Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/1042dd-e67b-402a-81dc-c13b1f977d57/1/zwMZXsX6Z6y_GtPEpsaBS7FPtIU.roa
File:                     zwMZXsX6Z6y_GtPEpsaBS7FPtIU.roa (raw, json)
Hash identifier:          bi378rHsH1o9Uq16RD7qe5x44q14EkwJzXLivtK1Naw=
Subject key identifier:   CF:03:19:5E:C5:FA:67:AC:BF:1A:D3:C4:A6:C6:81:4B:B1:4F:B4:85
Certificate issuer:       /CN=ccd1e28930d77a7eb9891b6fabbb2915ee3885aa
Certificate serial:       01942746490D26E332DEB95B0BDF617A8FCD
Authority key identifier: CC:D1:E2:89:30:D7:7A:7E:B9:89:1B:6F:AB:BB:29:15:EE:38:85:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNHiiTDXen65iRtvq7spFe44hao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/1042dd-e67b-402a-81dc-c13b1f977d57/1/zwMZXsX6Z6y_GtPEpsaBS7FPtIU.roa
Signing time:             Thu 02 Jan 2025 13:48:25 +0000
ROA not before:           Thu 02 Jan 2025 13:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     559
IP address blocks:        152.88.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/1042dd-e67b-402a-81dc-c13b1f977d57/1/zNHiiTDXen65iRtvq7spFe44hao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/1042dd-e67b-402a-81dc-c13b1f977d57/1/zNHiiTDXen65iRtvq7spFe44hao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNHiiTDXen65iRtvq7spFe44hao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 19:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:49:0d:26:e3:32:de:b9:5b:0b:df:61:7a:8f:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd1e28930d77a7eb9891b6fabbb2915ee3885aa
        Validity
            Not Before: Jan  2 13:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf03195ec5fa67acbf1ad3c4a6c6814bb14fb485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e8:97:b9:06:7f:50:91:6b:e0:06:bd:5b:bb:
                    20:93:c9:23:5d:4b:b3:ea:61:a9:f2:64:90:c1:10:
                    7b:75:79:12:eb:c4:92:76:3c:f5:07:11:e9:52:66:
                    25:ec:38:30:b8:3e:29:3d:95:f4:5a:ad:ef:cc:37:
                    8c:47:0a:43:64:77:f4:5b:ce:8e:03:29:87:ae:08:
                    a1:ff:c7:e6:0c:2c:fe:95:fc:a5:5c:b2:dc:e5:92:
                    06:8a:a4:f5:91:35:20:81:13:27:22:c7:9d:b2:c4:
                    73:e0:60:c3:d7:4a:c1:9c:8c:24:a9:00:b4:b3:33:
                    35:98:7c:b4:7d:52:1d:ec:c8:d0:e3:ac:9f:51:f4:
                    45:02:06:1c:6e:f7:f0:c7:c1:74:2a:6d:86:43:af:
                    67:55:74:3e:18:01:40:eb:fd:e7:ce:0a:3f:9c:27:
                    72:93:43:55:f5:27:5a:e6:02:99:01:01:1c:a2:ae:
                    08:d8:32:bb:5d:bc:a0:3d:8e:c4:d3:e7:21:29:25:
                    e9:16:64:c9:93:52:74:d2:25:e7:86:4c:cf:fa:2f:
                    b0:7b:40:2f:6d:24:ac:ba:4a:eb:46:38:b4:c8:7f:
                    28:03:4c:d7:e4:13:54:2c:ab:61:21:32:92:ce:24:
                    0a:96:c2:6a:a3:ed:a0:f0:e3:97:9f:f1:9f:1e:e9:
                    af:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:03:19:5E:C5:FA:67:AC:BF:1A:D3:C4:A6:C6:81:4B:B1:4F:B4:85
            X509v3 Authority Key Identifier:
                keyid:CC:D1:E2:89:30:D7:7A:7E:B9:89:1B:6F:AB:BB:29:15:EE:38:85:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNHiiTDXen65iRtvq7spFe44hao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/1042dd-e67b-402a-81dc-c13b1f977d57/1/zwMZXsX6Z6y_GtPEpsaBS7FPtIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/1042dd-e67b-402a-81dc-c13b1f977d57/1/zNHiiTDXen65iRtvq7spFe44hao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.88.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         bd:77:90:e2:02:63:12:78:db:25:59:27:f2:e5:0a:e0:77:3d:
         86:68:6a:35:f3:05:84:eb:68:60:e3:e0:0f:15:c8:2d:5e:90:
         ca:96:5a:9b:b5:80:86:c4:20:1d:e6:96:b3:fe:3c:16:fe:53:
         fb:d8:73:8c:79:29:b2:3e:33:28:45:16:32:ae:1f:26:0b:86:
         8c:08:bb:03:9b:68:41:f6:af:64:ac:21:fe:13:76:5d:a2:27:
         b5:0d:4d:5c:23:3e:e2:64:89:9e:06:26:cc:f6:7e:ab:41:ba:
         c6:7f:54:94:5e:48:f2:45:65:64:04:99:24:bc:b9:a0:96:4f:
         36:58:5c:ed:87:0a:a3:a9:c5:72:0d:96:47:5c:41:e8:90:9f:
         30:60:47:69:9a:fc:24:e2:5b:dd:e6:20:d3:28:35:4f:79:74:
         7a:af:72:b0:5e:45:f0:20:58:4c:c1:c5:24:ad:28:c5:be:24:
         bb:78:d0:cf:35:8e:53:c3:f8:6b:4c:38:cf:cb:91:2f:e0:73:
         54:f8:c2:67:db:ba:e2:ac:03:37:44:30:a3:56:a8:f7:b0:cf:
         76:28:ef:5c:89:7b:40:30:c4:f6:45:98:07:77:e4:e8:ed:00:
         01:c0:2d:ac:78:4a:ba:81:9b:c3:6e:11:28:3a:95:4b:55:15:
         43:12:33:25
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQnRkkNJuMy3rlbC99heo/NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDFlMjg5MzBkNzdhN2ViOTg5MWI2ZmFiYmIyOTE1ZWUz
ODg1YWEwHhcNMjUwMTAyMTM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjAzMTk1ZWM1ZmE2N2FjYmYxYWQzYzRhNmM2ODE0YmIxNGZiNDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOiXuQZ/UJFr4Aa9W7sgk8kjXUuz
6mGp8mSQwRB7dXkS68SSdjz1BxHpUmYl7DgwuD4pPZX0Wq3vzDeMRwpDZHf0W86O
AymHrgih/8fmDCz+lfylXLLc5ZIGiqT1kTUggRMnIsedssRz4GDD10rBnIwkqQC0
szM1mHy0fVId7MjQ46yfUfRFAgYcbvfwx8F0Km2GQ69nVXQ+GAFA6/3nzgo/nCdy
k0NV9Sda5gKZAQEcoq4I2DK7XbygPY7E0+chKSXpFmTJk1J00iXnhkzP+i+we0Av
bSSsukrrRji0yH8oA0zX5BNULKthITKSziQKlsJqo+2g8OOXn/GfHumvlwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFM8DGV7F+mesvxrTxKbGgUuxT7SFMB8GA1UdIwQY
MBaAFMzR4okw13p+uYkbb6u7KRXuOIWqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5IaWlURFhlbjY1aVJ0dnE3c3BGZTQ0aGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xMDQyZGQtZTY3Yi00MDJhLTgxZGMt
YzEzYjFmOTc3ZDU3LzEvendNWlhzWDZaNnlfR3RQRXBzYUJTN0ZQdElVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xMDQyZGQtZTY3Yi00MDJhLTgxZGMtYzEzYjFmOTc3ZDU3
LzEvek5IaWlURFhlbjY1aVJ0dnE3c3BGZTQ0aGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAmFgwDQYJ
KoZIhvcNAQELBQADggEBAL13kOICYxJ42yVZJ/LlCuB3PYZoajXzBYTraGDj4A8V
yC1ekMqWWpu1gIbEIB3mlrP+PBb+U/vYc4x5KbI+MyhFFjKuHyYLhowIuwObaEH2
r2SsIf4Tdl2iJ7UNTVwjPuJkiZ4GJsz2fqtBusZ/VJReSPJFZWQEmSS8uaCWTzZY
XO2HCqOpxXINlkdcQeiQnzBgR2ma/CTiW93mINMoNU95dHqvcrBeRfAgWEzBxSSt
KMW+JLt40M81jlPD+GtMOM/LkS/gc1T4wmfbuuKsAzdEMKNWqPewz3Yo71yJe0Aw
xPZFmAd35OjtAAHALax4SrqBm8NuESg6lUtVFUMSMyU=
-----END CERTIFICATE-----