Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/z9Yv58abFhPjrR8RFukcWH5etZM.roa
File:                     z9Yv58abFhPjrR8RFukcWH5etZM.roa (raw, json)
Hash identifier:          liHiIFHDq5nMOD1zCG5Omq4zbgZPC8dhY7RR/YINHTI=
Subject key identifier:   CF:D6:2F:E7:C6:9B:16:13:E3:AD:1F:11:16:E9:1C:58:7E:5E:B5:93
Certificate issuer:       /CN=eba8db3b54d081c30bf51bdc7b19e4f6480b7f53
Certificate serial:       019420D5D47B5787871A35FA952ADBD36EB5
Authority key identifier: EB:A8:DB:3B:54:D0:81:C3:0B:F5:1B:DC:7B:19:E4:F6:48:0B:7F:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/66jbO1TQgcML9Rvcexnk9kgLf1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/z9Yv58abFhPjrR8RFukcWH5etZM.roa
Signing time:             Wed 01 Jan 2025 07:47:51 +0000
ROA not before:           Wed 01 Jan 2025 07:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10753
IP address blocks:        185.192.36.0/22 maxlen: 22
                          185.192.36.0/23 maxlen: 23
                          185.192.38.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/66jbO1TQgcML9Rvcexnk9kgLf1M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/66jbO1TQgcML9Rvcexnk9kgLf1M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/66jbO1TQgcML9Rvcexnk9kgLf1M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 10:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:d4:7b:57:87:87:1a:35:fa:95:2a:db:d3:6e:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eba8db3b54d081c30bf51bdc7b19e4f6480b7f53
        Validity
            Not Before: Jan  1 07:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cfd62fe7c69b1613e3ad1f1116e91c587e5eb593
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2d:74:e6:7c:2a:b8:e9:12:88:5b:91:85:ff:
                    a3:ef:3d:e0:8f:31:e2:a2:70:3b:62:c8:b0:b3:2a:
                    a7:e0:7b:1c:06:97:1f:73:54:24:60:f1:e2:90:09:
                    19:02:75:e1:b3:f2:52:e5:7b:dc:cb:1f:10:e3:80:
                    c5:bb:fb:cc:22:01:9a:60:3f:90:86:dc:2a:15:a7:
                    6a:8b:96:6f:99:83:17:c3:a0:04:53:4e:8b:a5:9f:
                    cf:63:5f:ea:73:11:45:38:87:a2:3a:09:02:af:50:
                    88:79:f3:01:a3:d7:65:5c:a4:dc:63:cb:a8:ef:42:
                    b5:63:cc:24:44:67:8f:4b:36:97:03:94:bc:75:f5:
                    83:cc:bf:b3:5e:b1:61:17:b2:a3:a4:86:48:44:7e:
                    9c:35:a9:65:21:32:4e:d4:57:c2:1c:b9:da:32:38:
                    20:ae:b7:f5:4b:bc:e9:19:0d:25:5d:83:c3:12:91:
                    4f:6a:cf:0c:7f:4e:3c:20:be:3f:59:b3:2a:50:16:
                    a6:ec:33:ca:d1:23:cf:6e:fd:3b:fa:85:61:8a:84:
                    82:ef:28:28:f9:d0:80:37:f7:93:15:ef:ab:87:81:
                    7a:12:5c:93:4a:d1:45:91:ec:3f:eb:39:99:e3:ea:
                    16:34:03:36:ca:02:36:de:fd:18:b4:0d:e1:1c:aa:
                    72:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:D6:2F:E7:C6:9B:16:13:E3:AD:1F:11:16:E9:1C:58:7E:5E:B5:93
            X509v3 Authority Key Identifier:
