Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/62d15b-7bd5-4b3b-be72-147ec96ea730/1/zR4iLeAlwp_N8F3SE1jgzNAAf5g.roa
File:                     zR4iLeAlwp_N8F3SE1jgzNAAf5g.roa (raw, json)
Hash identifier:          xWq9xR6Qocj5qbdstuQx7KrJz2/dodBVSQAGA+Ot/AI=
Subject key identifier:   CD:1E:22:2D:E0:25:C2:9F:CD:F0:5D:D2:13:58:E0:CC:D0:00:7F:98
Certificate issuer:       /CN=93c64c668eff34740816eda85a459d0c422e063c
Certificate serial:       01942143A6AAE18831B19E8D244ACE867A0B
Authority key identifier: 93:C6:4C:66:8E:FF:34:74:08:16:ED:A8:5A:45:9D:0C:42:2E:06:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k8ZMZo7_NHQIFu2oWkWdDEIuBjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/62d15b-7bd5-4b3b-be72-147ec96ea730/1/zR4iLeAlwp_N8F3SE1jgzNAAf5g.roa
Signing time:             Wed 01 Jan 2025 09:47:48 +0000
ROA not before:           Wed 01 Jan 2025 09:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137
IP address blocks:        192.150.194.0/23 maxlen: 23
                          192.150.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/62d15b-7bd5-4b3b-be72-147ec96ea730/1/k8ZMZo7_NHQIFu2oWkWdDEIuBjw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/62d15b-7bd5-4b3b-be72-147ec96ea730/1/k8ZMZo7_NHQIFu2oWkWdDEIuBjw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k8ZMZo7_NHQIFu2oWkWdDEIuBjw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 18:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:a6:aa:e1:88:31:b1:9e:8d:24:4a:ce:86:7a:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93c64c668eff34740816eda85a459d0c422e063c
        Validity
            Not Before: Jan  1 09:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd1e222de025c29fcdf05dd21358e0ccd0007f98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e5:27:30:c2:44:56:b5:51:36:dc:53:bd:7a:
                    e0:69:21:a7:47:1a:3f:3a:42:52:78:98:7f:89:85:
                    51:f9:fc:c2:9c:3e:57:df:1a:f7:ae:ae:16:6f:13:
                    63:eb:e1:60:27:19:ae:b3:1a:d6:fc:76:d6:4f:42:
                    16:e6:b4:16:69:ae:e6:95:03:16:cf:bd:bf:d2:f1:
                    cf:48:ed:d0:4e:26:62:fd:c0:34:c4:c3:30:d9:9c:
                    24:7b:c4:4e:74:ca:b3:8b:9a:3e:a0:b3:45:38:f5:
                    27:8a:8d:07:8b:b6:45:dc:43:1c:c4:e0:fa:c4:8d:
                    6e:d3:a1:67:d5:fc:8e:4f:d4:9b:49:20:b8:1a:0f:
                    c9:b1:f1:f1:ff:96:f5:74:bc:f5:ef:e5:eb:58:49:
                    25:31:d2:b3:c8:43:7e:c5:93:66:21:2f:ed:c2:d5:
                    6f:18:24:36:85:e1:dc:8a:3d:d7:2e:b9:80:da:e9:
                    f8:34:33:a4:05:2a:6c:ab:74:24:85:30:f6:ed:24:
                    4d:c8:48:e0:0f:b8:6a:b9:00:d3:aa:3c:cd:20:be:
                    1d:3f:dd:ed:01:9f:b4:72:60:fa:16:5c:a1:61:b8:
                    57:48:88:f1:3a:c3:4a:67:87:9c:49:53:27:41:ad:
                    e1:d8:d0:9a:d5:f8:56:f0:b7:a0:81:b3:38:56:6f:
                    3b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:1E:22:2D:E0:25:C2:9F:CD:F0:5D:D2:13:58:E0:CC:D0:00:7F:98
            X509v3 Authority Key Identifier:
                keyid:93:C6:4C:66:8E:FF:34:74:08:16:ED:A8:5A:45:9D:0C:42:2E:06:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k8ZMZo7_NHQIFu2oWkWdDEIuBjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/62d15b-7bd5-4b3b-be72-147ec96ea730/1/zR4iLeAlwp_N8F3SE1jgzNAAf5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/62d15b-7bd5-4b3b-be72-147ec96ea730/1/k8ZMZo7_NHQIFu2oWkWdDEIuBjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.150.194.0-192.150.196.255

    Signature Algorithm: sha256WithRSAEncryption
         07:9a:66:9e:98:8c:2b:97:08:93:bf:b8:ea:15:1a:d6:83:02:
         c8:26:92:77:bf:7f:a7:6b:02:8f:47:09:25:31:0f:fb:1a:7e:
         a6:2c:d7:0e:22:28:1b:be:fa:94:7c:8e:a0:33:1d:98:e0:9d:
         03:bb:73:22:7d:f7:26:40:79:02:45:14:d6:a3:67:4d:93:84:
         0c:85:94:9a:6c:dd:de:60:a4:65:a6:53:e2:48:c1:e3:0c:01:
         77:d1:e8:70:d4:b7:f8:53:1f:4d:6e:ab:21:69:3c:1e:11:14:
         03:b2:7c:e4:6a:c6:5b:4f:28:5c:c9:2f:34:5a:1b:e1:93:d6:
         db:cb:c3:1e:1d:02:3b:38:0f:3a:ec:ef:6b:04:6d:a7:86:f0:
         57:78:4f:7d:3e:95:dc:08:1b:7b:b0:a3:4e:d3:90:ad:b6:83:
         cb:fe:d0:04:f5:17:92:e2:b3:33:ca:04:c3:97:d6:e3:19:70:
         15:76:e6:3c:f5:65:89:82:11:d0:8a:0e:d6:cd:ac:82:7e:8e:
         6e:1d:27:33:ba:4d:bf:23:10:1c:e5:34:f0:77:05:c8:2a:f9:
         b3:83:a9:6b:27:e2:23:f0:94:6f:88:54:f9:66:27:2f:b4:fc:
         48:24:8d:64:27:8f:42:c9:cd:75:ca:30:8c:d0:57:32:c7:ef:
         a1:b5:0c:8b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhQ6aq4YgxsZ6NJErOhnoLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYzY0YzY2OGVmZjM0NzQwODE2ZWRhODVhNDU5ZDBjNDIy
ZTA2M2MwHhcNMjUwMTAxMDk0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDFlMjIyZGUwMjVjMjlmY2RmMDVkZDIxMzU4ZTBjY2QwMDA3Zjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+UnMMJEVrVRNtxTvXrgaSGnRxo/
OkJSeJh/iYVR+fzCnD5X3xr3rq4WbxNj6+FgJxmusxrW/HbWT0IW5rQWaa7mlQMW
z72/0vHPSO3QTiZi/cA0xMMw2Zwke8ROdMqzi5o+oLNFOPUnio0Hi7ZF3EMcxOD6
xI1u06Fn1fyOT9SbSSC4Gg/JsfHx/5b1dLz17+XrWEklMdKzyEN+xZNmIS/twtVv
GCQ2heHcij3XLrmA2un4NDOkBSpsq3QkhTD27SRNyEjgD7hquQDTqjzNIL4dP93t
AZ+0cmD6FlyhYbhXSIjxOsNKZ4ecSVMnQa3h2NCa1fhW8LeggbM4Vm87OQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFM0eIi3gJcKfzfBd0hNY4MzQAH+YMB8GA1UdIwQY
MBaAFJPGTGaO/zR0CBbtqFpFnQxCLgY8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazhaTVpvN19OSFFJRnUyb1drV2RERUl1Qmp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC82MmQxNWItN2JkNS00YjNiLWJlNzIt
MTQ3ZWM5NmVhNzMwLzEvelI0aUxlQWx3cF9OOEYzU0Uxamd6TkFBZjVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC82MmQxNWItN2JkNS00YjNiLWJlNzItMTQ3ZWM5NmVhNzMw
LzEvazhaTVpvN19OSFFJRnUyb1drV2RERUl1Qmp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAHAlsID
BADAlsQwDQYJKoZIhvcNAQELBQADggEBAAeaZp6YjCuXCJO/uOoVGtaDAsgmkne/
f6drAo9HCSUxD/safqYs1w4iKBu++pR8jqAzHZjgnQO7cyJ99yZAeQJFFNajZ02T
hAyFlJps3d5gpGWmU+JIweMMAXfR6HDUt/hTH01uqyFpPB4RFAOyfORqxltPKFzJ
LzRaG+GT1tvLwx4dAjs4Dzrs72sEbaeG8Fd4T30+ldwIG3uwo07TkK22g8v+0AT1
F5LiszPKBMOX1uMZcBV25jz1ZYmCEdCKDtbNrIJ+jm4dJzO6Tb8jEBzlNPB3Bcgq
+bODqWsn4iPwlG+IVPlmJy+0/EgkjWQnj0LJzXXKMIzQVzLH76G1DIs=
-----END CERTIFICATE-----