Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/zQntRlPXn6m0h_lsWqEDvpv9Nss.roa
File:                     zQntRlPXn6m0h_lsWqEDvpv9Nss.roa (raw, json)
Hash identifier:          n6kQ2ykeEerQlSmiDgcV4B4mkcJAPtusBoaiQ9fyVS8=
Subject key identifier:   CD:09:ED:46:53:D7:9F:A9:B4:87:F9:6C:5A:A1:03:BE:9B:FD:36:CB
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       019423D784E2AD4B6F7BE6829B85F2581781
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/zQntRlPXn6m0h_lsWqEDvpv9Nss.roa
Signing time:             Wed 01 Jan 2025 21:48:34 +0000
ROA not before:           Wed 01 Jan 2025 21:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48546
IP address blocks:        87.110.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:84:e2:ad:4b:6f:7b:e6:82:9b:85:f2:58:17:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Jan  1 21:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd09ed4653d79fa9b487f96c5aa103be9bfd36cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:fa:bf:43:86:90:04:5a:90:f0:3b:87:2e:da:
                    91:38:d7:f4:c3:af:93:ee:e9:ea:44:8f:cc:2e:59:
                    69:84:d5:e2:0c:44:70:cf:3a:14:08:a2:6b:76:a1:
                    5e:7e:db:b2:cb:49:92:a4:55:b8:35:81:7d:1d:ba:
                    77:fc:ed:36:73:f0:98:f4:e5:5a:6c:11:10:50:52:
                    26:2d:ab:d3:25:d7:46:4d:33:3b:5c:7a:41:d3:f1:
                    63:53:40:32:3b:65:2a:b4:ec:b5:6f:75:df:4e:76:
                    50:13:7e:b2:bf:cc:19:b1:b1:eb:1b:42:17:e6:38:
                    0e:a5:8a:be:f0:16:f0:96:6c:5f:43:c3:0f:e1:e2:
                    87:c5:3f:7a:3a:0b:e4:bf:c8:11:ed:15:f5:ad:5e:
                    20:1f:5f:88:4f:c1:22:09:11:f6:dd:04:b1:ef:48:
                    04:55:2a:93:6d:1d:ea:36:fa:e4:9f:56:0b:a4:63:
                    b2:ae:f0:43:e9:17:89:b9:53:b0:ec:43:de:e7:10:
                    9a:f6:58:8a:3e:b8:90:67:d9:8a:0d:37:f5:be:70:
                    94:b6:c1:66:75:65:a0:18:62:12:f8:0d:e9:a2:68:
                    1d:00:fc:e3:78:17:63:57:82:ad:b8:7f:c3:a0:40:
                    9d:df:ce:8c:66:a2:78:8d:11:82:61:63:90:0a:a1:
                    00:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:09:ED:46:53:D7:9F:A9:B4:87:F9:6C:5A:A1:03:BE:9B:FD:36:CB
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/zQntRlPXn6m0h_lsWqEDvpv9Nss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.110.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:27:68:c8:81:62:8e:5d:4a:cf:13:42:c2:11:e9:14:67:02:
         c3:04:6a:39:70:98:54:8f:8e:22:4b:a6:ba:0f:96:31:53:fc:
         41:6f:49:64:d3:03:77:de:3f:d3:7e:3b:52:93:e4:38:e6:f4:
         4d:12:91:5b:c5:a7:3b:c0:cc:03:96:63:4f:18:5d:96:04:95:
         f6:bc:64:1b:3d:43:72:23:4c:bc:1d:68:19:d5:f1:a8:01:c7:
         5f:a6:68:d5:84:dc:da:37:9a:2c:e6:c5:c5:22:55:e4:bb:6f:
         09:4f:f6:5f:56:de:f4:66:f6:b9:5c:a3:1e:53:a5:05:35:9c:
         8a:02:3c:c3:f3:31:9a:10:41:94:5f:74:74:c1:9a:8d:33:7e:
         fe:1d:59:c3:8b:ef:b3:38:30:e1:7e:a4:76:18:ae:df:1c:08:
         06:ec:ad:62:84:ff:25:9f:58:20:1b:38:d1:61:77:55:c7:e6:
         78:1d:ab:5a:b1:7a:6f:35:0a:97:d4:46:5e:f2:9c:74:2f:7e:
         6f:59:22:bc:89:53:06:85:60:a8:33:d0:48:97:f6:55:dc:df:
         54:bf:34:f1:cf:20:d1:f4:76:34:60:40:a4:b5:24:d3:50:13:
         a7:9f:6c:f5:23:58:de:ec:1a:3b:e8:aa:2e:6f:b9:8a:08:2d:
         ec:4e:87:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj14TirUtve+aCm4XyWBeBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjUwMTAxMjE0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDA5ZWQ0NjUzZDc5ZmE5YjQ4N2Y5NmM1YWExMDNiZTliZmQzNmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/q/Q4aQBFqQ8DuHLtqRONf0w6+T
7unqRI/MLllphNXiDERwzzoUCKJrdqFeftuyy0mSpFW4NYF9Hbp3/O02c/CY9OVa
bBEQUFImLavTJddGTTM7XHpB0/FjU0AyO2UqtOy1b3XfTnZQE36yv8wZsbHrG0IX
5jgOpYq+8BbwlmxfQ8MP4eKHxT96Ogvkv8gR7RX1rV4gH1+IT8EiCRH23QSx70gE
VSqTbR3qNvrkn1YLpGOyrvBD6ReJuVOw7EPe5xCa9liKPriQZ9mKDTf1vnCUtsFm
dWWgGGIS+A3pomgdAPzjeBdjV4KtuH/DoECd386MZqJ4jRGCYWOQCqEA8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0J7UZT15+ptIf5bFqhA76b/TbLMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEvelFudFJsUFhuNm0waF9sc1dxRUR2cHY5TnNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV27TMA0G
CSqGSIb3DQEBCwUAA4IBAQAiJ2jIgWKOXUrPE0LCEekUZwLDBGo5cJhUj44iS6a6
D5YxU/xBb0lk0wN33j/TfjtSk+Q45vRNEpFbxac7wMwDlmNPGF2WBJX2vGQbPUNy
I0y8HWgZ1fGoAcdfpmjVhNzaN5os5sXFIlXku28JT/ZfVt70Zva5XKMeU6UFNZyK
AjzD8zGaEEGUX3R0wZqNM37+HVnDi++zODDhfqR2GK7fHAgG7K1ihP8ln1ggGzjR
YXdVx+Z4HatasXpvNQqX1EZe8px0L35vWSK8iVMGhWCoM9BIl/ZV3N9UvzTxzyDR
9HY0YECktSTTUBOnn2z1I1je7Bo76Koub7mKCC3sTofy
-----END CERTIFICATE-----