Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/9ad9dc-b84c-4a59-bb1c-0cc3b4caf683/1/zUJ5qWVbr4pmer3m739HNMffZjg.roa
File:                     zUJ5qWVbr4pmer3m739HNMffZjg.roa (raw, json)
Hash identifier:          NJqHyM9HbL1+6lpUhrutNRFZX2Z30cCNuSy/2q+fWs4=
Subject key identifier:   CD:42:79:A9:65:5B:AF:8A:66:7A:BD:E6:EF:7F:47:34:C7:DF:66:38
Certificate issuer:       /CN=e9c87469978095d8aff63272804bb2f35d149103
Certificate serial:       019425FD59092ABBE2DFC87B0E2606FD67A7
Authority key identifier: E9:C8:74:69:97:80:95:D8:AF:F6:32:72:80:4B:B2:F3:5D:14:91:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6ch0aZeAldiv9jJygEuy810UkQM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/9ad9dc-b84c-4a59-bb1c-0cc3b4caf683/1/zUJ5qWVbr4pmer3m739HNMffZjg.roa
Signing time:             Thu 02 Jan 2025 07:49:07 +0000
ROA not before:           Thu 02 Jan 2025 07:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204394
IP address blocks:        185.250.100.0/22 maxlen: 22
                          2a0e:e580::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/9ad9dc-b84c-4a59-bb1c-0cc3b4caf683/1/6ch0aZeAldiv9jJygEuy810UkQM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/9ad9dc-b84c-4a59-bb1c-0cc3b4caf683/1/6ch0aZeAldiv9jJygEuy810UkQM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6ch0aZeAldiv9jJygEuy810UkQM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 17:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:59:09:2a:bb:e2:df:c8:7b:0e:26:06:fd:67:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9c87469978095d8aff63272804bb2f35d149103
        Validity
            Not Before: Jan  2 07:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd4279a9655baf8a667abde6ef7f4734c7df6638
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a6:fa:7c:73:5d:1e:3c:20:6c:7b:24:cd:9d:
                    29:e6:d1:08:f1:ac:45:8d:a8:6f:e9:7a:cb:34:23:
                    e3:53:12:7a:26:0a:fd:ab:5e:db:91:a3:26:d4:fb:
                    78:68:3c:35:6a:ca:be:b0:22:2d:d0:ab:ea:89:d1:
                    07:fb:26:f5:35:c0:1e:94:bc:60:94:21:81:8d:26:
                    07:e1:e6:19:7b:5f:12:b7:6d:43:06:72:96:a2:53:
                    14:a8:a7:e8:c8:11:4d:ea:e4:33:15:6c:c9:80:55:
                    4f:50:6d:bc:65:1f:ce:f3:fc:b6:e3:3d:be:72:a8:
                    65:cd:04:be:ab:12:39:3b:96:af:3d:aa:b5:89:e7:
                    dd:ee:fd:59:3d:5c:2a:da:93:c7:27:d2:c3:f9:d9:
                    b0:ed:9d:4f:62:e9:cd:9e:91:b2:d2:e2:81:d0:65:
                    92:11:13:97:ca:7c:66:7b:4c:bf:a8:8c:66:e2:98:
                    d2:80:5f:8d:f5:62:4d:8b:98:18:ad:15:8e:73:f6:
                    2c:01:8a:6f:7a:1c:08:f6:a4:36:5b:bc:29:ca:7a:
                    2d:eb:06:56:26:73:11:5b:99:f9:9d:5f:5a:2c:69:
                    2b:f3:4d:49:a6:19:4a:74:b3:1c:fe:37:f8:74:06:
                    03:48:44:22:78:4f:ae:3d:0e:db:34:cf:40:c0:38:
                    57:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:42:79:A9:65:5B:AF:8A:66:7A:BD:E6:EF:7F:47:34:C7:DF:66:38
            X509v3 Authority Key Identifier:
                keyid:E9:C8:74:69:97:80:95:D8:AF:F6:32:72:80:4B:B2:F3:5D:14:91:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6ch0aZeAldiv9jJygEuy810UkQM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/9ad9dc-b84c-4a59-bb1c-0cc3b4caf683/1/zUJ5qWVbr4pmer3m739HNMffZjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/9ad9dc-b84c-4a59-bb1c-0cc3b4caf683/1/6ch0aZeAldiv9jJygEuy810UkQM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.100.0/22
                IPv6:
                  2a0e:e580::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:31:e1:e2:ad:51:fd:71:ac:64:65:88:7d:a0:78:d4:ac:17:
         df:49:41:dc:a8:85:ae:44:b1:55:39:b6:07:2f:82:d1:5a:44:
         79:2f:69:85:e7:a6:5c:1a:44:7e:9b:15:28:1a:9c:01:d5:3c:
         f9:25:6e:0e:19:2b:a8:ea:bb:2c:98:6f:de:30:7e:5a:5d:2e:
         4e:e6:4a:4a:c9:a7:96:ab:89:4a:17:3c:da:72:5a:48:7d:5a:
         27:a6:e1:aa:16:f1:54:85:5a:e3:96:5d:1a:f1:0a:9d:bc:c1:
         af:ac:8b:29:75:f3:6d:fc:73:ee:c2:90:e9:4e:5f:c7:de:89:
         fa:ff:08:3a:d9:99:b3:16:f7:56:66:ba:a7:c2:db:53:5c:aa:
         ce:3e:ee:38:d5:64:8e:87:02:23:9b:ee:de:15:ba:fd:2b:41:
         71:21:ee:e1:d4:74:71:77:ce:ef:18:d3:cf:d5:e0:b2:19:d8:
         4c:fa:ad:b7:8e:f6:c5:16:f7:50:ee:d9:c0:0b:b1:fd:21:ea:
         83:92:81:db:8d:a9:d3:e1:e3:79:70:9f:24:ab:b3:89:76:b7:
         9b:c1:c9:fb:76:eb:bb:50:1d:a4:f5:f1:24:b9:d6:2b:87:8b:
         07:02:9d:c4:9a:3f:80:63:ad:06:58:50:a3:a6:e5:21:79:03:
         03:d8:77:a6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/VkJKrvi38h7DiYG/WenMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5Yzg3NDY5OTc4MDk1ZDhhZmY2MzI3MjgwNGJiMmYzNWQx
NDkxMDMwHhcNMjUwMTAyMDc0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDQyNzlhOTY1NWJhZjhhNjY3YWJkZTZlZjdmNDczNGM3ZGY2NjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqb6fHNdHjwgbHskzZ0p5tEI8axF
jahv6XrLNCPjUxJ6Jgr9q17bkaMm1Pt4aDw1asq+sCIt0KvqidEH+yb1NcAelLxg
lCGBjSYH4eYZe18St21DBnKWolMUqKfoyBFN6uQzFWzJgFVPUG28ZR/O8/y24z2+
cqhlzQS+qxI5O5avPaq1iefd7v1ZPVwq2pPHJ9LD+dmw7Z1PYunNnpGy0uKB0GWS
EROXynxme0y/qIxm4pjSgF+N9WJNi5gYrRWOc/YsAYpvehwI9qQ2W7wpynot6wZW
JnMRW5n5nV9aLGkr801JphlKdLMc/jf4dAYDSEQieE+uPQ7bNM9AwDhXgwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM1CeallW6+KZnq95u9/RzTH32Y4MB8GA1UdIwQY
MBaAFOnIdGmXgJXYr/YycoBLsvNdFJEDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmNoMGFaZUFsZGl2OWpKeWdFdXk4MTBVa1FNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC85YWQ5ZGMtYjg0Yy00YTU5LWJiMWMt
MGNjM2I0Y2FmNjgzLzEvelVKNXFXVmJyNHBtZXIzbTczOUhOTWZmWmpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC85YWQ5ZGMtYjg0Yy00YTU5LWJiMWMtMGNjM2I0Y2FmNjgz
LzEvNmNoMGFaZUFsZGl2OWpKeWdFdXk4MTBVa1FNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufpkMA0E
AgACMAcDBQMqDuWAMA0GCSqGSIb3DQEBCwUAA4IBAQB9MeHirVH9caxkZYh9oHjU
rBffSUHcqIWuRLFVObYHL4LRWkR5L2mF56ZcGkR+mxUoGpwB1Tz5JW4OGSuo6rss
mG/eMH5aXS5O5kpKyaeWq4lKFzzaclpIfVonpuGqFvFUhVrjll0a8QqdvMGvrIsp
dfNt/HPuwpDpTl/H3on6/wg62ZmzFvdWZrqnwttTXKrOPu441WSOhwIjm+7eFbr9
K0FxIe7h1HRxd87vGNPP1eCyGdhM+q23jvbFFvdQ7tnAC7H9IeqDkoHbjanT4eN5
cJ8kq7OJdrebwcn7duu7UB2k9fEkudYrh4sHAp3Emj+AY60GWFCjpuUheQMD2Hem
-----END CERTIFICATE-----