Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/lZsMnzEe-znnn1V93iNCRM_YAak.roa
File:                     lZsMnzEe-znnn1V93iNCRM_YAak.roa (raw, json)
Hash identifier:          z+dECtyUmhjS80QJzbvWDw1cRN0vxIcWCWIADf50+Fg=
Subject key identifier:   95:9B:0C:9F:31:1E:FB:39:E7:9F:55:7D:DE:23:42:44:CF:D8:01:A9
Certificate issuer:       /CN=340bea3fcc3cbcedc82919cf57c74108baea369e
Certificate serial:       019425FBF5174CA60A75C14E7146D1D7915F
Authority key identifier: 34:0B:EA:3F:CC:3C:BC:ED:C8:29:19:CF:57:C7:41:08:BA:EA:36:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NAvqP8w8vO3IKRnPV8dBCLrqNp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/lZsMnzEe-znnn1V93iNCRM_YAak.roa
Signing time:             Thu 02 Jan 2025 07:47:36 +0000
ROA not before:           Thu 02 Jan 2025 07:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133757
IP address blocks:        185.100.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/NAvqP8w8vO3IKRnPV8dBCLrqNp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/NAvqP8w8vO3IKRnPV8dBCLrqNp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NAvqP8w8vO3IKRnPV8dBCLrqNp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fb:f5:17:4c:a6:0a:75:c1:4e:71:46:d1:d7:91:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=340bea3fcc3cbcedc82919cf57c74108baea369e
        Validity
            Not Before: Jan  2 07:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=959b0c9f311efb39e79f557dde234244cfd801a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ba:85:b5:01:f0:4f:e3:47:fa:16:3a:a1:e0:
                    58:c6:d7:20:b6:4f:de:5e:89:f2:fc:1d:2c:6a:54:
                    aa:4e:48:1d:c5:e0:9a:dd:0e:0d:4f:10:51:e4:3d:
                    a3:d1:ac:c0:1e:0a:f0:0f:1b:23:61:7b:92:c7:86:
                    3d:d1:a0:b2:fd:b8:8d:43:36:1a:66:bf:6f:12:4a:
                    b7:d7:d4:2f:7d:46:e5:e6:a9:17:ec:93:e5:5d:aa:
                    2b:61:0a:e5:f6:b4:2d:de:99:62:0f:23:75:72:c7:
                    47:c5:06:f6:73:00:3a:52:2d:03:0b:36:38:d4:26:
                    d8:c0:17:b9:1e:90:d0:9a:fc:3d:7c:51:49:57:11:
                    8c:8e:d8:10:e5:ff:84:e3:63:5a:30:c1:d5:e6:dc:
                    da:19:e1:be:b5:cb:73:d4:51:01:3e:5d:b9:f1:b4:
                    ac:fe:7d:db:7a:00:81:91:53:c1:75:f8:ea:fa:89:
                    ef:75:11:d4:07:15:41:b9:ae:73:f1:e7:b9:88:c2:
                    74:ce:1f:1c:23:6a:1b:31:fb:eb:6f:60:59:5a:a0:
                    87:bb:b9:44:6f:d5:b5:2b:c5:38:de:36:e2:4c:34:
                    27:15:b3:ea:a6:0f:74:a0:8f:72:0c:63:3b:b7:ed:
                    6b:52:79:02:ab:0a:8f:55:2f:4b:5c:37:43:75:ce:
                    93:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:9B:0C:9F:31:1E:FB:39:E7:9F:55:7D:DE:23:42:44:CF:D8:01:A9
            X509v3 Authority Key Identifier:
