Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/95aa24-e84f-4245-9227-dec68083f8f6/1/zyla5TQUsQzSUxLneRGH2oWP4QY.roa
File:                     zyla5TQUsQzSUxLneRGH2oWP4QY.roa (raw, json)
Hash identifier:          Nh/0bB0eQrdPHOZC7+V6EmhOBm+BxF8VlJbCNYPi958=
Subject key identifier:   CF:29:5A:E5:34:14:B1:0C:D2:53:12:E7:79:11:87:DA:85:8F:E1:06
Certificate issuer:       /CN=a817c7453f377e9cb6fae5c893c067a3e1d35145
Certificate serial:       01941F8C5F752A2BFC953E4D6CF2D5796725
Authority key identifier: A8:17:C7:45:3F:37:7E:9C:B6:FA:E5:C8:93:C0:67:A3:E1:D3:51:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qBfHRT83fpy2-uXIk8Bno-HTUUU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/95aa24-e84f-4245-9227-dec68083f8f6/1/zyla5TQUsQzSUxLneRGH2oWP4QY.roa
Signing time:             Wed 01 Jan 2025 01:48:00 +0000
ROA not before:           Wed 01 Jan 2025 01:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15589
IP address blocks:        185.210.172.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/95aa24-e84f-4245-9227-dec68083f8f6/1/qBfHRT83fpy2-uXIk8Bno-HTUUU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/95aa24-e84f-4245-9227-dec68083f8f6/1/qBfHRT83fpy2-uXIk8Bno-HTUUU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qBfHRT83fpy2-uXIk8Bno-HTUUU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:5f:75:2a:2b:fc:95:3e:4d:6c:f2:d5:79:67:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a817c7453f377e9cb6fae5c893c067a3e1d35145
        Validity
            Not Before: Jan  1 01:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf295ae53414b10cd25312e7791187da858fe106
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:44:05:a4:56:77:03:68:b0:4d:9f:fb:cd:6d:
                    db:17:c0:ae:4c:da:9d:55:5c:6c:73:a7:f4:fb:43:
                    9e:1b:a8:27:10:9f:8a:c5:8d:86:a9:6c:ad:82:2c:
                    75:d7:c7:18:00:b1:2d:0c:df:ff:ee:a4:83:58:0c:
                    c9:74:23:59:55:68:60:89:ba:8a:16:c1:98:27:66:
                    b8:69:0d:2d:b0:a5:37:27:44:b1:ed:d6:41:69:54:
                    b2:d0:58:e2:61:e8:6e:32:76:7c:2a:88:7d:38:1f:
                    07:f6:08:56:df:96:26:4a:1b:0e:e0:87:b3:33:9d:
                    17:d8:84:d8:c0:63:fe:ae:57:cf:4f:02:87:5c:4d:
                    18:62:84:ec:59:98:90:e8:c3:5d:cb:5e:b9:b2:86:
                    bf:5d:b9:f2:b0:83:43:9e:c5:6e:28:2a:8c:29:06:
                    81:fc:0c:50:77:ee:cf:6e:08:03:ca:7a:d6:74:45:
                    51:dd:7e:f8:14:d7:0a:68:88:f7:36:15:7a:17:7d:
                    bd:69:ed:a0:9f:5f:c0:c1:f7:aa:1f:51:59:36:4f:
                    57:64:1b:6b:c7:f9:69:06:4a:af:4f:e8:8c:00:74:
                    b6:22:91:62:37:37:26:71:ab:2c:74:ed:1a:a2:be:
                    08:e9:ee:fa:da:96:f0:b9:bf:b3:19:de:88:8d:7d:
                    15:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:29:5A:E5:34:14:B1:0C:D2:53:12:E7:79:11:87:DA:85:8F:E1:06
            X509v3 Authority Key Identifier:
                keyid:A8:17:C7:45:3F:37:7E:9C:B6:FA:E5:C8:93:C0:67:A3:E1:D3:51:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBfHRT83fpy2-uXIk8Bno-HTUUU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/95aa24-e84f-4245-9227-dec68083f8f6/1/zyla5TQUsQzSUxLneRGH2oWP4QY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/95aa24-e84f-4245-9227-dec68083f8f6/1/qBfHRT83fpy2-uXIk8Bno-HTUUU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:90:bc:9d:be:fc:62:83:52:91:e9:1a:a6:67:1e:a3:5e:ce:
         ef:2a:a9:94:7e:f7:7b:f2:44:c8:28:d3:1a:34:3b:bc:29:cc:
         48:a8:68:a3:e5:f1:41:f9:f9:f6:95:f9:25:58:7c:a0:59:07:
         a5:c6:92:ef:3e:54:0a:d8:1f:f6:75:5f:70:e2:29:35:75:07:
         7e:4b:93:40:59:9a:bd:3b:65:b0:a3:62:77:0e:90:c2:05:bb:
         ac:3e:5a:c4:12:bf:56:0a:b3:df:d8:b2:49:1f:b0:82:3a:18:
         fd:4f:de:b3:70:68:ee:75:c5:70:95:c6:35:80:0b:65:ad:f8:
         c0:2c:c8:5b:84:0f:50:5b:87:6c:83:d8:8e:12:2f:24:62:eb:
         30:96:83:3e:e4:a2:98:d2:81:d9:98:af:fa:8f:3a:a1:98:bb:
         da:48:22:1e:84:ed:e7:19:5c:fb:8a:30:39:11:3d:f7:f3:5b:
         2f:c5:8c:05:d4:85:71:3e:bf:f1:14:31:b3:7f:04:20:cf:c1:
         30:13:a3:ac:b9:98:9b:b2:cb:9b:2f:ab:0b:aa:cd:17:69:c5:
         42:9e:8a:86:7a:6f:c8:27:5b:91:00:81:c4:6f:85:4a:4f:b0:
         90:14:cf:8e:8d:1d:06:75:00:0a:2b:b3:71:9c:74:9d:d2:0d:
         21:39:e0:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjF91Kiv8lT5NbPLVeWclMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MTdjNzQ1M2YzNzdlOWNiNmZhZTVjODkzYzA2N2EzZTFk
MzUxNDUwHhcNMjUwMTAxMDE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjI5NWFlNTM0MTRiMTBjZDI1MzEyZTc3OTExODdkYTg1OGZlMTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEQFpFZ3A2iwTZ/7zW3bF8CuTNqd
VVxsc6f0+0OeG6gnEJ+KxY2GqWytgix118cYALEtDN//7qSDWAzJdCNZVWhgibqK
FsGYJ2a4aQ0tsKU3J0Sx7dZBaVSy0FjiYehuMnZ8Koh9OB8H9ghW35YmShsO4Iez
M50X2ITYwGP+rlfPTwKHXE0YYoTsWZiQ6MNdy165soa/XbnysINDnsVuKCqMKQaB
/AxQd+7PbggDynrWdEVR3X74FNcKaIj3NhV6F329ae2gn1/AwfeqH1FZNk9XZBtr
x/lpBkqvT+iMAHS2IpFiNzcmcassdO0aor4I6e762pbwub+zGd6IjX0V+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8pWuU0FLEM0lMS53kRh9qFj+EGMB8GA1UdIwQY
MBaAFKgXx0U/N36ctvrlyJPAZ6Ph01FFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUJmSFJUODNmcHkyLXVYSWs4Qm5vLUhUVVVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS85NWFhMjQtZTg0Zi00MjQ1LTkyMjct
ZGVjNjgwODNmOGY2LzEvenlsYTVUUVVzUXpTVXhMbmVSR0gyb1dQNFFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS85NWFhMjQtZTg0Zi00MjQ1LTkyMjctZGVjNjgwODNmOGY2
LzEvcUJmSFJUODNmcHkyLXVYSWs4Qm5vLUhUVVVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudKsMA0G
CSqGSIb3DQEBCwUAA4IBAQCCkLydvvxig1KR6RqmZx6jXs7vKqmUfvd78kTIKNMa
NDu8KcxIqGij5fFB+fn2lfklWHygWQelxpLvPlQK2B/2dV9w4ik1dQd+S5NAWZq9
O2Wwo2J3DpDCBbusPlrEEr9WCrPf2LJJH7CCOhj9T96zcGjudcVwlcY1gAtlrfjA
LMhbhA9QW4dsg9iOEi8kYuswloM+5KKY0oHZmK/6jzqhmLvaSCIehO3nGVz7ijA5
ET3381svxYwF1IVxPr/xFDGzfwQgz8EwE6OsuZibssubL6sLqs0XacVCnoqGem/I
J1uRAIHEb4VKT7CQFM+OjR0GdQAKK7NxnHSd0g0hOeAf
-----END CERTIFICATE-----