Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/ze5Hj6zKQG-Tt5n-ha7sVFbj4mw.roa
File:                     ze5Hj6zKQG-Tt5n-ha7sVFbj4mw.roa (raw, json)
Hash identifier:          AN3Ve5w1vCNtVQ51w0ixgbhIRYxGbXsS7Tmo5KWlvMo=
Subject key identifier:   CD:EE:47:8F:AC:CA:40:6F:93:B7:99:FE:85:AE:EC:54:56:E3:E2:6C
Certificate issuer:       /CN=28b0ff7998ca8854ce7c475a972ed1d52a5c60cd
Certificate serial:       01941FFA0549248D9155366DE6CC56CA5139
Authority key identifier: 28:B0:FF:79:98:CA:88:54:CE:7C:47:5A:97:2E:D1:D5:2A:5C:60:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KLD_eZjKiFTOfEdaly7R1SpcYM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/ze5Hj6zKQG-Tt5n-ha7sVFbj4mw.roa
Signing time:             Wed 01 Jan 2025 03:47:46 +0000
ROA not before:           Wed 01 Jan 2025 03:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.119.221.0/24 maxlen: 24
                          185.119.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/KLD_eZjKiFTOfEdaly7R1SpcYM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/KLD_eZjKiFTOfEdaly7R1SpcYM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KLD_eZjKiFTOfEdaly7R1SpcYM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:05:49:24:8d:91:55:36:6d:e6:cc:56:ca:51:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28b0ff7998ca8854ce7c475a972ed1d52a5c60cd
        Validity
            Not Before: Jan  1 03:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cdee478facca406f93b799fe85aeec5456e3e26c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f3:8b:4c:2a:1d:a7:77:bb:17:63:f6:c8:d7:
                    7d:d9:2f:84:03:30:ca:b3:ff:fa:11:af:12:ee:50:
                    30:1f:d1:4b:e2:f5:81:8a:2f:a1:49:4b:88:7e:92:
                    91:02:0e:3b:3a:63:fd:ad:64:c7:a8:e9:f7:c0:ab:
                    93:88:1c:b5:55:a6:f6:15:df:eb:9b:be:d7:52:0d:
                    28:e6:20:c0:27:7d:aa:5f:55:d6:c6:a3:85:55:d5:
                    81:4f:63:58:c5:87:7c:ff:9f:2e:44:b7:0a:5b:b7:
                    60:3d:a0:ff:b5:92:68:95:79:ba:3d:af:f1:0c:5b:
                    7b:52:ce:c4:7a:2a:3c:f1:2c:b6:08:a3:ce:99:d5:
                    3b:3b:d8:0c:98:8c:2d:c1:9f:86:8b:66:0e:5f:db:
                    2a:73:03:3d:e8:d1:21:4d:76:f5:7f:ba:7a:a0:88:
                    de:09:dc:1c:f3:49:dc:ce:52:f4:57:7f:40:e9:52:
                    94:60:8e:39:2a:83:33:63:24:e3:fa:69:e9:3a:35:
                    96:1c:55:b2:25:f4:d5:f0:e9:89:9c:23:bf:37:9b:
                    02:1f:74:67:b0:5b:38:39:80:82:42:bf:c1:80:9f:
                    24:8c:f5:f3:59:92:e1:60:07:57:29:ba:9b:27:63:
                    1a:1a:f7:5b:51:7f:b2:04:d3:12:80:aa:50:80:cb:
                    8f:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:EE:47:8F:AC:CA:40:6F:93:B7:99:FE:85:AE:EC:54:56:E3:E2:6C
            X509v3 Authority Key Identifier:
