Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/93804e-b1f2-4034-9b26-3cef8a8d6ea1/1/zMLzsvyvzttf1W0nTGnk2Xapur8.roa
File:                     zMLzsvyvzttf1W0nTGnk2Xapur8.roa (raw, json)
Hash identifier:          RrEXPJicy0wkgDG3hlm5HrYEO3YA5hlKCSWiWB4jQfs=
Subject key identifier:   CC:C2:F3:B2:FC:AF:CE:DB:5F:D5:6D:27:4C:69:E4:D9:76:A9:BA:BF
Certificate issuer:       /CN=af2acebc761caf37656dbd7153c00499fb737777
Certificate serial:       01942444A2C052ABC11E9B057B4A22063B32
Authority key identifier: AF:2A:CE:BC:76:1C:AF:37:65:6D:BD:71:53:C0:04:99:FB:73:77:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ryrOvHYcrzdlbb1xU8AEmftzd3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/93804e-b1f2-4034-9b26-3cef8a8d6ea1/1/zMLzsvyvzttf1W0nTGnk2Xapur8.roa
Signing time:             Wed 01 Jan 2025 23:47:45 +0000
ROA not before:           Wed 01 Jan 2025 23:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60631
IP address blocks:        195.177.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/93804e-b1f2-4034-9b26-3cef8a8d6ea1/1/ryrOvHYcrzdlbb1xU8AEmftzd3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/93804e-b1f2-4034-9b26-3cef8a8d6ea1/1/ryrOvHYcrzdlbb1xU8AEmftzd3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ryrOvHYcrzdlbb1xU8AEmftzd3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:a2:c0:52:ab:c1:1e:9b:05:7b:4a:22:06:3b:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af2acebc761caf37656dbd7153c00499fb737777
        Validity
            Not Before: Jan  1 23:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ccc2f3b2fcafcedb5fd56d274c69e4d976a9babf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:0f:55:22:82:f0:b7:d4:c6:be:fb:3b:a3:8e:
                    ff:db:f0:57:a3:36:ed:eb:7b:e3:a5:09:f0:62:e5:
                    02:94:4c:15:be:aa:b3:cf:2c:20:06:cb:60:ba:cb:
                    da:b4:1d:17:42:98:67:f3:0a:ca:69:9f:58:fc:85:
                    e1:52:f0:90:9e:7f:05:1e:05:58:c7:9c:12:e9:2d:
                    f6:03:a4:e9:f6:25:b3:e5:1d:29:bc:02:da:e9:ca:
                    7c:f9:00:17:5d:65:7f:9f:b0:ea:06:1c:ba:b7:44:
                    e5:d1:89:39:47:10:0e:9c:70:f0:d0:9b:70:03:b1:
                    50:87:00:41:74:90:da:39:c5:35:25:23:a9:57:40:
                    80:02:40:20:5a:e9:42:e0:fe:b7:d1:d7:24:67:72:
                    3d:5a:06:9f:be:1b:b0:7f:02:f0:4b:ec:27:04:0d:
                    b6:a4:dd:12:4f:22:b6:61:79:0c:92:98:e6:d5:43:
                    43:5f:be:33:ef:c3:2a:9a:5e:41:c9:4d:91:a5:d6:
                    c8:bc:93:9b:ba:52:65:cf:b3:04:b2:ef:f3:51:84:
                    45:7d:66:0d:3c:19:36:b9:d2:53:bd:4b:e3:81:e6:
                    53:93:35:4d:06:18:f7:14:f2:33:c6:0b:ec:b1:61:
                    00:4f:7c:95:6a:3f:1d:71:97:50:42:59:41:ac:bb:
                    11:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:C2:F3:B2:FC:AF:CE:DB:5F:D5:6D:27:4C:69:E4:D9:76:A9:BA:BF
            X509v3 Authority Key Identifier:
