Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/2fb473-8e6b-4f0d-ad30-d4934493a679/1/zmcBckUxuKaBoSS2-IE8qAAieFk.roa
File:                     zmcBckUxuKaBoSS2-IE8qAAieFk.roa (raw, json)
Hash identifier:          zuTF25+EetsvafVF215FiE6HAdQFZXfOVRgob3VxMdY=
Subject key identifier:   CE:67:01:72:45:31:B8:A6:81:A1:24:B6:F8:81:3C:A8:00:22:78:59
Certificate issuer:       /CN=31b0f64c69d330b66ebcd03a9bf0fdc19f3147d8
Certificate serial:       0195EC9913435D1C7E76D59DF0346AFE3217
Authority key identifier: 31:B0:F6:4C:69:D3:30:B6:6E:BC:D0:3A:9B:F0:FD:C1:9F:31:47:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MbD2TGnTMLZuvNA6m_D9wZ8xR9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/2fb473-8e6b-4f0d-ad30-d4934493a679/1/zmcBckUxuKaBoSS2-IE8qAAieFk.roa
Signing time:             Mon 31 Mar 2025 14:26:49 +0000
ROA not before:           Mon 31 Mar 2025 14:26:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47217
IP address blocks:        5.100.233.0/24 maxlen: 24
                          94.142.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/2fb473-8e6b-4f0d-ad30-d4934493a679/1/MbD2TGnTMLZuvNA6m_D9wZ8xR9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/2fb473-8e6b-4f0d-ad30-d4934493a679/1/MbD2TGnTMLZuvNA6m_D9wZ8xR9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MbD2TGnTMLZuvNA6m_D9wZ8xR9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ec:99:13:43:5d:1c:7e:76:d5:9d:f0:34:6a:fe:32:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31b0f64c69d330b66ebcd03a9bf0fdc19f3147d8
        Validity
            Not Before: Mar 31 14:26:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce6701724531b8a681a124b6f8813ca800227859
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:1f:9c:fb:8b:f4:3d:e3:f6:07:eb:87:81:2d:
                    a7:75:e9:f4:75:a3:8b:a7:c4:d5:02:0e:95:47:11:
                    f5:49:3b:e9:8b:ce:08:f3:cd:7a:80:4b:d5:03:3c:
                    ed:7f:3d:f6:d5:16:fe:e7:fa:bd:97:53:d7:f2:02:
                    57:86:65:be:84:03:89:77:fe:57:d3:27:33:80:a3:
                    85:48:a0:3e:69:31:59:c2:29:a8:16:4a:79:97:0c:
                    85:8f:21:20:3f:94:06:db:b3:82:ed:79:31:6f:df:
                    ed:52:4a:b7:9d:c1:69:a4:1b:1b:5e:a8:05:96:95:
                    e6:de:6e:0f:f6:7c:f7:26:f6:e8:5c:ba:75:24:13:
                    ed:0c:52:15:5c:50:40:9c:e5:44:9d:74:6c:29:b1:
                    4e:40:2e:f2:94:3b:1a:5d:4b:3b:a6:fb:b3:7a:dc:
                    ff:8f:ec:37:95:4c:01:d5:77:6d:32:8b:a7:11:70:
                    00:1d:95:e4:42:6d:9b:b4:ea:84:67:e5:bb:5f:e4:
                    40:dd:50:a3:25:0e:be:fe:d0:58:ff:ee:c2:b4:f1:
                    9a:f1:47:fc:70:a1:a1:93:1d:38:d4:c2:47:dd:03:
                    da:58:18:ca:1a:b3:5f:36:e0:98:30:6e:98:15:36:
                    6b:44:65:31:e5:91:5c:7f:3a:cb:04:19:81:76:bf:
                    fb:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:67:01:72:45:31:B8:A6:81:A1:24:B6:F8:81:3C:A8:00:22:78:59
            X509v3 Authority Key Identifier:
                keyid:31:B0:F6:4C:69:D3:30:B6:6E:BC:D0:3A:9B:F0:FD:C1:9F:31:47:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MbD2TGnTMLZuvNA6m_D9wZ8xR9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/2fb473-8e6b-4f0d-ad30-d4934493a679/1/zmcBckUxuKaBoSS2-IE8qAAieFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/2fb473-8e6b-4f0d-ad30-d4934493a679/1/MbD2TGnTMLZuvNA6m_D9wZ8xR9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.100.233.0/24
                  94.142.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:6e:4c:b7:0e:9e:99:5b:6a:ec:34:d8:81:17:88:e6:14:90:
         4e:9a:1b:36:76:1b:b1:33:71:bf:24:8a:61:20:07:f3:26:cb:
         99:33:d8:0a:7e:75:f2:41:4d:65:7c:27:6c:81:97:c3:c5:bf:
         fd:dc:38:b5:a2:d0:7e:ee:6c:d2:5d:3a:21:c1:13:24:33:4e:
         2b:8c:07:2e:ba:e6:20:b5:31:bb:4e:3d:d1:83:3d:dc:25:bd:
         c9:56:14:00:52:2d:1b:02:1c:41:dc:c2:f6:cc:06:af:03:d1:
         1f:00:35:04:ef:d4:ab:f4:66:5b:64:26:f7:89:b0:b1:c1:64:
         fc:55:2d:39:38:da:30:0c:a3:2b:f3:08:f7:3f:fc:0b:60:e3:
         cd:23:7e:28:be:30:5e:d6:84:8e:6a:2d:29:18:73:38:34:7f:
         53:c2:01:0e:35:1f:3d:c3:33:97:15:af:c2:71:17:83:d7:f9:
         ff:e7:9d:4c:c3:4a:e5:76:47:ed:33:0e:3e:1c:25:41:c2:e4:
         0f:40:f5:c4:0d:79:28:1a:71:45:6c:ef:70:a2:52:e1:1f:66:
         2e:09:85:32:bc:d6:19:cb:1c:2d:d5:f6:4c:4d:82:e8:ee:ca:
         1b:19:ad:44:ab:0d:8c:51:27:d9:63:f2:57:e2:10:31:04:c2:
         ea:7a:f5:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZXsmRNDXRx+dtWd8DRq/jIXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYjBmNjRjNjlkMzMwYjY2ZWJjZDAzYTliZjBmZGMxOWYz
MTQ3ZDgwHhcNMjUwMzMxMTQyNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTY3MDE3MjQ1MzFiOGE2ODFhMTI0YjZmODgxM2NhODAwMjI3ODU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiB+c+4v0PeP2B+uHgS2nden0daOL
p8TVAg6VRxH1STvpi84I8816gEvVAzztfz321Rb+5/q9l1PX8gJXhmW+hAOJd/5X
0yczgKOFSKA+aTFZwimoFkp5lwyFjyEgP5QG27OC7Xkxb9/tUkq3ncFppBsbXqgF
lpXm3m4P9nz3JvboXLp1JBPtDFIVXFBAnOVEnXRsKbFOQC7ylDsaXUs7pvuzetz/
j+w3lUwB1XdtMounEXAAHZXkQm2btOqEZ+W7X+RA3VCjJQ6+/tBY/+7CtPGa8Uf8
cKGhkx041MJH3QPaWBjKGrNfNuCYMG6YFTZrRGUx5ZFcfzrLBBmBdr/77QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM5nAXJFMbimgaEktviBPKgAInhZMB8GA1UdIwQY
MBaAFDGw9kxp0zC2brzQOpvw/cGfMUfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWJEMlRHblRNTFp1dk5BNm1fRDl3Wjh4UjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8yZmI0NzMtOGU2Yi00ZjBkLWFkMzAt
ZDQ5MzQ0OTNhNjc5LzEvem1jQmNrVXh1S2FCb1NTMi1JRThxQUFpZUZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8yZmI0NzMtOGU2Yi00ZjBkLWFkMzAtZDQ5MzQ0OTNhNjc5
LzEvTWJEMlRHblRNTFp1dk5BNm1fRDl3Wjh4UjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABWTpAwQA
Xo6VMA0GCSqGSIb3DQEBCwUAA4IBAQBibky3Dp6ZW2rsNNiBF4jmFJBOmhs2dhux
M3G/JIphIAfzJsuZM9gKfnXyQU1lfCdsgZfDxb/93Di1otB+7mzSXTohwRMkM04r
jAcuuuYgtTG7Tj3Rgz3cJb3JVhQAUi0bAhxB3ML2zAavA9EfADUE79Sr9GZbZCb3
ibCxwWT8VS05ONowDKMr8wj3P/wLYOPNI34ovjBe1oSOai0pGHM4NH9TwgEONR89
wzOXFa/CcReD1/n/551Mw0rldkftMw4+HCVBwuQPQPXEDXkoGnFFbO9wolLhH2Yu
CYUyvNYZyxwt1fZMTYLo7sobGa1Eqw2MUSfZY/JX4hAxBMLqevWp
-----END CERTIFICATE-----