Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/45340c-540c-4faf-8a9f-05ce48d5f2d8/1/ZcTmzRVwzbIZI35RxAQspNK8wA0.roa
File:                     ZcTmzRVwzbIZI35RxAQspNK8wA0.roa (raw, json)
Hash identifier:          CvHPermbD4g/guqKSz7nbFfdIQ834453x2yMIE8CXZg=
Subject key identifier:   65:C4:E6:CD:15:70:CD:B2:19:23:7E:51:C4:04:2C:A4:D2:BC:C0:0D
Certificate issuer:       /CN=a15a105f5ba627e5be6f1ff91f2597278209931f
Certificate serial:       01941FFA66EE4F267FB5375300B88DEFE798
Authority key identifier: A1:5A:10:5F:5B:A6:27:E5:BE:6F:1F:F9:1F:25:97:27:82:09:93:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oVoQX1umJ-W-bx_5HyWXJ4IJkx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/45340c-540c-4faf-8a9f-05ce48d5f2d8/1/ZcTmzRVwzbIZI35RxAQspNK8wA0.roa
Signing time:             Wed 01 Jan 2025 03:48:11 +0000
ROA not before:           Wed 01 Jan 2025 03:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201738
IP address blocks:        185.65.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/45340c-540c-4faf-8a9f-05ce48d5f2d8/1/oVoQX1umJ-W-bx_5HyWXJ4IJkx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/45340c-540c-4faf-8a9f-05ce48d5f2d8/1/oVoQX1umJ-W-bx_5HyWXJ4IJkx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oVoQX1umJ-W-bx_5HyWXJ4IJkx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:66:ee:4f:26:7f:b5:37:53:00:b8:8d:ef:e7:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a15a105f5ba627e5be6f1ff91f2597278209931f
        Validity
            Not Before: Jan  1 03:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65c4e6cd1570cdb219237e51c4042ca4d2bcc00d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ce:75:93:0e:20:e5:40:51:b7:a3:40:ef:d5:
                    85:26:12:89:5f:83:da:9b:9c:a5:e6:b9:a0:d1:d0:
                    5a:25:11:dc:09:b8:1e:c1:b2:37:ee:2d:6c:c6:42:
                    d9:7f:55:13:e3:d6:c7:b3:52:9b:7a:56:81:21:c7:
                    89:fb:74:f1:54:da:61:d0:dd:fc:36:20:9f:2c:cd:
                    f0:b8:f9:d0:2e:e3:1e:60:ee:df:d0:de:8c:58:a1:
                    69:8c:30:eb:15:52:7e:fe:a8:de:75:17:87:b6:e5:
                    bb:37:30:3c:cb:68:a1:87:a5:44:ca:a5:51:87:6e:
                    17:d9:ae:10:10:a4:ea:5a:72:17:83:51:76:bd:1c:
                    bc:f9:54:fc:1e:c3:40:45:2e:74:c3:af:79:9a:c9:
                    84:7c:fa:59:cd:5b:07:4d:b9:86:fe:2b:77:fc:8b:
                    99:c0:a2:39:52:73:c3:1f:6f:60:6d:05:c8:df:85:
                    a5:7f:14:ba:b3:61:87:92:fa:74:8b:51:5f:96:9e:
                    88:31:ed:eb:64:bc:8c:17:04:0f:3a:9d:36:61:dd:
                    9e:04:ef:8f:c1:e6:1d:c8:f5:27:a0:85:b1:17:58:
                    48:ba:41:0d:e8:99:74:b3:7c:24:ea:fc:94:d6:29:
                    eb:24:e9:2a:56:66:2a:cd:a3:11:e9:3f:b1:4c:69:
                    35:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:C4:E6:CD:15:70:CD:B2:19:23:7E:51:C4:04:2C:A4:D2:BC:C0:0D
            X509v3 Authority Key Identifier:
                keyid:A1:5A:10:5F:5B:A6:27:E5:BE:6F:1F:F9:1F:25:97:27:82:09:93:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oVoQX1umJ-W-bx_5HyWXJ4IJkx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/45340c-540c-4faf-8a9f-05ce48d5f2d8/1/ZcTmzRVwzbIZI35RxAQspNK8wA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/45340c-540c-4faf-8a9f-05ce48d5f2d8/1/oVoQX1umJ-W-bx_5HyWXJ4IJkx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:a3:38:d6:a4:54:37:6b:e8:d2:de:3f:fd:e1:5e:19:2f:52:
         39:11:10:cc:4f:56:16:17:f5:4b:d3:3b:c9:76:22:81:b2:7c:
         02:eb:dd:b9:04:62:b6:e6:0d:62:42:06:f4:10:cf:1c:1e:fe:
         a0:e9:a1:20:d5:58:b4:ad:f9:59:8d:e6:8e:87:38:2d:35:e1:
         b9:a0:78:1d:4c:26:3b:32:37:f8:3d:cb:fd:0e:a7:77:35:56:
         75:d6:f0:25:5e:db:4d:89:a6:89:0e:ad:95:1c:69:a3:23:6e:
         7c:76:39:55:0e:91:2e:0a:72:0a:ee:5c:cf:24:0d:1d:03:1e:
         a2:c8:64:3b:88:e4:10:41:b0:aa:d7:0b:c4:c4:ec:28:b8:59:
         19:06:57:21:db:8f:a0:b4:2d:ec:b7:42:3a:9c:54:07:7d:0e:
         75:ac:72:16:82:ac:ef:ef:af:bf:ff:f5:4e:64:67:66:ef:e6:
         a0:ce:a8:06:eb:ef:3a:9f:d5:ad:49:f8:cb:2b:8b:fd:de:60:
         d6:31:ee:e3:c0:12:03:f4:23:78:f0:a7:47:18:a4:2b:53:53:
         27:89:a2:f8:ff:76:2b:47:d3:36:5e:a6:11:08:05:ee:80:c7:
         34:7c:4c:fe:ce:32:36:ee:1a:60:1e:d5:fa:55:f2:08:65:fe:
         f8:1a:25:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+mbuTyZ/tTdTALiN7+eYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNWExMDVmNWJhNjI3ZTViZTZmMWZmOTFmMjU5NzI3ODIw
OTkzMWYwHhcNMjUwMTAxMDM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWM0ZTZjZDE1NzBjZGIyMTkyMzdlNTFjNDA0MmNhNGQyYmNjMDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAos51kw4g5UBRt6NA79WFJhKJX4Pa
m5yl5rmg0dBaJRHcCbgewbI37i1sxkLZf1UT49bHs1KbelaBIceJ+3TxVNph0N38
NiCfLM3wuPnQLuMeYO7f0N6MWKFpjDDrFVJ+/qjedReHtuW7NzA8y2ihh6VEyqVR
h24X2a4QEKTqWnIXg1F2vRy8+VT8HsNARS50w695msmEfPpZzVsHTbmG/it3/IuZ
wKI5UnPDH29gbQXI34WlfxS6s2GHkvp0i1Fflp6IMe3rZLyMFwQPOp02Yd2eBO+P
weYdyPUnoIWxF1hIukEN6Jl0s3wk6vyU1inrJOkqVmYqzaMR6T+xTGk1tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXE5s0VcM2yGSN+UcQELKTSvMANMB8GA1UdIwQY
MBaAFKFaEF9bpiflvm8f+R8llyeCCZMfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1ZvUVgxdW1KLVctYnhfNUh5V1hKNElKa3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80NTM0MGMtNTQwYy00ZmFmLThhOWYt
MDVjZTQ4ZDVmMmQ4LzEvWmNUbXpSVnd6YklaSTM1UnhBUXNwTks4d0EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80NTM0MGMtNTQwYy00ZmFmLThhOWYtMDVjZTQ4ZDVmMmQ4
LzEvb1ZvUVgxdW1KLVctYnhfNUh5V1hKNElKa3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUF0MA0G
CSqGSIb3DQEBCwUAA4IBAQAbozjWpFQ3a+jS3j/94V4ZL1I5ERDMT1YWF/VL0zvJ
diKBsnwC6925BGK25g1iQgb0EM8cHv6g6aEg1Vi0rflZjeaOhzgtNeG5oHgdTCY7
Mjf4Pcv9Dqd3NVZ11vAlXttNiaaJDq2VHGmjI258djlVDpEuCnIK7lzPJA0dAx6i
yGQ7iOQQQbCq1wvExOwouFkZBlch24+gtC3st0I6nFQHfQ51rHIWgqzv76+///VO
ZGdm7+agzqgG6+86n9WtSfjLK4v93mDWMe7jwBID9CN48KdHGKQrU1MniaL4/3Yr
R9M2XqYRCAXugMc0fEz+zjI27hpgHtX6VfIIZf74GiWZ
-----END CERTIFICATE-----