Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/KZZiPS9ZeOzzb7Ol0GU3vdesmec.roa
File:                     KZZiPS9ZeOzzb7Ol0GU3vdesmec.roa (raw, json)
Hash identifier:          vFZw/xYafILFh9yVo7+bAnIUSWqHvFS5F2SG90lZkR0=
Subject key identifier:   29:96:62:3D:2F:59:78:EC:F3:6F:B3:A5:D0:65:37:BD:D7:AC:99:E7
Certificate issuer:       /CN=597a01de87e011803f890ae17749020f995f140c
Certificate serial:       019422FBA9D6225B58CA4487CD3A785D9896
Authority key identifier: 59:7A:01:DE:87:E0:11:80:3F:89:0A:E1:77:49:02:0F:99:5F:14:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXoB3ofgEYA_iQrhd0kCD5lfFAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/KZZiPS9ZeOzzb7Ol0GU3vdesmec.roa
Signing time:             Wed 01 Jan 2025 17:48:25 +0000
ROA not before:           Wed 01 Jan 2025 17:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6878
IP address blocks:        164.30.0.0/17 maxlen: 24
                          2a07:b980:4000::/39 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/WXoB3ofgEYA_iQrhd0kCD5lfFAw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/WXoB3ofgEYA_iQrhd0kCD5lfFAw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXoB3ofgEYA_iQrhd0kCD5lfFAw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:a9:d6:22:5b:58:ca:44:87:cd:3a:78:5d:98:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=597a01de87e011803f890ae17749020f995f140c
        Validity
            Not Before: Jan  1 17:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2996623d2f5978ecf36fb3a5d06537bdd7ac99e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8b:2d:1d:47:92:21:3a:c8:07:af:21:82:34:
                    87:72:d7:8b:95:3b:f6:af:4d:9b:a4:8d:49:24:d4:
                    30:83:af:cb:10:bc:e4:23:be:6b:90:6f:79:e7:3a:
                    01:0c:3e:34:84:74:37:9b:1c:35:2a:f7:e9:17:b8:
                    29:d9:e1:a8:ba:9c:c2:8a:55:7c:e8:5f:08:b8:75:
                    96:25:cf:3a:11:7b:4e:09:b5:43:35:8b:db:d6:e6:
                    8c:0b:44:85:98:6c:f3:e4:91:5f:15:79:6e:5a:68:
                    e7:9e:27:34:32:82:af:f7:b3:61:d5:d1:51:db:0a:
                    8f:f7:53:b0:ca:95:f6:d9:da:11:ca:3b:14:f1:02:
                    11:1b:74:1c:19:66:08:cc:ef:70:f8:bc:27:9f:0c:
                    0f:91:a4:45:5c:05:d5:cc:e6:67:b3:4a:83:de:f7:
                    3c:08:18:af:8b:57:d8:f2:20:c0:0c:ef:49:a8:c3:
                    dd:ec:57:4f:d9:13:97:0c:87:be:b2:ba:9e:de:58:
                    2f:cd:92:8d:9d:7d:dc:4e:b6:1a:0b:dc:32:20:2f:
                    90:9f:78:a3:fd:c3:cd:f3:c4:8f:38:19:ab:59:07:
                    e4:89:1e:54:21:ef:9c:c6:d7:eb:4f:18:ca:3b:25:
                    eb:91:06:0c:6c:19:30:b1:85:0a:94:c0:a7:68:43:
                    0f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:96:62:3D:2F:59:78:EC:F3:6F:B3:A5:D0:65:37:BD:D7:AC:99:E7
            X509v3 Authority Key Identifier:
                keyid:59:7A:01:DE:87:E0:11:80:3F:89:0A:E1:77:49:02:0F:99:5F:14:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXoB3ofgEYA_iQrhd0kCD5lfFAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/KZZiPS9ZeOzzb7Ol0GU3vdesmec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/WXoB3ofgEYA_iQrhd0kCD5lfFAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.30.0.0/17
                IPv6:
                  2a07:b980:4000::/39

    Signature Algorithm: sha256WithRSAEncryption
         ac:f3:22:ea:a7:49:d0:e6:fb:5b:fc:19:63:e8:37:78:f4:77:
         d8:40:57:6a:2b:3f:ae:2d:07:b0:25:bf:8c:d9:86:aa:19:c1:
         60:70:11:dd:4d:77:9e:2a:1f:13:6c:b9:09:9e:9f:a3:16:52:
         f7:7e:a9:df:6e:60:3e:d2:c0:0e:42:2d:e4:22:a7:7b:14:68:
         33:0a:80:5f:6c:74:a2:24:fe:52:e0:69:a8:e7:8a:9f:96:14:
         68:16:01:e7:f9:74:c3:da:ad:4b:6f:57:88:02:9c:a3:47:c5:
         cf:f4:80:a4:75:37:e3:df:71:c1:95:34:4d:eb:1f:9b:0b:b1:
         82:dd:08:42:7b:2d:a0:cc:98:13:e9:77:25:3c:ed:98:2c:a8:
         b9:d9:d4:39:a8:22:3f:2e:3b:67:99:bc:f3:7f:fb:19:38:fd:
         b3:eb:27:31:21:40:43:77:08:b4:cf:75:f7:ff:72:42:71:7c:
         3c:0a:96:34:e0:2b:53:ef:12:7e:90:eb:4f:af:3a:34:b5:35:
         a5:d2:5b:0f:05:75:f9:51:d9:c2:f9:9b:58:e9:05:1a:d5:ad:
         2a:28:2e:bc:6f:65:2d:82:c5:73:ee:76:31:15:7b:50:3a:4d:
         32:81:e4:bb:e3:e2:2d:ca:33:6f:b0:ee:bb:4b:25:c8:1e:6d:
         c6:d9:87:12
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQi+6nWIltYykSHzTp4XZiWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5N2EwMWRlODdlMDExODAzZjg5MGFlMTc3NDkwMjBmOTk1
ZjE0MGMwHhcNMjUwMTAxMTc0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTk2NjIzZDJmNTk3OGVjZjM2ZmIzYTVkMDY1MzdiZGQ3YWM5OWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4stHUeSITrIB68hgjSHcteLlTv2
r02bpI1JJNQwg6/LELzkI75rkG955zoBDD40hHQ3mxw1KvfpF7gp2eGoupzCilV8
6F8IuHWWJc86EXtOCbVDNYvb1uaMC0SFmGzz5JFfFXluWmjnnic0MoKv97Nh1dFR
2wqP91OwypX22doRyjsU8QIRG3QcGWYIzO9w+LwnnwwPkaRFXAXVzOZns0qD3vc8
CBivi1fY8iDADO9JqMPd7FdP2ROXDIe+srqe3lgvzZKNnX3cTrYaC9wyIC+Qn3ij
/cPN88SPOBmrWQfkiR5UIe+cxtfrTxjKOyXrkQYMbBkwsYUKlMCnaEMPQwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFCmWYj0vWXjs82+zpdBlN73XrJnnMB8GA1UdIwQY
MBaAFFl6Ad6H4BGAP4kK4XdJAg+ZXxQMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hvQjNvZmdFWUFfaVFyaGQwa0NENWxmRkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi8yM2VkOWEtMWNhNS00NWVhLTliOGMt
NzM1MzNkZTA5OWMzLzEvS1paaVBTOVplT3p6YjdPbDBHVTN2ZGVzbWVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi8yM2VkOWEtMWNhNS00NWVhLTliOGMtNzM1MzNkZTA5OWMz
LzEvV1hvQjNvZmdFWUFfaVFyaGQwa0NENWxmRkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQHpB4AMA4E
AgACMAgDBgEqB7mAQDANBgkqhkiG9w0BAQsFAAOCAQEArPMi6qdJ0Ob7W/wZY+g3
ePR32EBXais/ri0HsCW/jNmGqhnBYHAR3U13niofE2y5CZ6foxZS936p325gPtLA
DkIt5CKnexRoMwqAX2x0oiT+UuBpqOeKn5YUaBYB5/l0w9qtS29XiAKco0fFz/SA
pHU3499xwZU0Tesfmwuxgt0IQnstoMyYE+l3JTztmCyoudnUOagiPy47Z5m883/7
GTj9s+snMSFAQ3cItM919/9yQnF8PAqWNOArU+8SfpDrT686NLU1pdJbDwV1+VHZ
wvmbWOkFGtWtKiguvG9lLYLFc+52MRV7UDpNMoHku+PiLcozb7Duu0slyB5txtmH
Eg==
-----END CERTIFICATE-----