Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/e2ee51-1523-436e-ac75-ef6bd26a0305/1/ZQpO1aPpN8R6g2nPkZCJTaDtLDo.roa
File:                     ZQpO1aPpN8R6g2nPkZCJTaDtLDo.roa (raw, json)
Hash identifier:          jW7tnAUthIc+57WN8d2CU9YQ1bHY6ehX+0z6UW+dFyI=
Subject key identifier:   65:0A:4E:D5:A3:E9:37:C4:7A:83:69:CF:91:90:89:4D:A0:ED:2C:3A
Certificate issuer:       /CN=655aef3cef3d9afa027db33579f4a1fe8ad91c6f
Certificate serial:       019421444E85620B34AF9F0E8AFF8A47CC98
Authority key identifier: 65:5A:EF:3C:EF:3D:9A:FA:02:7D:B3:35:79:F4:A1:FE:8A:D9:1C:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZVrvPO89mvoCfbM1efSh_orZHG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/e2ee51-1523-436e-ac75-ef6bd26a0305/1/ZQpO1aPpN8R6g2nPkZCJTaDtLDo.roa
Signing time:             Wed 01 Jan 2025 09:48:32 +0000
ROA not before:           Wed 01 Jan 2025 09:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210021
IP address blocks:        185.100.22.0/24 maxlen: 24
                          185.100.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/e2ee51-1523-436e-ac75-ef6bd26a0305/1/ZVrvPO89mvoCfbM1efSh_orZHG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/e2ee51-1523-436e-ac75-ef6bd26a0305/1/ZVrvPO89mvoCfbM1efSh_orZHG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZVrvPO89mvoCfbM1efSh_orZHG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:4e:85:62:0b:34:af:9f:0e:8a:ff:8a:47:cc:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=655aef3cef3d9afa027db33579f4a1fe8ad91c6f
        Validity
            Not Before: Jan  1 09:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=650a4ed5a3e937c47a8369cf9190894da0ed2c3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:75:fd:7e:7c:f9:73:9c:91:df:2c:dc:a5:9d:
                    a2:d4:15:f2:34:48:b3:9a:b6:e2:65:c3:f2:93:cd:
                    c7:1b:f1:50:e3:46:e5:e6:1a:e4:4f:51:77:73:2b:
                    f8:70:07:d2:fd:61:78:9d:7a:f9:37:52:a9:47:9e:
                    9b:f2:3c:bb:5e:74:ed:ef:88:e3:48:b4:a8:6b:62:
                    4e:b4:49:43:51:df:a4:e7:48:48:67:81:76:55:b3:
                    5a:6c:c5:54:bd:22:09:56:29:19:89:90:91:b2:41:
                    86:fd:ee:bd:56:54:c8:37:e6:22:9f:f2:e4:91:11:
                    d5:d2:70:86:b6:19:fa:59:d3:c7:a2:46:a6:43:0a:
                    c5:f1:f9:63:54:af:0c:34:a5:82:0b:e4:d0:bd:dc:
                    5c:e3:b1:02:40:f0:7f:32:b2:1a:74:88:57:5b:cd:
                    92:60:42:68:75:30:48:09:08:1e:61:00:d4:ce:9c:
                    dd:4b:fb:ed:c4:1a:c8:ae:c0:83:9c:e9:13:5a:15:
                    a9:5b:e5:c0:52:ab:7e:a9:79:6c:c0:f5:d7:14:25:
                    f1:12:97:d8:cc:fc:ea:c1:65:2c:4b:64:44:69:e4:
                    9d:45:57:f1:ee:17:5d:32:87:a0:f5:6d:55:22:64:
                    9e:c4:41:c7:e3:7a:47:39:64:56:19:d2:af:b1:0d:
                    80:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:0A:4E:D5:A3:E9:37:C4:7A:83:69:CF:91:90:89:4D:A0:ED:2C:3A
            X509v3 Authority Key Identifier:
                keyid:65:5A:EF:3C:EF:3D:9A:FA:02:7D:B3:35:79:F4:A1:FE:8A:D9:1C:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZVrvPO89mvoCfbM1efSh_orZHG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/e2ee51-1523-436e-ac75-ef6bd26a0305/1/ZQpO1aPpN8R6g2nPkZCJTaDtLDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/e2ee51-1523-436e-ac75-ef6bd26a0305/1/ZVrvPO89mvoCfbM1efSh_orZHG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:57:44:18:7b:6b:f3:34:21:e0:d3:cd:c7:d1:63:ca:bf:51:
         e9:35:00:d0:e5:35:22:05:74:56:ac:f5:96:ca:83:38:e9:8b:
         f1:8e:0c:6b:70:f8:a0:69:07:6b:42:73:83:c6:0f:24:d7:f3:
         24:43:51:87:e6:b6:4c:4b:b9:21:11:04:62:de:37:ad:ce:d1:
         70:18:ac:ba:1d:f1:a9:15:77:7f:16:63:05:73:68:31:db:a5:
         d4:d4:63:eb:4e:5d:5f:a1:61:5c:a0:8c:7b:b3:b9:a5:d2:a2:
         5c:df:0b:b7:c5:6b:81:98:c2:b3:17:71:53:17:2a:d4:c3:41:
         4a:d6:44:d0:2a:78:2c:47:0c:e4:63:4d:59:4b:49:70:35:2f:
         ea:22:10:a8:06:60:c6:64:7d:01:de:2f:11:97:36:2f:4f:2a:
         02:33:5d:c8:f2:43:e5:19:68:cb:dd:8e:b8:98:0c:ae:38:5e:
         db:98:8f:19:34:1f:d8:aa:d1:3b:63:64:6e:b0:e9:50:57:f6:
         ef:d1:82:2b:0e:c6:d1:d8:ec:e7:60:8e:35:cc:d0:68:c3:03:
         63:aa:0d:37:bc:6f:f8:7a:1d:60:ec:de:30:12:db:9a:38:f3:
         76:ca:ed:d5:7e:f7:02:90:fc:f1:02:67:f3:3d:fc:2c:be:27:
         1e:38:8b:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRE6FYgs0r58Oiv+KR8yYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NWFlZjNjZWYzZDlhZmEwMjdkYjMzNTc5ZjRhMWZlOGFk
OTFjNmYwHhcNMjUwMTAxMDk0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTBhNGVkNWEzZTkzN2M0N2E4MzY5Y2Y5MTkwODk0ZGEwZWQyYzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnX9fnz5c5yR3yzcpZ2i1BXyNEiz
mrbiZcPyk83HG/FQ40bl5hrkT1F3cyv4cAfS/WF4nXr5N1KpR56b8jy7XnTt74jj
SLSoa2JOtElDUd+k50hIZ4F2VbNabMVUvSIJVikZiZCRskGG/e69VlTIN+Yin/Lk
kRHV0nCGthn6WdPHokamQwrF8fljVK8MNKWCC+TQvdxc47ECQPB/MrIadIhXW82S
YEJodTBICQgeYQDUzpzdS/vtxBrIrsCDnOkTWhWpW+XAUqt+qXlswPXXFCXxEpfY
zPzqwWUsS2REaeSdRVfx7hddMoeg9W1VImSexEHH43pHOWRWGdKvsQ2AWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUKTtWj6TfEeoNpz5GQiU2g7Sw6MB8GA1UdIwQY
MBaAFGVa7zzvPZr6An2zNXn0of6K2RxvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlZydlBPODltdm9DZmJNMWVmU2hfb3JaSEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9lMmVlNTEtMTUyMy00MzZlLWFjNzUt
ZWY2YmQyNmEwMzA1LzEvWlFwTzFhUHBOOFI2ZzJuUGtaQ0pUYUR0TERvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9lMmVlNTEtMTUyMy00MzZlLWFjNzUtZWY2YmQyNmEwMzA1
LzEvWlZydlBPODltdm9DZmJNMWVmU2hfb3JaSEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuWQWMA0G
CSqGSIb3DQEBCwUAA4IBAQBFV0QYe2vzNCHg083H0WPKv1HpNQDQ5TUiBXRWrPWW
yoM46YvxjgxrcPigaQdrQnODxg8k1/MkQ1GH5rZMS7khEQRi3jetztFwGKy6HfGp
FXd/FmMFc2gx26XU1GPrTl1foWFcoIx7s7ml0qJc3wu3xWuBmMKzF3FTFyrUw0FK
1kTQKngsRwzkY01ZS0lwNS/qIhCoBmDGZH0B3i8RlzYvTyoCM13I8kPlGWjL3Y64
mAyuOF7bmI8ZNB/YqtE7Y2RusOlQV/bv0YIrDsbR2OznYI41zNBowwNjqg03vG/4
eh1g7N4wEtuaOPN2yu3VfvcCkPzxAmfzPfwsviceOIuk
-----END CERTIFICATE-----