Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/649476-2b03-4cff-b918-8a5fe0ef17b8/1/ztFr_-g0BQXlSd44UjlTquqKHlw.roa
File:                     ztFr_-g0BQXlSd44UjlTquqKHlw.roa (raw, json)
Hash identifier:          ICOrnGo6DEP/QUKA6WPeJcvKMnXrNs1C20UGRkpbiEE=
Subject key identifier:   CE:D1:6B:FF:E8:34:05:05:E5:49:DE:38:52:39:53:AA:EA:8A:1E:5C
Certificate issuer:       /CN=3286e129ff26d8adc10714a91ca53d800b06fe25
Certificate serial:       0195B46CE516D112A2DF5A455B2E7FB43528
Authority key identifier: 32:86:E1:29:FF:26:D8:AD:C1:07:14:A9:1C:A5:3D:80:0B:06:FE:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MobhKf8m2K3BBxSpHKU9gAsG_iU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/649476-2b03-4cff-b918-8a5fe0ef17b8/1/ztFr_-g0BQXlSd44UjlTquqKHlw.roa
Signing time:             Thu 20 Mar 2025 16:39:50 +0000
ROA not before:           Thu 20 Mar 2025 16:39:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215824
IP address blocks:        185.140.250.0/24 maxlen: 24
                          2a13:1d80::/45 maxlen: 45
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/649476-2b03-4cff-b918-8a5fe0ef17b8/1/MobhKf8m2K3BBxSpHKU9gAsG_iU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/649476-2b03-4cff-b918-8a5fe0ef17b8/1/MobhKf8m2K3BBxSpHKU9gAsG_iU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MobhKf8m2K3BBxSpHKU9gAsG_iU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b4:6c:e5:16:d1:12:a2:df:5a:45:5b:2e:7f:b4:35:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3286e129ff26d8adc10714a91ca53d800b06fe25
        Validity
            Not Before: Mar 20 16:39:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ced16bffe8340505e549de38523953aaea8a1e5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:79:cd:38:67:f9:6a:0c:95:64:40:da:89:63:
                    cd:78:9a:9e:11:7c:52:83:03:e3:38:88:e5:62:39:
                    5e:22:b8:2a:8a:87:62:ca:3f:4d:0a:7f:2a:07:05:
                    c1:93:62:e7:ca:7c:df:58:c3:a8:08:a5:4f:a9:4e:
                    5f:ca:a7:90:5c:c8:99:f6:3b:1a:cc:27:99:7c:42:
                    31:3a:a6:a4:e0:0d:d2:f2:7d:e3:b0:44:d5:05:16:
                    79:64:80:d1:6b:66:9a:ae:bf:5f:99:d0:f1:4e:85:
                    2a:bf:46:f1:4f:83:be:7a:4c:32:92:9e:bc:0f:fe:
                    87:36:7c:d6:88:79:0d:bd:43:7c:4c:b2:58:e5:28:
                    44:a1:10:8d:d8:1d:06:dc:f0:a9:d6:94:a9:57:9d:
                    9d:32:70:cc:d4:f6:cc:47:0e:42:d7:c0:89:ab:84:
                    f3:8f:ed:33:5f:82:1c:73:af:d9:08:f5:44:d1:8d:
                    a6:58:80:c8:e6:fc:00:99:31:82:71:a1:87:26:d9:
                    03:a0:a8:e7:f6:07:0b:0d:f9:99:54:55:54:22:c6:
                    83:61:b2:8f:11:fc:a7:a5:82:e8:91:43:03:e0:69:
                    f8:c7:7a:b2:63:e5:b9:47:ba:a0:76:98:91:f3:1f:
                    06:2f:c2:43:d4:ad:ef:93:b7:2a:61:0e:68:22:fa:
                    3d:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:D1:6B:FF:E8:34:05:05:E5:49:DE:38:52:39:53:AA:EA:8A:1E:5C
            X509v3 Authority Key Identifier:
                keyid:32:86:E1:29:FF:26:D8:AD:C1:07:14:A9:1C:A5:3D:80:0B:06:FE:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MobhKf8m2K3BBxSpHKU9gAsG_iU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/649476-2b03-4cff-b918-8a5fe0ef17b8/1/ztFr_-g0BQXlSd44UjlTquqKHlw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/649476-2b03-4cff-b918-8a5fe0ef17b8/1/MobhKf8m2K3BBxSpHKU9gAsG_iU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.250.0/24
                IPv6:
                  2a13:1d80::/45

    Signature Algorithm: sha256WithRSAEncryption
         6b:c3:d0:c5:d9:7b:48:1a:7e:b0:1c:51:cd:d5:4d:c5:41:05:
         bb:17:da:b9:d6:60:3f:8e:37:f6:df:6c:4a:56:e8:c0:95:5b:
         59:a2:cb:1a:f7:48:5f:87:9d:a2:a3:45:27:7f:73:9d:24:e8:
         ab:f6:d7:61:1e:b8:7e:4b:b1:39:73:cb:25:a1:b9:93:e8:65:
         69:24:76:50:6d:cf:b0:f2:02:97:84:3e:6a:13:cf:46:2b:a2:
         53:07:54:24:1c:0c:bf:59:5b:83:49:f1:e7:ea:92:7e:3e:cc:
         10:f8:fa:09:4e:31:63:dc:6d:65:be:d7:49:06:d9:55:7b:ad:
         7b:f9:f6:89:f2:bc:3a:39:7a:d7:80:57:1e:19:82:76:0c:df:
         b8:ee:53:2f:ba:7a:46:60:80:e2:04:5c:31:f0:dd:70:a2:98:
         5c:a8:6b:0a:8b:6b:90:e5:53:5a:a2:3e:b1:50:ca:0c:87:64:
         d3:85:9b:25:71:35:27:e9:03:82:64:98:a4:08:db:06:21:39:
         d0:f5:08:7a:1a:be:b7:f9:96:df:b0:10:25:49:6a:32:92:ca:
         bb:7f:71:bc:de:3d:f7:85:0d:16:52:4f:69:3c:af:56:ef:b9:
         f2:dd:f8:68:38:ac:4d:4a:f5:6b:b2:c1:5e:53:83:12:cf:27:
         d6:e2:69:18
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZW0bOUW0RKi31pFWy5/tDUoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyODZlMTI5ZmYyNmQ4YWRjMTA3MTRhOTFjYTUzZDgwMGIw
NmZlMjUwHhcNMjUwMzIwMTYzOTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWQxNmJmZmU4MzQwNTA1ZTU0OWRlMzg1MjM5NTNhYWVhOGExZTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3nNOGf5agyVZEDaiWPNeJqeEXxS
gwPjOIjlYjleIrgqiodiyj9NCn8qBwXBk2LnynzfWMOoCKVPqU5fyqeQXMiZ9jsa
zCeZfEIxOqak4A3S8n3jsETVBRZ5ZIDRa2aarr9fmdDxToUqv0bxT4O+ekwykp68
D/6HNnzWiHkNvUN8TLJY5ShEoRCN2B0G3PCp1pSpV52dMnDM1PbMRw5C18CJq4Tz
j+0zX4Icc6/ZCPVE0Y2mWIDI5vwAmTGCcaGHJtkDoKjn9gcLDfmZVFVUIsaDYbKP
EfynpYLokUMD4Gn4x3qyY+W5R7qgdpiR8x8GL8JD1K3vk7cqYQ5oIvo9VQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFM7Ra//oNAUF5UneOFI5U6rqih5cMB8GA1UdIwQY
MBaAFDKG4Sn/JtitwQcUqRylPYALBv4lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW9iaEtmOG0ySzNCQnhTcEhLVTlnQXNHX2lVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy82NDk0NzYtMmIwMy00Y2ZmLWI5MTgt
OGE1ZmUwZWYxN2I4LzEvenRGcl8tZzBCUVhsU2Q0NFVqbFRxdXFLSGx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy82NDk0NzYtMmIwMy00Y2ZmLWI5MTgtOGE1ZmUwZWYxN2I4
LzEvTW9iaEtmOG0ySzNCQnhTcEhLVTlnQXNHX2lVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuYz6MA8E
AgACMAkDBwMqEx2AAAAwDQYJKoZIhvcNAQELBQADggEBAGvD0MXZe0gafrAcUc3V
TcVBBbsX2rnWYD+ON/bfbEpW6MCVW1miyxr3SF+HnaKjRSd/c50k6Kv212EeuH5L
sTlzyyWhuZPoZWkkdlBtz7DyApeEPmoTz0YrolMHVCQcDL9ZW4NJ8efqkn4+zBD4
+glOMWPcbWW+10kG2VV7rXv59onyvDo5eteAVx4ZgnYM37juUy+6ekZggOIEXDHw
3XCimFyoawqLa5DlU1qiPrFQygyHZNOFmyVxNSfpA4JkmKQI2wYhOdD1CHoavrf5
lt+wECVJajKSyrt/cbzePfeFDRZST2k8r1bvufLd+Gg4rE1K9WuywV5TgxLPJ9bi
aRg=
-----END CERTIFICATE-----