Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/Pza9faIJ5cktDsZNFR6fEzPMTws.roa
File:                     Pza9faIJ5cktDsZNFR6fEzPMTws.roa (raw, json)
Hash identifier:          IZazQ28vh340utjMZWOtEpCw1yIpqU4ff78jK5/vzyY=
Subject key identifier:   3F:36:BD:7D:A2:09:E5:C9:2D:0E:C6:4D:15:1E:9F:13:33:CC:4F:0B
Certificate issuer:       /CN=f8ad543624f8d3281ec970458ee752f10a424529
Certificate serial:       01971C00AA857F012AAB321D961020608AD6
Authority key identifier: F8:AD:54:36:24:F8:D3:28:1E:C9:70:45:8E:E7:52:F1:0A:42:45:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/Pza9faIJ5cktDsZNFR6fEzPMTws.roa
Signing time:             Thu 29 May 2025 12:24:54 +0000
ROA not before:           Thu 29 May 2025 12:24:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198668
IP address blocks:        176.119.192.0/24 maxlen: 24
                          185.87.140.0/22 maxlen: 24
                          185.243.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 10:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1c:00:aa:85:7f:01:2a:ab:32:1d:96:10:20:60:8a:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8ad543624f8d3281ec970458ee752f10a424529
        Validity
            Not Before: May 29 12:24:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f36bd7da209e5c92d0ec64d151e9f1333cc4f0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:01:2e:e3:01:a1:72:7d:09:64:5b:ed:e2:ee:
                    b7:40:55:82:6f:31:72:af:15:7c:c6:48:4b:f3:f5:
                    e0:ed:08:ee:4a:ce:b4:73:5a:33:fa:73:e9:cd:13:
                    b7:8d:4b:b0:49:fc:cc:ae:0b:c0:94:57:94:5a:40:
                    b0:b6:98:22:d3:2b:31:63:64:9b:50:7e:85:31:45:
                    6e:a9:ae:06:95:03:1a:ed:0a:51:72:f3:25:81:c7:
                    3b:2d:78:c5:91:5b:02:11:47:bc:2a:b1:99:99:e5:
                    66:74:09:f0:95:f4:87:73:9b:67:91:99:dd:59:90:
                    46:b7:a8:bc:1d:81:ef:8b:77:4c:68:36:3c:ad:ee:
                    2d:31:30:8a:d5:a0:28:5c:91:9a:a8:bd:c8:ea:79:
                    12:ed:08:40:c8:77:e1:f5:b9:21:b8:3c:f3:48:f3:
                    f0:fb:cb:40:0b:f3:99:db:32:7f:83:d9:72:39:29:
                    9f:10:49:29:07:c7:4f:23:01:64:a0:4b:0e:33:42:
                    65:7e:94:0b:77:59:3f:ca:0a:2f:19:3d:eb:64:f5:
                    ab:42:03:23:da:1f:69:d8:e6:df:d7:ab:ff:36:3f:
                    4c:03:6f:3c:6d:c4:bc:99:08:72:55:f5:4a:3b:be:
                    90:aa:c6:a4:5a:48:7e:e9:9e:c6:8a:4f:aa:de:61:
                    48:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:36:BD:7D:A2:09:E5:C9:2D:0E:C6:4D:15:1E:9F:13:33:CC:4F:0B
            X509v3 Authority Key Identifier:
                keyid:F8:AD:54:36:24:F8:D3:28:1E:C9:70:45:8E:E7:52:F1:0A:42:45:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/Pza9faIJ5cktDsZNFR6fEzPMTws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.119.192.0/24
