Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/ZthEX-bem71wxx1bLgVPG5w9ZTc.roa
File:                     ZthEX-bem71wxx1bLgVPG5w9ZTc.roa (raw, json)
Hash identifier:          T1Z1de8P32daOdZ6/2GmlJdKCTcAVlmu6uwlpR9ZYC8=
Subject key identifier:   66:D8:44:5F:E6:DE:9B:BD:70:C7:1D:5B:2E:05:4F:1B:9C:3D:65:37
Certificate issuer:       /CN=317b8147503ea19f581ca00d28dbee5e58cb8f48
Certificate serial:       019422FBC70A5ACC1938A5D2804EE3399682
Authority key identifier: 31:7B:81:47:50:3E:A1:9F:58:1C:A0:0D:28:DB:EE:5E:58:CB:8F:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MXuBR1A-oZ9YHKANKNvuXljLj0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/ZthEX-bem71wxx1bLgVPG5w9ZTc.roa
Signing time:             Wed 01 Jan 2025 17:48:33 +0000
ROA not before:           Wed 01 Jan 2025 17:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58160
IP address blocks:        185.93.212.0/23 maxlen: 23
                          2a00:d900::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/MXuBR1A-oZ9YHKANKNvuXljLj0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/MXuBR1A-oZ9YHKANKNvuXljLj0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MXuBR1A-oZ9YHKANKNvuXljLj0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:c7:0a:5a:cc:19:38:a5:d2:80:4e:e3:39:96:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=317b8147503ea19f581ca00d28dbee5e58cb8f48
        Validity
            Not Before: Jan  1 17:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66d8445fe6de9bbd70c71d5b2e054f1b9c3d6537
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b6:d4:cd:6b:b5:f7:b2:25:4e:e0:18:31:ad:
                    47:39:68:0c:95:0e:0d:96:25:59:c6:42:15:aa:c6:
                    19:f5:90:fe:79:fb:2e:47:bc:80:b3:8c:7a:c5:c1:
                    e8:4b:bf:5b:9b:67:f8:fb:6f:ac:42:95:ee:32:c9:
                    cd:0e:19:d4:a4:e3:34:16:84:1e:59:1e:e5:d7:17:
                    a9:40:ef:83:da:b1:3a:61:e5:fc:a5:f2:6a:38:da:
                    28:06:c8:88:5c:4c:11:ef:b8:7e:89:91:39:54:2e:
                    7d:fc:9c:68:2a:2c:c6:00:ab:e8:61:6c:7a:c8:f1:
                    6b:87:9a:73:da:72:f0:36:0b:a4:68:76:fd:74:d0:
                    df:32:60:75:a5:a4:ec:c8:de:1e:89:24:15:0f:07:
                    16:89:e9:22:b5:0f:f8:3a:da:28:43:df:21:b3:ae:
                    b4:19:5f:66:1a:d1:28:70:16:63:53:89:68:c3:23:
                    fe:60:4d:4f:cb:7d:fc:29:3e:10:60:fc:c8:cf:b6:
                    dd:5e:03:4a:5d:a8:3f:0d:a2:20:e2:59:85:0a:e0:
                    be:7f:92:ff:81:11:4a:2f:9f:dc:dc:18:49:28:29:
                    a9:93:46:25:76:a1:fe:e6:aa:4c:32:4a:f4:5b:09:
                    97:07:60:42:2a:ec:fe:20:a2:9d:6d:87:5c:cb:9d:
                    b3:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:D8:44:5F:E6:DE:9B:BD:70:C7:1D:5B:2E:05:4F:1B:9C:3D:65:37
            X509v3 Authority Key Identifier:
                keyid:31:7B:81:47:50:3E:A1:9F:58:1C:A0:0D:28:DB:EE:5E:58:CB:8F:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MXuBR1A-oZ9YHKANKNvuXljLj0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/ZthEX-bem71wxx1bLgVPG5w9ZTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/MXuBR1A-oZ9YHKANKNvuXljLj0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.212.0/23
                IPv6:
                  2a00:d900::/32

    Signature Algorithm: sha256WithRSAEncryption
         cc:03:3f:82:b8:13:83:ac:07:c4:29:3a:c1:41:e5:d7:10:3e:
         a2:85:f1:11:10:66:6b:72:78:20:69:3a:b2:21:c7:8b:cd:f7:
         de:49:38:4e:4d:cd:ea:80:7d:2f:f6:5c:8d:77:37:d3:7e:18:
         62:56:59:5b:07:0e:be:c2:8c:f5:cd:79:b0:9e:4d:4a:a7:ba:
         a2:d4:e7:1c:1c:57:3c:1a:0b:d7:bb:e6:74:2b:d9:a0:9c:f1:
         e6:c4:0e:c9:a6:37:11:28:31:8d:34:d5:41:84:19:98:0b:8f:
         90:2e:e2:45:bc:46:17:ca:09:f5:72:16:bb:62:8d:81:7d:25:
         20:38:9b:1d:d5:b8:85:37:bc:26:ab:46:19:7c:5b:9a:63:f9:
         d7:bf:34:7d:4a:32:b4:47:0b:33:a4:d3:54:43:9a:14:b5:d7:
         7f:d6:a5:e0:10:24:3a:49:6a:84:78:40:ae:48:a4:01:de:8c:
         64:fb:e9:5d:07:68:3a:1d:50:46:cf:63:da:9c:05:63:13:e8:
         d8:ef:2e:dd:40:11:80:f1:96:93:87:a9:04:f4:8a:52:57:0b:
         7f:68:b2:b0:3f:42:21:44:74:35:1a:05:a8:87:26:77:f8:d2:
         21:35:cd:a9:84:7a:43:05:34:8c:c0:c5:63:71:5a:f9:95:48:
         cd:35:ff:6c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQi+8cKWswZOKXSgE7jOZaCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxN2I4MTQ3NTAzZWExOWY1ODFjYTAwZDI4ZGJlZTVlNThj
YjhmNDgwHhcNMjUwMTAxMTc0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmQ4NDQ1ZmU2ZGU5YmJkNzBjNzFkNWIyZTA1NGYxYjljM2Q2NTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLbUzWu197IlTuAYMa1HOWgMlQ4N
liVZxkIVqsYZ9ZD+efsuR7yAs4x6xcHoS79bm2f4+2+sQpXuMsnNDhnUpOM0FoQe
WR7l1xepQO+D2rE6YeX8pfJqONooBsiIXEwR77h+iZE5VC59/JxoKizGAKvoYWx6
yPFrh5pz2nLwNgukaHb9dNDfMmB1paTsyN4eiSQVDwcWiekitQ/4OtooQ98hs660
GV9mGtEocBZjU4lowyP+YE1Py338KT4QYPzIz7bdXgNKXag/DaIg4lmFCuC+f5L/
gRFKL5/c3BhJKCmpk0YldqH+5qpMMkr0WwmXB2BCKuz+IKKdbYdcy52ziwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGbYRF/m3pu9cMcdWy4FTxucPWU3MB8GA1UdIwQY
MBaAFDF7gUdQPqGfWBygDSjb7l5Yy49IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVh1QlIxQS1vWjlZSEtBTktOdnVYbGpMajBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8yZTRlNTQtMDU0OC00ZDBjLTkzZjEt
NzU0NjFhYmJiNWE0LzEvWnRoRVgtYmVtNzF3eHgxYkxnVlBHNXc5WlRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8yZTRlNTQtMDU0OC00ZDBjLTkzZjEtNzU0NjFhYmJiNWE0
LzEvTVh1QlIxQS1vWjlZSEtBTktOdnVYbGpMajBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuV3UMA0E
AgACMAcDBQAqANkAMA0GCSqGSIb3DQEBCwUAA4IBAQDMAz+CuBODrAfEKTrBQeXX
ED6ihfEREGZrcnggaTqyIceLzffeSThOTc3qgH0v9lyNdzfTfhhiVllbBw6+woz1
zXmwnk1Kp7qi1OccHFc8GgvXu+Z0K9mgnPHmxA7JpjcRKDGNNNVBhBmYC4+QLuJF
vEYXygn1cha7Yo2BfSUgOJsd1biFN7wmq0YZfFuaY/nXvzR9SjK0RwszpNNUQ5oU
tdd/1qXgECQ6SWqEeECuSKQB3oxk++ldB2g6HVBGz2PanAVjE+jY7y7dQBGA8ZaT
h6kE9IpSVwt/aLKwP0IhRHQ1GgWohyZ3+NIhNc2phHpDBTSMwMVjcVr5lUjNNf9s
-----END CERTIFICATE-----