Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/d3e393-d8e8-4906-9177-1e0b1f7ca6cf/1/zA58kveqXgli4S_Gmvm71Z6gYvA.roa
File:                     zA58kveqXgli4S_Gmvm71Z6gYvA.roa (raw, json)
Hash identifier:          U7XAD6S0aMw4lkO5A8lwquVG5gdGFXidXMd3PA0M/Nw=
Subject key identifier:   CC:0E:7C:92:F7:AA:5E:09:62:E1:2F:C6:9A:F9:BB:D5:9E:A0:62:F0
Certificate issuer:       /CN=7d67942ce0aa0fd27a0cdcb73134defdcc6144e1
Certificate serial:       019425FDB937E08C937AEDC27A06F5301EBB
Authority key identifier: 7D:67:94:2C:E0:AA:0F:D2:7A:0C:DC:B7:31:34:DE:FD:CC:61:44:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fWeULOCqD9J6DNy3MTTe_cxhROE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/d3e393-d8e8-4906-9177-1e0b1f7ca6cf/1/zA58kveqXgli4S_Gmvm71Z6gYvA.roa
Signing time:             Thu 02 Jan 2025 07:49:32 +0000
ROA not before:           Thu 02 Jan 2025 07:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56485
IP address blocks:        185.184.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/d3e393-d8e8-4906-9177-1e0b1f7ca6cf/1/fWeULOCqD9J6DNy3MTTe_cxhROE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/d3e393-d8e8-4906-9177-1e0b1f7ca6cf/1/fWeULOCqD9J6DNy3MTTe_cxhROE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fWeULOCqD9J6DNy3MTTe_cxhROE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:b9:37:e0:8c:93:7a:ed:c2:7a:06:f5:30:1e:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d67942ce0aa0fd27a0cdcb73134defdcc6144e1
        Validity
            Not Before: Jan  2 07:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc0e7c92f7aa5e0962e12fc69af9bbd59ea062f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e9:49:da:01:ef:78:3e:f6:26:de:6b:61:16:
                    0e:21:7b:fa:45:66:02:a3:df:37:21:82:ad:bb:2c:
                    05:7d:80:9f:72:51:c7:6a:9b:cb:fb:05:61:f5:f3:
                    98:93:21:47:22:db:7c:4d:c1:f1:61:99:59:c1:bd:
                    bf:3c:f0:89:c1:a3:75:24:b1:a2:b6:51:53:6f:0a:
                    59:9f:53:38:4e:36:be:2a:ab:84:98:bf:1f:ce:6a:
                    aa:9f:20:b2:af:6f:69:d9:69:66:43:c1:8a:41:65:
                    7a:72:a3:1a:76:6d:bc:57:a3:b2:4d:37:d6:9b:bb:
                    ac:b6:22:a6:b3:84:75:de:fe:66:b0:f6:0b:b9:83:
                    23:93:5c:05:a0:d7:97:83:4c:c2:24:be:09:30:2a:
                    6b:65:f5:83:22:43:8e:e7:cb:77:52:53:2b:e2:a1:
                    ff:4e:1d:9c:29:15:0d:f1:62:c2:f7:f0:81:7a:0a:
                    eb:ba:26:09:d6:2f:a5:ca:d3:5e:9a:82:ec:e9:1d:
                    17:9f:3d:02:b3:b9:94:d5:48:ee:b5:6c:45:ba:b5:
                    16:0f:36:10:e8:cb:8f:16:71:b1:b3:b6:58:98:d8:
                    ed:b6:b8:e7:b7:90:a7:c6:b7:92:a2:f6:99:63:fb:
                    85:48:8e:43:0f:8d:c1:c1:66:1d:a2:a0:53:01:6d:
                    b5:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:0E:7C:92:F7:AA:5E:09:62:E1:2F:C6:9A:F9:BB:D5:9E:A0:62:F0
            X509v3 Authority Key Identifier:
                keyid:7D:67:94:2C:E0:AA:0F:D2:7A:0C:DC:B7:31:34:DE:FD:CC:61:44:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fWeULOCqD9J6DNy3MTTe_cxhROE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/d3e393-d8e8-4906-9177-1e0b1f7ca6cf/1/zA58kveqXgli4S_Gmvm71Z6gYvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/d3e393-d8e8-4906-9177-1e0b1f7ca6cf/1/fWeULOCqD9J6DNy3MTTe_cxhROE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:27:61:e3:b4:ee:fd:ff:40:92:aa:a4:fa:cb:70:eb:6c:ad:
         01:f6:74:b8:5e:84:6e:7b:fc:96:24:fc:ea:89:79:fb:b7:ab:
         47:a7:e9:a4:2d:d1:6b:ec:27:e5:15:c7:8f:e3:69:c9:e9:9b:
         08:15:d5:dc:d9:d5:a5:d1:f9:72:40:db:0d:38:b7:13:d5:a0:
         db:32:c9:f7:3f:75:37:e4:97:d2:57:e2:7d:d5:31:de:9b:71:
         20:d7:72:a8:10:cd:fd:cc:65:d5:af:9d:68:60:35:a4:83:4e:
         76:bc:0d:ba:28:db:0f:cd:74:75:c1:38:ae:76:b0:6b:5d:67:
         e5:07:bf:28:df:fa:4e:9f:cc:23:c9:72:4b:b8:98:39:1d:71:
         d0:d4:73:2d:0d:40:86:44:44:1b:ed:5c:f5:a5:35:39:c2:5d:
         6b:eb:75:ed:c9:2a:91:45:12:71:e2:4a:7f:2a:99:88:c7:d0:
         9a:08:2e:ee:e2:fd:06:20:18:22:0e:27:dd:57:5e:b1:bf:63:
         ef:75:bf:05:56:1a:95:6a:db:f4:76:b0:ac:4d:e3:e7:8c:54:
         8b:78:2f:f5:0b:20:44:d7:11:db:f8:eb:cc:c5:af:53:7c:2c:
         0f:20:ff:d7:dd:d9:6b:cc:c8:de:a0:24:6b:a1:ad:db:67:b1:
         76:a0:88:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/bk34IyTeu3Cegb1MB67MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNjc5NDJjZTBhYTBmZDI3YTBjZGNiNzMxMzRkZWZkY2M2
MTQ0ZTEwHhcNMjUwMTAyMDc0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzBlN2M5MmY3YWE1ZTA5NjJlMTJmYzY5YWY5YmJkNTllYTA2MmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+lJ2gHveD72Jt5rYRYOIXv6RWYC
o983IYKtuywFfYCfclHHapvL+wVh9fOYkyFHItt8TcHxYZlZwb2/PPCJwaN1JLGi
tlFTbwpZn1M4Tja+KquEmL8fzmqqnyCyr29p2WlmQ8GKQWV6cqMadm28V6OyTTfW
m7ustiKms4R13v5msPYLuYMjk1wFoNeXg0zCJL4JMCprZfWDIkOO58t3UlMr4qH/
Th2cKRUN8WLC9/CBegrruiYJ1i+lytNemoLs6R0Xnz0Cs7mU1UjutWxFurUWDzYQ
6MuPFnGxs7ZYmNjttrjnt5CnxreSovaZY/uFSI5DD43BwWYdoqBTAW21sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMwOfJL3ql4JYuEvxpr5u9WeoGLwMB8GA1UdIwQY
MBaAFH1nlCzgqg/SegzctzE03v3MYUThMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZldlVUxPQ3FEOUo2RE55M01UVGVfY3hoUk9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9kM2UzOTMtZDhlOC00OTA2LTkxNzct
MWUwYjFmN2NhNmNmLzEvekE1OGt2ZXFYZ2xpNFNfR212bTcxWjZnWXZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9kM2UzOTMtZDhlOC00OTA2LTkxNzctMWUwYjFmN2NhNmNm
LzEvZldlVUxPQ3FEOUo2RE55M01UVGVfY3hoUk9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubgrMA0G
CSqGSIb3DQEBCwUAA4IBAQBBJ2HjtO79/0CSqqT6y3DrbK0B9nS4XoRue/yWJPzq
iXn7t6tHp+mkLdFr7CflFceP42nJ6ZsIFdXc2dWl0flyQNsNOLcT1aDbMsn3P3U3
5JfSV+J91THem3Eg13KoEM39zGXVr51oYDWkg052vA26KNsPzXR1wTiudrBrXWfl
B78o3/pOn8wjyXJLuJg5HXHQ1HMtDUCGREQb7Vz1pTU5wl1r63XtySqRRRJx4kp/
KpmIx9CaCC7u4v0GIBgiDifdV16xv2Pvdb8FVhqVatv0drCsTePnjFSLeC/1CyBE
1xHb+OvMxa9TfCwPIP/X3dlrzMjeoCRroa3bZ7F2oIiD
-----END CERTIFICATE-----