Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/zdnRo8hsG_ekUtB6UXgJfPq6Drs.roa
File:                     zdnRo8hsG_ekUtB6UXgJfPq6Drs.roa (raw, json)
Hash identifier:          OHzg7i+zGnHbWGtkMSWmdg/OlccAvO2NXEsZMfvBT88=
Subject key identifier:   CD:D9:D1:A3:C8:6C:1B:F7:A4:52:D0:7A:51:78:09:7C:FA:BA:0E:BB
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       01942747C3B9D7A2ABC1F67F466A502D959F
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/zdnRo8hsG_ekUtB6UXgJfPq6Drs.roa
Signing time:             Thu 02 Jan 2025 13:50:02 +0000
ROA not before:           Thu 02 Jan 2025 13:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203363
IP address blocks:        185.187.155.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:c3:b9:d7:a2:ab:c1:f6:7f:46:6a:50:2d:95:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Jan  2 13:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cdd9d1a3c86c1bf7a452d07a5178097cfaba0ebb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:69:7d:bb:83:93:48:09:07:4a:8c:cb:1e:d0:
                    a6:a1:ba:b1:f5:ad:49:cb:a6:a9:01:3a:b1:8b:39:
                    6a:02:83:3a:5c:d4:fc:0d:45:e5:f8:30:a0:3f:b3:
                    07:e4:52:c3:38:af:9d:a8:13:74:b0:75:8a:38:90:
                    2c:e8:c2:95:db:3b:79:6b:51:f6:c5:d1:2a:45:7b:
                    c3:3f:55:ad:f7:cb:b4:79:de:72:49:10:1f:25:f5:
                    32:5e:59:4e:9d:45:2e:e4:5f:c4:61:f9:3c:30:48:
                    fd:2a:e6:74:35:08:f5:6b:65:9d:a5:1b:d3:71:38:
                    41:67:03:6d:c9:c8:26:87:bc:da:7d:2b:61:ea:2e:
                    bb:8f:cc:4a:0e:e6:dc:85:3f:82:3f:85:43:3f:92:
                    94:6d:7d:70:a4:69:16:64:20:ed:9b:ff:4f:49:8b:
                    44:b6:eb:f3:5b:bd:34:4f:78:5c:bf:b2:8a:82:cd:
                    28:1d:03:60:ba:24:0f:11:63:8c:e0:f5:a1:16:39:
                    e3:10:c9:5b:2d:df:74:1d:45:95:71:b3:ab:e6:64:
                    33:96:c4:c0:f5:ed:f9:dd:1d:28:8c:a5:87:22:e9:
                    47:31:f5:f5:f5:a2:c9:fd:6d:97:57:0d:87:78:05:
                    0b:84:6b:92:a5:eb:d6:f8:46:5f:e5:86:e3:cd:dc:
                    69:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:D9:D1:A3:C8:6C:1B:F7:A4:52:D0:7A:51:78:09:7C:FA:BA:0E:BB
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/zdnRo8hsG_ekUtB6UXgJfPq6Drs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:dc:26:2e:bb:65:eb:bf:91:1c:c6:74:30:68:57:31:42:8c:
         14:be:ee:64:7f:a7:95:4f:d7:e2:24:cf:ae:63:37:1e:0d:8d:
         ba:21:af:56:32:cc:54:c1:cf:d2:bf:fe:6c:4c:0a:04:d6:21:
         3a:a2:84:44:0c:e9:de:6a:ee:2e:f9:a3:a9:6b:da:19:38:ac:
         c7:85:b0:48:11:6f:38:c4:9a:a2:e5:52:a7:ff:6a:c8:8d:18:
         7d:d7:e5:e1:48:f5:a3:15:87:29:93:01:17:21:47:b1:c9:0f:
         21:d7:c7:7d:89:1d:bd:ed:f8:37:cc:9b:37:60:75:4f:71:92:
         45:56:d6:5b:1a:60:52:37:ea:79:27:85:c1:17:5f:ee:98:bd:
         dc:77:2e:06:83:a7:e5:9f:e7:7e:ea:8d:e6:63:5f:e7:3b:53:
         4c:f7:af:0e:bc:7c:8c:d8:6f:2f:e6:53:0f:b5:a7:51:db:32:
         cf:4c:b8:68:44:18:74:68:99:fa:2e:e2:b7:33:5c:6b:e7:03:
         e5:1e:07:87:15:2b:26:74:69:07:fd:b5:63:d2:e0:42:ba:74:
         d5:97:51:51:c3:b3:23:19:f3:a0:56:c6:8a:38:3a:13:10:75:
         06:76:22:d7:ff:23:92:6c:96:41:61:65:cc:38:8e:81:45:68:
         20:de:6c:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR8O516KrwfZ/RmpQLZWfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjUwMTAyMTM1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGQ5ZDFhM2M4NmMxYmY3YTQ1MmQwN2E1MTc4MDk3Y2ZhYmEwZWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22l9u4OTSAkHSozLHtCmobqx9a1J
y6apATqxizlqAoM6XNT8DUXl+DCgP7MH5FLDOK+dqBN0sHWKOJAs6MKV2zt5a1H2
xdEqRXvDP1Wt98u0ed5ySRAfJfUyXllOnUUu5F/EYfk8MEj9KuZ0NQj1a2WdpRvT
cThBZwNtycgmh7zafSth6i67j8xKDubchT+CP4VDP5KUbX1wpGkWZCDtm/9PSYtE
tuvzW700T3hcv7KKgs0oHQNguiQPEWOM4PWhFjnjEMlbLd90HUWVcbOr5mQzlsTA
9e353R0ojKWHIulHMfX19aLJ/W2XVw2HeAULhGuSpevW+EZf5YbjzdxpwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM3Z0aPIbBv3pFLQelF4CXz6ug67MB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvemRuUm84aHNHX2VrVXRCNlVYZ0pmUHE2RHJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAububMA0G
CSqGSIb3DQEBCwUAA4IBAQA13CYuu2Xrv5EcxnQwaFcxQowUvu5kf6eVT9fiJM+u
YzceDY26Ia9WMsxUwc/Sv/5sTAoE1iE6ooREDOneau4u+aOpa9oZOKzHhbBIEW84
xJqi5VKn/2rIjRh91+XhSPWjFYcpkwEXIUexyQ8h18d9iR297fg3zJs3YHVPcZJF
VtZbGmBSN+p5J4XBF1/umL3cdy4Gg6fln+d+6o3mY1/nO1NM968OvHyM2G8v5lMP
tadR2zLPTLhoRBh0aJn6LuK3M1xr5wPlHgeHFSsmdGkH/bVj0uBCunTVl1FRw7Mj
GfOgVsaKODoTEHUGdiLX/yOSbJZBYWXMOI6BRWgg3my+
-----END CERTIFICATE-----