Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/z7HYTB2hGoW1AShEaQb1U871Z84.roa
File:                     z7HYTB2hGoW1AShEaQb1U871Z84.roa (raw, json)
Hash identifier:          ngGTtp/CncvVOQzNoBg3eEBtSOLtzKK9yQlfGVKsf1o=
Subject key identifier:   CF:B1:D8:4C:1D:A1:1A:85:B5:01:28:44:69:06:F5:53:CE:F5:67:CE
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       019427484CD2E80EA09FB4839DE66A44E1A2
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/z7HYTB2hGoW1AShEaQb1U871Z84.roa
Signing time:             Thu 02 Jan 2025 13:50:37 +0000
ROA not before:           Thu 02 Jan 2025 13:50:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206164
IP address blocks:        85.203.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:4c:d2:e8:0e:a0:9f:b4:83:9d:e6:6a:44:e1:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jan  2 13:50:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cfb1d84c1da11a85b50128446906f553cef567ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ab:e8:a0:ec:a3:26:af:43:66:0f:67:bb:83:
                    6a:44:eb:2b:98:cb:ff:93:90:3a:9d:b3:fe:65:83:
                    7a:ef:5d:9b:6c:d9:69:10:5c:da:bd:98:7e:d5:47:
                    21:a0:0d:a2:7a:2c:36:07:a4:13:d7:cb:86:a0:cd:
                    7f:69:e2:f8:a8:84:33:9a:76:e3:a6:c3:40:c8:7e:
                    5b:6d:7b:d4:8c:c2:cb:f3:b1:fb:ab:d6:ff:19:4d:
                    68:78:35:57:25:28:a0:a4:3e:a1:63:ad:88:7b:75:
                    83:59:4e:27:e4:5a:c7:fa:22:b7:79:ed:47:43:b2:
                    25:a2:2c:60:25:90:ab:23:0c:20:ce:b5:98:ee:ff:
                    76:38:ed:42:4c:b9:de:3b:50:5f:22:67:27:42:85:
                    a7:c9:14:5f:08:1d:8b:0c:09:c3:1c:c4:28:88:6f:
                    bb:2c:5f:0c:f1:d6:1f:06:e7:51:d4:47:7c:f9:cc:
                    4e:34:39:6f:1d:40:22:63:0a:f6:b1:22:af:f7:ec:
                    1c:d4:56:b3:80:11:ca:a4:03:ad:74:f3:f4:7c:d6:
                    a1:49:66:a4:b1:f6:d2:30:d5:40:5a:07:04:2a:dd:
                    f4:ed:a4:9a:bf:98:18:9b:61:cc:8e:c9:fe:ef:73:
                    a5:b4:91:ad:b8:5c:d3:15:f6:c4:20:28:e7:91:f3:
                    40:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:B1:D8:4C:1D:A1:1A:85:B5:01:28:44:69:06:F5:53:CE:F5:67:CE
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/z7HYTB2hGoW1AShEaQb1U871Z84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:78:1a:31:f4:c7:b4:77:34:ef:cd:e5:6a:21:25:22:c7:63:
         f9:a9:43:97:78:cf:fb:1b:72:74:49:9b:3c:2a:24:12:c9:6a:
         32:7b:ac:f7:42:39:f9:d6:57:34:e8:a2:7e:fb:0f:fa:ee:1b:
         75:74:11:2a:ce:fa:cc:dd:c6:86:92:85:be:ed:53:5b:97:8e:
         18:69:dd:5a:93:df:d0:fd:df:43:ff:c8:e2:d7:2e:35:91:00:
         df:3b:07:19:f7:56:7d:75:d5:2e:1a:6d:2b:e5:8a:e1:ef:c9:
         34:4f:38:14:64:b2:3f:c0:b2:5e:a9:92:da:f0:ec:18:74:21:
         b2:57:b6:69:9a:c0:01:9d:b5:5d:7e:57:9e:15:85:f5:2c:44:
         d0:08:cd:ea:30:a8:2e:23:f3:3f:70:13:c9:ca:3d:31:a1:cb:
         9a:ed:e8:bb:20:f9:2c:8b:fb:e2:97:fd:6a:88:28:7d:be:74:
         9a:43:b8:0b:1f:89:6f:36:82:57:e7:0e:41:47:75:b4:7a:25:
         b0:e5:c7:6b:ee:8b:57:1c:ce:20:01:2e:79:70:9a:13:99:28:
         8a:1d:60:84:e3:56:f4:d9:b4:a5:35:f8:95:03:3d:4f:5e:e8:
         1d:d2:7f:33:a0:5c:1f:47:7b:d7:d7:da:4a:38:bc:3f:e0:04:
         41:38:c8:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSEzS6A6gn7SDneZqROGiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjUwMTAyMTM1MDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmIxZDg0YzFkYTExYTg1YjUwMTI4NDQ2OTA2ZjU1M2NlZjU2N2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqvooOyjJq9DZg9nu4NqROsrmMv/
k5A6nbP+ZYN6712bbNlpEFzavZh+1UchoA2ieiw2B6QT18uGoM1/aeL4qIQzmnbj
psNAyH5bbXvUjMLL87H7q9b/GU1oeDVXJSigpD6hY62Ie3WDWU4n5FrH+iK3ee1H
Q7IloixgJZCrIwwgzrWY7v92OO1CTLneO1BfImcnQoWnyRRfCB2LDAnDHMQoiG+7
LF8M8dYfBudR1Ed8+cxONDlvHUAiYwr2sSKv9+wc1FazgBHKpAOtdPP0fNahSWak
sfbSMNVAWgcEKt307aSav5gYm2HMjsn+73OltJGtuFzTFfbEICjnkfNA/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+x2EwdoRqFtQEoRGkG9VPO9WfOMB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvejdIWVRCMmhHb1cxQVNoRWFRYjFVODcxWjg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcslMA0G
CSqGSIb3DQEBCwUAA4IBAQBKeBox9Me0dzTvzeVqISUix2P5qUOXeM/7G3J0SZs8
KiQSyWoye6z3Qjn51lc06KJ++w/67ht1dBEqzvrM3caGkoW+7VNbl44Yad1ak9/Q
/d9D/8ji1y41kQDfOwcZ91Z9ddUuGm0r5Yrh78k0TzgUZLI/wLJeqZLa8OwYdCGy
V7ZpmsABnbVdfleeFYX1LETQCM3qMKguI/M/cBPJyj0xocua7ei7IPksi/vil/1q
iCh9vnSaQ7gLH4lvNoJX5w5BR3W0eiWw5cdr7otXHM4gAS55cJoTmSiKHWCE41b0
2bSlNfiVAz1PXugd0n8zoFwfR3vX19pKOLw/4ARBOMi/
-----END CERTIFICATE-----