                keyid:28:B0:FF:79:98:CA:88:54:CE:7C:47:5A:97:2E:D1:D5:2A:5C:60:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KLD_eZjKiFTOfEdaly7R1SpcYM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/ze5Hj6zKQG-Tt5n-ha7sVFbj4mw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/KLD_eZjKiFTOfEdaly7R1SpcYM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.221.0/24
                  185.119.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:db:7f:45:d9:1c:5b:20:e2:49:5b:00:90:4c:af:4f:e0:1c:
         41:0e:d7:24:8b:1e:65:37:d2:ec:6f:db:a1:92:08:d2:32:31:
         1a:ef:c9:62:aa:b8:28:d9:55:b2:4c:2d:cb:8e:32:80:28:dc:
         c4:18:8a:b1:43:62:9c:43:a4:0c:b1:24:6f:39:11:f9:51:40:
         6b:26:65:b5:96:ca:e6:e8:08:9d:dc:b1:2b:15:25:f3:38:fc:
         05:dd:d3:30:67:60:82:71:73:2a:ce:a5:14:4d:64:37:57:f7:
         65:2f:0b:fa:28:bd:2b:4b:50:a9:49:e0:37:53:f9:16:ad:b7:
         ea:c5:6d:a4:5d:0d:0f:91:1e:04:a0:06:6e:45:21:5a:c8:26:
         f7:82:cd:c8:b6:7e:ac:e0:42:b4:bd:2d:86:a6:b1:17:b4:02:
         c5:f6:31:94:49:04:6d:72:b4:ec:27:bf:48:a4:c9:de:6d:c4:
         6f:b4:2e:30:07:1d:44:c2:62:32:27:17:45:ce:21:01:03:7d:
         1f:d0:db:5f:aa:c3:3b:a0:54:36:c7:fa:9c:76:24:1c:5a:a3:
         a7:48:1f:fd:aa:2f:8d:ac:00:f9:f4:ec:f2:cb:05:c5:a0:39:
         58:26:7d:3e:e7:5f:1f:28:d2:e4:53:c7:77:74:ee:bb:15:d5:
         38:b6:1f:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+gVJJI2RVTZt5sxWylE5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YjBmZjc5OThjYTg4NTRjZTdjNDc1YTk3MmVkMWQ1MmE1
YzYwY2QwHhcNMjUwMTAxMDM0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGVlNDc4ZmFjY2E0MDZmOTNiNzk5ZmU4NWFlZWM1NDU2ZTNlMjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/OLTCodp3e7F2P2yNd92S+EAzDK
s//6Ea8S7lAwH9FL4vWBii+hSUuIfpKRAg47OmP9rWTHqOn3wKuTiBy1Vab2Fd/r
m77XUg0o5iDAJ32qX1XWxqOFVdWBT2NYxYd8/58uRLcKW7dgPaD/tZJolXm6Pa/x
DFt7Us7Eeio88Sy2CKPOmdU7O9gMmIwtwZ+Gi2YOX9sqcwM96NEhTXb1f7p6oIje
Cdwc80nczlL0V39A6VKUYI45KoMzYyTj+mnpOjWWHFWyJfTV8OmJnCO/N5sCH3Rn
sFs4OYCCQr/BgJ8kjPXzWZLhYAdXKbqbJ2MaGvdbUX+yBNMSgKpQgMuPewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM3uR4+sykBvk7eZ/oWu7FRW4+JsMB8GA1UdIwQY
MBaAFCiw/3mYyohUznxHWpcu0dUqXGDNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0xEX2VaaktpRlRPZkVkYWx5N1IxU3BjWU0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9hMGQ2NzQtODdiNi00MzE4LWJlZDIt
MjY3NTQ3ZWExZTM1LzEvemU1SGo2ektRRy1UdDVuLWhhN3NWRmJqNG13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9hMGQ2NzQtODdiNi00MzE4LWJlZDItMjY3NTQ3ZWExZTM1
LzEvS0xEX2VaaktpRlRPZkVkYWx5N1IxU3BjWU0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuXfdAwQA
uXffMA0GCSqGSIb3DQEBCwUAA4IBAQBR239F2RxbIOJJWwCQTK9P4BxBDtckix5l
N9Lsb9uhkgjSMjEa78liqrgo2VWyTC3LjjKAKNzEGIqxQ2KcQ6QMsSRvORH5UUBr
JmW1lsrm6Aid3LErFSXzOPwF3dMwZ2CCcXMqzqUUTWQ3V/dlLwv6KL0rS1CpSeA3
U/kWrbfqxW2kXQ0PkR4EoAZuRSFayCb3gs3Itn6s4EK0vS2GprEXtALF9jGUSQRt
crTsJ79IpMnebcRvtC4wBx1EwmIyJxdFziEBA30f0NtfqsM7oFQ2x/qcdiQcWqOn
SB/9qi+NrAD59OzyywXFoDlYJn0+518fKNLkU8d3dO67FdU4th/4
-----END CERTIFICATE-----