
                    d4:1f:f1:d6:34:07:f6:9d:17:b6:c8:8f:8d:9a:c8:
                    3f:a5:6e:85:b2:a8:8a:37:96:0b:97:98:ca:cc:aa:
                    d9:ce:a8:d8:65:e8:6c:88:b1:e3:5e:12:a3:b9:e0:
                    8b:6e:31:c4:05:de:dc:fb:5c:d8:18:ac:ab:d9:fd:
                    3a:23:53:ba:69:11:17:5f:93:b8:ee:83:ec:07:84:
                    90:72:49:45:ed:c2:c2:b6:fd:78:ec:bb:c1:2d:e3:
                    0e:ab:59:65:9d:56:89:9c:cd:6c:3a:84:09:4a:2c:
                    d2:61:44:30:27:41:31:9c:a5:3b:e3:d9:c3:a9:99:
                    e1:f4:e8:a3:a8:3a:fc:40:f2:5b:75:62:7e:ef:98:
                    10:01:16:b3:f8:4c:5a:1f:46:b1:5e:ac:c9:fd:5c:
                    c4:81:0c:c0:88:5b:eb:b9:f1:34:47:c9:a2:86:83:
                    ba:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:9C:EE:F6:1E:C9:09:2A:40:7B:BB:9B:31:E6:4D:AA:F5:3F:93:E3
            X509v3 Authority Key Identifier:
                keyid:F6:AC:B2:69:FA:8A:55:4F:52:43:A3:AB:D6:8D:5B:8D:76:FE:5E:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9qyyafqKVU9SQ6Or1o1bjXb-Xrs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/2955fd-092a-4ecc-a92f-fbb33a54fade/1/cZzu9h7JCSpAe7ubMeZNqvU_k-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/2955fd-092a-4ecc-a92f-fbb33a54fade/1/9qyyafqKVU9SQ6Or1o1bjXb-Xrs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.140.0/22
                IPv6:
                  2a04:fa80::/29

    Signature Algorithm: sha256WithRSAEncryption
         37:d5:6f:fa:f5:aa:f9:57:90:fd:5d:18:6d:4e:ca:79:53:e7:
         29:36:18:7c:2e:fe:f1:e3:c8:e3:b9:e6:12:20:c6:28:a4:e6:
         3b:0f:e9:57:04:b2:f2:d0:d4:bc:d9:63:32:fa:ae:3c:13:30:
         b6:91:b4:e0:d9:e5:b3:ac:70:a3:4b:60:9e:94:45:0c:e9:64:
         e0:8c:ed:22:8c:13:18:71:6b:dd:f7:60:a5:2b:fe:3e:48:3c:
         20:bb:ad:80:5e:65:4b:de:b1:98:80:63:a1:67:95:f6:0d:96:
         7b:55:c9:ba:af:78:82:4e:e6:3f:d1:27:ab:b1:19:fe:5a:47:
         28:ea:86:eb:ba:be:09:ea:a4:99:c7:42:2f:16:a0:20:91:a0:
         2f:4e:b3:b0:46:e6:b9:db:9f:18:6b:3a:19:eb:f0:d2:04:4a:
         99:1e:99:db:10:75:b2:86:08:39:05:aa:d2:b8:d8:e4:2c:c5:
         dd:7a:89:3d:1b:31:a1:30:63:12:70:18:71:97:1f:59:6e:09:
         ad:7b:cd:0a:19:6a:b8:1b:23:ad:a5:ef:25:96:c2:7e:ad:a0:
         b3:07:b4:92:d7:22:8c:31:6a:29:dc:cd:c8:54:77:3a:89:6e:
         54:46:69:ef:28:c7:dd:87:9b:b5:3e:e0:8a:e2:7f:0d:60:01:
         c5:d7:6d:74
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijdjxyNV73TOeoMzLxD3/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YWNiMjY5ZmE4YTU1NGY1MjQzYTNhYmQ2OGQ1YjhkNzZm
ZTVlYmIwHhcNMjUwMTAxMTU0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTljZWVmNjFlYzkwOTJhNDA3YmJiOWIzMWU2NGRhYWY1M2Y5M2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArG9T8V4GHkJhQzeayMVfvUTI9jhP
FRcNM7/5cxmCZtVGtuT5HJeJAEva9eirXTLSg73K9HHGGSNPkoBmekPGPCV94meY
mdCSFE8k9EnBDiAsEs1BVufg0CLUH/HWNAf2nRe2yI+Nmsg/pW6FsqiKN5YLl5jK
zKrZzqjYZehsiLHjXhKjueCLbjHEBd7c+1zYGKyr2f06I1O6aREXX5O47oPsB4SQ
cklF7cLCtv147LvBLeMOq1llnVaJnM1sOoQJSizSYUQwJ0ExnKU749nDqZnh9Oij
qDr8QPJbdWJ+75gQARaz+ExaH0axXqzJ/VzEgQzAiFvrufE0R8mihoO60QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHGc7vYeyQkqQHu7mzHmTar1P5PjMB8GA1UdIwQY
MBaAFPassmn6ilVPUkOjq9aNW412/l67MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXF5eWFmcUtWVTlTUTZPcjFvMWJqWGItWHJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8yOTU1ZmQtMDkyYS00ZWNjLWE5MmYt
ZmJiMzNhNTRmYWRlLzEvY1p6dTloN0pDU3BBZTd1Yk1lWk5xdlVfay1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8yOTU1ZmQtMDkyYS00ZWNjLWE5MmYtZmJiMzNhNTRmYWRl
LzEvOXF5eWFmcUtWVTlTUTZPcjFvMWJqWGItWHJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUCMMA0E
AgACMAcDBQMqBPqAMA0GCSqGSIb3DQEBCwUAA4IBAQA31W/69ar5V5D9XRhtTsp5
U+cpNhh8Lv7x48jjueYSIMYopOY7D+lXBLLy0NS82WMy+q48EzC2kbTg2eWzrHCj
S2CelEUM6WTgjO0ijBMYcWvd92ClK/4+SDwgu62AXmVL3rGYgGOhZ5X2DZZ7Vcm6
r3iCTuY/0SersRn+Wkco6obrur4J6qSZx0IvFqAgkaAvTrOwRua5258YazoZ6/DS
BEqZHpnbEHWyhgg5BarSuNjkLMXdeok9GzGhMGMScBhxlx9Zbgmte80KGWq4GyOt
pe8llsJ+raCzB7SS1yKMMWop3M3IVHc6iW5URmnvKMfdh5u1PuCK4n8NYAHF1210
-----END CERTIFICATE-----