Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/a46e3a-a8c6-4597-9281-9d24b40f8f72/1/zvBXOGhz3yT7vvMi09ydKdR3St4.roa
File:                     zvBXOGhz3yT7vvMi09ydKdR3St4.roa (raw, json)
Hash identifier:          74R93MmSYu/Sf7aVGk3wE3AF+gpETbgTfHomBAiI6ZI=
Subject key identifier:   CE:F0:57:38:68:73:DF:24:FB:BE:F3:22:D3:DC:9D:29:D4:77:4A:DE
Certificate issuer:       /CN=c92ca71838ae33ccecc5f10ab54ec3fc71bfbb82
Certificate serial:       019424B3C68E0E2C4EA0742E0DDCBA4BCEF3
Authority key identifier: C9:2C:A7:18:38:AE:33:CC:EC:C5:F1:0A:B5:4E:C3:FC:71:BF:BB:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ySynGDiuM8zsxfEKtU7D_HG_u4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/a46e3a-a8c6-4597-9281-9d24b40f8f72/1/zvBXOGhz3yT7vvMi09ydKdR3St4.roa
Signing time:             Thu 02 Jan 2025 01:49:09 +0000
ROA not before:           Thu 02 Jan 2025 01:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208496
IP address blocks:        81.25.72.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/a46e3a-a8c6-4597-9281-9d24b40f8f72/1/ySynGDiuM8zsxfEKtU7D_HG_u4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/a46e3a-a8c6-4597-9281-9d24b40f8f72/1/ySynGDiuM8zsxfEKtU7D_HG_u4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ySynGDiuM8zsxfEKtU7D_HG_u4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 16:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c6:8e:0e:2c:4e:a0:74:2e:0d:dc:ba:4b:ce:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c92ca71838ae33ccecc5f10ab54ec3fc71bfbb82
        Validity
            Not Before: Jan  2 01:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cef057386873df24fbbef322d3dc9d29d4774ade
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:45:9e:0d:57:4e:7b:11:f1:ba:51:20:8e:92:
                    7d:cd:59:2a:21:fd:29:a1:9d:0d:90:93:b9:d2:70:
                    d7:07:bb:6d:1d:a7:c8:ba:ce:c8:ba:79:dd:02:20:
                    a8:2e:58:90:51:95:ef:90:85:0e:94:ca:f5:ea:87:
                    59:ce:d4:41:34:2d:b4:f2:bb:8f:1d:2c:94:f5:0e:
                    23:dc:4b:92:9d:58:f6:56:d1:6e:c1:a6:be:b5:32:
                    68:87:85:aa:f0:69:5c:7d:8f:63:f6:bb:16:10:ea:
                    2f:b2:e0:99:b9:48:69:6f:67:88:18:cb:f0:08:e2:
                    c4:b2:7f:13:47:23:f5:de:57:c3:32:39:df:6e:b4:
                    a0:2f:1f:94:bd:51:2b:7a:cb:7b:be:4d:fc:20:19:
                    c6:fd:8d:fc:ae:45:f4:f9:77:21:90:d5:74:ce:7b:
                    76:cc:21:3e:96:f7:51:56:a6:9a:c3:3b:ee:be:90:
                    2b:27:d3:ec:84:05:34:27:7b:6f:95:85:1d:58:1b:
                    c7:f8:ca:e1:c0:5b:cd:f4:4c:57:4f:5c:e1:c1:e9:
                    b5:54:67:27:b3:9a:ad:78:bb:cf:48:1b:97:12:9f:
                    fc:8e:3f:89:de:44:e1:8c:a8:72:20:8a:c6:31:8b:
                    77:8d:ad:8e:09:ae:28:6f:30:f7:a5:c4:93:7e:03:
                    35:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:F0:57:38:68:73:DF:24:FB:BE:F3:22:D3:DC:9D:29:D4:77:4A:DE
            X509v3 Authority Key Identifier:
                keyid:C9:2C:A7:18:38:AE:33:CC:EC:C5:F1:0A:B5:4E:C3:FC:71:BF:BB:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ySynGDiuM8zsxfEKtU7D_HG_u4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/a46e3a-a8c6-4597-9281-9d24b40f8f72/1/zvBXOGhz3yT7vvMi09ydKdR3St4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/a46e3a-a8c6-4597-9281-9d24b40f8f72/1/ySynGDiuM8zsxfEKtU7D_HG_u4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.25.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:48:ca:2b:99:91:d6:15:69:a2:06:a9:9b:4c:70:a2:42:46:
         f8:7f:a1:28:be:97:66:59:0d:34:bb:1d:55:79:a1:79:56:f1:
         d8:bf:23:87:32:bf:8e:40:de:a2:3e:63:53:3d:81:c5:23:e1:
         97:59:0d:6d:5b:30:53:e1:a9:4c:54:e6:72:68:b6:d8:78:38:
         71:44:e7:82:ea:2e:50:2f:4d:79:e7:78:a4:fb:bb:c7:c6:98:
         6e:8a:dd:73:bf:7f:2a:4e:a9:c9:10:f8:94:96:2f:c9:9f:ff:
         7e:44:63:f9:46:bc:d5:03:1f:b3:bf:47:91:af:7b:6d:ce:10:
         40:e5:16:7d:99:3e:e3:94:a9:40:c0:80:00:e5:d3:5b:e1:b1:
         a4:a3:b6:3a:c7:d1:53:c2:71:1e:24:a7:21:d5:7b:7e:47:ce:
         a7:fd:de:26:fa:ba:85:dd:9b:b7:99:ea:c2:01:1d:84:f4:93:
         73:a9:75:f1:b5:7b:07:91:c6:2a:66:f0:f6:6b:6b:ca:5c:c6:
         2d:8a:9a:77:b1:5e:b5:a9:2f:1d:da:09:8a:05:49:17:ec:0b:
         77:95:89:dd:c9:81:1f:c9:31:e2:1f:19:c3:e0:dc:c1:0f:7d:
         e9:e2:bf:87:a0:75:ff:db:dc:c2:74:d9:03:03:3f:6b:46:0d:
         09:db:16:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks8aODixOoHQuDdy6S87zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MmNhNzE4MzhhZTMzY2NlY2M1ZjEwYWI1NGVjM2ZjNzFi
ZmJiODIwHhcNMjUwMTAyMDE0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWYwNTczODY4NzNkZjI0ZmJiZWYzMjJkM2RjOWQyOWQ0Nzc0YWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UWeDVdOexHxulEgjpJ9zVkqIf0p
oZ0NkJO50nDXB7ttHafIus7IunndAiCoLliQUZXvkIUOlMr16odZztRBNC208ruP
HSyU9Q4j3EuSnVj2VtFuwaa+tTJoh4Wq8GlcfY9j9rsWEOovsuCZuUhpb2eIGMvw
COLEsn8TRyP13lfDMjnfbrSgLx+UvVErest7vk38IBnG/Y38rkX0+XchkNV0znt2
zCE+lvdRVqaawzvuvpArJ9PshAU0J3tvlYUdWBvH+MrhwFvN9ExXT1zhwem1VGcn
s5qteLvPSBuXEp/8jj+J3kThjKhyIIrGMYt3ja2OCa4obzD3pcSTfgM1FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM7wVzhoc98k+77zItPcnSnUd0reMB8GA1UdIwQY
MBaAFMkspxg4rjPM7MXxCrVOw/xxv7uCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVN5bkdEaXVNOHpzeGZFS3RVN0RfSEdfdTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9hNDZlM2EtYThjNi00NTk3LTkyODEt
OWQyNGI0MGY4ZjcyLzEvenZCWE9HaHozeVQ3dnZNaTA5eWRLZFIzU3Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9hNDZlM2EtYThjNi00NTk3LTkyODEtOWQyNGI0MGY4Zjcy
LzEveVN5bkdEaXVNOHpzeGZFS3RVN0RfSEdfdTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCURlIMA0G
CSqGSIb3DQEBCwUAA4IBAQAtSMormZHWFWmiBqmbTHCiQkb4f6EovpdmWQ00ux1V
eaF5VvHYvyOHMr+OQN6iPmNTPYHFI+GXWQ1tWzBT4alMVOZyaLbYeDhxROeC6i5Q
L01553ik+7vHxphuit1zv38qTqnJEPiUli/Jn/9+RGP5RrzVAx+zv0eRr3ttzhBA
5RZ9mT7jlKlAwIAA5dNb4bGko7Y6x9FTwnEeJKch1Xt+R86n/d4m+rqF3Zu3merC
AR2E9JNzqXXxtXsHkcYqZvD2a2vKXMYtipp3sV61qS8d2gmKBUkX7At3lYndyYEf
yTHiHxnD4NzBD33p4r+HoHX/29zCdNkDAz9rRg0J2xYx
-----END CERTIFICATE-----