                keyid:AF:2A:CE:BC:76:1C:AF:37:65:6D:BD:71:53:C0:04:99:FB:73:77:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ryrOvHYcrzdlbb1xU8AEmftzd3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/93804e-b1f2-4034-9b26-3cef8a8d6ea1/1/zMLzsvyvzttf1W0nTGnk2Xapur8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/93804e-b1f2-4034-9b26-3cef8a8d6ea1/1/ryrOvHYcrzdlbb1xU8AEmftzd3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.177.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:a8:30:85:8d:ef:43:8b:f0:39:a8:2f:6c:5b:59:ab:c8:ad:
         b7:96:9b:5b:14:79:be:46:89:eb:a8:af:21:ef:1d:eb:de:3c:
         e2:ab:ef:9f:ba:d7:bb:2d:3d:75:b9:c9:1d:60:37:a0:85:18:
         30:cf:20:41:7f:e3:ed:ec:5a:da:46:ed:c3:6b:a2:b5:49:4f:
         ea:0c:c8:86:8b:91:5a:e7:b8:1e:be:47:73:0a:70:18:fb:ad:
         80:d2:af:ba:b1:43:2f:45:6e:d1:1c:37:cd:da:8e:80:38:66:
         9f:7c:eb:c7:a6:a9:84:d5:b3:b6:33:1a:4c:a9:a8:63:db:e9:
         32:2d:5a:b1:51:ba:f0:f6:7b:a5:92:99:37:7b:ce:5b:c3:9c:
         77:aa:39:a9:50:90:19:c8:0c:39:c9:6e:73:b4:2a:7c:45:09:
         83:93:0c:34:e5:27:e9:70:a7:60:80:17:58:8e:8f:7f:55:a4:
         27:d1:77:29:c5:b6:f3:d2:0c:36:8a:17:0d:d1:42:01:af:e9:
         70:52:80:6a:cc:95:b3:53:b7:9f:4a:75:b5:ae:58:e3:27:e0:
         8f:56:6d:d9:5f:6c:c0:71:c1:6f:bd:71:c5:4b:5a:4d:a7:6c:
         36:2a:89:4c:e9:6d:57:60:0e:35:5c:92:6e:c5:77:f5:ca:b1:
         4d:6a:0a:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRKLAUqvBHpsFe0oiBjsyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMmFjZWJjNzYxY2FmMzc2NTZkYmQ3MTUzYzAwNDk5ZmI3
Mzc3NzcwHhcNMjUwMTAxMjM0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2MyZjNiMmZjYWZjZWRiNWZkNTZkMjc0YzY5ZTRkOTc2YTliYWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQ9VIoLwt9TGvvs7o47/2/BXozbt
63vjpQnwYuUClEwVvqqzzywgBstgusvatB0XQphn8wrKaZ9Y/IXhUvCQnn8FHgVY
x5wS6S32A6Tp9iWz5R0pvALa6cp8+QAXXWV/n7DqBhy6t0Tl0Yk5RxAOnHDw0Jtw
A7FQhwBBdJDaOcU1JSOpV0CAAkAgWulC4P630dckZ3I9WgafvhuwfwLwS+wnBA22
pN0STyK2YXkMkpjm1UNDX74z78Mqml5ByU2RpdbIvJObulJlz7MEsu/zUYRFfWYN
PBk2udJTvUvjgeZTkzVNBhj3FPIzxgvssWEAT3yVaj8dcZdQQllBrLsR4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMzC87L8r87bX9VtJ0xp5Nl2qbq/MB8GA1UdIwQY
MBaAFK8qzrx2HK83ZW29cVPABJn7c3d3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnlyT3ZIWWNyemRsYmIxeFU4QUVtZnR6ZDNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi85MzgwNGUtYjFmMi00MDM0LTliMjYt
M2NlZjhhOGQ2ZWExLzEvek1MenN2eXZ6dHRmMVcwblRHbmsyWGFwdXI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi85MzgwNGUtYjFmMi00MDM0LTliMjYtM2NlZjhhOGQ2ZWEx
LzEvcnlyT3ZIWWNyemRsYmIxeFU4QUVtZnR6ZDNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7H/MA0G
CSqGSIb3DQEBCwUAA4IBAQCKqDCFje9Di/A5qC9sW1mryK23lptbFHm+RonrqK8h
7x3r3jziq++fute7LT11uckdYDeghRgwzyBBf+Pt7FraRu3Da6K1SU/qDMiGi5Fa
57gevkdzCnAY+62A0q+6sUMvRW7RHDfN2o6AOGaffOvHpqmE1bO2MxpMqahj2+ky
LVqxUbrw9nulkpk3e85bw5x3qjmpUJAZyAw5yW5ztCp8RQmDkww05SfpcKdggBdY
jo9/VaQn0Xcpxbbz0gw2ihcN0UIBr+lwUoBqzJWzU7efSnW1rljjJ+CPVm3ZX2zA
ccFvvXHFS1pNp2w2KolM6W1XYA41XJJuxXf1yrFNagoy
-----END CERTIFICATE-----