Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/75439d-fb06-4b63-84a3-8bd3c6c704dc/1/ZSYjjoE3tBto8BluSqunJgk7oHQ.roa
File:                     ZSYjjoE3tBto8BluSqunJgk7oHQ.roa (raw, json)
Hash identifier:          iHTHcMwi7ntDSxANO5civkuDptItJ8z7l7j08RXxzHg=
Subject key identifier:   65:26:23:8E:81:37:B4:1B:68:F0:19:6E:4A:AB:A7:26:09:3B:A0:74
Certificate issuer:       /CN=a64cdfa0160239170337ba60934ba06e45b8cd11
Certificate serial:       019422FC2C9873E5B2E756FE09D614AAF9C4
Authority key identifier: A6:4C:DF:A0:16:02:39:17:03:37:BA:60:93:4B:A0:6E:45:B8:CD:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pkzfoBYCORcDN7pgk0ugbkW4zRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/75439d-fb06-4b63-84a3-8bd3c6c704dc/1/ZSYjjoE3tBto8BluSqunJgk7oHQ.roa
Signing time:             Wed 01 Jan 2025 17:48:59 +0000
ROA not before:           Wed 01 Jan 2025 17:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205760
IP address blocks:        185.196.76.0/22 maxlen: 22
                          185.196.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/75439d-fb06-4b63-84a3-8bd3c6c704dc/1/pkzfoBYCORcDN7pgk0ugbkW4zRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/75439d-fb06-4b63-84a3-8bd3c6c704dc/1/pkzfoBYCORcDN7pgk0ugbkW4zRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pkzfoBYCORcDN7pgk0ugbkW4zRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:2c:98:73:e5:b2:e7:56:fe:09:d6:14:aa:f9:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a64cdfa0160239170337ba60934ba06e45b8cd11
        Validity
            Not Before: Jan  1 17:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6526238e8137b41b68f0196e4aaba726093ba074
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:8a:f3:b9:59:c3:0f:63:42:37:d4:08:56:ce:
                    fb:f4:22:da:ba:36:9f:51:d9:f3:51:3d:2b:12:9d:
                    cd:25:d4:88:d6:40:25:c8:79:5e:3e:9f:89:e6:3e:
                    20:c1:a5:8a:a3:61:54:d9:b1:f6:63:ee:5a:98:09:
                    bd:8b:da:87:a8:08:da:4b:4b:c3:03:07:f4:f3:0d:
                    24:27:d8:06:21:db:f0:5e:1c:b7:6b:9e:ee:cc:db:
                    34:3b:ea:f0:2d:be:24:dd:bf:c1:5e:69:ce:20:03:
                    c3:c1:aa:cc:03:40:17:32:f2:b5:85:82:ba:43:c7:
                    71:99:f3:4c:b4:92:97:51:ad:c7:63:79:85:c3:d8:
                    0a:ae:93:c8:02:a5:9a:7f:b9:5d:fe:70:ee:b1:7b:
                    d4:18:68:2b:5d:b6:37:4c:b9:0a:ce:94:66:79:0d:
                    f9:ca:f7:ea:39:dc:ad:6a:83:69:0a:95:55:d2:f1:
                    9b:9c:2a:7e:7f:05:da:a2:ce:0f:c4:8d:db:18:ef:
                    c4:12:49:f0:42:87:97:8a:9e:52:af:9a:2a:8b:66:
                    ac:da:c9:6d:d6:cb:c8:09:31:84:f5:73:95:ea:ce:
                    c5:b1:2e:cb:f2:61:e0:3f:7e:34:0b:0e:9b:10:97:
                    87:27:ae:6a:56:b6:c1:1a:28:6c:23:4d:dd:eb:0d:
                    55:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:26:23:8E:81:37:B4:1B:68:F0:19:6E:4A:AB:A7:26:09:3B:A0:74
            X509v3 Authority Key Identifier:
                keyid:A6:4C:DF:A0:16:02:39:17:03:37:BA:60:93:4B:A0:6E:45:B8:CD:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pkzfoBYCORcDN7pgk0ugbkW4zRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/75439d-fb06-4b63-84a3-8bd3c6c704dc/1/ZSYjjoE3tBto8BluSqunJgk7oHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/75439d-fb06-4b63-84a3-8bd3c6c704dc/1/pkzfoBYCORcDN7pgk0ugbkW4zRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:b0:7c:22:d0:94:6c:8d:51:68:8f:f8:58:07:cf:ce:b9:70:
         d8:7e:9f:8d:46:f1:4e:bb:df:cf:f9:4b:a8:74:c2:78:b1:62:
         fb:07:65:e3:b3:a0:e4:b1:28:29:e9:70:b2:5f:6b:5b:6b:f2:
         54:2a:56:9f:6f:3c:56:b4:de:ad:d3:06:8c:c2:55:ec:27:c5:
         eb:da:35:41:e0:28:e4:30:9f:08:ad:f4:c8:35:84:55:fd:60:
         c4:8b:78:a1:55:e3:bf:16:ee:6f:59:31:ce:b8:76:6d:e7:ba:
         57:c7:9d:9d:bc:e8:67:2e:ea:f5:d6:06:e3:42:3d:79:87:51:
         1d:1c:94:c9:88:32:e0:a6:2c:54:c9:c0:48:00:7e:c1:1c:cb:
         d1:a0:ff:2f:16:56:d6:f0:69:dd:50:ca:b8:02:cb:57:90:10:
         d6:6b:b4:d8:cd:86:e7:d3:53:82:a0:03:64:95:1b:6c:d6:12:
         e5:2b:e2:38:18:86:98:8d:bd:48:b9:bd:d9:a4:0e:2d:59:7d:
         49:62:8e:56:84:e1:c4:e1:28:c5:c1:80:78:96:cc:19:30:45:
         db:fc:aa:58:16:60:20:04:8b:69:a8:55:75:70:f7:fe:3a:57:
         20:77:62:81:50:35:37:5a:89:fe:be:ad:91:20:be:d0:a6:e5:
         aa:1d:e8:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/CyYc+Wy51b+CdYUqvnEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NGNkZmEwMTYwMjM5MTcwMzM3YmE2MDkzNGJhMDZlNDVi
OGNkMTEwHhcNMjUwMTAxMTc0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTI2MjM4ZTgxMzdiNDFiNjhmMDE5NmU0YWFiYTcyNjA5M2JhMDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIrzuVnDD2NCN9QIVs779CLaujaf
UdnzUT0rEp3NJdSI1kAlyHlePp+J5j4gwaWKo2FU2bH2Y+5amAm9i9qHqAjaS0vD
Awf08w0kJ9gGIdvwXhy3a57uzNs0O+rwLb4k3b/BXmnOIAPDwarMA0AXMvK1hYK6
Q8dxmfNMtJKXUa3HY3mFw9gKrpPIAqWaf7ld/nDusXvUGGgrXbY3TLkKzpRmeQ35
yvfqOdytaoNpCpVV0vGbnCp+fwXaos4PxI3bGO/EEknwQoeXip5Sr5oqi2as2slt
1svICTGE9XOV6s7FsS7L8mHgP340Cw6bEJeHJ65qVrbBGihsI03d6w1VEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUmI46BN7QbaPAZbkqrpyYJO6B0MB8GA1UdIwQY
MBaAFKZM36AWAjkXAze6YJNLoG5FuM0RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGt6Zm9CWUNPUmNETjdwZ2swdWdia1c0elJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC83NTQzOWQtZmIwNi00YjYzLTg0YTMt
OGJkM2M2YzcwNGRjLzEvWlNZampvRTN0QnRvOEJsdVNxdW5KZ2s3b0hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC83NTQzOWQtZmIwNi00YjYzLTg0YTMtOGJkM2M2YzcwNGRj
LzEvcGt6Zm9CWUNPUmNETjdwZ2swdWdia1c0elJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucRMMA0G
CSqGSIb3DQEBCwUAA4IBAQBQsHwi0JRsjVFoj/hYB8/OuXDYfp+NRvFOu9/P+Uuo
dMJ4sWL7B2Xjs6DksSgp6XCyX2tba/JUKlafbzxWtN6t0waMwlXsJ8Xr2jVB4Cjk
MJ8IrfTINYRV/WDEi3ihVeO/Fu5vWTHOuHZt57pXx52dvOhnLur11gbjQj15h1Ed
HJTJiDLgpixUycBIAH7BHMvRoP8vFlbW8GndUMq4AstXkBDWa7TYzYbn01OCoANk
lRts1hLlK+I4GIaYjb1Iub3ZpA4tWX1JYo5WhOHE4SjFwYB4lswZMEXb/KpYFmAg
BItpqFV1cPf+Olcgd2KBUDU3Won+vq2RIL7QpuWqHehQ
-----END CERTIFICATE-----