Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/zBe1zgNHDCKtxdrkxgm3eBXCBPU.roa
File:                     zBe1zgNHDCKtxdrkxgm3eBXCBPU.roa (raw, json)
Hash identifier:          BXmYyj4eoSdWaSTfE6Ragmw+4eV3ZTlYx1CDpgMgYSs=
Subject key identifier:   CC:17:B5:CE:03:47:0C:22:AD:C5:DA:E4:C6:09:B7:78:15:C2:04:F5
Certificate issuer:       /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial:       0195C86272F81374B24215F34A4589731ABE
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/zBe1zgNHDCKtxdrkxgm3eBXCBPU.roa
Signing time:             Mon 24 Mar 2025 13:40:49 +0000
ROA not before:           Mon 24 Mar 2025 13:40:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        94.154.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c8:62:72:f8:13:74:b2:42:15:f3:4a:45:89:73:1a:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
        Validity
            Not Before: Mar 24 13:40:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc17b5ce03470c22adc5dae4c609b77815c204f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:0b:3c:68:58:ea:06:d2:fb:6b:51:8a:b1:18:
                    52:58:e8:7f:ed:11:45:ea:61:5e:f7:87:c1:25:82:
                    60:7e:c2:34:ca:08:27:b1:67:4a:78:ea:c5:ad:a3:
                    c1:1f:28:39:e0:7d:d4:3f:9b:23:3c:7b:16:2f:2b:
                    ae:c9:68:c9:a3:9e:2f:af:66:8e:fc:d5:dc:af:0d:
                    3b:25:eb:2d:d1:bc:76:c5:7d:91:16:9b:a0:ab:7c:
                    74:7a:c2:8d:cd:3b:f1:f1:40:9d:48:5f:9e:25:cc:
                    3f:e2:df:e4:ac:80:b9:0a:76:21:69:35:0e:72:ac:
                    b1:e5:33:c6:08:98:49:ba:c8:a1:44:8e:9d:6b:eb:
                    e3:9b:b4:48:13:1b:95:98:c7:5a:cb:5d:bf:1a:71:
                    90:7a:50:11:37:b3:e0:51:a5:c7:4b:59:ff:96:a6:
                    8e:83:a3:31:50:2b:05:d8:18:4a:1d:0d:8a:8e:90:
                    53:ff:d9:b3:f0:9b:89:6f:2c:1f:5f:a4:a8:70:57:
                    4a:92:f3:72:3d:20:9a:8e:f2:e4:6c:23:7c:68:7e:
                    28:05:68:9c:e6:fc:5e:eb:a9:bb:18:87:05:dc:10:
                    51:85:f7:22:c0:a9:be:93:14:6a:5b:a1:fd:65:58:
                    0a:de:60:67:c2:28:07:bb:96:da:b7:de:a3:48:e0:
                    a2:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:17:B5:CE:03:47:0C:22:AD:C5:DA:E4:C6:09:B7:78:15:C2:04:F5
            X509v3 Authority Key Identifier:
                keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/zBe1zgNHDCKtxdrkxgm3eBXCBPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:dd:82:0a:03:7f:c7:2f:21:ff:08:90:24:af:22:10:b3:bd:
         89:0d:93:f3:85:2b:34:e3:6d:e7:44:6c:0a:5f:28:68:c7:1d:
         96:38:fc:28:fc:a6:69:52:39:16:fe:0c:71:5a:6c:a3:c3:22:
         38:60:dd:1b:ef:da:d4:9e:89:09:4e:5f:fd:ed:15:51:d6:96:
         0d:7d:71:eb:c7:ae:38:ff:a3:54:ab:aa:67:38:d8:d8:bc:38:
         6e:b3:b5:bb:62:19:fb:6e:84:30:47:b4:95:63:00:12:e7:fb:
         8d:fa:5a:34:45:41:61:20:cb:a8:a6:0d:ea:8c:f1:7e:b6:3d:
         6a:b6:b3:33:15:08:fc:ca:2e:c1:37:20:b4:e4:1c:9c:3d:26:
         6d:65:88:c0:c1:d8:77:42:33:aa:28:61:6a:6a:82:d4:4c:7f:
         60:75:83:dd:22:66:f1:f3:3d:4f:c4:28:33:e8:27:40:e7:fc:
         45:e1:81:9f:2e:bb:d7:bd:f6:18:70:5f:48:12:07:15:d5:d0:
         a8:07:22:3d:2b:c9:6a:eb:4b:5a:4c:81:23:fd:64:c2:85:7d:
         81:79:d8:fd:43:53:86:a3:e9:2a:9c:fe:15:7c:70:0c:07:21:
         81:3f:fd:a8:bf:89:5e:33:23:f0:71:b0:14:84:22:60:20:33:
         16:c8:b1:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXIYnL4E3SyQhXzSkWJcxq+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjUwMzI0MTM0MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzE3YjVjZTAzNDcwYzIyYWRjNWRhZTRjNjA5Yjc3ODE1YzIwNGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmws8aFjqBtL7a1GKsRhSWOh/7RFF
6mFe94fBJYJgfsI0yggnsWdKeOrFraPBHyg54H3UP5sjPHsWLyuuyWjJo54vr2aO
/NXcrw07Jest0bx2xX2RFpugq3x0esKNzTvx8UCdSF+eJcw/4t/krIC5CnYhaTUO
cqyx5TPGCJhJusihRI6da+vjm7RIExuVmMday12/GnGQelARN7PgUaXHS1n/lqaO
g6MxUCsF2BhKHQ2KjpBT/9mz8JuJbywfX6SocFdKkvNyPSCajvLkbCN8aH4oBWic
5vxe66m7GIcF3BBRhfciwKm+kxRqW6H9ZVgK3mBnwigHu5bat96jSOCiVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMwXtc4DRwwircXa5MYJt3gVwgT1MB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvekJlMXpnTkhEQ0t0eGRya3hnbTNlQlhDQlBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpokMA0G
CSqGSIb3DQEBCwUAA4IBAQBf3YIKA3/HLyH/CJAkryIQs72JDZPzhSs0423nRGwK
Xyhoxx2WOPwo/KZpUjkW/gxxWmyjwyI4YN0b79rUnokJTl/97RVR1pYNfXHrx644
/6NUq6pnONjYvDhus7W7Yhn7boQwR7SVYwAS5/uN+lo0RUFhIMuopg3qjPF+tj1q
trMzFQj8yi7BNyC05BycPSZtZYjAwdh3QjOqKGFqaoLUTH9gdYPdImbx8z1PxCgz
6CdA5/xF4YGfLrvXvfYYcF9IEgcV1dCoByI9K8lq60taTIEj/WTChX2Bedj9Q1OG
o+kqnP4VfHAMByGBP/2ov4leMyPwcbAUhCJgIDMWyLHm
-----END CERTIFICATE-----