Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/5d0fbb-ad7d-4a9a-b174-11b29052528d/1/ZroDUdT1fuQ3WJuqAnfF9aNVGrI.roa
File:                     ZroDUdT1fuQ3WJuqAnfF9aNVGrI.roa (raw, json)
Hash identifier:          Mh4/Y9uJkP+Ip56RhAVyLWpJhLDGtNZ4uot6+n77F9U=
Subject key identifier:   66:BA:03:51:D4:F5:7E:E4:37:58:9B:AA:02:77:C5:F5:A3:55:1A:B2
Certificate issuer:       /CN=798bcb5432a45f25b04103967ab403c29d0d430a
Certificate serial:       019420682B47874C35EDB409B040434D55CA
Authority key identifier: 79:8B:CB:54:32:A4:5F:25:B0:41:03:96:7A:B4:03:C2:9D:0D:43:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eYvLVDKkXyWwQQOWerQDwp0NQwo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/5d0fbb-ad7d-4a9a-b174-11b29052528d/1/ZroDUdT1fuQ3WJuqAnfF9aNVGrI.roa
Signing time:             Wed 01 Jan 2025 05:48:05 +0000
ROA not before:           Wed 01 Jan 2025 05:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62405
IP address blocks:        185.36.160.0/22 maxlen: 22
                          2a00:de20::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/5d0fbb-ad7d-4a9a-b174-11b29052528d/1/eYvLVDKkXyWwQQOWerQDwp0NQwo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/5d0fbb-ad7d-4a9a-b174-11b29052528d/1/eYvLVDKkXyWwQQOWerQDwp0NQwo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eYvLVDKkXyWwQQOWerQDwp0NQwo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:2b:47:87:4c:35:ed:b4:09:b0:40:43:4d:55:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798bcb5432a45f25b04103967ab403c29d0d430a
        Validity
            Not Before: Jan  1 05:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66ba0351d4f57ee437589baa0277c5f5a3551ab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8d:67:a7:2e:37:a4:9b:58:07:46:6c:b2:27:
                    06:c2:a7:55:47:82:48:67:2b:8d:fd:f8:14:d5:53:
                    9a:eb:79:4e:03:ff:9e:06:78:41:6a:0a:19:74:53:
                    b6:87:12:cd:90:62:d2:6e:36:a2:ca:d0:10:bd:f1:
                    a2:d0:6f:9b:8e:90:0c:09:10:74:50:16:95:84:3c:
                    fa:bf:ae:55:06:69:80:26:dc:26:cd:02:7e:e1:c9:
                    29:38:6e:e8:2d:84:85:33:7c:69:c9:a4:84:41:35:
                    49:3d:c6:5b:ca:c1:76:3b:76:67:26:66:07:ea:1b:
                    c5:cb:fe:08:a1:19:78:63:5a:c5:32:51:74:b2:f5:
                    b3:cf:1c:88:70:68:69:44:1a:99:5a:0a:2b:e0:4b:
                    41:08:7a:87:99:bd:84:1f:ef:79:7a:4a:56:4a:3b:
                    9a:a0:12:e6:29:65:b6:09:63:98:48:1f:c6:31:26:
                    e6:a7:cc:9c:f2:56:48:34:cc:6b:a9:d3:a9:70:05:
                    bd:67:7d:7b:a1:ba:78:f3:72:8c:ad:aa:c5:c5:fb:
                    28:ea:bb:64:ea:0c:ae:ca:fc:3a:a0:63:ee:3d:a2:
                    f7:95:ec:24:26:6b:a6:21:b5:a7:0b:76:51:90:e9:
                    53:9b:7e:a5:c9:42:3a:06:e3:31:34:ca:0f:25:c0:
                    a6:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:BA:03:51:D4:F5:7E:E4:37:58:9B:AA:02:77:C5:F5:A3:55:1A:B2
            X509v3 Authority Key Identifier:
                keyid:79:8B:CB:54:32:A4:5F:25:B0:41:03:96:7A:B4:03:C2:9D:0D:43:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eYvLVDKkXyWwQQOWerQDwp0NQwo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/5d0fbb-ad7d-4a9a-b174-11b29052528d/1/ZroDUdT1fuQ3WJuqAnfF9aNVGrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/5d0fbb-ad7d-4a9a-b174-11b29052528d/1/eYvLVDKkXyWwQQOWerQDwp0NQwo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.160.0/22
                IPv6:
                  2a00:de20::/32

    Signature Algorithm: sha256WithRSAEncryption
         0d:fc:e2:c3:9b:cb:c6:c3:1e:66:c1:bb:9d:4a:5b:ff:bc:e9:
         67:3b:43:92:ca:61:87:67:55:56:45:a1:d3:ca:d5:e4:7a:e4:
         6e:fa:0c:ab:16:d1:62:10:93:43:be:25:46:df:05:a1:c5:08:
         55:3c:47:65:99:f8:b9:4a:5d:e5:97:e4:e5:2f:f4:92:68:04:
         8f:4a:f9:8e:73:ee:75:8b:90:ab:7e:8d:61:c5:d5:62:bf:f2:
         9c:a1:b1:ce:a2:b7:d8:e1:82:cf:f6:0a:86:65:5c:a5:1e:7f:
         12:6f:60:24:43:dd:e0:e0:1d:ae:8c:f0:81:32:75:97:d4:aa:
         27:4d:a1:02:bd:a5:97:6a:c5:50:54:26:b4:69:82:3f:07:b6:
         6e:bb:91:71:8b:a0:ed:23:b5:5d:98:be:df:41:04:10:03:46:
         27:79:fa:db:84:a2:36:be:55:72:39:d2:ba:2e:e0:8c:75:7c:
         75:27:23:e9:a4:b6:c9:6d:73:e9:af:60:33:72:6a:11:d0:2b:
         ac:3d:60:b2:50:c4:a4:83:d2:1c:e4:a3:3e:70:0f:89:cf:b6:
         e8:2c:0c:6f:a4:86:ee:5a:ef:dd:b3:c9:4f:96:32:59:1d:f0:
         7f:a0:c7:af:b9:79:e3:46:d2:15:ef:88:7c:c6:5f:cd:00:79:
         6f:85:8d:97
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaCtHh0w17bQJsEBDTVXKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGJjYjU0MzJhNDVmMjViMDQxMDM5NjdhYjQwM2MyOWQw
ZDQzMGEwHhcNMjUwMTAxMDU0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmJhMDM1MWQ0ZjU3ZWU0Mzc1ODliYWEwMjc3YzVmNWEzNTUxYWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwY1npy43pJtYB0ZssicGwqdVR4JI
ZyuN/fgU1VOa63lOA/+eBnhBagoZdFO2hxLNkGLSbjaiytAQvfGi0G+bjpAMCRB0
UBaVhDz6v65VBmmAJtwmzQJ+4ckpOG7oLYSFM3xpyaSEQTVJPcZbysF2O3ZnJmYH
6hvFy/4IoRl4Y1rFMlF0svWzzxyIcGhpRBqZWgor4EtBCHqHmb2EH+95ekpWSjua
oBLmKWW2CWOYSB/GMSbmp8yc8lZINMxrqdOpcAW9Z317obp483KMrarFxfso6rtk
6gyuyvw6oGPuPaL3lewkJmumIbWnC3ZRkOlTm36lyUI6BuMxNMoPJcCmeQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGa6A1HU9X7kN1ibqgJ3xfWjVRqyMB8GA1UdIwQY
MBaAFHmLy1QypF8lsEEDlnq0A8KdDUMKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVl2TFZES2tYeVd3UVFPV2VyUUR3cDBOUXdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC81ZDBmYmItYWQ3ZC00YTlhLWIxNzQt
MTFiMjkwNTI1MjhkLzEvWnJvRFVkVDFmdVEzV0p1cUFuZkY5YU5WR3JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC81ZDBmYmItYWQ3ZC00YTlhLWIxNzQtMTFiMjkwNTI1Mjhk
LzEvZVl2TFZES2tYeVd3UVFPV2VyUUR3cDBOUXdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSSgMA0E
AgACMAcDBQAqAN4gMA0GCSqGSIb3DQEBCwUAA4IBAQAN/OLDm8vGwx5mwbudSlv/
vOlnO0OSymGHZ1VWRaHTytXkeuRu+gyrFtFiEJNDviVG3wWhxQhVPEdlmfi5Sl3l
l+TlL/SSaASPSvmOc+51i5Crfo1hxdViv/KcobHOorfY4YLP9gqGZVylHn8Sb2Ak
Q93g4B2ujPCBMnWX1KonTaECvaWXasVQVCa0aYI/B7Zuu5Fxi6DtI7VdmL7fQQQQ
A0YnefrbhKI2vlVyOdK6LuCMdXx1JyPppLbJbXPpr2AzcmoR0CusPWCyUMSkg9Ic
5KM+cA+Jz7boLAxvpIbuWu/ds8lPljJZHfB/oMevuXnjRtIV74h8xl/NAHlvhY2X
-----END CERTIFICATE-----