Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/D4kPuzxI99LO9za1uzpIOKYzyZk.roa
File:                     D4kPuzxI99LO9za1uzpIOKYzyZk.roa (raw, json)
Hash identifier:          c+Ehw1XN1UBVbiuLbeIY9bu5RDnn9bT1POuqZJ3ek+g=
Subject key identifier:   0F:89:0F:BB:3C:48:F7:D2:CE:F7:36:B5:BB:3A:48:38:A6:33:C9:99
Certificate issuer:       /CN=658290fe9814fcb062ab71e32ec1f96da9973a33
Certificate serial:       019421B213E126A6537F33B0DC0AD0C7E3EF
Authority key identifier: 65:82:90:FE:98:14:FC:B0:62:AB:71:E3:2E:C1:F9:6D:A9:97:3A:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/D4kPuzxI99LO9za1uzpIOKYzyZk.roa
Signing time:             Wed 01 Jan 2025 11:48:26 +0000
ROA not before:           Wed 01 Jan 2025 11:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209568
IP address blocks:        194.187.24.0/22 maxlen: 22
                          2a09:1840::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 14:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:13:e1:26:a6:53:7f:33:b0:dc:0a:d0:c7:e3:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=658290fe9814fcb062ab71e32ec1f96da9973a33
        Validity
            Not Before: Jan  1 11:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f890fbb3c48f7d2cef736b5bb3a4838a633c999
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:ca:93:3e:23:a3:06:cb:d2:6a:3a:e6:70:ad:
                    bd:a3:dd:34:f9:8b:a4:72:17:cc:b0:0b:6e:1a:5f:
                    2d:be:46:b5:28:44:0d:6e:ff:ba:08:43:1a:fb:b8:
                    8f:61:89:4a:f5:f2:83:94:6f:18:13:12:23:45:af:
                    c3:da:a6:21:d2:6f:7c:bd:b5:86:30:e7:6f:a6:16:
                    46:b5:5c:bd:76:5b:61:01:4a:dd:d6:e8:98:26:27:
                    10:5c:32:d5:45:56:56:66:5f:21:94:0f:91:32:d2:
                    af:01:8d:e0:fb:24:98:fe:0f:ba:bd:0f:19:48:8b:
                    d5:a3:f8:d4:b4:e9:c3:17:61:52:d2:72:18:7a:c9:
                    23:26:12:39:a8:ae:17:cf:19:5f:fb:a0:c1:8a:5f:
                    36:bd:61:50:67:f3:89:62:ed:3f:92:e2:56:d2:0c:
                    c3:4c:54:84:cf:67:74:78:d9:a8:2b:f7:2b:b2:3a:
                    07:3a:3a:fe:9d:d8:ce:18:a4:3f:20:fb:27:7d:05:
                    61:44:5a:36:f1:b1:4a:e1:e2:6e:87:78:de:7e:7c:
                    d1:b7:53:05:16:ad:27:73:84:c6:79:04:a7:26:d1:
                    58:fb:ef:73:e9:3c:d3:ec:af:c4:31:77:5d:a0:f8:
                    69:a4:be:8c:cb:43:aa:b3:c5:36:2a:fb:86:9d:86:
                    7b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:89:0F:BB:3C:48:F7:D2:CE:F7:36:B5:BB:3A:48:38:A6:33:C9:99
            X509v3 Authority Key Identifier:
                keyid:65:82:90:FE:98:14:FC:B0:62:AB:71:E3:2E:C1:F9:6D:A9:97:3A:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/D4kPuzxI99LO9za1uzpIOKYzyZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.24.0/22
