Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/48898b-f9b4-45b4-993f-e8a1dc8e3ffc/1/znM5PqUezkFDKWgZEHXhAygqSEg.roa
File:                     znM5PqUezkFDKWgZEHXhAygqSEg.roa (raw, json)
Hash identifier:          rSr63BYEqjq/FlyGA7frAkMF1kFl0699EpH0gvi204o=
Subject key identifier:   CE:73:39:3E:A5:1E:CE:41:43:29:68:19:10:75:E1:03:28:2A:48:48
Certificate issuer:       /CN=597582bc3f0badb661a69fb9a483b37ec905827e
Certificate serial:       019427B522033EE948691907C110D47E4C13
Authority key identifier: 59:75:82:BC:3F:0B:AD:B6:61:A6:9F:B9:A4:83:B3:7E:C9:05:82:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXWCvD8LrbZhpp-5pIOzfskFgn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/48898b-f9b4-45b4-993f-e8a1dc8e3ffc/1/znM5PqUezkFDKWgZEHXhAygqSEg.roa
Signing time:             Thu 02 Jan 2025 15:49:29 +0000
ROA not before:           Thu 02 Jan 2025 15:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62244
IP address blocks:        185.43.96.0/22 maxlen: 22
                          2a01:65e0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/48898b-f9b4-45b4-993f-e8a1dc8e3ffc/1/WXWCvD8LrbZhpp-5pIOzfskFgn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/48898b-f9b4-45b4-993f-e8a1dc8e3ffc/1/WXWCvD8LrbZhpp-5pIOzfskFgn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXWCvD8LrbZhpp-5pIOzfskFgn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 15:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:22:03:3e:e9:48:69:19:07:c1:10:d4:7e:4c:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=597582bc3f0badb661a69fb9a483b37ec905827e
        Validity
            Not Before: Jan  2 15:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce73393ea51ece41432968191075e103282a4848
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:d4:e1:55:94:26:97:01:90:38:f7:2e:68:5f:
                    35:ab:80:ab:02:0f:49:8d:14:ef:98:fb:4e:bd:9e:
                    b3:33:a4:89:65:55:93:74:5a:bb:dc:12:48:60:ac:
                    79:7d:56:22:66:3b:8e:3e:a7:af:6e:04:88:f4:c6:
                    4b:3f:ae:5d:73:fe:d2:15:0f:81:fc:70:15:0c:41:
                    94:59:9c:10:e9:9c:0a:83:33:b4:92:44:38:7e:05:
                    1f:5f:4f:b2:10:e5:80:75:c2:e8:78:92:b8:62:d3:
                    97:b4:eb:47:12:4c:ed:5f:20:dc:cc:d3:38:9c:79:
                    e8:fc:93:80:15:52:83:bd:32:2e:e1:f4:11:93:d3:
                    f6:2c:e3:cc:fe:fd:9f:cd:2e:55:54:a5:8e:ed:6e:
                    ab:1e:04:34:7a:fe:a0:80:36:ab:73:4f:6f:0a:e0:
                    c4:1d:72:6b:f1:72:6b:46:37:ad:fa:d8:83:45:a2:
                    f0:50:5d:f5:85:b2:ec:66:3b:f7:ae:f6:b9:78:24:
                    46:ae:a8:8f:70:44:a0:70:36:35:5e:83:f6:d6:d3:
                    ad:f9:46:53:83:cb:57:83:ff:b2:9c:6c:de:c6:6e:
                    d0:c1:5b:0a:cd:36:de:4d:86:23:5e:41:bf:8c:42:
                    22:ae:9e:10:25:b4:27:55:a4:de:f6:f8:51:bb:1d:
                    c8:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:73:39:3E:A5:1E:CE:41:43:29:68:19:10:75:E1:03:28:2A:48:48
            X509v3 Authority Key Identifier:
                keyid:59:75:82:BC:3F:0B:AD:B6:61:A6:9F:B9:A4:83:B3:7E:C9:05:82:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXWCvD8LrbZhpp-5pIOzfskFgn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/48898b-f9b4-45b4-993f-e8a1dc8e3ffc/1/znM5PqUezkFDKWgZEHXhAygqSEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/48898b-f9b4-45b4-993f-e8a1dc8e3ffc/1/WXWCvD8LrbZhpp-5pIOzfskFgn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.96.0/22
                IPv6:
                  2a01:65e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:9f:10:90:bb:86:33:3c:be:36:92:2b:a6:00:49:fb:4f:55:
         1a:1c:8e:3b:70:44:7d:17:6c:17:4c:bd:50:b7:77:d7:5e:5a:
         27:60:d8:4d:c5:32:ac:49:ad:0a:69:f2:bd:1e:01:30:59:c4:
         00:a8:c5:12:a6:38:22:be:9e:30:81:af:8a:08:af:c6:22:08:
         45:1e:15:b7:25:f0:26:a4:8c:71:97:24:88:68:9d:55:35:de:
         e6:e6:ee:f3:f3:f7:4b:da:e6:41:18:a4:22:c7:17:b4:d5:81:
         3c:5c:a4:f4:4b:48:93:66:6b:c0:fc:a4:7c:8d:a1:e8:38:fd:
         03:0c:4c:db:b7:63:96:17:6a:93:59:f4:5a:f9:01:f9:e4:86:
         82:a1:41:5d:53:cb:59:66:e1:88:d1:74:a0:c5:d3:a0:3b:94:
         1d:b5:5d:00:95:ae:0c:ae:64:e7:e3:10:12:3d:b4:52:f0:c9:
         c1:67:c9:ae:83:3f:c5:0a:a3:f6:2a:c5:bb:11:4e:61:66:7f:
         1a:4d:9f:da:ec:7e:54:f1:bc:a3:f5:b6:fb:37:7c:c9:d7:61:
         72:57:1a:70:95:fc:f5:91:8d:c5:86:1e:11:59:32:32:9c:a9:
         89:5e:37:22:4e:95:7b:f9:ef:4c:63:44:c1:2f:05:d8:da:f8:
         48:c1:10:bd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntSIDPulIaRkHwRDUfkwTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NzU4MmJjM2YwYmFkYjY2MWE2OWZiOWE0ODNiMzdlYzkw
NTgyN2UwHhcNMjUwMTAyMTU0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTczMzkzZWE1MWVjZTQxNDMyOTY4MTkxMDc1ZTEwMzI4MmE0ODQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8tThVZQmlwGQOPcuaF81q4CrAg9J
jRTvmPtOvZ6zM6SJZVWTdFq73BJIYKx5fVYiZjuOPqevbgSI9MZLP65dc/7SFQ+B
/HAVDEGUWZwQ6ZwKgzO0kkQ4fgUfX0+yEOWAdcLoeJK4YtOXtOtHEkztXyDczNM4
nHno/JOAFVKDvTIu4fQRk9P2LOPM/v2fzS5VVKWO7W6rHgQ0ev6ggDarc09vCuDE
HXJr8XJrRjet+tiDRaLwUF31hbLsZjv3rva5eCRGrqiPcESgcDY1XoP21tOt+UZT
g8tXg/+ynGzexm7QwVsKzTbeTYYjXkG/jEIirp4QJbQnVaTe9vhRux3IKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM5zOT6lHs5BQyloGRB14QMoKkhIMB8GA1UdIwQY
MBaAFFl1grw/C622YaafuaSDs37JBYJ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hXQ3ZEOExyYlpocHAtNXBJT3pmc2tGZ240LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC80ODg5OGItZjliNC00NWI0LTk5M2Yt
ZThhMWRjOGUzZmZjLzEvem5NNVBxVWV6a0ZES1dnWkVIWGhBeWdxU0VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC80ODg5OGItZjliNC00NWI0LTk5M2YtZThhMWRjOGUzZmZj
LzEvV1hXQ3ZEOExyYlpocHAtNXBJT3pmc2tGZ240LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuStgMA0E
AgACMAcDBQAqAWXgMA0GCSqGSIb3DQEBCwUAA4IBAQA9nxCQu4YzPL42kiumAEn7
T1UaHI47cER9F2wXTL1Qt3fXXlonYNhNxTKsSa0KafK9HgEwWcQAqMUSpjgivp4w
ga+KCK/GIghFHhW3JfAmpIxxlySIaJ1VNd7m5u7z8/dL2uZBGKQixxe01YE8XKT0
S0iTZmvA/KR8jaHoOP0DDEzbt2OWF2qTWfRa+QH55IaCoUFdU8tZZuGI0XSgxdOg
O5QdtV0Ala4MrmTn4xASPbRS8MnBZ8mugz/FCqP2KsW7EU5hZn8aTZ/a7H5U8byj
9bb7N3zJ12FyVxpwlfz1kY3Fhh4RWTIynKmJXjciTpV7+e9MY0TBLwXY2vhIwRC9
-----END CERTIFICATE-----