Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/27e29e-c894-4d39-ac23-12e96ba235d8/1/Zi0j7h9kKDeUNaeEMFA--W7qxgc.roa
File:                     Zi0j7h9kKDeUNaeEMFA--W7qxgc.roa (raw, json)
Hash identifier:          X3ti0Mbq81jS2GwcXcG3SUj5PuFqGydxb+zfC6HvRS8=
Subject key identifier:   66:2D:23:EE:1F:64:28:37:94:35:A7:84:30:50:3E:F9:6E:EA:C6:07
Certificate issuer:       /CN=360a9d26dbb3ea5dfaae83b61908add8fc6dd36f
Certificate serial:       0194A3C381FD1A0D859F9F4628B593783C5D
Authority key identifier: 36:0A:9D:26:DB:B3:EA:5D:FA:AE:83:B6:19:08:AD:D8:FC:6D:D3:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NgqdJtuz6l36roO2GQit2Pxt028.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/27e29e-c894-4d39-ac23-12e96ba235d8/1/Zi0j7h9kKDeUNaeEMFA--W7qxgc.roa
Signing time:             Sun 26 Jan 2025 17:58:06 +0000
ROA not before:           Sun 26 Jan 2025 17:58:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213959
IP address blocks:        185.104.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/27e29e-c894-4d39-ac23-12e96ba235d8/1/NgqdJtuz6l36roO2GQit2Pxt028.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/27e29e-c894-4d39-ac23-12e96ba235d8/1/NgqdJtuz6l36roO2GQit2Pxt028.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NgqdJtuz6l36roO2GQit2Pxt028.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a3:c3:81:fd:1a:0d:85:9f:9f:46:28:b5:93:78:3c:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=360a9d26dbb3ea5dfaae83b61908add8fc6dd36f
        Validity
            Not Before: Jan 26 17:58:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=662d23ee1f6428379435a78430503ef96eeac607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:5a:36:1d:74:09:4c:13:43:fa:4c:5d:e1:9a:
                    26:1d:0b:fe:be:d1:e4:97:fb:2a:ab:8b:c1:62:9d:
                    57:6b:8f:5a:ff:dd:ea:00:ba:77:f4:95:9e:81:37:
                    4e:11:53:b3:3a:43:b4:92:56:80:71:ff:26:e5:52:
                    12:1e:85:17:c8:9c:83:3b:45:42:d7:d2:e2:92:14:
                    c8:d1:64:5f:55:4f:83:53:36:81:eb:55:91:f7:c7:
                    dd:96:c5:31:ab:94:c4:db:93:52:71:88:0a:47:f6:
                    76:b0:74:d2:8e:6a:f4:cb:67:c7:76:4c:60:97:1a:
                    bf:f0:d1:42:6a:f7:79:f8:26:ac:1e:18:ba:bf:73:
                    b5:c3:e4:4d:67:57:9f:b9:2c:75:8c:43:65:27:6a:
                    9e:1c:a3:52:c1:c4:92:e0:e3:50:59:56:2d:34:d9:
                    ba:8c:91:df:9a:91:86:62:7d:92:6c:77:06:28:2a:
                    d2:ec:1e:70:43:c8:56:54:9f:51:80:b5:3f:45:3f:
                    4b:fb:f4:a6:4f:19:3b:d5:99:d1:fb:73:64:d5:1a:
                    6f:00:5e:fd:5e:37:a8:dc:f6:4a:cb:64:2e:a7:ac:
                    93:ff:03:f5:a4:33:ab:46:fc:39:c1:9d:39:e9:61:
                    41:71:d8:4e:d9:1d:25:53:d9:0c:3d:56:ba:c5:32:
                    97:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:2D:23:EE:1F:64:28:37:94:35:A7:84:30:50:3E:F9:6E:EA:C6:07
            X509v3 Authority Key Identifier:
                keyid:36:0A:9D:26:DB:B3:EA:5D:FA:AE:83:B6:19:08:AD:D8:FC:6D:D3:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NgqdJtuz6l36roO2GQit2Pxt028.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/27e29e-c894-4d39-ac23-12e96ba235d8/1/Zi0j7h9kKDeUNaeEMFA--W7qxgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/27e29e-c894-4d39-ac23-12e96ba235d8/1/NgqdJtuz6l36roO2GQit2Pxt028.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:c2:78:d2:64:ba:a5:6b:ec:08:7a:02:2c:03:9e:23:0c:46:
         4b:14:b3:d0:5c:72:be:01:57:9a:1b:e8:28:e3:07:2b:3e:fc:
         48:99:0e:2d:e6:57:eb:57:2e:7b:d7:e9:79:85:7e:b8:d4:eb:
         32:e5:dd:db:22:3c:ea:82:c8:bd:56:f8:9d:98:b9:64:06:ce:
         2e:3e:fb:b9:e9:87:f5:59:3b:07:02:8d:74:88:65:86:4e:c7:
         2d:5e:56:61:de:44:6b:bd:ff:6d:1e:57:74:a7:d6:0c:3a:e0:
         95:ff:ad:7b:ff:74:b9:a4:12:97:05:29:a0:78:a1:0c:e9:c7:
         d7:e0:fc:02:75:9b:20:3d:db:cc:fc:4a:1c:4b:74:f1:9a:40:
         71:50:5f:9b:bd:9b:ca:e1:58:df:51:55:80:39:e0:b8:e5:47:
         da:9d:c1:8d:29:10:e4:d0:b8:b0:37:33:79:34:b0:c6:c5:19:
         96:1a:c1:34:c0:bf:5e:b6:37:40:55:81:1b:8b:3b:ae:52:6f:
         88:a1:a1:c0:96:43:3f:79:a5:88:3e:99:2b:1b:3f:22:33:91:
         7e:0c:0a:22:82:be:08:1b:e5:5a:36:f4:08:2a:05:b2:4d:46:
         a3:f5:08:8b:92:f4:bb:21:38:0c:9d:1b:b1:ed:30:03:81:fe:
         9b:45:b2:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSjw4H9Gg2Fn59GKLWTeDxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MGE5ZDI2ZGJiM2VhNWRmYWFlODNiNjE5MDhhZGQ4ZmM2
ZGQzNmYwHhcNMjUwMTI2MTc1ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjJkMjNlZTFmNjQyODM3OTQzNWE3ODQzMDUwM2VmOTZlZWFjNjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1o2HXQJTBND+kxd4ZomHQv+vtHk
l/sqq4vBYp1Xa49a/93qALp39JWegTdOEVOzOkO0klaAcf8m5VISHoUXyJyDO0VC
19LikhTI0WRfVU+DUzaB61WR98fdlsUxq5TE25NScYgKR/Z2sHTSjmr0y2fHdkxg
lxq/8NFCavd5+CasHhi6v3O1w+RNZ1efuSx1jENlJ2qeHKNSwcSS4ONQWVYtNNm6
jJHfmpGGYn2SbHcGKCrS7B5wQ8hWVJ9RgLU/RT9L+/SmTxk71ZnR+3Nk1RpvAF79
Xjeo3PZKy2Qup6yT/wP1pDOrRvw5wZ056WFBcdhO2R0lU9kMPVa6xTKX9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGYtI+4fZCg3lDWnhDBQPvlu6sYHMB8GA1UdIwQY
MBaAFDYKnSbbs+pd+q6DthkIrdj8bdNvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmdxZEp0dXo2bDM2cm9PMkdRaXQyUHh0MDI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8yN2UyOWUtYzg5NC00ZDM5LWFjMjMt
MTJlOTZiYTIzNWQ4LzEvWmkwajdoOWtLRGVVTmFlRU1GQS0tVzdxeGdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8yN2UyOWUtYzg5NC00ZDM5LWFjMjMtMTJlOTZiYTIzNWQ4
LzEvTmdxZEp0dXo2bDM2cm9PMkdRaXQyUHh0MDI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWiDMA0G
CSqGSIb3DQEBCwUAA4IBAQACwnjSZLqla+wIegIsA54jDEZLFLPQXHK+AVeaG+go
4wcrPvxImQ4t5lfrVy571+l5hX641Osy5d3bIjzqgsi9VvidmLlkBs4uPvu56Yf1
WTsHAo10iGWGTsctXlZh3kRrvf9tHld0p9YMOuCV/617/3S5pBKXBSmgeKEM6cfX
4PwCdZsgPdvM/EocS3TxmkBxUF+bvZvK4VjfUVWAOeC45UfancGNKRDk0LiwNzN5
NLDGxRmWGsE0wL9etjdAVYEbizuuUm+IoaHAlkM/eaWIPpkrGz8iM5F+DAoigr4I
G+VaNvQIKgWyTUaj9QiLkvS7ITgMnRux7TADgf6bRbKK
-----END CERTIFICATE-----