Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/Zi1iA2N22K6D1EqWuXGSwJbaToE.roa
File:                     Zi1iA2N22K6D1EqWuXGSwJbaToE.roa (raw, json)
Hash identifier:          zSMKFbT/uwlzQj5z6cjWhjz6p9cPAfNZU2ZZ9FmRbIU=
Subject key identifier:   66:2D:62:03:63:76:D8:AE:83:D4:4A:96:B9:71:92:C0:96:DA:4E:81
Certificate issuer:       /CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
Certificate serial:       019426D9E2DBFAE3744E63DC98669676B4A0
Authority key identifier: 9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/Zi1iA2N22K6D1EqWuXGSwJbaToE.roa
Signing time:             Thu 02 Jan 2025 11:50:01 +0000
ROA not before:           Thu 02 Jan 2025 11:50:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43350
IP address blocks:        195.13.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 08:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e2:db:fa:e3:74:4e:63:dc:98:66:96:76:b4:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
        Validity
            Not Before: Jan  2 11:50:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=662d62036376d8ae83d44a96b97192c096da4e81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:97:4a:7c:6a:99:3b:00:84:4b:cf:0e:79:e1:
                    d8:df:80:aa:fe:ae:43:37:b7:0a:5d:35:8d:8c:4d:
                    11:7f:da:2b:38:2f:05:39:21:df:c1:0b:f8:6d:d7:
                    c0:ea:41:11:8d:ee:dd:ab:2a:7e:5f:22:41:4f:06:
                    49:b6:b8:4d:89:e0:07:cd:2e:1a:1c:ea:d8:43:78:
                    2e:78:e9:e4:ea:9a:b0:52:32:da:ce:41:4c:e9:aa:
                    09:16:53:b8:24:46:41:3c:4a:49:38:e2:a7:9d:e8:
                    9c:93:f2:c8:31:b2:38:0f:99:d2:87:84:55:c9:69:
                    56:ee:42:b7:19:d7:c1:94:ff:3a:59:bb:46:e9:0b:
                    e2:60:47:71:4e:cc:48:e9:0c:90:c0:3e:4b:1a:e4:
                    65:a4:4c:6e:aa:0e:7a:57:67:04:d0:38:0f:28:43:
                    d6:00:e5:8d:1f:f8:82:3d:22:85:f5:4a:2c:4f:62:
                    b9:ab:63:9d:8f:5d:a0:2b:f1:b5:c7:ad:d1:af:36:
                    7c:9e:15:70:d4:54:fc:be:d8:68:f3:bc:4a:80:07:
                    88:d5:c4:2f:b9:ca:d9:6e:a3:cb:cd:2b:07:f0:12:
                    f3:80:aa:59:58:64:e0:c5:91:f5:37:2d:72:e1:e6:
                    61:09:71:75:74:fb:f3:6d:86:a1:82:36:ff:60:af:
                    a7:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:2D:62:03:63:76:D8:AE:83:D4:4A:96:B9:71:92:C0:96:DA:4E:81
            X509v3 Authority Key Identifier:
                keyid:9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/Zi1iA2N22K6D1EqWuXGSwJbaToE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.13.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:39:bd:3d:f2:21:05:7f:a9:5a:e4:83:c4:9b:e3:80:c0:4a:
         be:ab:56:c9:8e:fa:75:9d:df:f7:7b:ed:46:91:84:7b:02:57:
         d4:f2:a3:3a:6f:bd:70:45:73:e9:12:1e:40:cc:6d:07:0e:98:
         92:6d:ad:53:9d:2c:24:4c:be:02:bf:62:7a:5c:35:86:82:bb:
         b7:6a:77:25:c0:3d:65:96:2b:e9:13:16:a0:a5:68:42:e5:b7:
         f8:38:17:f0:85:35:c1:51:c7:9b:f4:a3:09:c0:5d:3f:c8:1a:
         1a:61:00:6c:f5:10:4e:60:54:79:60:47:b6:bb:0d:d8:a6:07:
         68:76:c8:2e:81:17:4c:eb:8f:30:5f:41:77:3e:80:99:65:98:
         fa:23:6c:b0:e8:cc:1d:5c:51:75:73:fd:4d:1f:1c:11:93:77:
         05:22:17:b8:95:93:ba:a1:3b:aa:42:a4:f5:80:24:ef:e2:a0:
         fd:31:44:2c:03:29:f8:d4:5c:ee:74:59:93:87:5a:18:2c:9e:
         3f:2f:43:55:dc:c1:1f:ed:45:28:cb:ec:ac:82:19:bb:cf:76:
         24:e7:e9:a0:4b:bc:2a:c0:4f:91:fd:fd:de:5c:47:03:8b:45:
         a5:19:3f:60:6e:bd:b0:d5:d2:c4:d8:49:ae:43:a1:e8:b4:64:
         e5:18:c9:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2eLb+uN0TmPcmGaWdrSgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzUzM2Q2NjJjM2YwZDZiYjFlNjkyZjNmYWI2ZDdiYTM4
MjRjMjgwHhcNMjUwMTAyMTE1MDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjJkNjIwMzYzNzZkOGFlODNkNDRhOTZiOTcxOTJjMDk2ZGE0ZTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZdKfGqZOwCES88OeeHY34Cq/q5D
N7cKXTWNjE0Rf9orOC8FOSHfwQv4bdfA6kERje7dqyp+XyJBTwZJtrhNieAHzS4a
HOrYQ3gueOnk6pqwUjLazkFM6aoJFlO4JEZBPEpJOOKnneick/LIMbI4D5nSh4RV
yWlW7kK3GdfBlP86WbtG6QviYEdxTsxI6QyQwD5LGuRlpExuqg56V2cE0DgPKEPW
AOWNH/iCPSKF9UosT2K5q2Odj12gK/G1x63RrzZ8nhVw1FT8vtho87xKgAeI1cQv
ucrZbqPLzSsH8BLzgKpZWGTgxZH1Ny1y4eZhCXF1dPvzbYahgjb/YK+nywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGYtYgNjdtiug9RKlrlxksCW2k6BMB8GA1UdIwQY
MBaAFJ41M9Ziw/DWux5pLz+rbXujgkwoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUt
YTc4MzQxMzA5OWQzLzEvWmkxaUEyTjIySzZEMUVxV3VYR1N3SmJhVG9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUtYTc4MzQxMzA5OWQz
LzEvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAww08MA0G
CSqGSIb3DQEBCwUAA4IBAQAQOb098iEFf6la5IPEm+OAwEq+q1bJjvp1nd/3e+1G
kYR7AlfU8qM6b71wRXPpEh5AzG0HDpiSba1TnSwkTL4Cv2J6XDWGgru3anclwD1l
livpExagpWhC5bf4OBfwhTXBUceb9KMJwF0/yBoaYQBs9RBOYFR5YEe2uw3Ypgdo
dsgugRdM648wX0F3PoCZZZj6I2yw6MwdXFF1c/1NHxwRk3cFIhe4lZO6oTuqQqT1
gCTv4qD9MUQsAyn41FzudFmTh1oYLJ4/L0NV3MEf7UUoy+ysghm7z3Yk5+mgS7wq
wE+R/f3eXEcDi0WlGT9gbr2w1dLE2EmuQ6HotGTlGMmi
-----END CERTIFICATE-----