                  185.87.140.0/22
                  185.243.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:dc:17:1f:b6:13:ba:ed:0d:1b:4a:78:38:44:dc:b3:f6:70:
         f3:34:c0:f8:6d:3b:50:0e:aa:5c:d1:77:bb:00:c7:7b:f8:61:
         69:a8:ec:d6:a0:d6:a6:8d:9b:a5:1e:8f:64:a3:88:59:80:7c:
         56:82:f4:ea:7d:ee:c7:96:a0:6b:ed:3d:50:18:6e:89:5f:1e:
         2a:1e:23:09:a3:7c:33:ef:0f:0a:da:b3:a6:13:cc:71:48:e3:
         ed:b1:48:3a:c2:20:5a:c5:fa:ad:1a:ec:29:fa:4a:76:69:6e:
         5a:37:e7:d8:b4:42:b0:71:a8:8d:f2:6a:e3:3b:7c:39:11:39:
         7a:bc:3d:8f:6c:ee:8c:25:e0:c5:08:be:bb:44:15:40:97:be:
         e1:3d:57:d3:49:5d:83:98:e8:c6:c5:28:ef:cb:23:3e:cf:c1:
         e7:ba:e2:c7:ef:93:c0:48:ff:20:67:1e:9b:9d:06:db:cd:73:
         d5:a8:30:21:16:19:53:0f:52:50:e3:85:30:3e:18:37:b4:8f:
         5c:4d:a8:0d:88:5b:1a:ba:c3:86:da:17:ed:e6:32:44:49:09:
         30:15:82:92:ae:56:08:eb:c0:e3:4d:a3:96:15:81:97:2f:70:
         f6:b9:04:ef:43:0f:08:c6:5d:0a:fb:07:40:ca:51:78:9f:39:
         8e:73:00:ad
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZccAKqFfwEqqzIdlhAgYIrWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YWQ1NDM2MjRmOGQzMjgxZWM5NzA0NThlZTc1MmYxMGE0
MjQ1MjkwHhcNMjUwNTI5MTIyNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjM2YmQ3ZGEyMDllNWM5MmQwZWM2NGQxNTFlOWYxMzMzY2M0ZjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgEu4wGhcn0JZFvt4u63QFWCbzFy
rxV8xkhL8/Xg7QjuSs60c1oz+nPpzRO3jUuwSfzMrgvAlFeUWkCwtpgi0ysxY2Sb
UH6FMUVuqa4GlQMa7QpRcvMlgcc7LXjFkVsCEUe8KrGZmeVmdAnwlfSHc5tnkZnd
WZBGt6i8HYHvi3dMaDY8re4tMTCK1aAoXJGaqL3I6nkS7QhAyHfh9bkhuDzzSPPw
+8tAC/OZ2zJ/g9lyOSmfEEkpB8dPIwFkoEsOM0JlfpQLd1k/ygovGT3rZPWrQgMj
2h9p2Obf16v/Nj9MA288bcS8mQhyVfVKO76QqsakWkh+6Z7Gik+q3mFIQwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFD82vX2iCeXJLQ7GTRUenxMzzE8LMB8GA1UdIwQY
MBaAFPitVDYk+NMoHslwRY7nUvEKQkUpMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LMVVOaVQ0MHlnZXlYQkZqdWRTOFFwQ1JTay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjAvYWYxZjY0LWMzNWYtNDdlOC04N2M5
LThhMTFiNDcxOWQ4Mi8xL1B6YTlmYUlKNWNrdERzWk5GUjZmRXpQTVR3cy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjAvYWYxZjY0LWMzNWYtNDdlOC04N2M5LThhMTFiNDcxOWQ4
Mi8xLzEtSzFVTmlUNDB5Z2V5WEJGanVkUzhRcENSU2suY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACwd8AD
BAK5V4wDBAK586wwDQYJKoZIhvcNAQELBQADggEBADDcFx+2E7rtDRtKeDhE3LP2
cPM0wPhtO1AOqlzRd7sAx3v4YWmo7Nag1qaNm6Uej2SjiFmAfFaC9Op97seWoGvt
PVAYbolfHioeIwmjfDPvDwras6YTzHFI4+2xSDrCIFrF+q0a7Cn6SnZpblo359i0
QrBxqI3yauM7fDkROXq8PY9s7owl4MUIvrtEFUCXvuE9V9NJXYOY6MbFKO/LIz7P
wee64sfvk8BI/yBnHpudBtvNc9WoMCEWGVMPUlDjhTA+GDe0j1xNqA2IWxq6w4ba
F+3mMkRJCTAVgpKuVgjrwONNo5YVgZcvcPa5BO9DDwjGXQr7B0DKUXifOY5zAK0=
-----END CERTIFICATE-----