Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/d5dc61-882b-4636-aff1-1fb3f817608f/1/CZZ5ipuaAOE-Yr5zJDMCRrkyVSA.roa
File:                     CZZ5ipuaAOE-Yr5zJDMCRrkyVSA.roa (raw, json)
Hash identifier:          iFc83ywiMJmrxS1NXOM6QWOY3OsVmvxahP4mNSEaMZM=
Subject key identifier:   09:96:79:8A:9B:9A:00:E1:3E:62:BE:73:24:33:02:46:B9:32:55:20
Certificate issuer:       /CN=bfad08ac862db6ae0bb0b880aec055edbcbb82fc
Certificate serial:       01941F8C8938C516EA6320C2CD8801D634A8
Authority key identifier: BF:AD:08:AC:86:2D:B6:AE:0B:B0:B8:80:AE:C0:55:ED:BC:BB:82:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v60IrIYttq4LsLiArsBV7by7gvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/d5dc61-882b-4636-aff1-1fb3f817608f/1/CZZ5ipuaAOE-Yr5zJDMCRrkyVSA.roa
Signing time:             Wed 01 Jan 2025 01:48:11 +0000
ROA not before:           Wed 01 Jan 2025 01:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204896
IP address blocks:        217.74.80.0/20 maxlen: 20
                          2a02:dd80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/d5dc61-882b-4636-aff1-1fb3f817608f/1/v60IrIYttq4LsLiArsBV7by7gvw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/d5dc61-882b-4636-aff1-1fb3f817608f/1/v60IrIYttq4LsLiArsBV7by7gvw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v60IrIYttq4LsLiArsBV7by7gvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 10:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:89:38:c5:16:ea:63:20:c2:cd:88:01:d6:34:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfad08ac862db6ae0bb0b880aec055edbcbb82fc
        Validity
            Not Before: Jan  1 01:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0996798a9b9a00e13e62be7324330246b9325520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:13:8f:f0:72:8e:16:24:e0:60:40:3e:c2:eb:
                    f8:4e:15:8d:a6:62:e6:d8:ca:01:03:c1:4c:fb:54:
                    7f:a2:3f:5a:af:de:df:e9:cb:84:7a:ec:45:57:2d:
                    cc:8b:a8:4e:f9:89:f9:ff:e7:49:07:98:9f:f3:e2:
                    1a:bf:9b:c6:d8:3f:32:27:b8:45:af:43:82:b7:df:
                    ac:eb:a7:92:7d:86:a5:fe:6f:1d:96:e2:55:24:49:
                    1b:a4:a5:70:09:47:48:2d:fb:81:78:04:09:fb:27:
                    27:1a:99:98:2e:5b:65:e6:12:00:f7:e0:fa:d6:90:
                    27:fd:26:22:37:ff:ec:85:09:e6:20:2f:5c:66:c5:
                    68:b6:18:f1:5f:c7:c0:c9:2a:3b:45:57:a3:90:9d:
                    bd:f0:93:c8:61:28:ec:46:73:5c:94:7f:b9:e7:3b:
                    35:b2:0c:f2:99:d2:5c:79:57:db:4a:be:fc:5f:93:
                    3e:c0:28:e1:e5:18:89:60:6c:ff:46:65:b5:3c:d9:
                    56:a7:4b:89:0b:09:13:b1:0b:37:6a:85:97:56:95:
                    66:54:fc:c0:02:38:5d:d0:55:9a:32:4d:1f:d8:8d:
                    8e:3d:d8:5d:fa:5c:79:48:8e:ba:d8:bf:82:c2:83:
                    84:77:6d:59:c4:e8:96:a4:05:44:60:42:c4:80:bd:
                    6c:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:96:79:8A:9B:9A:00:E1:3E:62:BE:73:24:33:02:46:B9:32:55:20
            X509v3 Authority Key Identifier:
