Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/ZMyt0wlwwtfEVeBGSMwWH5LMwOs.roa
File:                     ZMyt0wlwwtfEVeBGSMwWH5LMwOs.roa (raw, json)
Hash identifier:          ZRcLJw84jWUkZxRHh71cpWt8gGeiHiTOOmsOGRDFxnY=
Subject key identifier:   64:CC:AD:D3:09:70:C2:D7:C4:55:E0:46:48:CC:16:1F:92:CC:C0:EB
Certificate issuer:       /CN=e46e9ab47ca91fa132565860bcdd9a107ba032e4
Certificate serial:       019423698DF2EC35388FCA20148A7DA3411F
Authority key identifier: E4:6E:9A:B4:7C:A9:1F:A1:32:56:58:60:BC:DD:9A:10:7B:A0:32:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5G6atHypH6EyVlhgvN2aEHugMuQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/ZMyt0wlwwtfEVeBGSMwWH5LMwOs.roa
Signing time:             Wed 01 Jan 2025 19:48:27 +0000
ROA not before:           Wed 01 Jan 2025 19:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6730
IP address blocks:        194.145.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/5G6atHypH6EyVlhgvN2aEHugMuQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/5G6atHypH6EyVlhgvN2aEHugMuQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5G6atHypH6EyVlhgvN2aEHugMuQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:8d:f2:ec:35:38:8f:ca:20:14:8a:7d:a3:41:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e46e9ab47ca91fa132565860bcdd9a107ba032e4
        Validity
            Not Before: Jan  1 19:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64ccadd30970c2d7c455e04648cc161f92ccc0eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:8f:44:86:c5:37:2d:47:5f:41:b6:00:b9:b8:
                    39:39:38:b4:03:30:4c:d3:ac:97:98:3b:3c:4b:74:
                    9d:17:07:fb:ad:f5:b9:61:6c:89:24:82:19:89:10:
                    15:96:0e:32:5d:f5:e7:8c:18:d0:20:98:08:e0:66:
                    7d:26:59:91:bb:87:ed:8a:30:b1:4b:80:ed:cc:b2:
                    58:7f:d3:2e:15:c2:67:2e:88:19:c6:b9:f5:fe:7e:
                    e4:28:2b:70:53:4f:88:ee:df:9a:90:87:b8:9d:c3:
                    03:f1:21:7f:29:9c:89:46:be:0b:be:2d:36:a8:08:
                    85:41:ec:01:8c:d5:30:d8:22:a3:92:5a:17:24:bf:
                    8f:8b:f8:98:df:e6:09:0a:51:c1:a9:d2:0f:66:c4:
                    b8:b3:ce:38:19:17:fd:de:ef:a5:3a:87:ac:9a:a6:
                    93:46:29:a7:82:ff:ed:00:dc:ef:85:92:49:a2:98:
                    80:ba:77:d7:5b:45:82:91:c0:f5:b4:c3:c8:f7:e5:
                    5f:56:8f:3e:95:a0:ea:cc:c3:65:b7:1d:b8:17:80:
                    ac:e7:db:b4:0b:41:d7:4f:37:55:c9:17:be:d0:75:
                    a8:e3:98:1e:94:01:bf:aa:83:fc:84:14:c3:f1:6b:
                    33:cb:e9:21:4f:57:dc:5a:c5:d6:4f:38:2e:82:b6:
                    92:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:CC:AD:D3:09:70:C2:D7:C4:55:E0:46:48:CC:16:1F:92:CC:C0:EB
            X509v3 Authority Key Identifier:
                keyid:E4:6E:9A:B4:7C:A9:1F:A1:32:56:58:60:BC:DD:9A:10:7B:A0:32:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5G6atHypH6EyVlhgvN2aEHugMuQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/ZMyt0wlwwtfEVeBGSMwWH5LMwOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/5G6atHypH6EyVlhgvN2aEHugMuQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.145.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:dd:62:b5:08:d5:f4:19:58:c8:08:89:8e:43:85:3b:d1:fd:
         f6:3a:ef:cc:8d:7a:68:28:1c:88:25:a2:5a:17:f5:39:d5:d9:
         b0:23:4d:83:82:9e:03:ca:a4:59:04:8d:61:b4:46:02:e4:4a:
         90:02:b5:d7:23:c7:92:ed:99:6a:f0:b4:5a:f9:31:0f:d9:c5:
         20:f3:da:14:71:d4:59:53:a6:60:b1:47:e0:4e:db:f3:e1:59:
         72:05:d3:65:e9:5e:aa:2a:1e:51:5b:26:3f:4a:18:65:7c:55:
         d8:57:3c:94:28:15:14:26:54:51:32:bd:c4:f8:11:d6:2c:90:
         22:12:da:30:3c:7f:70:8c:fa:3d:0f:c2:21:7e:0f:5e:64:01:
         c4:21:a6:f2:2e:fb:ff:3e:46:0a:ee:9a:8f:e4:67:1a:02:ab:
         e3:a5:58:9b:fc:48:47:0c:51:af:d4:46:0f:d9:19:5a:24:36:
         7b:c9:0b:72:11:c1:f6:34:69:2f:3f:72:17:11:9d:6e:f3:28:
         15:6e:e1:80:a5:ca:67:11:22:72:a3:e1:47:86:0a:57:ba:a4:
         59:7e:34:b6:71:24:2b:fa:09:9d:e1:b9:23:3e:0c:c5:94:bb:
         01:43:ad:92:e9:49:52:2d:55:4c:72:45:e7:c5:62:69:3e:b9:
         45:90:0d:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaY3y7DU4j8ogFIp9o0EfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0NmU5YWI0N2NhOTFmYTEzMjU2NTg2MGJjZGQ5YTEwN2Jh
MDMyZTQwHhcNMjUwMTAxMTk0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGNjYWRkMzA5NzBjMmQ3YzQ1NWUwNDY0OGNjMTYxZjkyY2NjMGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlI9EhsU3LUdfQbYAubg5OTi0AzBM
06yXmDs8S3SdFwf7rfW5YWyJJIIZiRAVlg4yXfXnjBjQIJgI4GZ9JlmRu4ftijCx
S4DtzLJYf9MuFcJnLogZxrn1/n7kKCtwU0+I7t+akIe4ncMD8SF/KZyJRr4Lvi02
qAiFQewBjNUw2CKjkloXJL+Pi/iY3+YJClHBqdIPZsS4s844GRf93u+lOoesmqaT
Rimngv/tANzvhZJJopiAunfXW0WCkcD1tMPI9+VfVo8+laDqzMNltx24F4Cs59u0
C0HXTzdVyRe+0HWo45gelAG/qoP8hBTD8Wszy+khT1fcWsXWTzgugraS9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGTMrdMJcMLXxFXgRkjMFh+SzMDrMB8GA1UdIwQY
MBaAFORumrR8qR+hMlZYYLzdmhB7oDLkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUc2YXRIeXBINkV5VmxoZ3ZOMmFFSHVnTXVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yMTY4MDItZThmOS00Y2JjLTlkNjUt
YjkyNTJjZjJjYzQ3LzEvWk15dDB3bHd3dGZFVmVCR1NNd1dINUxNd09zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yMTY4MDItZThmOS00Y2JjLTlkNjUtYjkyNTJjZjJjYzQ3
LzEvNUc2YXRIeXBINkV5VmxoZ3ZOMmFFSHVnTXVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpGdMA0G
CSqGSIb3DQEBCwUAA4IBAQBn3WK1CNX0GVjICImOQ4U70f32Ou/MjXpoKByIJaJa
F/U51dmwI02Dgp4DyqRZBI1htEYC5EqQArXXI8eS7Zlq8LRa+TEP2cUg89oUcdRZ
U6ZgsUfgTtvz4VlyBdNl6V6qKh5RWyY/ShhlfFXYVzyUKBUUJlRRMr3E+BHWLJAi
EtowPH9wjPo9D8Ihfg9eZAHEIabyLvv/PkYK7pqP5GcaAqvjpVib/EhHDFGv1EYP
2RlaJDZ7yQtyEcH2NGkvP3IXEZ1u8ygVbuGApcpnESJyo+FHhgpXuqRZfjS2cSQr
+gmd4bkjPgzFlLsBQ62S6UlSLVVMckXnxWJpPrlFkA1l
-----END CERTIFICATE-----