Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/zbIR0kzSnqsQppAEnVlytUjNxzs.roa
File:                     zbIR0kzSnqsQppAEnVlytUjNxzs.roa (raw, json)
Hash identifier:          A5R4DtRsqGNnQjc0WtD6M5DgyLoDVTlkGrAxxgOsLFU=
Subject key identifier:   CD:B2:11:D2:4C:D2:9E:AB:10:A6:90:04:9D:59:72:B5:48:CD:C7:3B
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       01942067FF4A5A49551645C480F0E4B241E2
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/zbIR0kzSnqsQppAEnVlytUjNxzs.roa
Signing time:             Wed 01 Jan 2025 05:47:54 +0000
ROA not before:           Wed 01 Jan 2025 05:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1015
IP address blocks:        193.57.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:ff:4a:5a:49:55:16:45:c4:80:f0:e4:b2:41:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  1 05:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cdb211d24cd29eab10a690049d5972b548cdc73b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e5:76:2e:d8:f5:9e:42:39:bb:5f:20:ed:33:
                    e9:a6:a3:2f:f4:e5:90:1b:f0:6d:07:b6:ec:70:84:
                    78:b1:b5:21:d4:dd:ff:6f:b7:d5:a4:0b:61:50:a7:
                    de:91:c7:7e:09:8b:49:38:2d:79:0b:84:0f:83:85:
                    d1:c9:5d:c1:b7:e1:7a:a1:17:f9:f1:a7:ae:4a:ff:
                    16:4f:d3:c9:32:ef:08:2e:fe:8c:9b:e5:6b:66:39:
                    ea:2e:53:e7:0b:8c:c9:c1:c6:32:45:b8:0c:f6:b1:
                    84:35:59:b9:85:f9:b0:d5:d9:43:ed:34:41:82:e0:
                    c8:78:ae:cd:8a:79:d1:f9:82:43:32:bb:9e:c4:4e:
                    2a:79:e8:1a:4a:f8:d1:4d:9f:9b:7c:71:05:42:d8:
                    de:12:8e:8d:87:bd:12:c1:c2:45:f1:a9:de:58:18:
                    8a:18:43:b4:5a:c4:24:35:f7:d9:3b:60:d6:84:1d:
                    d8:94:a3:68:2c:b6:db:99:36:36:07:e4:68:c9:55:
                    d3:f1:b8:63:ab:37:2b:b9:9d:0c:6d:6f:13:e1:f0:
                    db:f1:48:61:67:ac:c3:31:cf:3f:55:b0:9c:33:56:
                    37:7f:78:c5:d8:cb:75:b2:61:d9:ba:a1:d2:f6:46:
                    6f:a2:96:d7:d1:b0:50:dd:25:c5:cc:1d:6d:50:5a:
                    92:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:B2:11:D2:4C:D2:9E:AB:10:A6:90:04:9D:59:72:B5:48:CD:C7:3B
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/zbIR0kzSnqsQppAEnVlytUjNxzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:02:71:8d:f8:dc:5a:79:5d:c7:2f:e8:32:79:b7:d7:05:6f:
         eb:f5:ba:cc:a2:1d:aa:2f:a1:87:f5:5c:4e:8f:95:9a:3d:f9:
         66:db:f2:16:42:64:d6:1b:be:43:78:22:b5:b0:e0:eb:29:09:
         43:5a:04:6e:3f:d3:df:04:c9:f0:87:66:95:99:0f:93:a8:74:
         ec:71:5f:c9:17:0c:fc:95:de:0e:df:58:9c:80:28:ae:20:26:
         2d:c8:dc:f6:aa:38:7a:c4:b9:94:e6:30:38:8b:c1:9e:ff:4d:
         da:61:23:16:79:26:37:2a:e0:40:9f:1f:26:2b:2d:ce:32:e6:
         da:16:5c:2e:33:e3:52:2a:79:83:5c:14:0f:4e:d2:2d:1b:f0:
         b9:41:5c:d5:d8:34:6c:9c:fb:c2:55:81:e5:b5:57:1f:9d:e9:
         ba:8f:b5:5b:60:65:4f:7a:a2:1f:dd:2f:9e:33:87:93:ec:07:
         00:91:21:9e:e1:50:df:b0:2b:35:02:f5:f1:8e:9d:8d:ef:93:
         01:1e:26:15:3f:7f:69:c2:db:91:25:34:43:58:50:d1:c4:20:
         d5:86:3d:78:fa:42:a6:21:18:45:86:92:e4:ff:dc:a1:c2:f0:
         02:56:c5:57:db:b3:49:5c:e9:1d:3b:2a:39:76:01:59:cf:6d:
         a4:5b:2d:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ/9KWklVFkXEgPDkskHiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUwMTAxMDU0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGIyMTFkMjRjZDI5ZWFiMTBhNjkwMDQ5ZDU5NzJiNTQ4Y2RjNzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+V2Ltj1nkI5u18g7TPppqMv9OWQ
G/BtB7bscIR4sbUh1N3/b7fVpAthUKfekcd+CYtJOC15C4QPg4XRyV3Bt+F6oRf5
8aeuSv8WT9PJMu8ILv6Mm+VrZjnqLlPnC4zJwcYyRbgM9rGENVm5hfmw1dlD7TRB
guDIeK7NinnR+YJDMruexE4qeegaSvjRTZ+bfHEFQtjeEo6Nh70SwcJF8aneWBiK
GEO0WsQkNffZO2DWhB3YlKNoLLbbmTY2B+RoyVXT8bhjqzcruZ0MbW8T4fDb8Uhh
Z6zDMc8/VbCcM1Y3f3jF2Mt1smHZuqHS9kZvopbX0bBQ3SXFzB1tUFqSbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2yEdJM0p6rEKaQBJ1ZcrVIzcc7MB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvemJJUjBrelNucXNRcHBBRW5WbHl0VWpOeHpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTkIMA0G
CSqGSIb3DQEBCwUAA4IBAQBaAnGN+NxaeV3HL+gyebfXBW/r9brMoh2qL6GH9VxO
j5WaPflm2/IWQmTWG75DeCK1sODrKQlDWgRuP9PfBMnwh2aVmQ+TqHTscV/JFwz8
ld4O31icgCiuICYtyNz2qjh6xLmU5jA4i8Ge/03aYSMWeSY3KuBAnx8mKy3OMuba
FlwuM+NSKnmDXBQPTtItG/C5QVzV2DRsnPvCVYHltVcfnem6j7VbYGVPeqIf3S+e
M4eT7AcAkSGe4VDfsCs1AvXxjp2N75MBHiYVP39pwtuRJTRDWFDRxCDVhj14+kKm
IRhFhpLk/9yhwvACVsVX27NJXOkdOyo5dgFZz22kWy1i
-----END CERTIFICATE-----