Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/78fde9-6df0-4ae2-9b37-a7c4b2f6e276/1/Z9dAkp6DWkibOyxuZSYF8JC0FP8.roa
File:                     Z9dAkp6DWkibOyxuZSYF8JC0FP8.roa (raw, json)
Hash identifier:          Di2cqBcEpf6hgxQLLA7v+y+JplI7ajbTFP4r/fEMeKM=
Subject key identifier:   67:D7:40:92:9E:83:5A:48:9B:3B:2C:6E:65:26:05:F0:90:B4:14:FF
Certificate issuer:       /CN=d3c6178fb034905130af0ce1cd275154f2b59b78
Certificate serial:       019425FD9FC30B6516D03328E9264409DF9D
Authority key identifier: D3:C6:17:8F:B0:34:90:51:30:AF:0C:E1:CD:27:51:54:F2:B5:9B:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08YXj7A0kFEwrwzhzSdRVPK1m3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/78fde9-6df0-4ae2-9b37-a7c4b2f6e276/1/Z9dAkp6DWkibOyxuZSYF8JC0FP8.roa
Signing time:             Thu 02 Jan 2025 07:49:26 +0000
ROA not before:           Thu 02 Jan 2025 07:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205166
IP address blocks:        185.228.28.0/22 maxlen: 22
                          185.228.29.0/24 maxlen: 24
                          185.228.30.0/24 maxlen: 24
                          185.228.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/78fde9-6df0-4ae2-9b37-a7c4b2f6e276/1/08YXj7A0kFEwrwzhzSdRVPK1m3g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/78fde9-6df0-4ae2-9b37-a7c4b2f6e276/1/08YXj7A0kFEwrwzhzSdRVPK1m3g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08YXj7A0kFEwrwzhzSdRVPK1m3g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:9f:c3:0b:65:16:d0:33:28:e9:26:44:09:df:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3c6178fb034905130af0ce1cd275154f2b59b78
        Validity
            Not Before: Jan  2 07:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67d740929e835a489b3b2c6e652605f090b414ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:88:48:b3:81:12:d0:98:93:c8:dd:0c:7b:cb:
                    b1:c6:8f:e0:39:1d:a8:7c:f9:60:05:8b:e0:60:d1:
                    a9:b1:de:7d:3a:2c:d4:e9:05:83:0e:ab:f9:59:8a:
                    30:29:3f:4f:1f:b9:eb:ac:c5:c7:a6:7c:09:02:3d:
                    4b:41:31:99:00:9d:92:9d:be:1e:49:b7:2e:a4:63:
                    96:b0:f0:82:6c:67:16:2b:bc:e4:56:e8:6e:88:85:
                    fd:23:9a:87:3a:72:bf:c0:65:8c:3d:a1:e0:33:6b:
                    43:77:e4:c7:01:4b:d4:b2:19:32:d0:9a:74:9a:b6:
                    97:07:9b:a1:99:d2:de:d9:26:38:21:63:12:c3:6c:
                    2b:fe:d4:b6:24:73:f2:cd:e4:42:57:8a:bf:3a:45:
                    5b:d0:4c:5a:59:31:39:d0:89:c2:5b:f8:0f:13:4c:
                    0e:b8:c9:74:63:fe:07:83:f9:b2:a6:e9:ae:87:8f:
                    bb:ba:e1:07:4b:ee:20:42:73:d1:7d:2a:d4:60:36:
                    c8:25:de:b3:d4:ee:af:0a:e0:51:4e:21:ef:b7:1e:
                    3b:a2:e5:6a:f5:5e:ad:6a:7b:65:27:46:e9:07:70:
                    03:cf:7f:55:19:79:39:e7:4e:a9:2e:8c:57:ce:94:
                    4e:83:f2:74:60:3d:8a:5b:ac:c3:59:0b:8d:a0:fd:
                    60:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:D7:40:92:9E:83:5A:48:9B:3B:2C:6E:65:26:05:F0:90:B4:14:FF
