Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/ea5d84-20b7-4108-9b62-3b773e5ee663/1/ZSfnZXfCOs8x_SKnrQS-DfOeOBs.roa
File:                     ZSfnZXfCOs8x_SKnrQS-DfOeOBs.roa (raw, json)
Hash identifier:          k4WlesxZPYjMy2rKnlrfZMvi67C/I6Pliai9HgbVxyE=
Subject key identifier:   65:27:E7:65:77:C2:3A:CF:31:FD:22:A7:AD:04:BE:0D:F3:9E:38:1B
Certificate issuer:       /CN=ee0abba552f46b94edf22394feec1d0459f20140
Certificate serial:       0194258ED554208DAFE0D3291B3A5DD294E9
Authority key identifier: EE:0A:BB:A5:52:F4:6B:94:ED:F2:23:94:FE:EC:1D:04:59:F2:01:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7gq7pVL0a5Tt8iOU_uwdBFnyAUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/ea5d84-20b7-4108-9b62-3b773e5ee663/1/ZSfnZXfCOs8x_SKnrQS-DfOeOBs.roa
Signing time:             Thu 02 Jan 2025 05:48:25 +0000
ROA not before:           Thu 02 Jan 2025 05:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44526
IP address blocks:        195.216.206.0/23 maxlen: 23
                          195.216.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/ea5d84-20b7-4108-9b62-3b773e5ee663/1/7gq7pVL0a5Tt8iOU_uwdBFnyAUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/ea5d84-20b7-4108-9b62-3b773e5ee663/1/7gq7pVL0a5Tt8iOU_uwdBFnyAUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7gq7pVL0a5Tt8iOU_uwdBFnyAUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 11:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:d5:54:20:8d:af:e0:d3:29:1b:3a:5d:d2:94:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee0abba552f46b94edf22394feec1d0459f20140
        Validity
            Not Before: Jan  2 05:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6527e76577c23acf31fd22a7ad04be0df39e381b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:db:f7:2d:0f:98:48:3c:36:47:37:d6:43:52:
                    4b:d6:b5:8f:cd:ad:3d:b3:65:21:1a:47:6a:df:e6:
                    5a:f1:47:03:6b:c0:74:6a:bc:e9:3c:f4:81:ef:92:
                    0f:db:6c:79:ea:15:3b:10:8a:1f:06:c2:14:27:1a:
                    5b:b2:cb:dd:dc:67:c6:a9:54:b2:97:2c:93:3a:4a:
                    2e:62:77:18:df:d4:32:f3:a5:10:fb:37:2e:96:6a:
                    47:f6:34:fb:0b:1e:0e:91:fc:0c:25:64:e4:a1:2a:
                    10:ae:c9:f0:31:8c:bc:28:b5:76:23:4d:c0:63:8d:
                    8c:a4:b4:89:54:1f:9b:e0:d5:0c:98:17:97:92:25:
                    9c:95:d9:b0:8f:71:10:91:e6:a0:00:ef:78:6e:a4:
                    c5:0a:11:60:58:d9:bc:db:32:4c:74:34:4d:28:9c:
                    8c:07:29:8f:f6:2b:64:f9:02:b0:52:48:be:45:75:
                    e0:a3:7c:ac:ad:be:a6:c2:68:b8:32:ca:e8:89:3c:
                    1c:9b:ee:a0:c5:4c:fd:63:b8:9f:c6:49:f8:3e:59:
                    08:27:f4:a6:57:ff:0d:f1:1c:4b:d9:0c:70:92:c5:
                    6c:e1:32:7c:64:96:5a:c8:ce:07:ee:1f:d0:9e:9a:
                    f9:69:e8:10:35:58:ce:fc:d5:64:31:9a:8c:da:69:
                    b3:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:27:E7:65:77:C2:3A:CF:31:FD:22:A7:AD:04:BE:0D:F3:9E:38:1B
