Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/e0c1d4-8b33-4360-9f50-cbbac6e4ad71/1/ZpEam4JrA75W3vKeb-kb3n0W0y0.roa
File:                     ZpEam4JrA75W3vKeb-kb3n0W0y0.roa (raw, json)
Hash identifier:          kYGb95Bh9aZOERP/x6nIdXNnyuRNyDQM9q/MQE4pooE=
Subject key identifier:   66:91:1A:9B:82:6B:03:BE:56:DE:F2:9E:6F:E9:1B:DE:7D:16:D3:2D
Certificate issuer:       /CN=99aca4016af85d59695484cd613cf1896dfd59a1
Certificate serial:       019426D9BCDEB1A306982E1B661F8BB2F36C
Authority key identifier: 99:AC:A4:01:6A:F8:5D:59:69:54:84:CD:61:3C:F1:89:6D:FD:59:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/maykAWr4XVlpVITNYTzxiW39WaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/e0c1d4-8b33-4360-9f50-cbbac6e4ad71/1/ZpEam4JrA75W3vKeb-kb3n0W0y0.roa
Signing time:             Thu 02 Jan 2025 11:49:51 +0000
ROA not before:           Thu 02 Jan 2025 11:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5089
IP address blocks:        194.34.144.0/24 maxlen: 24
                          194.34.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/e0c1d4-8b33-4360-9f50-cbbac6e4ad71/1/maykAWr4XVlpVITNYTzxiW39WaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/e0c1d4-8b33-4360-9f50-cbbac6e4ad71/1/maykAWr4XVlpVITNYTzxiW39WaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/maykAWr4XVlpVITNYTzxiW39WaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 11:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:bc:de:b1:a3:06:98:2e:1b:66:1f:8b:b2:f3:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99aca4016af85d59695484cd613cf1896dfd59a1
        Validity
            Not Before: Jan  2 11:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66911a9b826b03be56def29e6fe91bde7d16d32d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:3b:e6:50:6a:b0:66:e6:65:8c:89:89:55:c1:
                    73:da:d9:77:f1:1a:03:55:fc:72:f8:7f:af:c4:bc:
                    79:d5:39:21:cb:ac:f9:c7:14:ae:94:80:33:20:62:
                    c0:06:40:22:10:5b:fc:45:93:99:fe:95:e0:16:bb:
                    d8:c5:c9:5b:40:fb:dc:69:60:01:36:d7:1f:01:04:
                    dd:88:34:9e:f2:4e:97:a4:60:ea:39:96:8b:a6:9c:
                    82:78:1e:70:af:37:f2:00:ef:28:dc:f5:8b:69:f3:
                    12:d8:61:4b:33:cd:b3:78:ca:ae:f0:57:b4:b6:d9:
                    89:01:ab:a4:27:ca:1c:f1:73:ec:b6:7d:c3:9e:00:
                    5e:d8:8c:3a:41:fd:ef:38:e9:e0:3d:58:27:39:07:
                    38:e5:63:ec:86:93:25:de:94:79:eb:82:62:67:a8:
                    cb:0f:e7:2b:b6:92:94:06:70:a2:06:80:da:23:2b:
                    1f:0a:e9:23:42:c7:92:e0:39:f6:47:4e:4e:58:aa:
                    d7:4a:0f:23:4c:98:bf:b4:83:49:90:f1:9d:88:b4:
                    3f:69:41:4f:5d:29:16:a3:63:8e:90:c3:ef:53:73:
                    c6:6c:4f:be:a0:ae:88:82:66:4f:f7:90:06:34:6f:
                    71:cf:c5:96:af:41:b6:89:39:99:9c:07:6b:83:ee:
                    11:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:91:1A:9B:82:6B:03:BE:56:DE:F2:9E:6F:E9:1B:DE:7D:16:D3:2D
            X509v3 Authority Key Identifier:
