Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/ZE5HXP4DhKEPM6Gv1wOErPS1cz0.roa
File:                     ZE5HXP4DhKEPM6Gv1wOErPS1cz0.roa (raw, json)
Hash identifier:          O/2TK/NX3+tm+RkMY/59BD1XnfP0CTYDGNxOF5SY9hE=
Subject key identifier:   64:4E:47:5C:FE:03:84:A1:0F:33:A1:AF:D7:03:84:AC:F4:B5:73:3D
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019421B1A73E7F45061B5662628041445559
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/ZE5HXP4DhKEPM6Gv1wOErPS1cz0.roa
Signing time:             Wed 01 Jan 2025 11:47:58 +0000
ROA not before:           Wed 01 Jan 2025 11:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20454
IP address blocks:        176.57.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:a7:3e:7f:45:06:1b:56:62:62:80:41:44:55:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 11:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=644e475cfe0384a10f33a1afd70384acf4b5733d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:21:1d:de:78:9c:f9:ae:9b:e6:5e:41:48:9d:
                    df:9d:1f:b3:92:82:1d:2f:c3:d6:76:43:7c:c4:f1:
                    ed:f2:9a:9a:82:25:73:e3:d0:bb:32:c3:1d:09:43:
                    71:44:af:54:70:92:90:7a:b5:85:ae:35:f9:af:ec:
                    e4:e3:2e:9b:0a:26:a1:e6:0c:5d:2c:91:c4:bb:62:
                    b9:93:a6:cd:ca:53:93:6c:94:df:1b:ea:15:b0:aa:
                    31:73:3a:93:25:c1:3d:5a:38:ef:b3:9a:57:3e:86:
                    20:6c:3a:aa:03:22:18:45:26:e1:3b:f2:1d:b2:cf:
                    e5:5a:7d:63:99:93:8b:57:11:96:f1:a6:7e:38:c3:
                    8b:e5:b2:33:ea:bc:cb:82:6a:48:22:2c:d4:89:17:
                    eb:f6:7f:29:8f:35:5d:ca:87:9b:a0:bc:dc:a5:9d:
                    2c:75:a6:ef:1c:57:61:80:c1:c2:9a:ed:6b:fc:27:
                    80:ce:28:d4:9e:65:ac:a9:d5:4d:90:a0:df:13:a8:
                    68:70:63:28:e1:be:57:09:d6:a2:f9:81:45:3e:6f:
                    78:d4:c8:31:cf:85:99:e7:5b:41:84:eb:33:ac:4e:
                    b8:43:c7:1d:bb:b4:c6:b7:eb:ca:b9:8c:42:bf:a2:
                    b0:aa:16:cd:52:3d:7d:a7:73:cf:ee:ba:18:d8:a3:
                    b0:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:4E:47:5C:FE:03:84:A1:0F:33:A1:AF:D7:03:84:AC:F4:B5:73:3D
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/ZE5HXP4DhKEPM6Gv1wOErPS1cz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:f2:0a:49:98:d7:a4:d8:6a:d8:40:85:f6:d4:85:4c:4d:42:
         b0:5c:bd:7a:59:50:a7:6d:04:31:19:61:76:9f:6c:b7:3e:c1:
         45:1a:64:18:75:51:48:f7:0e:6e:d5:ce:0a:3a:cb:32:33:a6:
         1d:92:0f:e3:c4:ce:09:ff:22:fc:10:42:41:9b:2b:91:23:1e:
         b1:c6:8d:cd:36:8b:4a:d4:7b:08:71:9a:6e:ed:9c:6d:9f:76:
         72:c2:5c:36:d5:b7:57:ab:28:99:19:56:9c:69:34:65:28:80:
         8d:63:70:69:77:34:4c:c0:9b:07:6f:d0:74:7e:34:e4:4b:0a:
         b1:1d:fc:fa:54:f2:5f:a0:c7:6f:74:9f:03:b1:dd:6f:70:80:
         4a:e6:8e:a6:ba:9c:6d:91:b3:54:e0:38:6d:ab:c8:d8:62:d5:
         02:b7:6b:48:71:ca:26:a1:53:5d:9b:10:16:e4:6b:9f:11:b1:
         50:78:65:8a:96:61:ab:b5:ff:3d:3e:da:00:ae:73:3f:17:63:
         47:09:e3:bd:d4:56:9c:ef:59:77:b4:2b:ba:1c:c2:0c:b1:08:
         df:88:3a:db:62:55:de:3e:d8:2f:06:68:18:39:da:68:81:62:
         f0:20:4c:41:89:25:f5:35:82:da:71:90:17:62:b4:7c:63:5a:
         0e:0b:99:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsac+f0UGG1ZiYoBBRFVZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDRlNDc1Y2ZlMDM4NGExMGYzM2ExYWZkNzAzODRhY2Y0YjU3MzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCEd3nic+a6b5l5BSJ3fnR+zkoId
L8PWdkN8xPHt8pqagiVz49C7MsMdCUNxRK9UcJKQerWFrjX5r+zk4y6bCiah5gxd
LJHEu2K5k6bNylOTbJTfG+oVsKoxczqTJcE9Wjjvs5pXPoYgbDqqAyIYRSbhO/Id
ss/lWn1jmZOLVxGW8aZ+OMOL5bIz6rzLgmpIIizUiRfr9n8pjzVdyoeboLzcpZ0s
dabvHFdhgMHCmu1r/CeAzijUnmWsqdVNkKDfE6hocGMo4b5XCdai+YFFPm941Mgx
z4WZ51tBhOszrE64Q8cdu7TGt+vKuYxCv6KwqhbNUj19p3PP7roY2KOw5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGROR1z+A4ShDzOhr9cDhKz0tXM9MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvWkU1SFhQNERoS0VQTTZHdjF3T0VyUFMxY3owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDk+MA0G
CSqGSIb3DQEBCwUAA4IBAQCp8gpJmNek2GrYQIX21IVMTUKwXL16WVCnbQQxGWF2
n2y3PsFFGmQYdVFI9w5u1c4KOssyM6Ydkg/jxM4J/yL8EEJBmyuRIx6xxo3NNotK
1HsIcZpu7Zxtn3Zywlw21bdXqyiZGVacaTRlKICNY3BpdzRMwJsHb9B0fjTkSwqx
Hfz6VPJfoMdvdJ8Dsd1vcIBK5o6mupxtkbNU4Dhtq8jYYtUCt2tIccomoVNdmxAW
5GufEbFQeGWKlmGrtf89PtoArnM/F2NHCeO91Fac71l3tCu6HMIMsQjfiDrbYlXe
PtgvBmgYOdpogWLwIExBiSX1NYLacZAXYrR8Y1oOC5mu
-----END CERTIFICATE-----