Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/zrkRK25R3rg1tr--cGeej2fiGLA.roa
File:                     zrkRK25R3rg1tr--cGeej2fiGLA.roa (raw, json)
Hash identifier:          O2Tx/iphq8XJI4ulYVG2Z+kONSsZCFnZDNaZlJ7Z4Lk=
Subject key identifier:   CE:B9:11:2B:6E:51:DE:B8:35:B6:BF:BE:70:67:9E:8F:67:E2:18:B0
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B45483DE6FF4440BC0E846710ACE13
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/zrkRK25R3rg1tr--cGeej2fiGLA.roa
Signing time:             Mon 14 Jul 2025 16:11:09 +0000
ROA not before:           Mon 14 Jul 2025 16:11:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202578
IP address blocks:        185.233.201.0/24 maxlen: 24
                          193.34.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b4:54:83:de:6f:f4:44:0b:c0:e8:46:71:0a:ce:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:11:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ceb9112b6e51deb835b6bfbe70679e8f67e218b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:1c:02:2f:5f:2c:8e:7a:7d:d2:73:2b:91:2f:
                    86:ba:54:63:29:7b:60:c8:c3:45:b0:95:1b:9c:ba:
                    6f:5b:42:74:b0:bc:f2:98:f3:9d:13:82:c0:4d:a9:
                    dc:52:38:82:c4:de:2d:f2:23:13:a7:d9:09:72:1b:
                    7f:de:4c:47:b8:db:65:63:07:02:86:67:43:ef:92:
                    74:15:83:4e:82:d8:8b:50:53:f1:cb:04:be:86:71:
                    37:07:82:73:ff:07:cc:69:f2:2c:28:3a:c7:a7:92:
                    d4:76:79:77:b7:57:af:42:f6:6b:ea:1c:39:62:9f:
                    5a:79:c3:03:cc:7d:ac:06:5e:fd:1e:75:22:e9:57:
                    c9:13:26:46:f0:1a:29:3a:ed:bc:b0:aa:42:07:84:
                    b0:6a:37:a4:a8:09:1f:f3:f7:b2:41:8e:e7:7d:58:
                    35:8b:fa:af:05:7e:4f:aa:8a:03:be:8f:ac:f5:e0:
                    91:75:0b:9e:e6:1c:b6:6f:fe:8e:19:f1:f3:14:67:
                    ae:34:6f:81:de:9a:ba:1f:e4:43:0e:87:7f:69:f6:
                    b1:87:3a:30:29:f2:38:18:2b:c7:f0:fe:0a:a7:e7:
                    f9:c2:34:53:e1:d1:61:d8:03:ab:43:3b:ed:a3:81:
                    e7:42:0d:28:10:9e:84:6a:ff:f1:2c:68:37:e5:93:
                    ce:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:B9:11:2B:6E:51:DE:B8:35:B6:BF:BE:70:67:9E:8F:67:E2:18:B0
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/zrkRK25R3rg1tr--cGeej2fiGLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.201.0/24
                  193.34.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:0d:c7:69:7c:4e:48:24:39:f0:27:d3:59:60:88:7a:30:c9:
         16:15:bb:9a:35:74:30:a0:a7:dc:01:bc:8b:c9:e4:74:04:6a:
         50:f6:a2:60:19:d8:14:25:7a:10:e1:c6:3c:91:30:27:ad:96:
         19:2b:20:21:e7:0a:bc:24:75:c6:34:77:13:a2:49:41:96:08:
         54:c4:ee:c6:a6:e2:9a:b7:7e:8e:de:8e:99:20:05:49:41:13:
         5a:bc:dd:a0:52:2f:91:23:a0:2b:ae:cd:36:10:29:90:12:4c:
         03:db:b4:3c:ab:1c:2b:27:0b:35:a5:d0:65:de:d2:1d:99:43:
         8c:53:5b:b7:3e:b3:83:58:25:3f:ba:83:d1:85:aa:31:ac:fd:
         72:6e:4b:e3:76:12:23:50:09:d9:7c:e1:ce:23:7a:c2:9d:a8:
         8e:27:b0:24:72:5f:f1:ed:b2:e6:b6:72:87:a1:f6:58:64:71:
         74:1d:1b:c4:d1:7b:a4:1d:a8:73:8c:be:60:3d:b2:81:85:f7:
         e9:25:96:2c:58:66:b8:6f:61:de:2a:1c:ea:a9:38:4b:4b:dd:
         03:1c:07:fb:7c:4e:e7:36:27:64:48:c3:51:1f:c2:97:44:46:
         cb:96:79:86:f5:23:88:0f:e7:86:7e:3d:38:a8:0d:b7:a2:22:
         c9:5e:23:3c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgJtFSD3m/0RAvA6EZxCs4TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWI5MTEyYjZlNTFkZWI4MzViNmJmYmU3MDY3OWU4ZjY3ZTIxOGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhwCL18sjnp90nMrkS+GulRjKXtg
yMNFsJUbnLpvW0J0sLzymPOdE4LATancUjiCxN4t8iMTp9kJcht/3kxHuNtlYwcC
hmdD75J0FYNOgtiLUFPxywS+hnE3B4Jz/wfMafIsKDrHp5LUdnl3t1evQvZr6hw5
Yp9aecMDzH2sBl79HnUi6VfJEyZG8BopOu28sKpCB4SwajekqAkf8/eyQY7nfVg1
i/qvBX5PqooDvo+s9eCRdQue5hy2b/6OGfHzFGeuNG+B3pq6H+RDDod/afaxhzow
KfI4GCvH8P4Kp+f5wjRT4dFh2AOrQzvto4HnQg0oEJ6Eav/xLGg35ZPOvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM65EStuUd64Nba/vnBnno9n4hiwMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvenJrUksyNVIzcmcxdHItLWNHZWVqMmZpR0xBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuenJAwQA
wSLqMA0GCSqGSIb3DQEBCwUAA4IBAQCkDcdpfE5IJDnwJ9NZYIh6MMkWFbuaNXQw
oKfcAbyLyeR0BGpQ9qJgGdgUJXoQ4cY8kTAnrZYZKyAh5wq8JHXGNHcToklBlghU
xO7GpuKat36O3o6ZIAVJQRNavN2gUi+RI6Arrs02ECmQEkwD27Q8qxwrJws1pdBl
3tIdmUOMU1u3PrODWCU/uoPRhaoxrP1ybkvjdhIjUAnZfOHOI3rCnaiOJ7Akcl/x
7bLmtnKHofZYZHF0HRvE0XukHahzjL5gPbKBhffpJZYsWGa4b2HeKhzqqThLS90D
HAf7fE7nNidkSMNRH8KXREbLlnmG9SOID+eGfj04qA23oiLJXiM8
-----END CERTIFICATE-----