                keyid:99:AC:A4:01:6A:F8:5D:59:69:54:84:CD:61:3C:F1:89:6D:FD:59:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/maykAWr4XVlpVITNYTzxiW39WaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/e0c1d4-8b33-4360-9f50-cbbac6e4ad71/1/ZpEam4JrA75W3vKeb-kb3n0W0y0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/e0c1d4-8b33-4360-9f50-cbbac6e4ad71/1/maykAWr4XVlpVITNYTzxiW39WaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.144.0/24
                  194.34.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:80:75:a4:a9:c4:0c:cb:08:72:1d:f2:75:52:61:60:60:a2:
         c4:dd:9d:87:ce:d2:94:b5:ab:1c:2c:90:23:e0:84:15:a0:3c:
         78:0f:6c:9c:6b:b5:00:98:8b:c3:00:ea:e9:9b:58:bd:6e:c5:
         c1:d0:05:6c:93:19:12:0e:91:b3:de:e4:92:6c:9c:48:97:c3:
         d9:be:5b:ff:6c:d0:6a:dc:52:01:e8:c5:63:c1:ff:54:dc:43:
         a3:09:cf:15:79:61:5d:76:3b:48:a2:dc:ea:f1:0f:7b:55:70:
         92:a5:bc:15:30:58:25:65:bb:1e:52:db:50:70:8e:29:f1:d0:
         8d:b9:fd:41:25:f6:8e:45:4b:ac:39:7b:a8:f3:d5:2b:83:82:
         55:dd:fe:54:03:0a:79:fd:81:b9:0e:3f:98:14:5e:0a:73:c2:
         f6:f7:de:d8:f5:ef:7f:01:57:a0:27:d1:92:5f:f6:36:2f:78:
         18:94:23:2f:8b:e0:8a:31:58:e8:17:58:3f:2a:e2:b7:65:21:
         1b:5b:c0:37:b1:cc:03:b6:db:49:a7:4c:2e:77:0c:83:ef:55:
         6b:fb:47:0a:21:59:db:ab:49:ad:9b:cd:db:6c:96:b2:3e:d3:
         e8:b3:6c:bd:19:3b:ac:31:0a:74:0b:77:31:29:e2:36:ea:68:
         41:74:43:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQm2bzesaMGmC4bZh+LsvNsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5YWNhNDAxNmFmODVkNTk2OTU0ODRjZDYxM2NmMTg5NmRm
ZDU5YTEwHhcNMjUwMTAyMTE0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjkxMWE5YjgyNmIwM2JlNTZkZWYyOWU2ZmU5MWJkZTdkMTZkMzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTvmUGqwZuZljImJVcFz2tl38RoD
Vfxy+H+vxLx51Tkhy6z5xxSulIAzIGLABkAiEFv8RZOZ/pXgFrvYxclbQPvcaWAB
NtcfAQTdiDSe8k6XpGDqOZaLppyCeB5wrzfyAO8o3PWLafMS2GFLM82zeMqu8Fe0
ttmJAaukJ8oc8XPstn3DngBe2Iw6Qf3vOOngPVgnOQc45WPshpMl3pR564JiZ6jL
D+crtpKUBnCiBoDaIysfCukjQseS4Dn2R05OWKrXSg8jTJi/tINJkPGdiLQ/aUFP
XSkWo2OOkMPvU3PGbE++oK6IgmZP95AGNG9xz8WWr0G2iTmZnAdrg+4R8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGaRGpuCawO+Vt7ynm/pG959FtMtMB8GA1UdIwQY
MBaAFJmspAFq+F1ZaVSEzWE88Ylt/VmhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWF5a0FXcjRYVmxwVklUTllUenhpVzM5V2FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9lMGMxZDQtOGIzMy00MzYwLTlmNTAt
Y2JiYWM2ZTRhZDcxLzEvWnBFYW00SnJBNzVXM3ZLZWIta2IzbjBXMHkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9lMGMxZDQtOGIzMy00MzYwLTlmNTAtY2JiYWM2ZTRhZDcx
LzEvbWF5a0FXcjRYVmxwVklUTllUenhpVzM5V2FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwiKQAwQA
wiKWMA0GCSqGSIb3DQEBCwUAA4IBAQAFgHWkqcQMywhyHfJ1UmFgYKLE3Z2HztKU
tascLJAj4IQVoDx4D2yca7UAmIvDAOrpm1i9bsXB0AVskxkSDpGz3uSSbJxIl8PZ
vlv/bNBq3FIB6MVjwf9U3EOjCc8VeWFddjtIotzq8Q97VXCSpbwVMFglZbseUttQ
cI4p8dCNuf1BJfaORUusOXuo89Urg4JV3f5UAwp5/YG5Dj+YFF4Kc8L2997Y9e9/
AVegJ9GSX/Y2L3gYlCMvi+CKMVjoF1g/KuK3ZSEbW8A3scwDtttJp0wudwyD71Vr
+0cKIVnbq0mtm83bbJayPtPos2y9GTusMQp0C3cxKeI26mhBdENg
-----END CERTIFICATE-----