Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/ZKuWDSYfwdQ8YvY1ipYy_cUNBC0.roa
File:                     ZKuWDSYfwdQ8YvY1ipYy_cUNBC0.roa (raw, json)
Hash identifier:          Lb5v9vqBNrc0vpKXBtBQdLp8ILzYYi+Kqmx+CxBbTyc=
Subject key identifier:   64:AB:96:0D:26:1F:C1:D4:3C:62:F6:35:8A:96:32:FD:C5:0D:04:2D
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019422FBBB8D70F03CA36F3702CF9CDFE03F
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/ZKuWDSYfwdQ8YvY1ipYy_cUNBC0.roa
Signing time:             Wed 01 Jan 2025 17:48:30 +0000
ROA not before:           Wed 01 Jan 2025 17:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203648
IP address blocks:        185.200.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:bb:8d:70:f0:3c:a3:6f:37:02:cf:9c:df:e0:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  1 17:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64ab960d261fc1d43c62f6358a9632fdc50d042d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:79:e1:6c:68:c2:5a:c0:0a:16:d0:42:71:2a:
                    26:1c:53:72:df:1e:94:a1:80:f5:64:f4:9b:b3:d4:
                    6e:3c:a3:2c:8b:4f:a6:08:75:7b:3a:bb:2e:1a:2f:
                    63:3f:84:61:9b:db:ff:e5:38:f4:6d:27:91:0a:32:
                    ee:43:b7:37:86:fd:c6:88:76:cf:29:b0:e8:eb:4a:
                    55:15:ef:64:03:c1:5d:7c:1d:4b:cf:4e:0c:ba:79:
                    50:9e:1f:fa:55:ac:6a:0e:ec:30:f6:67:7f:6d:28:
                    99:20:e5:38:ba:2b:4e:d3:48:00:93:a5:0f:d7:6c:
                    57:fc:9b:36:c6:ad:23:fb:fc:8f:18:fd:82:ac:9f:
                    66:f3:8c:b1:ed:23:22:06:56:94:4b:17:0a:90:20:
                    38:e2:12:75:41:9d:82:93:66:ce:4d:e5:65:cb:43:
                    58:2c:1e:c2:13:02:a6:2e:f4:94:d9:c6:51:9b:d3:
                    e3:06:96:bc:5b:94:bc:2f:6a:e4:d3:f1:75:91:a9:
                    44:c8:3f:eb:f7:4d:4a:b4:3a:7e:e5:c4:12:f5:9f:
                    eb:aa:d1:ac:65:77:e4:0e:85:0b:38:46:14:a4:7a:
                    98:18:28:66:6c:b1:03:c5:58:97:27:c5:35:72:c6:
                    06:3d:5a:35:d1:81:0b:02:cd:5c:07:01:a8:75:9e:
                    29:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:AB:96:0D:26:1F:C1:D4:3C:62:F6:35:8A:96:32:FD:C5:0D:04:2D
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/ZKuWDSYfwdQ8YvY1ipYy_cUNBC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:83:d8:ac:28:5f:ba:32:a2:78:0f:c0:dc:1e:87:c0:50:c8:
         62:a7:c2:70:25:55:fd:f1:f0:bf:e9:d4:4f:7e:b7:b7:c9:d0:
         4c:4d:ee:03:07:9f:82:d2:7f:d8:b1:56:3e:e1:b4:b8:ed:2c:
         66:14:59:ad:f7:be:b1:63:a6:26:1e:e9:22:42:53:8f:2c:0c:
         4c:5b:95:81:68:2d:c0:50:95:02:33:9c:b2:5f:53:a9:55:28:
         08:ba:eb:b4:a9:2d:85:a8:ab:49:da:9a:5f:5c:38:8b:e8:6f:
         1f:25:e1:ef:f8:1a:37:47:47:98:9e:45:06:5a:83:1f:39:d2:
         86:52:1b:57:85:67:11:f4:71:51:d8:20:02:26:d0:81:5f:c6:
         ad:52:d0:0e:54:31:c7:fb:9b:46:3d:ca:4f:83:ca:02:aa:94:
         73:03:cb:28:03:9a:a6:06:51:6a:4d:ac:16:bd:54:fb:61:54:
         3b:ca:dc:b7:25:23:b7:8b:77:24:0a:d9:2a:3c:24:f9:15:be:
         01:f0:58:e7:39:17:b5:9e:23:9d:b6:8b:30:3b:eb:7b:5d:ae:
         07:65:64:51:c0:99:8c:8e:db:46:11:9a:46:50:71:89:6c:76:
         c8:df:c6:63:38:c3:40:a3:e9:f1:a5:89:74:fd:f5:74:0a:42:
         8d:56:05:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+7uNcPA8o283As+c3+A/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTAxMTc0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGFiOTYwZDI2MWZjMWQ0M2M2MmY2MzU4YTk2MzJmZGM1MGQwNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXnhbGjCWsAKFtBCcSomHFNy3x6U
oYD1ZPSbs9RuPKMsi0+mCHV7OrsuGi9jP4Rhm9v/5Tj0bSeRCjLuQ7c3hv3GiHbP
KbDo60pVFe9kA8FdfB1Lz04MunlQnh/6VaxqDuww9md/bSiZIOU4uitO00gAk6UP
12xX/Js2xq0j+/yPGP2CrJ9m84yx7SMiBlaUSxcKkCA44hJ1QZ2Ck2bOTeVly0NY
LB7CEwKmLvSU2cZRm9PjBpa8W5S8L2rk0/F1kalEyD/r901KtDp+5cQS9Z/rqtGs
ZXfkDoULOEYUpHqYGChmbLEDxViXJ8U1csYGPVo10YELAs1cBwGodZ4pTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGSrlg0mH8HUPGL2NYqWMv3FDQQtMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvWkt1V0RTWWZ3ZFE4WXZZMWlwWXlfY1VOQkMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucg/MA0G
CSqGSIb3DQEBCwUAA4IBAQB5g9isKF+6MqJ4D8DcHofAUMhip8JwJVX98fC/6dRP
fre3ydBMTe4DB5+C0n/YsVY+4bS47SxmFFmt976xY6YmHukiQlOPLAxMW5WBaC3A
UJUCM5yyX1OpVSgIuuu0qS2FqKtJ2ppfXDiL6G8fJeHv+Bo3R0eYnkUGWoMfOdKG
UhtXhWcR9HFR2CACJtCBX8atUtAOVDHH+5tGPcpPg8oCqpRzA8soA5qmBlFqTawW
vVT7YVQ7yty3JSO3i3ckCtkqPCT5Fb4B8FjnORe1niOdtoswO+t7Xa4HZWRRwJmM
jttGEZpGUHGJbHbI38ZjOMNAo+nxpYl0/fV0CkKNVgUg
-----END CERTIFICATE-----