Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/zXLcc16Hl_V98UU7l_AMl_ZR3t0.roa
File:                     zXLcc16Hl_V98UU7l_AMl_ZR3t0.roa (raw, json)
Hash identifier:          zI4peklfsSU0BwGnCgTYFkA1twl5bd7IR0aRBdIFj54=
Subject key identifier:   CD:72:DC:73:5E:87:97:F5:7D:F1:45:3B:97:F0:0C:97:F6:51:DE:DD
Certificate issuer:       /CN=060c9ec5d40586ed3255f0fc4fcb3157714dda15
Certificate serial:       0194A95F0E2775907289E4FCD62DE8E5D48C
Authority key identifier: 06:0C:9E:C5:D4:05:86:ED:32:55:F0:FC:4F:CB:31:57:71:4D:DA:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BgyexdQFhu0yVfD8T8sxV3FN2hU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/zXLcc16Hl_V98UU7l_AMl_ZR3t0.roa
Signing time:             Mon 27 Jan 2025 20:06:06 +0000
ROA not before:           Mon 27 Jan 2025 20:06:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208570
IP address blocks:        195.69.228.0/22 maxlen: 22
                          195.69.228.0/24 maxlen: 24
                          195.69.229.0/24 maxlen: 24
                          195.69.230.0/24 maxlen: 24
                          195.69.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/BgyexdQFhu0yVfD8T8sxV3FN2hU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/BgyexdQFhu0yVfD8T8sxV3FN2hU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BgyexdQFhu0yVfD8T8sxV3FN2hU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 12:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a9:5f:0e:27:75:90:72:89:e4:fc:d6:2d:e8:e5:d4:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=060c9ec5d40586ed3255f0fc4fcb3157714dda15
        Validity
            Not Before: Jan 27 20:06:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd72dc735e8797f57df1453b97f00c97f651dedd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:8b:1a:65:a8:13:84:6a:e3:aa:c0:9e:ff:6f:
                    d7:77:a2:a3:9b:ca:52:c0:d7:14:b3:6b:21:7f:92:
                    6d:12:9c:f0:48:82:06:fb:b4:dd:ac:45:cc:b1:0b:
                    9a:82:c9:8f:d9:1c:14:1e:64:c0:9c:fd:dd:30:1d:
                    85:53:a3:5b:1a:40:29:50:e9:af:8e:b3:d3:a3:0d:
                    25:1d:c6:4c:68:20:2f:2e:9e:7c:2b:48:a1:ea:d8:
                    6f:b8:34:17:04:d9:79:67:26:61:96:4a:8e:96:e6:
                    f7:8d:1d:27:31:d4:88:ec:a0:13:41:f8:8b:90:56:
                    f2:bd:17:81:53:58:64:d3:d3:2f:c5:74:af:9c:72:
                    ff:d7:71:a5:7c:9f:c9:9a:b0:08:26:70:5c:c0:61:
                    b9:e4:e4:71:11:28:2c:03:1d:14:d9:0d:13:4a:de:
                    ae:0f:8e:4d:f2:43:e0:84:ad:58:83:0a:54:6f:bd:
                    c1:b6:61:f7:be:f0:d4:2d:ed:91:74:21:0d:70:de:
                    b9:a4:ce:be:03:65:71:3b:ae:4c:fe:f9:f4:e4:c7:
                    35:60:f0:2b:23:fd:de:e2:c5:fa:23:56:45:af:9d:
                    69:07:c5:f3:57:9d:7c:7a:cf:a8:22:fb:50:54:a4:
                    a3:48:cd:80:b2:9d:96:c1:85:fa:d3:9d:9c:fe:2a:
                    37:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:72:DC:73:5E:87:97:F5:7D:F1:45:3B:97:F0:0C:97:F6:51:DE:DD