                keyid:EB:A8:DB:3B:54:D0:81:C3:0B:F5:1B:DC:7B:19:E4:F6:48:0B:7F:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/66jbO1TQgcML9Rvcexnk9kgLf1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/z9Yv58abFhPjrR8RFukcWH5etZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/66jbO1TQgcML9Rvcexnk9kgLf1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d2:19:0c:ac:eb:bd:5b:ed:a8:ee:56:1c:d6:ef:e8:67:26:94:
         4a:f7:a4:57:6a:1d:9b:4f:3f:1f:de:07:57:53:45:34:bc:48:
         92:e0:57:9c:7f:10:7c:e8:5b:6d:89:28:56:2a:75:40:4f:b8:
         f9:b4:1d:59:cd:6f:8d:17:d6:cd:ce:31:71:e4:07:97:6c:b9:
         c4:c4:57:4e:3b:9b:a5:a4:b1:ed:d3:55:ec:75:e8:d1:eb:82:
         7e:4d:b1:a7:65:f0:f2:e2:3b:7d:87:4e:e9:58:a1:f2:4a:28:
         90:17:dc:f1:72:91:8c:7a:c0:36:c7:87:5d:27:bd:7e:fc:86:
         4c:a5:a5:1e:4e:96:04:cf:e5:ae:f1:89:1d:bd:f9:4d:f5:70:
         a2:4a:5f:41:02:08:da:5e:d9:4f:b6:35:4c:dc:75:aa:c8:a7:
         f3:a6:00:4b:b3:59:de:66:4d:35:ba:70:e9:dd:b1:9b:20:7b:
         68:d6:57:04:bb:0a:16:e7:70:45:37:f2:28:44:c9:da:c8:d6:
         98:11:fa:b3:cb:01:16:b2:91:f3:b1:ac:4f:0f:cd:0c:12:4c:
         09:45:df:12:c7:4b:69:25:f9:74:1c:a1:c1:8c:f2:67:39:7f:
         a1:b1:0d:7b:58:b2:32:c0:a8:dc:91:e2:ca:94:e1:b7:87:37:
         e7:a3:8a:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1dR7V4eHGjX6lSrb0261MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYThkYjNiNTRkMDgxYzMwYmY1MWJkYzdiMTllNGY2NDgw
YjdmNTMwHhcNMjUwMTAxMDc0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmQ2MmZlN2M2OWIxNjEzZTNhZDFmMTExNmU5MWM1ODdlNWViNTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmy105nwquOkSiFuRhf+j7z3gjzHi
onA7Ysiwsyqn4HscBpcfc1QkYPHikAkZAnXhs/JS5Xvcyx8Q44DFu/vMIgGaYD+Q
htwqFadqi5ZvmYMXw6AEU06LpZ/PY1/qcxFFOIeiOgkCr1CIefMBo9dlXKTcY8uo
70K1Y8wkRGePSzaXA5S8dfWDzL+zXrFhF7KjpIZIRH6cNallITJO1FfCHLnaMjgg
rrf1S7zpGQ0lXYPDEpFPas8Mf048IL4/WbMqUBam7DPK0SPPbv07+oVhioSC7ygo
+dCAN/eTFe+rh4F6ElyTStFFkew/6zmZ4+oWNAM2ygI23v0YtA3hHKpyGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/WL+fGmxYT460fERbpHFh+XrWTMB8GA1UdIwQY
MBaAFOuo2ztU0IHDC/Ub3HsZ5PZIC39TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjZqYk8xVFFnY01MOVJ2Y2V4bms5a2dMZjFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi82Y2NmMDMtMDkwZC00MTZlLTg2Y2Yt
ZTlkYzNmMWNmODI0LzEvejlZdjU4YWJGaFBqclI4UkZ1a2NXSDVldFpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi82Y2NmMDMtMDkwZC00MTZlLTg2Y2YtZTlkYzNmMWNmODI0
LzEvNjZqYk8xVFFnY01MOVJ2Y2V4bms5a2dMZjFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucAkMA0G
CSqGSIb3DQEBCwUAA4IBAQDSGQys671b7ajuVhzW7+hnJpRK96RXah2bTz8f3gdX
U0U0vEiS4FecfxB86FttiShWKnVAT7j5tB1ZzW+NF9bNzjFx5AeXbLnExFdOO5ul
pLHt01XsdejR64J+TbGnZfDy4jt9h07pWKHySiiQF9zxcpGMesA2x4ddJ71+/IZM
paUeTpYEz+Wu8YkdvflN9XCiSl9BAgjaXtlPtjVM3HWqyKfzpgBLs1neZk01unDp
3bGbIHto1lcEuwoW53BFN/IoRMnayNaYEfqzywEWspHzsaxPD80MEkwJRd8Sx0tp
Jfl0HKHBjPJnOX+hsQ17WLIywKjckeLKlOG3hzfno4qQ
-----END CERTIFICATE-----