Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/27ac32-afcf-4e28-abfe-4683bfed0038/1/zkyq_bkRmP7y8uEpa3W6vwIy36k.roa
File:                     zkyq_bkRmP7y8uEpa3W6vwIy36k.roa (raw, json)
Hash identifier:          rvIkZjLBjiZPMwp1YJD6TUGI2vyzFxSQs2biVpfUSoM=
Subject key identifier:   CE:4C:AA:FD:B9:11:98:FE:F2:F2:E1:29:6B:75:BA:BF:02:32:DF:A9
Certificate issuer:       /CN=e3fa1a0a88bbb54b3f82fc2597d252aff7613bc5
Certificate serial:       01941F8CA87528D5C9A0D7E3835B773A7FF3
Authority key identifier: E3:FA:1A:0A:88:BB:B5:4B:3F:82:FC:25:97:D2:52:AF:F7:61:3B:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4_oaCoi7tUs_gvwll9JSr_dhO8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/27ac32-afcf-4e28-abfe-4683bfed0038/1/zkyq_bkRmP7y8uEpa3W6vwIy36k.roa
Signing time:             Wed 01 Jan 2025 01:48:19 +0000
ROA not before:           Wed 01 Jan 2025 01:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        194.32.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/27ac32-afcf-4e28-abfe-4683bfed0038/1/4_oaCoi7tUs_gvwll9JSr_dhO8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/27ac32-afcf-4e28-abfe-4683bfed0038/1/4_oaCoi7tUs_gvwll9JSr_dhO8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4_oaCoi7tUs_gvwll9JSr_dhO8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 22:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:a8:75:28:d5:c9:a0:d7:e3:83:5b:77:3a:7f:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3fa1a0a88bbb54b3f82fc2597d252aff7613bc5
        Validity
            Not Before: Jan  1 01:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce4caafdb91198fef2f2e1296b75babf0232dfa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bf:54:7e:42:ce:eb:8f:61:13:7f:26:e1:be:
                    74:65:07:59:c6:dc:af:10:85:a8:33:53:4e:21:17:
                    e9:b0:17:c5:e9:bb:da:57:dc:05:b5:e3:77:3a:dc:
                    cf:3f:d2:df:6c:9d:88:fb:f5:ba:ff:4b:55:45:a2:
                    40:14:97:e2:fd:0e:77:d2:b2:56:02:76:57:7e:48:
                    5d:0a:e0:2c:23:a1:36:b4:c5:ca:68:44:2a:76:25:
                    c7:39:c3:4d:02:e0:28:e2:af:f9:c0:d9:07:83:d0:
                    42:39:b6:ed:e7:f8:55:fe:02:a9:73:81:ca:ce:70:
                    0a:9c:02:e8:31:c2:c3:c3:16:43:19:47:1d:68:07:
                    cc:f5:f7:0c:36:97:2e:11:ca:cb:a1:ba:33:0a:3b:
                    7d:7a:aa:24:27:9c:5d:f3:be:45:af:fb:52:4f:37:
                    da:f3:a2:91:c5:c2:16:fb:2d:0f:b3:37:1f:cb:b8:
                    aa:a2:03:34:c9:91:00:15:9c:6a:56:a9:dc:c1:07:
                    89:8f:40:61:1a:0b:41:ef:c4:a4:21:0d:8b:c8:72:
                    81:a5:5a:91:d9:77:0b:56:76:a8:f5:bd:56:5b:71:
                    9d:3d:ff:6e:01:28:e7:99:fc:77:76:4e:3a:6d:77:
                    ca:89:74:b1:37:6b:9f:bb:67:f7:b2:bf:64:86:8f:
                    06:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:4C:AA:FD:B9:11:98:FE:F2:F2:E1:29:6B:75:BA:BF:02:32:DF:A9
            X509v3 Authority Key Identifier:
                keyid:E3:FA:1A:0A:88:BB:B5:4B:3F:82:FC:25:97:D2:52:AF:F7:61:3B:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4_oaCoi7tUs_gvwll9JSr_dhO8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/27ac32-afcf-4e28-abfe-4683bfed0038/1/zkyq_bkRmP7y8uEpa3W6vwIy36k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/27ac32-afcf-4e28-abfe-4683bfed0038/1/4_oaCoi7tUs_gvwll9JSr_dhO8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:b6:d9:28:6f:07:be:c6:10:df:3c:76:94:07:7a:a0:a0:68:
         e9:a1:92:a5:52:dd:c9:d2:d4:f4:71:30:e6:65:bc:39:6a:31:
         3e:ab:cc:d0:98:41:68:39:f9:a1:92:6d:14:41:29:a6:dc:59:
         71:9b:bc:c3:9b:2a:89:12:04:af:bc:da:d9:ce:ce:ce:99:8d:
         9f:7e:36:70:1a:ee:25:33:35:63:e7:cc:01:21:b7:1c:c5:18:
         7c:3c:82:96:a4:b4:1c:39:75:5c:02:81:51:25:36:2e:84:f8:
         73:9f:d4:01:9b:ae:2f:69:bb:b6:f8:15:ca:1a:cc:3b:1a:7e:
         52:86:c5:e1:c8:12:16:6c:32:fc:b9:75:7e:99:4e:a9:94:64:
         78:e7:20:d4:ad:90:49:1d:66:03:71:43:1e:7e:f9:37:f0:66:
         b4:64:87:15:2b:cb:13:bc:a6:9a:e9:59:1c:ba:b2:e0:44:5a:
         71:f2:b5:c8:4b:03:02:90:68:3b:c5:4c:3b:fd:8d:aa:8b:e7:
         81:07:a8:04:6d:e9:e0:b8:e3:dc:a3:9c:48:7e:c2:25:f0:a3:
         81:53:32:38:2a:e3:98:1e:14:38:ef:f7:d1:28:79:ea:9d:c5:
         06:2f:15:dc:df:10:4f:22:5d:f6:0b:7a:6c:d6:c5:1f:0d:54:
         a6:17:c6:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjKh1KNXJoNfjg1t3On/zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZmExYTBhODhiYmI1NGIzZjgyZmMyNTk3ZDI1MmFmZjc2
MTNiYzUwHhcNMjUwMTAxMDE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTRjYWFmZGI5MTE5OGZlZjJmMmUxMjk2Yjc1YmFiZjAyMzJkZmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb9UfkLO649hE38m4b50ZQdZxtyv
EIWoM1NOIRfpsBfF6bvaV9wFteN3OtzPP9LfbJ2I+/W6/0tVRaJAFJfi/Q530rJW
AnZXfkhdCuAsI6E2tMXKaEQqdiXHOcNNAuAo4q/5wNkHg9BCObbt5/hV/gKpc4HK
znAKnALoMcLDwxZDGUcdaAfM9fcMNpcuEcrLobozCjt9eqokJ5xd875Fr/tSTzfa
86KRxcIW+y0Pszcfy7iqogM0yZEAFZxqVqncwQeJj0BhGgtB78SkIQ2LyHKBpVqR
2XcLVnao9b1WW3GdPf9uASjnmfx3dk46bXfKiXSxN2ufu2f3sr9kho8GoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5Mqv25EZj+8vLhKWt1ur8CMt+pMB8GA1UdIwQY
MBaAFOP6GgqIu7VLP4L8JZfSUq/3YTvFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNF9vYUNvaTd0VXNfZ3Z3bGw5SlNyX2RoTzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8yN2FjMzItYWZjZi00ZTI4LWFiZmUt
NDY4M2JmZWQwMDM4LzEvemt5cV9ia1JtUDd5OHVFcGEzVzZ2d0l5MzZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8yN2FjMzItYWZjZi00ZTI4LWFiZmUtNDY4M2JmZWQwMDM4
LzEvNF9vYUNvaTd0VXNfZ3Z3bGw5SlNyX2RoTzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiCkMA0G
CSqGSIb3DQEBCwUAA4IBAQB1ttkobwe+xhDfPHaUB3qgoGjpoZKlUt3J0tT0cTDm
Zbw5ajE+q8zQmEFoOfmhkm0UQSmm3Flxm7zDmyqJEgSvvNrZzs7OmY2ffjZwGu4l
MzVj58wBIbccxRh8PIKWpLQcOXVcAoFRJTYuhPhzn9QBm64vabu2+BXKGsw7Gn5S
hsXhyBIWbDL8uXV+mU6plGR45yDUrZBJHWYDcUMefvk38Ga0ZIcVK8sTvKaa6Vkc
urLgRFpx8rXISwMCkGg7xUw7/Y2qi+eBB6gEbenguOPco5xIfsIl8KOBUzI4KuOY
HhQ47/fRKHnqncUGLxXc3xBPIl32C3ps1sUfDVSmF8YW
-----END CERTIFICATE-----