Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/CHPWlUWLkhhN8KqcQvdgSIi7nSQ.roa
File:                     CHPWlUWLkhhN8KqcQvdgSIi7nSQ.roa (raw, json)
Hash identifier:          oTR4o/Lu/P2pP/jqKMJRfshRV5ap+zULnMucNhK6ij0=
Subject key identifier:   08:73:D6:95:45:8B:92:18:4D:F0:AA:9C:42:F7:60:48:88:BB:9D:24
Certificate issuer:       /CN=658290fe9814fcb062ab71e32ec1f96da9973a33
Certificate serial:       019421B213A615F35A83B3FB7DFBDF23B216
Authority key identifier: 65:82:90:FE:98:14:FC:B0:62:AB:71:E3:2E:C1:F9:6D:A9:97:3A:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/CHPWlUWLkhhN8KqcQvdgSIi7nSQ.roa
Signing time:             Wed 01 Jan 2025 11:48:26 +0000
ROA not before:           Wed 01 Jan 2025 11:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58005
IP address blocks:        185.38.120.0/22 maxlen: 22
                          2a04:6fb0::/31 maxlen: 31
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 14:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:13:a6:15:f3:5a:83:b3:fb:7d:fb:df:23:b2:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=658290fe9814fcb062ab71e32ec1f96da9973a33
        Validity
            Not Before: Jan  1 11:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0873d695458b92184df0aa9c42f7604888bb9d24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d8:11:75:e7:64:92:68:cd:79:98:51:a8:e1:
                    a2:e3:bc:1e:09:cd:7e:7e:42:a2:d1:74:00:75:81:
                    c0:8e:c0:24:15:60:90:54:b3:0d:0c:27:33:c5:e2:
                    8a:63:71:e0:32:6a:77:58:67:ea:5a:d9:5a:77:29:
                    6a:ab:eb:01:f7:39:fe:9a:d6:1d:08:6c:e0:52:44:
                    86:90:ac:71:65:23:21:cb:08:db:dc:8e:71:fd:7b:
                    9d:cf:56:36:01:05:01:9f:ca:5e:b4:c6:b6:56:a9:
                    68:4e:c7:34:1f:2d:64:e5:6f:4c:24:40:a8:4d:e4:
                    68:f1:58:1e:49:fb:5d:1e:f3:af:c8:79:35:3c:fc:
                    02:b6:2d:8b:1b:16:16:d3:0d:1b:ef:65:ae:6a:00:
                    3e:87:12:ff:3c:82:a0:91:b9:69:7c:4b:37:03:6f:
                    46:2b:10:f2:8b:0c:8b:7a:7c:2b:4e:1d:51:ab:0e:
                    fb:2f:79:fd:54:7a:83:d0:af:6e:c0:7a:82:d5:06:
                    c1:5e:42:18:1f:50:77:26:c7:25:22:0c:12:99:c2:
                    74:20:db:d1:72:aa:3f:76:e6:86:d0:a5:cc:c7:db:
                    ce:93:9e:63:a3:dc:d8:e3:68:d3:c9:b2:2b:94:dc:
                    c8:37:51:62:26:d4:af:08:38:fb:af:b8:94:29:b9:
                    0e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:73:D6:95:45:8B:92:18:4D:F0:AA:9C:42:F7:60:48:88:BB:9D:24
            X509v3 Authority Key Identifier:
                keyid:65:82:90:FE:98:14:FC:B0:62:AB:71:E3:2E:C1:F9:6D:A9:97:3A:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/CHPWlUWLkhhN8KqcQvdgSIi7nSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.120.0/22
