Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/Cdz1li8VqIIJV-m5kmfKj99Y7vo.roa
File:                     Cdz1li8VqIIJV-m5kmfKj99Y7vo.roa (raw, json)
Hash identifier:          Injt2qVEYstD1CFDA2RDhQ4n71XCzIHna09I/6r+g6s=
Subject key identifier:   09:DC:F5:96:2F:15:A8:82:09:57:E9:B9:92:67:CA:8F:DF:58:EE:FA
Certificate issuer:       /CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
Certificate serial:       019446776CDA22C3422E9352264EF27D05B7
Authority key identifier: 29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/Cdz1li8VqIIJV-m5kmfKj99Y7vo.roa
Signing time:             Wed 08 Jan 2025 15:10:19 +0000
ROA not before:           Wed 08 Jan 2025 15:10:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        195.39.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 15:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:46:77:6c:da:22:c3:42:2e:93:52:26:4e:f2:7d:05:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
        Validity
            Not Before: Jan  8 15:10:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=09dcf5962f15a8820957e9b99267ca8fdf58eefa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:82:02:df:b5:37:d8:81:e7:95:21:f8:53:f1:
                    86:b4:a4:20:12:11:e9:7d:e6:0e:7a:e5:88:1d:e9:
                    47:03:e5:4d:04:8b:c2:8d:2a:f5:28:d2:5e:24:37:
                    14:99:0e:02:04:ae:3d:a3:85:94:09:77:36:3d:b2:
                    75:0c:b5:fc:a3:a2:4d:69:bb:8a:13:d1:02:93:bc:
                    65:53:86:90:7e:66:1e:f9:b2:0d:2a:67:99:33:de:
                    f2:6f:2b:e5:5f:77:78:8d:e4:dd:71:c3:64:42:94:
                    1d:34:a7:d9:07:df:e0:c0:f0:53:b5:29:1e:50:96:
                    cb:12:dd:41:c8:dd:df:93:cb:fe:96:61:dd:b5:71:
                    8b:53:8b:b5:75:e0:72:29:44:04:b8:e7:d3:02:86:
                    a4:e8:3c:de:1d:f3:df:6b:86:36:0d:69:62:09:fb:
                    cd:5a:69:f7:69:27:75:f5:a5:4e:b5:90:f3:b4:c6:
                    e2:15:dc:c9:3b:75:1c:77:4e:4e:31:37:f2:5c:90:
                    ad:d2:dc:db:2f:12:c6:2c:e9:ea:c4:44:7b:97:94:
                    b0:f1:1c:1f:50:4b:c7:32:07:3e:b2:b0:7c:f8:a5:
                    f6:2e:b8:93:a1:e0:f9:d4:ab:7d:76:82:23:5a:d6:
                    8c:8d:cb:5d:7a:c9:d5:3d:38:d3:52:19:4b:07:c6:
                    0a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:DC:F5:96:2F:15:A8:82:09:57:E9:B9:92:67:CA:8F:DF:58:EE:FA
            X509v3 Authority Key Identifier:
                keyid:29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/Cdz1li8VqIIJV-m5kmfKj99Y7vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.39.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:fe:5a:54:28:30:82:b8:d0:7b:2e:13:ef:62:69:b5:0e:dc:
         a2:a2:8b:3d:80:d1:c9:36:b9:16:d7:b6:eb:26:9e:88:b4:c1:
         c9:59:2c:93:ab:8b:12:ce:17:c6:28:5b:25:74:5f:4c:c2:7a:
         8c:40:b4:4c:19:e7:75:e8:a3:8b:b2:10:02:de:0f:51:55:c2:
         cd:a4:78:73:74:01:2c:9f:aa:2f:ed:16:1b:5f:7a:5b:5e:88:
         bd:6a:bf:25:46:75:3f:cc:1f:83:12:9f:9e:a2:8d:3b:ae:1f:
         1a:c4:c3:32:48:3e:3f:d2:08:22:db:2d:09:17:be:ad:7b:cd:
         05:af:32:ce:3f:2f:8c:81:77:7f:4c:54:f8:df:86:7a:62:af:
         33:1e:fd:3f:01:e2:b7:d5:1e:55:22:dd:f4:b2:49:49:ff:f7:
         3a:24:5d:b3:0e:b0:e9:41:f7:ca:b3:4a:40:eb:e7:2f:bb:cd:
         22:1e:6e:50:b6:ec:df:6f:1f:74:b5:dc:ef:c8:a1:86:f4:35:
         97:04:b5:c7:10:44:af:74:a5:ac:c3:ae:5c:84:34:c4:01:1d:
         52:df:75:a5:30:b2:6f:24:0f:17:21:d2:1f:54:1d:de:20:6a:
         94:2a:72:53:fe:b9:a6:08:12:56:fb:df:31:75:8e:c7:39:a3:
         11:ad:57:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRGd2zaIsNCLpNSJk7yfQW3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDlmZmZjZDgxYTY2YmM5OGI2MjlkNGMwNTc5MjQ3NjQ1
ZjBmZTQwHhcNMjUwMTA4MTUxMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWRjZjU5NjJmMTVhODgyMDk1N2U5Yjk5MjY3Y2E4ZmRmNThlZWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoIC37U32IHnlSH4U/GGtKQgEhHp
feYOeuWIHelHA+VNBIvCjSr1KNJeJDcUmQ4CBK49o4WUCXc2PbJ1DLX8o6JNabuK
E9ECk7xlU4aQfmYe+bINKmeZM97ybyvlX3d4jeTdccNkQpQdNKfZB9/gwPBTtSke
UJbLEt1ByN3fk8v+lmHdtXGLU4u1deByKUQEuOfTAoak6DzeHfPfa4Y2DWliCfvN
Wmn3aSd19aVOtZDztMbiFdzJO3Ucd05OMTfyXJCt0tzbLxLGLOnqxER7l5Sw8Rwf
UEvHMgc+srB8+KX2LriToeD51Kt9doIjWtaMjctdesnVPTjTUhlLB8YK9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAnc9ZYvFaiCCVfpuZJnyo/fWO76MB8GA1UdIwQY
MBaAFCkJ//zYGma8mLYp1MBXkkdkXw/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2Qt
ZjJhZTdiYzdlY2M1LzEvQ2R6MWxpOFZxSUlKVi1tNWttZktqOTlZN3ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2QtZjJhZTdiYzdlY2M1
LzEvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyfWMA0G
CSqGSIb3DQEBCwUAA4IBAQBC/lpUKDCCuNB7LhPvYmm1Dtyioos9gNHJNrkW17br
Jp6ItMHJWSyTq4sSzhfGKFsldF9MwnqMQLRMGed16KOLshAC3g9RVcLNpHhzdAEs
n6ov7RYbX3pbXoi9ar8lRnU/zB+DEp+eoo07rh8axMMySD4/0ggi2y0JF76te80F
rzLOPy+MgXd/TFT434Z6Yq8zHv0/AeK31R5VIt30sklJ//c6JF2zDrDpQffKs0pA
6+cvu80iHm5Qtuzfbx90tdzvyKGG9DWXBLXHEESvdKWsw65chDTEAR1S33WlMLJv
JA8XIdIfVB3eIGqUKnJT/rmmCBJW+98xdY7HOaMRrVf9
-----END CERTIFICATE-----