                IPv6:
                  2a09:1840::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:91:cf:d1:dc:ef:6b:0f:11:37:4a:aa:ab:08:8d:71:54:7b:
         aa:9a:35:9a:e7:41:01:8f:66:41:d5:70:6a:93:de:5e:f7:f9:
         0c:ea:a9:b2:85:c2:d6:72:c1:c3:1d:49:2d:39:f2:b3:d0:f5:
         7f:fb:81:0c:60:40:22:8b:22:0b:c0:b8:b7:bc:61:f8:06:3c:
         9f:29:64:01:f9:87:da:2e:ba:c7:41:b5:33:15:bc:8b:f2:8a:
         17:05:45:32:96:7c:b8:f4:f8:17:bd:10:08:07:1a:88:e1:04:
         57:dc:bf:32:11:66:6f:64:19:d5:39:e1:98:cb:d0:8e:ef:ad:
         80:88:f4:0a:46:79:cc:c1:ee:77:4b:d5:6a:b8:8c:ea:4a:f1:
         bd:11:62:d2:ac:74:0f:d4:91:7b:30:bd:06:95:7e:f0:5d:b1:
         04:8a:9d:bf:9c:fc:3c:f6:76:0d:59:30:16:24:b7:52:3e:f5:
         06:e1:4e:87:70:4b:82:73:6f:84:4d:f5:57:22:57:85:ca:80:
         b3:db:97:4f:a9:46:de:93:89:a9:d2:18:d1:53:22:c4:86:37:
         3f:27:bc:58:9a:43:5a:8c:34:2e:4f:a1:13:d3:1f:48:24:9b:
         c9:1a:68:ca:41:e2:f5:83:e7:06:0c:c2:87:22:a4:93:45:7a:
         cc:23:28:b2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhshPhJqZTfzOw3ArQx+PvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ODI5MGZlOTgxNGZjYjA2MmFiNzFlMzJlYzFmOTZkYTk5
NzNhMzMwHhcNMjUwMTAxMTE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjg5MGZiYjNjNDhmN2QyY2VmNzM2YjViYjNhNDgzOGE2MzNjOTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA48qTPiOjBsvSajrmcK29o900+Yuk
chfMsAtuGl8tvka1KEQNbv+6CEMa+7iPYYlK9fKDlG8YExIjRa/D2qYh0m98vbWG
MOdvphZGtVy9dlthAUrd1uiYJicQXDLVRVZWZl8hlA+RMtKvAY3g+ySY/g+6vQ8Z
SIvVo/jUtOnDF2FS0nIYeskjJhI5qK4Xzxlf+6DBil82vWFQZ/OJYu0/kuJW0gzD
TFSEz2d0eNmoK/crsjoHOjr+ndjOGKQ/IPsnfQVhRFo28bFK4eJuh3jefnzRt1MF
Fq0nc4TGeQSnJtFY++9z6TzT7K/EMXddoPhppL6My0Oqs8U2KvuGnYZ74QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA+JD7s8SPfSzvc2tbs6SDimM8mZMB8GA1UdIwQY
MBaAFGWCkP6YFPywYqtx4y7B+W2plzozMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWllLUV9wZ1VfTEJpcTNIakxzSDViYW1YT2pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wZDNiMTMtYzRhMS00MWMwLWE4Mzkt
YWVkZTNmZmE0NDU3LzEvRDRrUHV6eEk5OUxPOXphMXV6cElPS1l6eVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wZDNiMTMtYzRhMS00MWMwLWE4MzktYWVkZTNmZmE0NDU3
LzEvWllLUV9wZ1VfTEJpcTNIakxzSDViYW1YT2pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwrsYMA0E
AgACMAcDBQAqCRhAMA0GCSqGSIb3DQEBCwUAA4IBAQBvkc/R3O9rDxE3SqqrCI1x
VHuqmjWa50EBj2ZB1XBqk95e9/kM6qmyhcLWcsHDHUktOfKz0PV/+4EMYEAiiyIL
wLi3vGH4BjyfKWQB+YfaLrrHQbUzFbyL8ooXBUUylny49PgXvRAIBxqI4QRX3L8y
EWZvZBnVOeGYy9CO762AiPQKRnnMwe53S9VquIzqSvG9EWLSrHQP1JF7ML0GlX7w
XbEEip2/nPw89nYNWTAWJLdSPvUG4U6HcEuCc2+ETfVXIleFyoCz25dPqUbek4mp
0hjRUyLEhjc/J7xYmkNajDQuT6ET0x9IJJvJGmjKQeL1g+cGDMKHIqSTRXrMIyiy
-----END CERTIFICATE-----