Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/zxynKoaXLk9CSCbEuR1SMnhOszM.roa
File:                     zxynKoaXLk9CSCbEuR1SMnhOszM.roa (raw, json)
Hash identifier:          0C0maO3P6rLabRCNi4Fq6yr5sjK9+mFynQgMmbGpRUM=
Subject key identifier:   CF:1C:A7:2A:86:97:2E:4F:42:48:26:C4:B9:1D:52:32:78:4E:B3:33
Certificate issuer:       /CN=2ac3ed794adafb91cb81a969eb8a9b2905fee2ec
Certificate serial:       0194258F7C675E8050BBA426C414CE159FAA
Authority key identifier: 2A:C3:ED:79:4A:DA:FB:91:CB:81:A9:69:EB:8A:9B:29:05:FE:E2:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPteUra-5HLgalp64qbKQX-4uw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/zxynKoaXLk9CSCbEuR1SMnhOszM.roa
Signing time:             Thu 02 Jan 2025 05:49:07 +0000
ROA not before:           Thu 02 Jan 2025 05:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9051
IP address blocks:        46.19.192.0/21 maxlen: 24
                          185.192.160.0/22 maxlen: 24
                          2a0a:2d40::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/KsPteUra-5HLgalp64qbKQX-4uw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/KsPteUra-5HLgalp64qbKQX-4uw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPteUra-5HLgalp64qbKQX-4uw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:7c:67:5e:80:50:bb:a4:26:c4:14:ce:15:9f:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3ed794adafb91cb81a969eb8a9b2905fee2ec
        Validity
            Not Before: Jan  2 05:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf1ca72a86972e4f424826c4b91d5232784eb333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:56:c1:26:e7:4d:1f:ef:f5:fe:28:db:0c:81:
                    ab:72:77:23:f7:b2:cb:d0:db:43:ca:a8:b2:5e:ea:
                    44:0a:d4:f2:6c:d0:79:8c:f1:8c:06:45:4e:1c:4d:
                    8e:8c:c3:bf:91:d6:c5:7d:b1:83:6e:e5:6c:74:a3:
                    18:11:e0:14:f0:f3:9a:e2:60:7e:dc:44:53:67:b4:
                    f6:ee:9e:fd:47:c4:3b:61:7b:fd:22:ed:bb:a0:b0:
                    70:be:40:41:a4:6d:9d:c3:e0:40:90:7d:1a:89:d3:
                    7c:2c:de:d9:db:30:e6:ad:3c:a7:94:da:87:6d:4c:
                    60:9d:62:f5:c9:b6:8d:39:f2:98:63:65:83:3f:2d:
                    e8:3c:7c:86:33:09:73:a2:93:b8:f6:ee:0e:8d:b1:
                    6f:82:df:1c:c8:e1:70:87:9b:2f:e5:3e:60:c4:eb:
                    73:25:3f:d8:8c:ba:82:ca:71:83:99:ee:71:38:13:
                    b9:e0:84:32:9e:fc:e2:1e:48:cf:1c:8c:c8:4b:3e:
                    0f:88:b4:23:db:e7:1f:ec:4c:e8:2a:2a:1e:ce:5e:
                    48:0d:48:46:fc:0e:09:1c:e0:0d:b2:28:92:f5:f6:
                    3b:b0:cf:ac:bd:1d:99:c3:0b:fe:80:23:cc:30:79:
                    11:de:fa:5c:7a:e9:e4:0c:9a:1d:96:e8:30:9b:fb:
                    06:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:1C:A7:2A:86:97:2E:4F:42:48:26:C4:B9:1D:52:32:78:4E:B3:33
            X509v3 Authority Key Identifier:
                keyid:2A:C3:ED:79:4A:DA:FB:91:CB:81:A9:69:EB:8A:9B:29:05:FE:E2:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPteUra-5HLgalp64qbKQX-4uw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/zxynKoaXLk9CSCbEuR1SMnhOszM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/KsPteUra-5HLgalp64qbKQX-4uw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.19.192.0/21
                  185.192.160.0/22
                IPv6:
                  2a0a:2d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:c2:1f:f0:fd:b1:83:fc:08:01:c2:47:d5:ea:74:9d:bf:9c:
         21:30:91:16:1b:f3:fb:6e:53:cc:0d:5f:dc:9b:de:ae:2f:88:
         40:99:ff:d8:d1:7c:53:47:dc:73:51:d8:85:3f:6f:80:89:25:
         64:7d:81:da:6d:46:81:90:20:ab:ba:02:8f:8a:a1:de:f5:52:
         3b:93:83:6f:be:32:c1:fe:89:de:95:85:49:a2:27:2e:a4:72:
         1b:8d:89:72:52:55:56:05:ad:c4:3f:a3:e0:da:0f:b8:51:c7:
         77:f5:cc:2a:76:d5:14:57:95:2f:b9:dc:69:31:cb:ef:b5:20:
         b9:c0:e5:d8:c2:29:29:6b:47:10:19:be:61:c0:b8:25:59:39:
         e6:e2:a6:0b:06:db:65:a5:2d:7a:dd:3a:9d:ae:0f:14:00:25:
         97:de:84:eb:57:b0:d1:4a:cb:b3:2d:e8:94:52:24:af:03:23:
         f7:2e:75:57:a3:59:e5:8f:44:be:7c:e0:67:08:00:81:a5:8f:
         de:fb:d7:52:75:60:d4:f9:0f:ef:83:90:16:c3:81:0d:b3:6b:
         0e:63:6d:d4:72:70:0f:dd:08:c7:00:60:a7:03:9a:07:98:d5:
         5c:75:3b:3a:36:8a:92:b6:ff:c5:84:c6:df:a3:ae:6c:36:c7:
         f6:cb:dc:74
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQlj3xnXoBQu6QmxBTOFZ+qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNlZDc5NGFkYWZiOTFjYjgxYTk2OWViOGE5YjI5MDVm
ZWUyZWMwHhcNMjUwMTAyMDU0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjFjYTcyYTg2OTcyZTRmNDI0ODI2YzRiOTFkNTIzMjc4NGViMzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA31bBJudNH+/1/ijbDIGrcncj97LL
0NtDyqiyXupECtTybNB5jPGMBkVOHE2OjMO/kdbFfbGDbuVsdKMYEeAU8POa4mB+
3ERTZ7T27p79R8Q7YXv9Iu27oLBwvkBBpG2dw+BAkH0aidN8LN7Z2zDmrTynlNqH
bUxgnWL1ybaNOfKYY2WDPy3oPHyGMwlzopO49u4OjbFvgt8cyOFwh5sv5T5gxOtz
JT/YjLqCynGDme5xOBO54IQynvziHkjPHIzISz4PiLQj2+cf7EzoKioezl5IDUhG
/A4JHOANsiiS9fY7sM+svR2Zwwv+gCPMMHkR3vpceunkDJodlugwm/sGowIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFM8cpyqGly5PQkgmxLkdUjJ4TrMzMB8GA1UdIwQY
MBaAFCrD7XlK2vuRy4GpaeuKmykF/uLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQdGVVcmEtNUhMZ2FscDY0cWJLUVgtNHV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi83YjEyN2ItNDRjZS00Y2FkLWFkOGYt
MDg5YzFjM2Q0MzU3LzEvenh5bktvYVhMazlDU0NiRXVSMVNNbmhPc3pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi83YjEyN2ItNDRjZS00Y2FkLWFkOGYtMDg5YzFjM2Q0MzU3
LzEvS3NQdGVVcmEtNUhMZ2FscDY0cWJLUVgtNHV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDLhPAAwQC
ucCgMA0EAgACMAcDBQMqCi1AMA0GCSqGSIb3DQEBCwUAA4IBAQAjwh/w/bGD/AgB
wkfV6nSdv5whMJEWG/P7blPMDV/cm96uL4hAmf/Y0XxTR9xzUdiFP2+AiSVkfYHa
bUaBkCCrugKPiqHe9VI7k4NvvjLB/onelYVJoicupHIbjYlyUlVWBa3EP6Pg2g+4
Ucd39cwqdtUUV5UvudxpMcvvtSC5wOXYwikpa0cQGb5hwLglWTnm4qYLBttlpS16
3Tqdrg8UACWX3oTrV7DRSsuzLeiUUiSvAyP3LnVXo1nlj0S+fOBnCACBpY/e+9dS
dWDU+Q/vg5AWw4ENs2sOY23UcnAP3QjHAGCnA5oHmNVcdTs6NoqStv/FhMbfo65s
Nsf2y9x0
-----END CERTIFICATE-----