                IPv6:
                  2a04:6fb0::/31

    Signature Algorithm: sha256WithRSAEncryption
         9a:d6:3b:83:aa:d0:91:b9:c4:b5:ef:20:a3:59:6c:ad:54:1c:
         e2:95:32:e7:f7:1d:1f:2c:4e:a2:24:27:43:99:70:6c:8d:61:
         8f:50:1a:74:0b:e7:e9:f7:f5:1f:b0:e3:1d:f9:eb:e2:45:00:
         78:0b:5d:09:8e:58:ba:7b:d0:31:80:c3:70:e8:6d:4d:d8:6b:
         fa:c6:92:a2:0e:99:a0:ed:0b:2a:4c:a8:c7:c0:7e:ad:53:fb:
         bb:42:04:fe:b1:a1:26:df:79:d1:5a:5a:00:83:55:30:39:dd:
         bd:41:2b:fc:95:9c:c1:16:ec:ca:65:4a:b0:a9:59:56:0b:7c:
         c9:f1:23:56:3d:9a:74:9f:7a:1e:25:29:77:88:28:bb:e0:af:
         e6:69:39:20:c0:a4:4f:43:d2:c7:2f:e7:98:d0:d9:55:3c:00:
         25:e4:a4:16:7e:d6:86:aa:a1:8c:5b:cc:5b:f9:40:8b:a5:17:
         de:17:5d:72:80:80:5d:a9:ad:c2:f4:af:f8:30:1c:a4:64:72:
         10:0d:63:fa:1e:a7:b6:e0:ef:05:64:99:54:a4:f5:77:9e:77:
         2c:ef:27:4b:b2:7d:91:e7:9e:ef:48:15:a8:db:22:41:20:54:
         a4:ee:f9:29:5e:01:99:b6:c5:d8:03:e7:74:35:e7:16:cc:05:
         98:e7:6f:fa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhshOmFfNag7P7ffvfI7IWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ODI5MGZlOTgxNGZjYjA2MmFiNzFlMzJlYzFmOTZkYTk5
NzNhMzMwHhcNMjUwMTAxMTE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODczZDY5NTQ1OGI5MjE4NGRmMGFhOWM0MmY3NjA0ODg4YmI5ZDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9gRdedkkmjNeZhRqOGi47weCc1+
fkKi0XQAdYHAjsAkFWCQVLMNDCczxeKKY3HgMmp3WGfqWtladylqq+sB9zn+mtYd
CGzgUkSGkKxxZSMhywjb3I5x/Xudz1Y2AQUBn8petMa2VqloTsc0Hy1k5W9MJECo
TeRo8VgeSftdHvOvyHk1PPwCti2LGxYW0w0b72WuagA+hxL/PIKgkblpfEs3A29G
KxDyiwyLenwrTh1Rqw77L3n9VHqD0K9uwHqC1QbBXkIYH1B3JsclIgwSmcJ0INvR
cqo/duaG0KXMx9vOk55jo9zY42jTybIrlNzIN1FiJtSvCDj7r7iUKbkOEQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAhz1pVFi5IYTfCqnEL3YEiIu50kMB8GA1UdIwQY
MBaAFGWCkP6YFPywYqtx4y7B+W2plzozMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWllLUV9wZ1VfTEJpcTNIakxzSDViYW1YT2pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wZDNiMTMtYzRhMS00MWMwLWE4Mzkt
YWVkZTNmZmE0NDU3LzEvQ0hQV2xVV0xraGhOOEtxY1F2ZGdTSWk3blNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wZDNiMTMtYzRhMS00MWMwLWE4MzktYWVkZTNmZmE0NDU3
LzEvWllLUV9wZ1VfTEJpcTNIakxzSDViYW1YT2pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSZ4MA0E
AgACMAcDBQEqBG+wMA0GCSqGSIb3DQEBCwUAA4IBAQCa1juDqtCRucS17yCjWWyt
VBzilTLn9x0fLE6iJCdDmXBsjWGPUBp0C+fp9/UfsOMd+eviRQB4C10Jjli6e9Ax
gMNw6G1N2Gv6xpKiDpmg7QsqTKjHwH6tU/u7QgT+saEm33nRWloAg1UwOd29QSv8
lZzBFuzKZUqwqVlWC3zJ8SNWPZp0n3oeJSl3iCi74K/maTkgwKRPQ9LHL+eY0NlV
PAAl5KQWftaGqqGMW8xb+UCLpRfeF11ygIBdqa3C9K/4MBykZHIQDWP6Hqe24O8F
ZJlUpPV3nncs7ydLsn2R557vSBWo2yJBIFSk7vkpXgGZtsXYA+d0NecWzAWY52/6
-----END CERTIFICATE-----