Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/61fe00-73b3-45a5-8eff-6696dadb45eb/1/ZfJgayjX3ZyY4keMrrK5ie3SiNQ.roa
File:                     ZfJgayjX3ZyY4keMrrK5ie3SiNQ.roa (raw, json)
Hash identifier:          I356ijiy3DFzBI7A3YL8pZIG42TC++pOhoxAzv45n5Q=
Subject key identifier:   65:F2:60:6B:28:D7:DD:9C:98:E2:47:8C:AE:B2:B9:89:ED:D2:88:D4
Certificate issuer:       /CN=c7736edeb92f937ea45893ea9bcf4ef83f15ffc8
Certificate serial:       019422FB91754F53983FA0DB14C50D422855
Authority key identifier: C7:73:6E:DE:B9:2F:93:7E:A4:58:93:EA:9B:CF:4E:F8:3F:15:FF:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3Nu3rkvk36kWJPqm89O-D8V_8g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/61fe00-73b3-45a5-8eff-6696dadb45eb/1/ZfJgayjX3ZyY4keMrrK5ie3SiNQ.roa
Signing time:             Wed 01 Jan 2025 17:48:19 +0000
ROA not before:           Wed 01 Jan 2025 17:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33796
IP address blocks:        194.8.242.0/23 maxlen: 23
                          194.28.24.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/61fe00-73b3-45a5-8eff-6696dadb45eb/1/x3Nu3rkvk36kWJPqm89O-D8V_8g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/61fe00-73b3-45a5-8eff-6696dadb45eb/1/x3Nu3rkvk36kWJPqm89O-D8V_8g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3Nu3rkvk36kWJPqm89O-D8V_8g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Mar 2025 14:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:91:75:4f:53:98:3f:a0:db:14:c5:0d:42:28:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7736edeb92f937ea45893ea9bcf4ef83f15ffc8
        Validity
            Not Before: Jan  1 17:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65f2606b28d7dd9c98e2478caeb2b989edd288d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:bc:34:a9:63:80:2f:e3:fc:7b:b8:a4:c1:4f:
                    9d:96:23:84:10:db:bc:1c:6d:ba:b4:87:9e:f0:ac:
                    2a:b5:45:41:02:4f:90:ea:c8:61:a5:e1:1e:c2:ac:
                    3c:eb:3a:17:3f:5f:c5:57:33:44:80:d3:b3:32:50:
                    d3:bf:54:12:40:59:4a:fa:20:7b:7c:27:3f:ba:50:
                    62:22:76:fa:25:ef:d5:93:21:4e:92:fc:c0:b2:13:
                    59:2f:2d:1e:0c:ea:98:ea:4f:bb:5d:22:a7:85:4c:
                    10:83:55:6c:6e:2d:b6:0e:49:b9:43:2b:9b:75:07:
                    9f:82:25:40:a4:f3:cd:b0:7e:64:3e:7b:5b:f2:25:
                    7e:f5:83:af:db:5e:b3:ce:27:59:21:d2:5a:e2:40:
                    0d:73:31:aa:a4:a4:f9:f2:65:bb:f7:98:1f:13:43:
                    0f:15:e8:c6:b3:55:37:25:b5:89:f9:06:7c:b1:7b:
                    83:0b:47:3e:5c:c4:00:b1:f8:02:c2:a3:8a:ea:28:
                    73:7e:44:6e:1c:8a:c0:ef:91:34:9c:77:ff:e0:6f:
                    47:d8:b0:46:d6:97:5f:c7:6e:51:c9:f7:56:9e:39:
                    d8:c8:f2:ed:fc:35:04:7b:75:21:32:63:3a:ef:b8:
                    97:8d:ce:d7:3d:4b:69:0b:c9:76:7e:0c:d4:23:ad:
                    47:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:F2:60:6B:28:D7:DD:9C:98:E2:47:8C:AE:B2:B9:89:ED:D2:88:D4
            X509v3 Authority Key Identifier:
                keyid:C7:73:6E:DE:B9:2F:93:7E:A4:58:93:EA:9B:CF:4E:F8:3F:15:FF:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3Nu3rkvk36kWJPqm89O-D8V_8g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/61fe00-73b3-45a5-8eff-6696dadb45eb/1/ZfJgayjX3ZyY4keMrrK5ie3SiNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/61fe00-73b3-45a5-8eff-6696dadb45eb/1/x3Nu3rkvk36kWJPqm89O-D8V_8g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.8.242.0/23
                  194.28.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:4e:21:60:ed:35:81:3f:72:c2:ec:7d:ec:27:00:9a:93:34:
         9b:e7:e5:57:51:1b:60:aa:cd:ea:28:1d:55:d8:d4:6e:f5:62:
         83:7d:d7:70:99:b8:1e:06:39:4a:21:b9:47:e9:e0:35:d1:aa:
         2d:0c:6f:49:9d:63:9c:a1:62:72:07:2c:a4:d8:8f:56:76:ee:
         27:ae:42:0e:6a:7b:f8:24:ec:84:37:0f:85:94:61:99:80:b0:
         55:c6:b5:ed:e3:55:74:b0:cf:2f:79:39:b4:18:b8:c9:6e:5f:
         d0:87:cb:75:1d:a2:f9:7b:35:d1:22:ee:d0:22:87:3f:32:bb:
         4d:01:ff:5a:4b:64:85:f5:f6:4d:c6:26:94:49:42:29:3d:5c:
         31:1f:81:37:a3:61:65:ab:02:96:12:17:7a:a1:cc:b0:0e:d7:
         7d:c1:03:e3:4b:4f:8a:50:e8:25:20:81:00:53:4f:e3:d5:18:
         0c:85:42:12:d4:9a:74:89:2b:c0:dd:22:f1:a4:7b:b1:04:33:
         c1:5d:68:72:c4:1c:07:a5:db:4f:7b:21:d4:8d:26:e7:b1:e2:
         3d:36:1b:2e:be:57:92:7b:66:d3:0e:8b:9b:dc:64:f9:fc:14:
         4b:83:93:80:ee:d5:26:b2:23:0c:70:6d:2d:ef:9f:c8:78:d2:
         54:e2:d1:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+5F1T1OYP6DbFMUNQihVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NzM2ZWRlYjkyZjkzN2VhNDU4OTNlYTliY2Y0ZWY4M2Yx
NWZmYzgwHhcNMjUwMTAxMTc0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWYyNjA2YjI4ZDdkZDljOThlMjQ3OGNhZWIyYjk4OWVkZDI4OGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7w0qWOAL+P8e7ikwU+dliOEENu8
HG26tIee8KwqtUVBAk+Q6shhpeEewqw86zoXP1/FVzNEgNOzMlDTv1QSQFlK+iB7
fCc/ulBiInb6Je/VkyFOkvzAshNZLy0eDOqY6k+7XSKnhUwQg1Vsbi22Dkm5Qyub
dQefgiVApPPNsH5kPntb8iV+9YOv216zzidZIdJa4kANczGqpKT58mW795gfE0MP
FejGs1U3JbWJ+QZ8sXuDC0c+XMQAsfgCwqOK6ihzfkRuHIrA75E0nHf/4G9H2LBG
1pdfx25RyfdWnjnYyPLt/DUEe3UhMmM677iXjc7XPUtpC8l2fgzUI61HSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGXyYGso192cmOJHjK6yuYnt0ojUMB8GA1UdIwQY
MBaAFMdzbt65L5N+pFiT6pvPTvg/Ff/IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDNOdTNya3ZrMzZrV0pQcW04OU8tRDhWXzhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82MWZlMDAtNzNiMy00NWE1LThlZmYt
NjY5NmRhZGI0NWViLzEvWmZKZ2F5algzWnlZNGtlTXJySzVpZTNTaU5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS82MWZlMDAtNzNiMy00NWE1LThlZmYtNjY5NmRhZGI0NWVi
LzEveDNOdTNya3ZrMzZrV0pQcW04OU8tRDhWXzhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwgjyAwQC
whwYMA0GCSqGSIb3DQEBCwUAA4IBAQBuTiFg7TWBP3LC7H3sJwCakzSb5+VXURtg
qs3qKB1V2NRu9WKDfddwmbgeBjlKIblH6eA10aotDG9JnWOcoWJyByyk2I9Wdu4n
rkIOanv4JOyENw+FlGGZgLBVxrXt41V0sM8veTm0GLjJbl/Qh8t1HaL5ezXRIu7Q
Ioc/MrtNAf9aS2SF9fZNxiaUSUIpPVwxH4E3o2FlqwKWEhd6ocywDtd9wQPjS0+K
UOglIIEAU0/j1RgMhUIS1Jp0iSvA3SLxpHuxBDPBXWhyxBwHpdtPeyHUjSbnseI9
NhsuvleSe2bTDoub3GT5/BRLg5OA7tUmsiMMcG0t75/IeNJU4tED
-----END CERTIFICATE-----