            X509v3 Authority Key Identifier:
                keyid:D3:C6:17:8F:B0:34:90:51:30:AF:0C:E1:CD:27:51:54:F2:B5:9B:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08YXj7A0kFEwrwzhzSdRVPK1m3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/78fde9-6df0-4ae2-9b37-a7c4b2f6e276/1/Z9dAkp6DWkibOyxuZSYF8JC0FP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/78fde9-6df0-4ae2-9b37-a7c4b2f6e276/1/08YXj7A0kFEwrwzhzSdRVPK1m3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:f3:f1:4b:ca:f7:19:f2:e4:6d:1f:39:50:07:3f:ff:08:c3:
         e1:4b:9d:78:4c:da:a7:ac:c5:2e:97:f2:48:b8:eb:72:8b:8d:
         91:b6:78:d1:9c:d3:9f:aa:c2:7d:2f:0c:4b:40:bb:08:db:28:
         40:be:dd:0b:ce:48:c8:5c:7c:0b:c2:3f:d4:6d:31:c8:03:15:
         a2:c2:af:14:4c:6a:f2:98:a1:3d:f1:f4:b3:01:f3:9b:4a:a4:
         b2:b8:f7:49:66:67:4d:6f:d2:f9:27:df:37:5a:99:b7:e7:15:
         60:a4:60:e3:c0:ee:e8:e5:b1:94:58:b8:f2:c5:86:74:2a:48:
         79:77:c7:69:73:29:09:dc:b8:f4:ef:98:01:ae:07:52:57:d6:
         55:51:9a:f8:47:59:a8:37:77:c8:80:fd:2f:06:1c:14:b8:a1:
         88:57:c7:35:6a:0b:d2:79:73:67:68:4e:b9:09:60:4c:b8:11:
         70:6e:4c:17:be:b3:84:48:2a:d7:d8:b6:02:c8:b1:ee:2a:05:
         77:bf:ef:ae:3c:0c:ae:b0:86:35:9e:64:31:3d:02:b3:80:75:
         bb:9a:7a:b8:0f:72:0f:70:d0:4a:0b:86:dd:31:1c:9b:cf:20:
         08:06:96:d9:5d:46:bf:81:07:09:28:23:55:8f:f4:c6:c9:d1:
         f6:f6:fa:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/Z/DC2UW0DMo6SZECd+dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYzYxNzhmYjAzNDkwNTEzMGFmMGNlMWNkMjc1MTU0ZjJi
NTliNzgwHhcNMjUwMTAyMDc0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2Q3NDA5MjllODM1YTQ4OWIzYjJjNmU2NTI2MDVmMDkwYjQxNGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwohIs4ES0JiTyN0Me8uxxo/gOR2o
fPlgBYvgYNGpsd59OizU6QWDDqv5WYowKT9PH7nrrMXHpnwJAj1LQTGZAJ2Snb4e
SbcupGOWsPCCbGcWK7zkVuhuiIX9I5qHOnK/wGWMPaHgM2tDd+THAUvUshky0Jp0
mraXB5uhmdLe2SY4IWMSw2wr/tS2JHPyzeRCV4q/OkVb0ExaWTE50InCW/gPE0wO
uMl0Y/4Hg/mypumuh4+7uuEHS+4gQnPRfSrUYDbIJd6z1O6vCuBRTiHvtx47ouVq
9V6tantlJ0bpB3ADz39VGXk5506pLoxXzpROg/J0YD2KW6zDWQuNoP1gywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfXQJKeg1pImzssbmUmBfCQtBT/MB8GA1UdIwQY
MBaAFNPGF4+wNJBRMK8M4c0nUVTytZt4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDhZWGo3QTBrRkV3cnd6aHpTZFJWUEsxbTNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83OGZkZTktNmRmMC00YWUyLTliMzct
YTdjNGIyZjZlMjc2LzEvWjlkQWtwNkRXa2liT3l4dVpTWUY4SkMwRlA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83OGZkZTktNmRmMC00YWUyLTliMzctYTdjNGIyZjZlMjc2
LzEvMDhZWGo3QTBrRkV3cnd6aHpTZFJWUEsxbTNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueQcMA0G
CSqGSIb3DQEBCwUAA4IBAQCH8/FLyvcZ8uRtHzlQBz//CMPhS514TNqnrMUul/JI
uOtyi42RtnjRnNOfqsJ9LwxLQLsI2yhAvt0LzkjIXHwLwj/UbTHIAxWiwq8UTGry
mKE98fSzAfObSqSyuPdJZmdNb9L5J983Wpm35xVgpGDjwO7o5bGUWLjyxYZ0Kkh5
d8dpcykJ3Lj075gBrgdSV9ZVUZr4R1moN3fIgP0vBhwUuKGIV8c1agvSeXNnaE65
CWBMuBFwbkwXvrOESCrX2LYCyLHuKgV3v++uPAyusIY1nmQxPQKzgHW7mnq4D3IP
cNBKC4bdMRybzyAIBpbZXUa/gQcJKCNVj/TGydH29vrW
-----END CERTIFICATE-----