Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/eb8461-ab07-45c7-b9d6-d41a1a084c35/1/zrVCLm24sPlxLqzgeyn_JvpDItw.roa
File:                     zrVCLm24sPlxLqzgeyn_JvpDItw.roa (raw, json)
Hash identifier:          /XNKRA78yIF9Dhp7x0h4gHGlf9HOKwu6T6mJ6i6aMCk=
Subject key identifier:   CE:B5:42:2E:6D:B8:B0:F9:71:2E:AC:E0:7B:29:FF:26:FA:43:22:DC
Certificate issuer:       /CN=0e931a7cf2da94ccd4a2afce23f392d4061d56f9
Certificate serial:       0194266ABEA29249B0DD33CC7AA163582271
Authority key identifier: 0E:93:1A:7C:F2:DA:94:CC:D4:A2:AF:CE:23:F3:92:D4:06:1D:56:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DpMafPLalMzUoq_OI_OS1AYdVvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/eb8461-ab07-45c7-b9d6-d41a1a084c35/1/zrVCLm24sPlxLqzgeyn_JvpDItw.roa
Signing time:             Thu 02 Jan 2025 09:48:37 +0000
ROA not before:           Thu 02 Jan 2025 09:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58273
IP address blocks:        194.31.184.0/22 maxlen: 24
                          2a09:1880::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/eb8461-ab07-45c7-b9d6-d41a1a084c35/1/DpMafPLalMzUoq_OI_OS1AYdVvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/eb8461-ab07-45c7-b9d6-d41a1a084c35/1/DpMafPLalMzUoq_OI_OS1AYdVvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DpMafPLalMzUoq_OI_OS1AYdVvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:be:a2:92:49:b0:dd:33:cc:7a:a1:63:58:22:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e931a7cf2da94ccd4a2afce23f392d4061d56f9
        Validity
            Not Before: Jan  2 09:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ceb5422e6db8b0f9712eace07b29ff26fa4322dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:eb:99:5c:75:97:cb:2b:5a:1b:f4:2e:9a:99:
                    ad:b6:5b:d7:d5:37:1c:1a:7f:f9:68:59:9b:9f:60:
                    61:5b:63:e2:bc:61:d3:b0:a6:90:72:cc:10:f6:a6:
                    ee:7c:a4:1c:0d:73:cb:6e:04:1c:d3:7d:cc:82:e6:
                    93:31:7c:df:de:94:96:2f:75:ee:c0:73:80:4f:69:
                    a2:a0:3d:37:39:1b:82:a3:51:5b:39:7d:56:d1:88:
                    3b:ce:05:1b:c1:bd:d6:23:2b:52:c2:08:90:34:44:
                    71:12:bb:a5:7d:b3:a9:3a:3f:d9:18:68:68:37:60:
                    1f:e5:3e:ec:65:af:22:a6:bd:2e:d2:07:78:7e:12:
                    62:93:1a:0a:37:51:99:23:92:eb:59:9e:b2:c7:39:
                    5f:26:3f:74:43:61:b9:08:ba:b6:79:93:b6:04:be:
                    8f:44:05:45:97:31:e8:41:ed:62:ad:dd:51:39:72:
                    de:14:5c:69:b7:45:ab:ff:0e:b6:fe:27:8e:ed:dd:
                    70:fc:bb:af:55:f2:6b:d2:22:2d:e8:00:c6:4e:87:
                    7d:37:b2:36:31:32:d3:1e:c9:dc:ea:5b:11:ea:68:
                    aa:17:d5:dd:b1:64:b0:0a:6b:50:34:af:54:e6:c9:
                    df:5d:54:14:f1:37:e2:29:2f:f0:d9:0c:a1:91:e1:
                    a9:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:B5:42:2E:6D:B8:B0:F9:71:2E:AC:E0:7B:29:FF:26:FA:43:22:DC
            X509v3 Authority Key Identifier:
                keyid:0E:93:1A:7C:F2:DA:94:CC:D4:A2:AF:CE:23:F3:92:D4:06:1D:56:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DpMafPLalMzUoq_OI_OS1AYdVvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/eb8461-ab07-45c7-b9d6-d41a1a084c35/1/zrVCLm24sPlxLqzgeyn_JvpDItw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/eb8461-ab07-45c7-b9d6-d41a1a084c35/1/DpMafPLalMzUoq_OI_OS1AYdVvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.184.0/22
                IPv6:
                  2a09:1880::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:41:bf:83:a8:64:3b:40:bf:2c:70:2d:25:b7:5e:95:52:f3:
         5b:b8:a5:7c:29:8e:e2:7e:4f:e1:44:a6:2b:9d:e3:a5:e2:b2:
         03:63:dc:dd:e0:a9:a3:fc:09:e7:ea:52:31:91:48:bf:0c:32:
         36:1e:9f:4a:53:3c:91:2f:91:b4:de:df:02:02:09:1a:57:fe:
         14:e0:63:f6:57:88:ac:b6:a2:10:7b:bc:98:de:c3:9f:1e:3b:
         0f:c6:70:14:71:be:8f:8e:3e:7a:88:9f:89:bb:32:2e:e7:4b:
         14:e5:50:f4:5c:71:a8:5d:16:8c:1a:29:d6:9a:60:e0:06:6c:
         63:12:77:10:5b:62:15:27:d7:29:4e:91:87:7b:ff:8b:02:86:
         bc:88:eb:9c:89:d8:fd:03:4f:ff:31:f1:0c:54:94:a2:06:2e:
         f2:4e:4c:c5:f6:e2:d5:a2:13:f9:f2:2b:c4:04:9e:c9:58:38:
         f3:23:3e:28:a2:d6:ac:1b:9f:00:b9:03:b8:89:8c:07:a2:97:
         b7:0c:5d:4c:41:42:03:d5:c4:8e:4a:29:d8:d6:f8:b4:f1:40:
         fe:a8:93:02:e7:1c:3b:5d:19:02:68:80:8e:3f:a8:8b:d7:6f:
         b0:f7:5d:64:d9:0b:b9:28:b5:0e:11:48:a2:b7:d1:1e:05:75:
         31:a7:76:e9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQmar6ikkmw3TPMeqFjWCJxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlOTMxYTdjZjJkYTk0Y2NkNGEyYWZjZTIzZjM5MmQ0MDYx
ZDU2ZjkwHhcNMjUwMTAyMDk0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWI1NDIyZTZkYjhiMGY5NzEyZWFjZTA3YjI5ZmYyNmZhNDMyMmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OuZXHWXyytaG/QumpmttlvX1Tcc
Gn/5aFmbn2BhW2PivGHTsKaQcswQ9qbufKQcDXPLbgQc033MguaTMXzf3pSWL3Xu
wHOAT2mioD03ORuCo1FbOX1W0Yg7zgUbwb3WIytSwgiQNERxErulfbOpOj/ZGGho
N2Af5T7sZa8ipr0u0gd4fhJikxoKN1GZI5LrWZ6yxzlfJj90Q2G5CLq2eZO2BL6P
RAVFlzHoQe1ird1ROXLeFFxpt0Wr/w62/ieO7d1w/LuvVfJr0iIt6ADGTod9N7I2
MTLTHsnc6lsR6miqF9XdsWSwCmtQNK9U5snfXVQU8TfiKS/w2QyhkeGpuwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM61Qi5tuLD5cS6s4Hsp/yb6QyLcMB8GA1UdIwQY
MBaAFA6TGnzy2pTM1KKvziPzktQGHVb5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHBNYWZQTGFsTXpVb3FfT0lfT1MxQVlkVnZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9lYjg0NjEtYWIwNy00NWM3LWI5ZDYt
ZDQxYTFhMDg0YzM1LzEvenJWQ0xtMjRzUGx4THF6Z2V5bl9KdnBESXR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9lYjg0NjEtYWIwNy00NWM3LWI5ZDYtZDQxYTFhMDg0YzM1
LzEvRHBNYWZQTGFsTXpVb3FfT0lfT1MxQVlkVnZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwh+4MA0E
AgACMAcDBQMqCRiAMA0GCSqGSIb3DQEBCwUAA4IBAQACQb+DqGQ7QL8scC0lt16V
UvNbuKV8KY7ifk/hRKYrneOl4rIDY9zd4Kmj/Ann6lIxkUi/DDI2Hp9KUzyRL5G0
3t8CAgkaV/4U4GP2V4istqIQe7yY3sOfHjsPxnAUcb6Pjj56iJ+JuzIu50sU5VD0
XHGoXRaMGinWmmDgBmxjEncQW2IVJ9cpTpGHe/+LAoa8iOucidj9A0//MfEMVJSi
Bi7yTkzF9uLVohP58ivEBJ7JWDjzIz4ootasG58AuQO4iYwHope3DF1MQUID1cSO
SinY1vi08UD+qJMC5xw7XRkCaICOP6iL12+w911k2Qu5KLUOEUiit9EeBXUxp3bp
-----END CERTIFICATE-----