Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/e66913-8f5f-47ef-a730-32c1b2cee593/1/zBgovtm1ad-0i6Hlr99dwqaZZ8A.roa
File:                     zBgovtm1ad-0i6Hlr99dwqaZZ8A.roa (raw, json)
Hash identifier:          zlvsRotYH5pOPVXr3W3IYM5PD6gCr9N8XLSfPQUKoN0=
Subject key identifier:   CC:18:28:BE:D9:B5:69:DF:B4:8B:A1:E5:AF:DF:5D:C2:A6:99:67:C0
Certificate issuer:       /CN=658c0c499a8e69d9795f4bd0b5bf1682b1f00f9a
Certificate serial:       0194236A28059DDCAE8890C1906B16ECF0AF
Authority key identifier: 65:8C:0C:49:9A:8E:69:D9:79:5F:4B:D0:B5:BF:16:82:B1:F0:0F:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZYwMSZqOadl5X0vQtb8WgrHwD5o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/e66913-8f5f-47ef-a730-32c1b2cee593/1/zBgovtm1ad-0i6Hlr99dwqaZZ8A.roa
Signing time:             Wed 01 Jan 2025 19:49:07 +0000
ROA not before:           Wed 01 Jan 2025 19:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209525
IP address blocks:        194.147.248.0/24 maxlen: 24
                          2a10:1940::/32 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/e66913-8f5f-47ef-a730-32c1b2cee593/1/ZYwMSZqOadl5X0vQtb8WgrHwD5o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/e66913-8f5f-47ef-a730-32c1b2cee593/1/ZYwMSZqOadl5X0vQtb8WgrHwD5o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZYwMSZqOadl5X0vQtb8WgrHwD5o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:28:05:9d:dc:ae:88:90:c1:90:6b:16:ec:f0:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=658c0c499a8e69d9795f4bd0b5bf1682b1f00f9a
        Validity
            Not Before: Jan  1 19:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc1828bed9b569dfb48ba1e5afdf5dc2a69967c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:c1:88:d8:76:1d:d6:fa:f4:e5:1d:f3:ac:79:
                    92:20:09:36:1b:03:2d:9f:0a:78:bd:a3:eb:33:fc:
                    5b:9b:4c:04:6d:ae:e0:78:2e:41:ce:5a:b9:c5:5f:
                    77:87:fc:05:c4:f0:b2:87:64:69:b8:39:2a:15:bd:
                    90:e7:cd:f3:f0:4e:57:a7:b9:32:d9:4c:4b:94:5a:
                    53:66:6e:ce:9f:b6:b5:04:ac:bd:63:f2:bf:1c:91:
                    97:9d:04:c1:f0:8a:94:5c:44:be:d5:04:16:e5:f0:
                    16:fb:f4:0f:10:6e:10:1b:4c:db:ce:a4:b5:46:99:
                    dd:14:a6:96:4c:3c:b6:18:a0:1f:f7:2e:ef:8f:88:
                    d1:3c:ca:4b:39:00:2d:69:b4:a0:31:e8:31:41:f5:
                    79:ba:e6:e8:44:29:4a:d7:60:66:90:36:1a:25:a0:
                    38:9e:86:0e:b7:0b:3b:21:5b:f4:df:4a:2d:e2:6f:
                    6e:3a:b8:83:7d:f5:c3:12:a6:88:8b:11:3e:40:08:
                    a4:5d:a4:09:97:87:f8:0f:b2:4a:67:76:b0:7f:a8:
                    2a:f8:59:fb:df:97:91:a3:63:5c:6c:d7:d7:81:b4:
                    54:5c:9e:5d:ed:90:35:06:c7:c4:bf:0c:1b:a8:55:
                    de:82:a3:3d:ce:f4:fe:96:90:f4:3f:5b:c9:f6:ac:
                    52:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:18:28:BE:D9:B5:69:DF:B4:8B:A1:E5:AF:DF:5D:C2:A6:99:67:C0
            X509v3 Authority Key Identifier:
                keyid:65:8C:0C:49:9A:8E:69:D9:79:5F:4B:D0:B5:BF:16:82:B1:F0:0F:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZYwMSZqOadl5X0vQtb8WgrHwD5o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/e66913-8f5f-47ef-a730-32c1b2cee593/1/zBgovtm1ad-0i6Hlr99dwqaZZ8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/e66913-8f5f-47ef-a730-32c1b2cee593/1/ZYwMSZqOadl5X0vQtb8WgrHwD5o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.248.0/24
                IPv6:
                  2a10:1940::/32

    Signature Algorithm: sha256WithRSAEncryption
         66:b7:c4:d5:b3:70:4c:f1:36:47:d1:9e:fd:ad:82:8a:69:e8:
         80:2e:df:f3:52:4b:8f:f4:4e:fd:48:79:5d:8c:22:66:94:0f:
         e2:4c:fe:9d:21:0a:38:f4:50:29:4e:25:f7:8b:88:4b:11:e0:
         5f:0c:12:cc:23:d5:30:8a:b7:82:37:9f:ec:71:73:80:bf:90:
         34:cd:77:b2:8a:16:40:a2:cf:f5:ee:4a:9a:19:b0:b2:8b:04:
         bb:98:a3:e3:14:83:72:34:03:05:30:69:0c:48:bf:f4:e8:0a:
         5a:a4:33:a6:b9:38:2d:51:0c:64:2d:ed:f8:b0:43:b6:1d:a8:
         24:29:23:7b:55:48:d8:73:ee:0a:e1:4c:ed:6f:d2:b5:44:d8:
         a3:0b:5a:9b:58:41:4f:73:8c:5f:ed:79:6d:ed:f0:2f:67:2f:
         d1:04:8a:96:33:b1:d2:3b:77:18:15:bc:3e:bd:60:6a:24:67:
         e9:08:90:e2:07:23:d2:15:4d:6a:76:8b:49:10:04:db:73:26:
         0b:cf:f8:3f:a8:43:6f:43:6c:b5:fc:d7:de:a1:9b:e6:ef:ea:
         51:13:9c:9a:57:7e:ee:4b:0c:19:af:89:1b:30:0e:4f:1d:62:
         f1:af:1f:ad:73:9e:a9:bf:bf:c8:38:29:3e:6e:1f:18:80:a7:
         fe:6a:c7:c1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjaigFndyuiJDBkGsW7PCvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1OGMwYzQ5OWE4ZTY5ZDk3OTVmNGJkMGI1YmYxNjgyYjFm
MDBmOWEwHhcNMjUwMTAxMTk0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzE4MjhiZWQ5YjU2OWRmYjQ4YmExZTVhZmRmNWRjMmE2OTk2N2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA18GI2HYd1vr05R3zrHmSIAk2GwMt
nwp4vaPrM/xbm0wEba7geC5Bzlq5xV93h/wFxPCyh2RpuDkqFb2Q583z8E5Xp7ky
2UxLlFpTZm7On7a1BKy9Y/K/HJGXnQTB8IqUXES+1QQW5fAW+/QPEG4QG0zbzqS1
RpndFKaWTDy2GKAf9y7vj4jRPMpLOQAtabSgMegxQfV5uuboRClK12BmkDYaJaA4
noYOtws7IVv030ot4m9uOriDffXDEqaIixE+QAikXaQJl4f4D7JKZ3awf6gq+Fn7
35eRo2NcbNfXgbRUXJ5d7ZA1BsfEvwwbqFXegqM9zvT+lpD0P1vJ9qxSSQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMwYKL7ZtWnftIuh5a/fXcKmmWfAMB8GA1UdIwQY
MBaAFGWMDEmajmnZeV9L0LW/FoKx8A+aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWll3TVNacU9hZGw1WDB2UXRiOFdnckh3RDVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9lNjY5MTMtOGY1Zi00N2VmLWE3MzAt
MzJjMWIyY2VlNTkzLzEvekJnb3Z0bTFhZC0waTZIbHI5OWR3cWFaWjhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9lNjY5MTMtOGY1Zi00N2VmLWE3MzAtMzJjMWIyY2VlNTkz
LzEvWll3TVNacU9hZGw1WDB2UXRiOFdnckh3RDVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwpP4MA0E
AgACMAcDBQAqEBlAMA0GCSqGSIb3DQEBCwUAA4IBAQBmt8TVs3BM8TZH0Z79rYKK
aeiALt/zUkuP9E79SHldjCJmlA/iTP6dIQo49FApTiX3i4hLEeBfDBLMI9UwireC
N5/scXOAv5A0zXeyihZAos/17kqaGbCyiwS7mKPjFINyNAMFMGkMSL/06ApapDOm
uTgtUQxkLe34sEO2HagkKSN7VUjYc+4K4Uztb9K1RNijC1qbWEFPc4xf7Xlt7fAv
Zy/RBIqWM7HSO3cYFbw+vWBqJGfpCJDiByPSFU1qdotJEATbcyYLz/g/qENvQ2y1
/NfeoZvm7+pRE5yaV37uSwwZr4kbMA5PHWLxrx+tc56pv7/IOCk+bh8YgKf+asfB
-----END CERTIFICATE-----