            X509v3 Authority Key Identifier:
                keyid:EE:0A:BB:A5:52:F4:6B:94:ED:F2:23:94:FE:EC:1D:04:59:F2:01:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7gq7pVL0a5Tt8iOU_uwdBFnyAUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/ea5d84-20b7-4108-9b62-3b773e5ee663/1/ZSfnZXfCOs8x_SKnrQS-DfOeOBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/ea5d84-20b7-4108-9b62-3b773e5ee663/1/7gq7pVL0a5Tt8iOU_uwdBFnyAUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:b9:aa:d8:7c:b4:29:16:56:ba:b2:3b:7f:d6:08:2b:ff:f4:
         86:f3:41:5b:94:f5:69:3b:de:50:78:a9:2c:76:1d:a4:4e:f5:
         90:99:b7:fd:a2:8d:57:a3:90:d0:e2:45:f5:68:9c:7d:be:0e:
         86:93:6c:a4:29:e3:3a:d0:12:13:5a:73:2b:08:11:f7:81:a3:
         28:58:d0:4f:84:3d:2f:a6:39:72:51:f6:83:6d:a0:dc:bd:46:
         4c:a5:fa:7f:a5:97:2a:46:fe:a4:33:dd:c1:02:48:8c:84:99:
         3e:c0:5d:47:21:12:0e:14:82:6e:51:a6:75:cc:b2:b9:bf:e2:
         7e:69:c8:5a:02:ec:37:f1:15:37:c1:87:f5:76:40:85:05:ba:
         e5:67:09:08:04:48:73:9b:8a:e7:1c:fd:c5:fc:fb:d0:df:74:
         65:97:b1:52:47:fd:51:48:81:a0:e5:a8:71:8b:26:a7:b0:6a:
         8d:32:15:2b:ef:14:ce:2c:fb:92:57:36:19:83:9b:1c:f9:03:
         81:69:b4:73:87:0d:3a:ef:82:f9:4f:43:4e:b9:21:a4:77:d3:
         69:f0:7b:16:45:1b:dd:b9:a1:ac:83:d3:72:df:6f:df:2d:cd:
         2d:2a:20:d1:a0:4e:38:44:87:6a:4a:b1:7f:c1:28:ee:b0:55:
         30:43:02:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljtVUII2v4NMpGzpd0pTpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMGFiYmE1NTJmNDZiOTRlZGYyMjM5NGZlZWMxZDA0NTlm
MjAxNDAwHhcNMjUwMTAyMDU0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTI3ZTc2NTc3YzIzYWNmMzFmZDIyYTdhZDA0YmUwZGYzOWUzODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdv3LQ+YSDw2RzfWQ1JL1rWPza09
s2UhGkdq3+Za8UcDa8B0arzpPPSB75IP22x56hU7EIofBsIUJxpbssvd3GfGqVSy
lyyTOkouYncY39Qy86UQ+zculmpH9jT7Cx4OkfwMJWTkoSoQrsnwMYy8KLV2I03A
Y42MpLSJVB+b4NUMmBeXkiWcldmwj3EQkeagAO94bqTFChFgWNm82zJMdDRNKJyM
BymP9itk+QKwUki+RXXgo3ysrb6mwmi4MsroiTwcm+6gxUz9Y7ifxkn4PlkIJ/Sm
V/8N8RxL2QxwksVs4TJ8ZJZayM4H7h/Qnpr5aegQNVjO/NVkMZqM2mmzqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUn52V3wjrPMf0ip60Evg3znjgbMB8GA1UdIwQY
MBaAFO4Ku6VS9GuU7fIjlP7sHQRZ8gFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2dxN3BWTDBhNVR0OGlPVV91d2RCRm55QVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9lYTVkODQtMjBiNy00MTA4LTliNjIt
M2I3NzNlNWVlNjYzLzEvWlNmblpYZkNPczh4X1NLbnJRUy1EZk9lT0JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9lYTVkODQtMjBiNy00MTA4LTliNjItM2I3NzNlNWVlNjYz
LzEvN2dxN3BWTDBhNVR0OGlPVV91d2RCRm55QVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw9jOMA0G
CSqGSIb3DQEBCwUAA4IBAQBeuarYfLQpFla6sjt/1ggr//SG80FblPVpO95QeKks
dh2kTvWQmbf9oo1Xo5DQ4kX1aJx9vg6Gk2ykKeM60BITWnMrCBH3gaMoWNBPhD0v
pjlyUfaDbaDcvUZMpfp/pZcqRv6kM93BAkiMhJk+wF1HIRIOFIJuUaZ1zLK5v+J+
achaAuw38RU3wYf1dkCFBbrlZwkIBEhzm4rnHP3F/PvQ33Rll7FSR/1RSIGg5ahx
iyansGqNMhUr7xTOLPuSVzYZg5sc+QOBabRzhw0674L5T0NOuSGkd9Np8HsWRRvd
uaGsg9Ny32/fLc0tKiDRoE44RIdqSrF/wSjusFUwQwLj
-----END CERTIFICATE-----