            X509v3 Authority Key Identifier:
                keyid:06:0C:9E:C5:D4:05:86:ED:32:55:F0:FC:4F:CB:31:57:71:4D:DA:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BgyexdQFhu0yVfD8T8sxV3FN2hU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/zXLcc16Hl_V98UU7l_AMl_ZR3t0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/BgyexdQFhu0yVfD8T8sxV3FN2hU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.69.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:2b:85:2b:be:93:0b:d4:1b:ed:9c:14:c7:b0:13:28:ae:db:
         2e:64:f7:a2:4a:a0:5e:79:ec:b2:8e:b8:9d:39:73:2d:e0:de:
         f9:39:a1:6f:e0:0e:32:8e:86:cf:15:77:79:c0:ad:85:7c:78:
         f2:9b:69:c6:e9:84:58:ca:45:bd:92:cf:01:15:d0:77:20:a3:
         98:6c:f0:2c:9b:b5:0d:3b:25:73:d5:c5:0c:06:18:84:d3:89:
         94:fc:69:5b:79:a3:ef:92:06:95:11:76:68:28:c8:83:f5:c7:
         f2:59:f2:8c:d0:73:93:66:e6:db:54:fa:9d:1c:e8:e8:79:74:
         89:f9:48:a2:29:da:36:df:9e:83:71:3c:43:c8:81:2e:4a:9b:
         5c:36:24:80:69:c8:86:07:93:92:67:b0:f7:0f:fb:ba:bd:69:
         0c:bc:13:ae:18:f7:3c:05:07:72:a8:22:78:0e:cb:4c:08:a3:
         c9:c4:de:76:7e:61:1a:7b:ae:d5:37:70:75:cf:e0:d1:ef:7d:
         64:ce:77:cf:87:32:1d:c3:ac:30:b4:65:ed:2c:bb:36:0c:c6:
         6b:b6:b5:32:02:de:b5:f6:58:a3:6b:cc:2a:2d:f3:a7:de:75:
         dc:45:42:ca:46:5b:bd:4c:99:c7:0b:d6:2a:4e:b2:1d:14:19:
         e6:15:98:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSpXw4ndZByieT81i3o5dSMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MGM5ZWM1ZDQwNTg2ZWQzMjU1ZjBmYzRmY2IzMTU3NzE0
ZGRhMTUwHhcNMjUwMTI3MjAwNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDcyZGM3MzVlODc5N2Y1N2RmMTQ1M2I5N2YwMGM5N2Y2NTFkZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuosaZagThGrjqsCe/2/Xd6Kjm8pS
wNcUs2shf5JtEpzwSIIG+7TdrEXMsQuagsmP2RwUHmTAnP3dMB2FU6NbGkApUOmv
jrPTow0lHcZMaCAvLp58K0ih6thvuDQXBNl5ZyZhlkqOlub3jR0nMdSI7KATQfiL
kFbyvReBU1hk09MvxXSvnHL/13GlfJ/JmrAIJnBcwGG55ORxESgsAx0U2Q0TSt6u
D45N8kPghK1YgwpUb73BtmH3vvDULe2RdCENcN65pM6+A2VxO65M/vn05Mc1YPAr
I/3e4sX6I1ZFr51pB8XzV518es+oIvtQVKSjSM2Asp2WwYX6052c/io3VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM1y3HNeh5f1ffFFO5fwDJf2Ud7dMB8GA1UdIwQY
MBaAFAYMnsXUBYbtMlXw/E/LMVdxTdoVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmd5ZXhkUUZodTB5VmZEOFQ4c3hWM0ZOMmhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9hZTNhM2UtMmMwYy00MDVlLWJjZDct
OWUwYTUxM2RlZWYyLzEvelhMY2MxNkhsX1Y5OFVVN2xfQU1sX1pSM3QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9hZTNhM2UtMmMwYy00MDVlLWJjZDctOWUwYTUxM2RlZWYy
LzEvQmd5ZXhkUUZodTB5VmZEOFQ4c3hWM0ZOMmhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw0XkMA0G
CSqGSIb3DQEBCwUAA4IBAQAOK4UrvpML1BvtnBTHsBMortsuZPeiSqBeeeyyjrid
OXMt4N75OaFv4A4yjobPFXd5wK2FfHjym2nG6YRYykW9ks8BFdB3IKOYbPAsm7UN
OyVz1cUMBhiE04mU/GlbeaPvkgaVEXZoKMiD9cfyWfKM0HOTZubbVPqdHOjoeXSJ
+UiiKdo2356DcTxDyIEuSptcNiSAaciGB5OSZ7D3D/u6vWkMvBOuGPc8BQdyqCJ4
DstMCKPJxN52fmEae67VN3B1z+DR731kznfPhzIdw6wwtGXtLLs2DMZrtrUyAt61
9lija8wqLfOn3nXcRULKRlu9TJnHC9YqTrIdFBnmFZiS
-----END CERTIFICATE-----