                keyid:34:0B:EA:3F:CC:3C:BC:ED:C8:29:19:CF:57:C7:41:08:BA:EA:36:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NAvqP8w8vO3IKRnPV8dBCLrqNp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/lZsMnzEe-znnn1V93iNCRM_YAak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/NAvqP8w8vO3IKRnPV8dBCLrqNp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:fe:b8:53:54:a2:53:99:1f:4f:af:1a:f4:e7:32:6f:97:6a:
         53:dd:d3:33:2b:ab:e2:f4:2f:db:8f:62:5e:e7:36:b9:d3:cd:
         86:ad:9c:35:48:f2:60:e1:10:7b:82:f6:6e:bb:37:e5:e0:ed:
         8d:29:94:f9:d9:90:8d:37:c2:e2:30:06:9b:98:91:ca:12:8f:
         49:09:36:d0:81:57:97:0b:67:f1:21:17:a3:b3:00:d2:56:cd:
         9d:a1:5c:16:a6:c2:d6:6c:15:29:5a:4d:a0:ac:7f:9b:74:8d:
         19:5c:02:9c:b5:77:36:26:76:16:25:41:4f:42:9c:94:9c:9d:
         0b:f5:6f:3a:56:6b:cd:08:31:fe:a5:e3:be:8e:60:fa:eb:d5:
         f9:97:91:72:88:c1:48:5b:e4:73:2e:38:12:02:6f:c7:d8:c6:
         df:9a:4d:6d:4a:bf:7a:46:ba:8f:ed:a1:ab:c5:04:16:42:23:
         14:c3:72:09:6a:f6:b8:c2:ea:07:af:2e:0d:b4:d1:c9:bb:6e:
         32:4c:ed:89:05:82:ad:00:ec:9e:e3:10:c9:d9:93:ed:4c:22:
         44:04:90:4a:13:b6:df:69:6a:cf:4b:dd:2f:d4:7e:57:3b:66:
         d2:57:ac:86:9a:ed:2b:64:e0:15:31:2f:cf:c7:51:f9:3e:b9:
         79:cd:94:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl+/UXTKYKdcFOcUbR15FfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MGJlYTNmY2MzY2JjZWRjODI5MTljZjU3Yzc0MTA4YmFl
YTM2OWUwHhcNMjUwMTAyMDc0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTliMGM5ZjMxMWVmYjM5ZTc5ZjU1N2RkZTIzNDI0NGNmZDgwMWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbqFtQHwT+NH+hY6oeBYxtcgtk/e
Xony/B0salSqTkgdxeCa3Q4NTxBR5D2j0azAHgrwDxsjYXuSx4Y90aCy/biNQzYa
Zr9vEkq319QvfUbl5qkX7JPlXaorYQrl9rQt3pliDyN1csdHxQb2cwA6Ui0DCzY4
1CbYwBe5HpDQmvw9fFFJVxGMjtgQ5f+E42NaMMHV5tzaGeG+tctz1FEBPl258bSs
/n3begCBkVPBdfjq+onvdRHUBxVBua5z8ee5iMJ0zh8cI2obMfvrb2BZWqCHu7lE
b9W1K8U43jbiTDQnFbPqpg90oI9yDGM7t+1rUnkCqwqPVS9LXDdDdc6TyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWbDJ8xHvs5559Vfd4jQkTP2AGpMB8GA1UdIwQY
MBaAFDQL6j/MPLztyCkZz1fHQQi66jaeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkF2cVA4dzh2TzNJS1JuUFY4ZEJDTHJxTnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9lY2RhM2QtYTJkYi00OTA4LTg2MmYt
MTExMDU2MzY5YTIzLzEvbFpzTW56RWUtem5ubjFWOTNpTkNSTV9ZQWFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9lY2RhM2QtYTJkYi00OTA4LTg2MmYtMTExMDU2MzY5YTIz
LzEvTkF2cVA4dzh2TzNJS1JuUFY4ZEJDTHJxTnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWRzMA0G
CSqGSIb3DQEBCwUAA4IBAQAX/rhTVKJTmR9Prxr05zJvl2pT3dMzK6vi9C/bj2Je
5za5082GrZw1SPJg4RB7gvZuuzfl4O2NKZT52ZCNN8LiMAabmJHKEo9JCTbQgVeX
C2fxIRejswDSVs2doVwWpsLWbBUpWk2grH+bdI0ZXAKctXc2JnYWJUFPQpyUnJ0L
9W86VmvNCDH+peO+jmD669X5l5FyiMFIW+RzLjgSAm/H2Mbfmk1tSr96RrqP7aGr
xQQWQiMUw3IJava4wuoHry4NtNHJu24yTO2JBYKtAOye4xDJ2ZPtTCJEBJBKE7bf
aWrPS90v1H5XO2bSV6yGmu0rZOAVMS/Px1H5Prl5zZTl
-----END CERTIFICATE-----