Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/zTtBYZjfsC0VO3m1kQopjfHbzCI.roa
File:                     zTtBYZjfsC0VO3m1kQopjfHbzCI.roa (raw, json)
Hash identifier:          1RfpmUJ+OhBzj8PIsZiJ3NArFEOu01QxVGauoTNckNs=
Subject key identifier:   CD:3B:41:61:98:DF:B0:2D:15:3B:79:B5:91:0A:29:8D:F1:DB:CC:22
Certificate issuer:       /CN=5813e26d71ac5b6a601156d90ce0dccec5986243
Certificate serial:       01946108C250FD00B1B9BC340A9021CD9B89
Authority key identifier: 58:13:E2:6D:71:AC:5B:6A:60:11:56:D9:0C:E0:DC:CE:C5:98:62:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WBPibXGsW2pgEVbZDODczsWYYkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/zTtBYZjfsC0VO3m1kQopjfHbzCI.roa
Signing time:             Mon 13 Jan 2025 18:59:11 +0000
ROA not before:           Mon 13 Jan 2025 18:59:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212150
IP address blocks:        185.224.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/WBPibXGsW2pgEVbZDODczsWYYkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/WBPibXGsW2pgEVbZDODczsWYYkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WBPibXGsW2pgEVbZDODczsWYYkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:61:08:c2:50:fd:00:b1:b9:bc:34:0a:90:21:cd:9b:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5813e26d71ac5b6a601156d90ce0dccec5986243
        Validity
            Not Before: Jan 13 18:59:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd3b416198dfb02d153b79b5910a298df1dbcc22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0b:e0:30:2b:04:ab:11:f3:20:1e:8d:8a:5c:
                    f4:99:1f:ca:7a:a9:3c:f6:33:1d:2d:18:de:29:5a:
                    0b:72:da:7b:0a:62:50:7e:ca:e6:cf:ee:a0:98:15:
                    91:2d:89:0b:26:86:b2:25:e3:aa:fb:a4:a4:c4:64:
                    b4:77:2f:dd:66:77:67:22:7d:7e:59:bd:40:81:c1:
                    ce:82:9e:e8:0e:8a:c4:6e:25:82:23:a7:11:11:e1:
                    60:d2:ee:39:a1:e4:df:e8:34:00:0b:98:33:3a:c8:
                    e5:7f:f9:e0:d7:85:97:84:d2:e3:d2:62:cb:14:a1:
                    39:82:11:04:f0:eb:8c:c6:d0:dc:f5:f2:6d:e0:c5:
                    60:b0:e9:bd:27:a1:92:65:9e:9e:c6:9e:d5:1c:2c:
                    59:1e:65:d7:60:fe:2e:6d:eb:09:15:d5:c9:9e:2c:
                    b6:4b:9c:29:f1:fd:64:80:f3:7d:eb:8b:45:a7:c8:
                    de:a8:71:e3:31:9b:ff:03:28:ed:d7:a4:c3:18:33:
                    40:59:55:4d:db:60:16:d8:10:85:6c:04:02:0d:15:
                    72:a1:cc:80:8a:db:66:8d:de:bd:5a:ed:a9:ff:45:
                    56:b7:1c:d7:06:e6:6a:65:10:90:d4:73:9f:d0:17:
                    a7:9f:0e:d3:40:fe:f9:41:b6:e4:fe:58:e4:dd:80:
                    9e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:3B:41:61:98:DF:B0:2D:15:3B:79:B5:91:0A:29:8D:F1:DB:CC:22
            X509v3 Authority Key Identifier:
                keyid:58:13:E2:6D:71:AC:5B:6A:60:11:56:D9:0C:E0:DC:CE:C5:98:62:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WBPibXGsW2pgEVbZDODczsWYYkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/zTtBYZjfsC0VO3m1kQopjfHbzCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/WBPibXGsW2pgEVbZDODczsWYYkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:2d:0e:1e:5a:d6:47:2e:10:97:a9:be:1a:95:86:eb:1b:15:
         c9:17:2a:08:eb:6b:ee:62:be:39:6f:96:a9:03:79:78:fc:3d:
         df:50:7e:95:c9:e9:f8:87:9f:20:b8:8f:61:f7:88:e2:f7:b9:
         50:02:d0:bc:fd:d9:cc:88:a5:0b:73:3f:10:b8:22:87:e6:00:
         e1:0f:b8:ea:70:53:74:60:ca:8e:15:ec:cb:14:d4:29:35:88:
         a0:d5:4c:e0:7a:04:e3:92:fe:41:0e:67:8d:58:11:4b:93:24:
         a5:7b:eb:9d:2c:7b:ae:01:eb:3a:71:29:f9:8e:00:0b:25:d1:
         70:61:a7:69:ba:5c:c9:4c:2c:36:d0:92:01:d8:a6:b0:95:1c:
         5f:2f:20:2e:24:63:6f:50:56:c6:d5:6a:c3:9d:1e:71:0a:f7:
         f7:28:ed:c0:ff:56:3a:f8:5d:00:f1:a9:c1:4e:37:e1:3b:91:
         29:44:5a:ca:83:da:7b:e2:a2:c9:ca:f2:cc:08:23:33:b3:a2:
         1d:03:e5:e3:71:19:98:6b:52:7f:59:62:66:ec:12:a3:3f:8a:
         e5:9c:0c:f6:73:ec:2c:c9:66:e6:e6:b7:51:bb:84:8b:71:5a:
         9c:58:92:57:a1:1c:87:49:a5:01:cc:59:c5:d3:91:86:5b:f1:
         cf:44:af:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRhCMJQ/QCxubw0CpAhzZuJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MTNlMjZkNzFhYzViNmE2MDExNTZkOTBjZTBkY2NlYzU5
ODYyNDMwHhcNMjUwMTEzMTg1OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDNiNDE2MTk4ZGZiMDJkMTUzYjc5YjU5MTBhMjk4ZGYxZGJjYzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugvgMCsEqxHzIB6Nilz0mR/Keqk8
9jMdLRjeKVoLctp7CmJQfsrmz+6gmBWRLYkLJoayJeOq+6SkxGS0dy/dZndnIn1+
Wb1AgcHOgp7oDorEbiWCI6cREeFg0u45oeTf6DQAC5gzOsjlf/ng14WXhNLj0mLL
FKE5ghEE8OuMxtDc9fJt4MVgsOm9J6GSZZ6exp7VHCxZHmXXYP4ubesJFdXJniy2
S5wp8f1kgPN964tFp8jeqHHjMZv/Ayjt16TDGDNAWVVN22AW2BCFbAQCDRVyocyA
ittmjd69Wu2p/0VWtxzXBuZqZRCQ1HOf0Bennw7TQP75Qbbk/ljk3YCeCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM07QWGY37AtFTt5tZEKKY3x28wiMB8GA1UdIwQY
MBaAFFgT4m1xrFtqYBFW2Qzg3M7FmGJDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0JQaWJYR3NXMnBnRVZiWkRPRGN6c1dZWWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi82NGFlMzEtZDFjOC00MDA0LWE3Nzgt
MDZkZjFkYzAzMzY3LzEvelR0QllaamZzQzBWTzNtMWtRb3BqZkhiekNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi82NGFlMzEtZDFjOC00MDA0LWE3NzgtMDZkZjFkYzAzMzY3
LzEvV0JQaWJYR3NXMnBnRVZiWkRPRGN6c1dZWWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueACMA0G
CSqGSIb3DQEBCwUAA4IBAQCLLQ4eWtZHLhCXqb4alYbrGxXJFyoI62vuYr45b5ap
A3l4/D3fUH6Vyen4h58guI9h94ji97lQAtC8/dnMiKULcz8QuCKH5gDhD7jqcFN0
YMqOFezLFNQpNYig1UzgegTjkv5BDmeNWBFLkySle+udLHuuAes6cSn5jgALJdFw
YadpulzJTCw20JIB2KawlRxfLyAuJGNvUFbG1WrDnR5xCvf3KO3A/1Y6+F0A8anB
TjfhO5EpRFrKg9p74qLJyvLMCCMzs6IdA+XjcRmYa1J/WWJm7BKjP4rlnAz2c+ws
yWbm5rdRu4SLcVqcWJJXoRyHSaUBzFnF05GGW/HPRK/K
-----END CERTIFICATE-----