Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/Z7uuC5XE4-fMCsGBtqQw7mSeH9U.roa
File:                     Z7uuC5XE4-fMCsGBtqQw7mSeH9U.roa (raw, json)
Hash identifier:          W7maKhHagBpEQgNK15fnWc66E1ZuDuwRIn7gOriSZAo=
Subject key identifier:   67:BB:AE:0B:95:C4:E3:E7:CC:0A:C1:81:B6:A4:30:EE:64:9E:1F:D5
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0194221FDA7C916FF363D35C9BDDBD29A9C1
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/Z7uuC5XE4-fMCsGBtqQw7mSeH9U.roa
Signing time:             Wed 01 Jan 2025 13:48:20 +0000
ROA not before:           Wed 01 Jan 2025 13:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        185.235.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:da:7c:91:6f:f3:63:d3:5c:9b:dd:bd:29:a9:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jan  1 13:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67bbae0b95c4e3e7cc0ac181b6a430ee649e1fd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:87:31:d8:55:16:0b:c6:14:93:b3:0c:07:da:
                    c8:3d:c1:b8:92:ae:dc:cc:9e:b6:8b:8b:cd:4a:75:
                    46:e2:4c:35:f3:55:41:7d:69:d1:31:36:c6:e8:49:
                    70:17:bc:43:31:6c:b5:1e:df:3f:41:e4:dd:0f:65:
                    22:09:c7:0b:9c:aa:3b:0f:48:1c:c8:88:d1:ff:9a:
                    74:19:d9:75:df:d1:86:9d:e9:49:4c:14:ab:65:d6:
                    3f:c1:45:8b:7a:a3:3e:49:ff:b7:a6:84:97:28:02:
                    67:3c:99:28:d8:42:64:49:6c:27:82:54:5b:04:d5:
                    f6:34:26:91:c3:32:79:6f:e2:f0:ea:0c:a0:5e:da:
                    b8:f6:b8:0f:e4:e6:40:1a:0b:8b:d7:70:05:b8:91:
                    cd:71:5f:10:9d:25:29:08:41:b3:d4:91:ac:7b:8b:
                    4f:65:84:cd:cc:c8:0a:71:35:dc:72:2e:a9:56:a4:
                    58:af:96:f3:7c:61:40:87:a0:4a:d3:11:ec:f6:da:
                    23:40:c3:4c:b8:64:f3:13:97:15:30:58:2d:ca:f1:
                    c4:ec:2f:69:15:bd:47:5b:3c:51:a3:d3:67:a4:09:
                    f0:fa:da:a9:68:12:ee:c6:10:00:d1:51:32:93:6f:
                    bf:a3:38:f0:2f:0a:e9:ab:cc:0c:5a:4e:5e:50:87:
                    18:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:BB:AE:0B:95:C4:E3:E7:CC:0A:C1:81:B6:A4:30:EE:64:9E:1F:D5
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/Z7uuC5XE4-fMCsGBtqQw7mSeH9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:54:17:ff:3a:34:48:18:f1:b2:f0:19:2b:68:a2:15:02:62:
         f5:e6:f8:2d:df:51:a5:05:3f:d9:99:c2:e9:81:75:05:2f:8f:
         f2:97:13:8f:97:c6:98:ef:0e:81:57:22:0a:ff:fb:f2:35:c1:
         ca:89:26:51:45:0b:90:05:01:2a:f1:1b:74:b7:d3:e0:da:cf:
         90:a3:a7:99:28:9f:52:2c:2d:75:5f:68:9f:3a:6e:6b:d8:70:
         1f:ef:c7:30:64:bf:00:c8:11:1e:6f:43:3f:6f:0c:f5:8b:dc:
         b2:7b:87:ea:9c:83:9b:ef:16:43:81:75:b7:89:c3:87:b7:b9:
         d8:1a:b5:44:2d:76:84:69:4d:39:43:09:f1:16:b8:33:45:42:
         2d:9b:69:e2:28:a2:b7:e3:4a:85:8f:33:a7:68:99:76:77:d1:
         6b:db:f3:36:73:22:cc:ce:a6:a8:d3:ec:4a:38:cb:c0:d3:d5:
         23:1e:5b:a6:0a:26:64:63:7c:c6:22:0b:c3:43:2d:90:c7:18:
         71:7c:39:c8:ce:cc:c1:a3:c6:26:23:08:80:db:01:25:bf:57:
         e0:21:75:37:2d:12:7b:6e:8c:95:38:87:e4:0e:24:9d:2c:c5:
         03:1d:46:b9:0a:eb:48:d6:fa:dd:4d:99:b2:ec:cc:3e:4e:19:
         15:a1:63:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH9p8kW/zY9Ncm929KanBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjUwMTAxMTM0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2JiYWUwYjk1YzRlM2U3Y2MwYWMxODFiNmE0MzBlZTY0OWUxZmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnocx2FUWC8YUk7MMB9rIPcG4kq7c
zJ62i4vNSnVG4kw181VBfWnRMTbG6ElwF7xDMWy1Ht8/QeTdD2UiCccLnKo7D0gc
yIjR/5p0Gdl139GGnelJTBSrZdY/wUWLeqM+Sf+3poSXKAJnPJko2EJkSWwnglRb
BNX2NCaRwzJ5b+Lw6gygXtq49rgP5OZAGguL13AFuJHNcV8QnSUpCEGz1JGse4tP
ZYTNzMgKcTXcci6pVqRYr5bzfGFAh6BK0xHs9tojQMNMuGTzE5cVMFgtyvHE7C9p
Fb1HWzxRo9NnpAnw+tqpaBLuxhAA0VEyk2+/ozjwLwrpq8wMWk5eUIcYMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGe7rguVxOPnzArBgbakMO5knh/VMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvWjd1dUM1WEU0LWZNQ3NHQnRxUXc3bVNlSDlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuetHMA0G
CSqGSIb3DQEBCwUAA4IBAQBMVBf/OjRIGPGy8BkraKIVAmL15vgt31GlBT/ZmcLp
gXUFL4/ylxOPl8aY7w6BVyIK//vyNcHKiSZRRQuQBQEq8Rt0t9Pg2s+Qo6eZKJ9S
LC11X2ifOm5r2HAf78cwZL8AyBEeb0M/bwz1i9yye4fqnIOb7xZDgXW3icOHt7nY
GrVELXaEaU05QwnxFrgzRUItm2niKKK340qFjzOnaJl2d9Fr2/M2cyLMzqao0+xK
OMvA09UjHlumCiZkY3zGIgvDQy2QxxhxfDnIzszBo8YmIwiA2wElv1fgIXU3LRJ7
boyVOIfkDiSdLMUDHUa5CutI1vrdTZmy7Mw+ThkVoWMF
-----END CERTIFICATE-----