                keyid:BF:AD:08:AC:86:2D:B6:AE:0B:B0:B8:80:AE:C0:55:ED:BC:BB:82:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v60IrIYttq4LsLiArsBV7by7gvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/d5dc61-882b-4636-aff1-1fb3f817608f/1/CZZ5ipuaAOE-Yr5zJDMCRrkyVSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/d5dc61-882b-4636-aff1-1fb3f817608f/1/v60IrIYttq4LsLiArsBV7by7gvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.74.80.0/20
                IPv6:
                  2a02:dd80::/29

    Signature Algorithm: sha256WithRSAEncryption
         b3:b5:ef:e5:c5:34:6c:dc:79:9e:38:d6:18:b4:42:6a:0b:21:
         10:b4:95:4c:ce:b6:a3:0e:ba:9f:df:e6:c1:e4:79:25:90:0d:
         aa:95:62:c5:61:92:d6:f8:69:1c:42:db:f5:4d:26:f0:63:2d:
         e7:2f:ee:ad:1e:3c:06:a0:00:a1:f3:6a:37:39:79:e6:df:a7:
         94:fa:cc:40:5c:71:7c:2b:2b:80:5f:a7:81:42:c6:60:ff:93:
         e6:7d:e3:4d:94:30:ab:db:18:6d:c8:0d:eb:8f:94:06:02:1b:
         71:4a:44:99:98:f2:30:77:8f:ee:ca:8f:f4:a8:3c:18:31:5d:
         c2:ba:5d:87:10:a9:b3:8e:4b:64:62:31:1e:3b:ca:e7:e3:ea:
         bd:2b:9f:34:ac:91:09:43:e3:13:53:cf:e0:ae:50:3b:6d:30:
         af:34:fc:05:8e:21:fd:3c:2c:e9:da:65:3b:04:86:b9:30:28:
         fe:60:3d:8e:3b:4b:c3:95:2c:52:ba:3f:01:9c:bc:52:67:2e:
         ef:5a:9f:ab:71:8b:3a:5a:10:0a:17:bb:03:f8:dc:95:29:ce:
         74:8c:d2:dd:04:3a:7a:f7:b4:db:4c:e2:c5:d2:61:35:0a:77:
         89:14:4a:49:53:8a:4b:e1:8b:fe:34:15:c3:9b:63:bc:c0:1a:
         76:22:06:5c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjIk4xRbqYyDCzYgB1jSoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYWQwOGFjODYyZGI2YWUwYmIwYjg4MGFlYzA1NWVkYmNi
YjgyZmMwHhcNMjUwMTAxMDE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTk2Nzk4YTliOWEwMGUxM2U2MmJlNzMyNDMzMDI0NmI5MzI1NTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqROP8HKOFiTgYEA+wuv4ThWNpmLm
2MoBA8FM+1R/oj9ar97f6cuEeuxFVy3Mi6hO+Yn5/+dJB5if8+Iav5vG2D8yJ7hF
r0OCt9+s66eSfYal/m8dluJVJEkbpKVwCUdILfuBeAQJ+ycnGpmYLltl5hIA9+D6
1pAn/SYiN//shQnmIC9cZsVothjxX8fAySo7RVejkJ298JPIYSjsRnNclH+55zs1
sgzymdJceVfbSr78X5M+wCjh5RiJYGz/RmW1PNlWp0uJCwkTsQs3aoWXVpVmVPzA
Ajhd0FWaMk0f2I2OPdhd+lx5SI662L+CwoOEd21ZxOiWpAVEYELEgL1sUQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAmWeYqbmgDhPmK+cyQzAka5MlUgMB8GA1UdIwQY
MBaAFL+tCKyGLbauC7C4gK7AVe28u4L8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjYwSXJJWXR0cTRMc0xpQXJzQlY3Ynk3Z3Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9kNWRjNjEtODgyYi00NjM2LWFmZjEt
MWZiM2Y4MTc2MDhmLzEvQ1paNWlwdWFBT0UtWXI1ekpETUNScmt5VlNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9kNWRjNjEtODgyYi00NjM2LWFmZjEtMWZiM2Y4MTc2MDhm
LzEvdjYwSXJJWXR0cTRMc0xpQXJzQlY3Ynk3Z3Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQE2UpQMA0E
AgACMAcDBQMqAt2AMA0GCSqGSIb3DQEBCwUAA4IBAQCzte/lxTRs3HmeONYYtEJq
CyEQtJVMzrajDrqf3+bB5HklkA2qlWLFYZLW+GkcQtv1TSbwYy3nL+6tHjwGoACh
82o3OXnm36eU+sxAXHF8KyuAX6eBQsZg/5PmfeNNlDCr2xhtyA3rj5QGAhtxSkSZ
mPIwd4/uyo/0qDwYMV3Cul2HEKmzjktkYjEeO8rn4+q9K580rJEJQ+MTU8/grlA7
bTCvNPwFjiH9PCzp2mU7BIa5MCj+YD2OO0vDlSxSuj8BnLxSZy7vWp+rcYs6WhAK
F7sD+NyVKc50jNLdBDp697TbTOLF0mE1CneJFEpJU4pL4Yv+NBXDm2O8wBp2IgZc
-----END CERTIFICATE-----