Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZQRD2wAbyg0eIfbe7hvu40gaIDo.roa
File:                     ZQRD2wAbyg0eIfbe7hvu40gaIDo.roa (raw, json)
Hash identifier:          +TerxNfU2eI2SGmOwGcdnuUaQw8EFXCUsexBIgFPVR8=
Subject key identifier:   65:04:43:DB:00:1B:CA:0D:1E:21:F6:DE:EE:1B:EE:E3:48:1A:20:3A
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01942824BBD735F6A5E214F48E147E4AF47B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZQRD2wAbyg0eIfbe7hvu40gaIDo.roa
Signing time:             Thu 02 Jan 2025 17:51:23 +0000
ROA not before:           Thu 02 Jan 2025 17:51:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211167
IP address blocks:        85.208.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:bb:d7:35:f6:a5:e2:14:f4:8e:14:7e:4a:f4:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=650443db001bca0d1e21f6deee1beee3481a203a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:95:cb:a4:54:31:a1:db:e7:5c:ad:50:d2:ef:
                    80:df:b4:0e:2e:58:82:90:91:32:e9:ec:86:67:89:
                    22:9c:5a:a4:5f:e2:e4:bd:23:17:49:a0:b7:3d:30:
                    e1:82:8e:6f:b2:01:8c:0e:b3:e0:bd:c8:23:a0:81:
                    10:3a:1e:89:11:46:6c:42:4f:96:f3:31:e1:f9:eb:
                    99:2a:bc:7b:44:36:14:e4:28:a7:03:9b:23:02:55:
                    ff:95:c5:cb:af:91:0e:21:6f:cb:94:49:05:3e:f7:
                    7e:a7:28:01:9a:8e:75:c1:53:25:6c:39:51:ac:76:
                    64:b5:78:6f:e4:df:71:10:47:7c:58:0b:46:76:34:
                    bd:aa:05:95:34:03:77:ec:fc:3e:c5:4e:f6:9e:2c:
                    e3:d0:41:59:9b:1a:c9:b1:c5:7f:21:b9:e0:80:7b:
                    25:66:bb:25:07:63:0f:63:86:d5:06:26:a3:75:a2:
                    f1:5f:d9:5e:66:11:a4:eb:7f:71:27:91:e9:22:15:
                    50:47:a2:b3:89:25:a8:3b:2a:18:ab:24:79:64:1b:
                    da:c8:b4:48:a7:69:2a:8a:3f:0b:94:79:05:6f:d7:
                    83:c2:6c:50:ec:42:4b:ad:ad:0e:ce:55:76:27:b2:
                    8a:7d:96:dd:4c:cb:28:bf:1c:51:26:cf:53:ab:16:
                    80:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:04:43:DB:00:1B:CA:0D:1E:21:F6:DE:EE:1B:EE:E3:48:1A:20:3A
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZQRD2wAbyg0eIfbe7hvu40gaIDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:ac:49:27:ca:a5:90:89:24:b3:33:91:33:cc:6c:c4:6e:7a:
         1c:6f:7f:f0:de:9d:21:0c:3d:c3:33:bc:ae:a3:aa:c0:99:5e:
         3c:c6:5d:1e:43:a6:76:df:d8:2e:e4:96:7b:15:1c:ad:4a:0f:
         3c:9a:3f:51:dc:85:34:13:aa:95:fb:e4:9e:06:34:f4:58:03:
         36:28:ad:14:42:a2:3a:3d:ee:6c:82:38:d0:b4:a6:6c:12:19:
         4a:30:fa:3d:32:ea:79:f2:a5:0a:42:92:49:b8:9c:7d:78:1f:
         e3:6d:ba:84:fd:70:d0:af:14:6c:1d:ff:10:69:3b:7d:4d:26:
         2f:f7:4b:80:a8:73:2e:b2:c9:e3:76:f4:58:a3:63:87:ba:13:
         b1:4b:59:a8:52:37:fe:5d:9e:8c:f2:37:26:9c:b1:27:4a:0c:
         4b:1c:bd:2a:a5:7b:0b:ba:ab:bf:b7:6f:7b:ef:08:b2:22:89:
         0d:af:b0:08:86:23:f5:2e:ec:43:52:e3:03:67:77:fe:29:34:
         0c:6c:08:23:37:c3:22:45:88:34:bd:3c:89:ad:51:7d:b1:c5:
         41:c5:68:fd:a9:da:ad:8b:0f:1b:7b:77:50:81:4a:27:e3:25:
         39:b9:c5:a2:cd:a7:8d:a6:29:d6:e2:83:90:95:5e:3c:c3:5d:
         d6:f8:d6:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJLvXNfal4hT0jhR+SvR7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTA0NDNkYjAwMWJjYTBkMWUyMWY2ZGVlZTFiZWVlMzQ4MWEyMDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA65XLpFQxodvnXK1Q0u+A37QOLliC
kJEy6eyGZ4kinFqkX+LkvSMXSaC3PTDhgo5vsgGMDrPgvcgjoIEQOh6JEUZsQk+W
8zHh+euZKrx7RDYU5CinA5sjAlX/lcXLr5EOIW/LlEkFPvd+pygBmo51wVMlbDlR
rHZktXhv5N9xEEd8WAtGdjS9qgWVNAN37Pw+xU72nizj0EFZmxrJscV/IbnggHsl
ZrslB2MPY4bVBiajdaLxX9leZhGk639xJ5HpIhVQR6KziSWoOyoYqyR5ZBvayLRI
p2kqij8LlHkFb9eDwmxQ7EJLra0OzlV2J7KKfZbdTMsovxxRJs9TqxaAzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUEQ9sAG8oNHiH23u4b7uNIGiA6MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWlFSRDJ3QWJ5ZzBlSWZiZTdodnU0MGdhSURvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdCJMA0G
CSqGSIb3DQEBCwUAA4IBAQBbrEknyqWQiSSzM5EzzGzEbnocb3/w3p0hDD3DM7yu
o6rAmV48xl0eQ6Z239gu5JZ7FRytSg88mj9R3IU0E6qV++SeBjT0WAM2KK0UQqI6
Pe5sgjjQtKZsEhlKMPo9Mup58qUKQpJJuJx9eB/jbbqE/XDQrxRsHf8QaTt9TSYv
90uAqHMussnjdvRYo2OHuhOxS1moUjf+XZ6M8jcmnLEnSgxLHL0qpXsLuqu/t297
7wiyIokNr7AIhiP1LuxDUuMDZ3f+KTQMbAgjN8MiRYg0vTyJrVF9scVBxWj9qdqt
iw8be3dQgUon4yU5ucWizaeNpinW4oOQlV48w13W+NZb
-----END CERTIFICATE-----