Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/8d6c33-b2c1-48da-a609-8217a929fd8d/1/Z0vebwduFrdGsE_iH8mJSQRQtcA.roa
File:                     Z0vebwduFrdGsE_iH8mJSQRQtcA.roa (raw, json)
Hash identifier:          RqX2X64oTENUb7eOcZCl0TrlwK76jUVfDOAyoAGIoKI=
Subject key identifier:   67:4B:DE:6F:07:6E:16:B7:46:B0:4F:E2:1F:C9:89:49:04:50:B5:C0
Certificate issuer:       /CN=b11a1f9770bab077515b7712cb8d49550b3138a1
Certificate serial:       019427480CCC3BB25C8FE9362F21F4CCB8EE
Authority key identifier: B1:1A:1F:97:70:BA:B0:77:51:5B:77:12:CB:8D:49:55:0B:31:38:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sRofl3C6sHdRW3cSy41JVQsxOKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/8d6c33-b2c1-48da-a609-8217a929fd8d/1/Z0vebwduFrdGsE_iH8mJSQRQtcA.roa
Signing time:             Thu 02 Jan 2025 13:50:20 +0000
ROA not before:           Thu 02 Jan 2025 13:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30742
IP address blocks:        185.48.216.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/8d6c33-b2c1-48da-a609-8217a929fd8d/1/sRofl3C6sHdRW3cSy41JVQsxOKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/8d6c33-b2c1-48da-a609-8217a929fd8d/1/sRofl3C6sHdRW3cSy41JVQsxOKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sRofl3C6sHdRW3cSy41JVQsxOKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 10:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:0c:cc:3b:b2:5c:8f:e9:36:2f:21:f4:cc:b8:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b11a1f9770bab077515b7712cb8d49550b3138a1
        Validity
            Not Before: Jan  2 13:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=674bde6f076e16b746b04fe21fc989490450b5c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:de:90:6a:fb:3e:19:5e:8a:ab:b3:53:7f:82:
                    00:de:c6:55:80:ab:13:74:9c:e9:a2:ba:ad:31:28:
                    0a:c4:50:5a:22:f9:d0:f5:72:b6:a1:55:eb:6d:e5:
                    e3:bf:28:56:a3:43:cc:bf:5b:14:93:87:a4:6a:8e:
                    b6:e4:25:be:fc:21:09:b3:79:ac:79:42:fa:06:77:
                    43:8d:55:58:e9:b4:18:ec:21:a5:1d:40:d9:48:fa:
                    b5:94:94:8f:f3:f0:3f:a3:09:11:a3:1d:62:3e:fd:
                    8f:69:ba:db:22:f3:43:55:02:c6:a8:f5:22:05:6c:
                    3b:49:23:93:73:86:24:68:6a:7c:68:ac:9d:d9:6d:
                    ac:be:91:b2:c0:96:d0:e7:94:5a:5b:53:dc:a4:7e:
                    c1:3d:43:03:eb:8e:31:f7:f1:23:fa:f5:ff:05:4b:
                    a8:0c:6f:15:9e:d7:25:29:3c:a2:8c:03:71:1b:cc:
                    7c:55:ec:8c:85:05:11:a7:0e:92:e0:76:a0:c0:b3:
                    84:6e:bb:d5:e3:fe:62:01:33:65:df:a3:41:8f:89:
                    40:82:a6:6c:be:3c:f8:7f:1d:de:09:67:fe:52:0f:
                    ad:75:98:28:6c:fe:9c:26:aa:54:58:23:28:63:13:
                    11:0b:24:de:a2:69:26:b2:5c:2b:55:d1:0b:5f:54:
                    3e:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:4B:DE:6F:07:6E:16:B7:46:B0:4F:E2:1F:C9:89:49:04:50:B5:C0
            X509v3 Authority Key Identifier:
                keyid:B1:1A:1F:97:70:BA:B0:77:51:5B:77:12:CB:8D:49:55:0B:31:38:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sRofl3C6sHdRW3cSy41JVQsxOKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/8d6c33-b2c1-48da-a609-8217a929fd8d/1/Z0vebwduFrdGsE_iH8mJSQRQtcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/8d6c33-b2c1-48da-a609-8217a929fd8d/1/sRofl3C6sHdRW3cSy41JVQsxOKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c5:77:37:56:97:99:2f:92:07:16:e8:55:be:15:d3:19:7d:de:
         06:be:4f:ff:b0:ad:48:8c:8d:d1:fa:3c:aa:b6:9a:2e:c6:37:
         a4:7e:5c:a8:29:a0:24:46:77:46:47:f8:77:10:9b:c0:c5:32:
         f7:2a:ff:ee:a8:17:04:f6:6a:c5:ca:bc:1d:58:cf:ae:b0:df:
         9d:0a:a9:56:c9:8a:2a:c2:e4:52:4b:73:e6:fd:1e:a3:e2:0c:
         69:3b:db:19:df:05:08:ab:2f:a3:35:be:92:9a:b6:3b:29:e7:
         b0:f3:af:1b:4c:20:a8:15:fd:42:ce:0f:ab:86:8f:4f:87:33:
         84:3a:bd:9c:74:f1:7c:06:6b:6b:d7:9f:aa:a1:41:2b:ef:a4:
         77:cb:d8:2c:21:8f:00:77:2e:23:33:de:7c:8b:6c:ba:e5:71:
         9f:43:10:69:7c:0c:7b:8a:e8:a5:93:31:9b:f4:35:f4:8e:73:
         86:d3:54:91:bc:b7:e5:8d:1d:3b:3c:18:46:9e:1b:58:73:7d:
         e7:67:94:0f:93:de:d2:f7:17:87:bc:8b:a5:2d:cf:c9:59:ac:
         47:f1:14:73:09:52:0e:a0:d0:72:be:df:80:54:73:55:38:ff:
         eb:1b:df:8e:dd:c6:b2:c8:e1:2b:c9:4c:be:9f:51:d4:24:8f:
         f5:34:4a:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSAzMO7Jcj+k2LyH0zLjuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMWExZjk3NzBiYWIwNzc1MTViNzcxMmNiOGQ0OTU1MGIz
MTM4YTEwHhcNMjUwMTAyMTM1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzRiZGU2ZjA3NmUxNmI3NDZiMDRmZTIxZmM5ODk0OTA0NTBiNWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyd6Qavs+GV6Kq7NTf4IA3sZVgKsT
dJzporqtMSgKxFBaIvnQ9XK2oVXrbeXjvyhWo0PMv1sUk4ekao625CW+/CEJs3ms
eUL6BndDjVVY6bQY7CGlHUDZSPq1lJSP8/A/owkRox1iPv2PabrbIvNDVQLGqPUi
BWw7SSOTc4YkaGp8aKyd2W2svpGywJbQ55RaW1PcpH7BPUMD644x9/Ej+vX/BUuo
DG8VntclKTyijANxG8x8VeyMhQURpw6S4HagwLOEbrvV4/5iATNl36NBj4lAgqZs
vjz4fx3eCWf+Ug+tdZgobP6cJqpUWCMoYxMRCyTeomkmslwrVdELX1Q+ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGdL3m8Hbha3RrBP4h/JiUkEULXAMB8GA1UdIwQY
MBaAFLEaH5dwurB3UVt3EsuNSVULMTihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1JvZmwzQzZzSGRSVzNjU3k0MUpWUXN4T0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS84ZDZjMzMtYjJjMS00OGRhLWE2MDkt
ODIxN2E5MjlmZDhkLzEvWjB2ZWJ3ZHVGcmRHc0VfaUg4bUpTUVJRdGNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS84ZDZjMzMtYjJjMS00OGRhLWE2MDktODIxN2E5MjlmZDhk
LzEvc1JvZmwzQzZzSGRSVzNjU3k0MUpWUXN4T0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTDYMA0G
CSqGSIb3DQEBCwUAA4IBAQDFdzdWl5kvkgcW6FW+FdMZfd4Gvk//sK1IjI3R+jyq
tpouxjekflyoKaAkRndGR/h3EJvAxTL3Kv/uqBcE9mrFyrwdWM+usN+dCqlWyYoq
wuRSS3Pm/R6j4gxpO9sZ3wUIqy+jNb6SmrY7Keew868bTCCoFf1Czg+rho9PhzOE
Or2cdPF8Bmtr15+qoUEr76R3y9gsIY8Ady4jM958i2y65XGfQxBpfAx7iuilkzGb
9DX0jnOG01SRvLfljR07PBhGnhtYc33nZ5QPk97S9xeHvIulLc/JWaxH8RRzCVIO
oNByvt+AVHNVOP/rG9+O3cayyOEryUy+n1HUJI/1NEqm
-----END CERTIFICATE-----