Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/rzSYXMd4cZBCRD3TTumHD44RWxI.roa
File:                     rzSYXMd4cZBCRD3TTumHD44RWxI.roa (raw, json)
Hash identifier:          epTeUZEF9BYSY3NHSPNkCp4tHAAekmILWGBWAt+JPsA=
Subject key identifier:   AF:34:98:5C:C7:78:71:90:42:44:3D:D3:4E:E9:87:0F:8E:11:5B:12
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01954CB27AB46C0E4DD549977F4EA5DFA272
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/rzSYXMd4cZBCRD3TTumHD44RWxI.roa
Signing time:             Fri 28 Feb 2025 13:15:19 +0000
ROA not before:           Fri 28 Feb 2025 13:15:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211389
IP address blocks:        155.2.210.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:4c:b2:7a:b4:6c:0e:4d:d5:49:97:7f:4e:a5:df:a2:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Feb 28 13:15:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af34985cc778719042443dd34ee9870f8e115b12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ca:de:b3:c2:98:17:3e:e0:74:1c:b6:d3:39:
                    73:79:aa:01:09:4c:80:46:1f:da:18:68:9f:bc:f6:
                    6e:3e:94:24:3a:f4:90:0f:a0:a9:17:bc:ca:4a:84:
                    f3:b7:7b:f9:2c:b1:f7:5e:33:a1:d6:43:97:c5:a6:
                    c0:39:22:72:cc:58:15:05:3c:f6:df:bb:e0:15:3b:
                    84:ab:10:ab:32:07:ce:d4:2b:3c:dc:ff:14:b9:2b:
                    41:39:ec:3b:76:a7:cf:f5:97:9c:5f:30:61:35:03:
                    e9:e0:f1:b8:62:61:b6:99:3f:42:6c:a2:35:87:2a:
                    dd:f7:5a:51:63:70:d8:39:73:c4:ed:5c:dc:6b:2a:
                    86:66:e8:96:ce:99:1c:07:cc:d6:3b:2c:74:e9:36:
                    70:97:c9:71:f2:97:bf:92:df:30:01:2e:85:cc:43:
                    c3:52:62:e1:a1:d5:47:9b:4e:20:66:89:81:a8:84:
                    be:33:e4:03:35:32:f4:6f:e1:d0:d2:01:c0:b5:82:
                    21:88:85:a8:1b:59:82:af:4a:a5:28:e1:64:a9:99:
                    69:90:00:47:b1:3c:e3:01:ba:d6:82:f0:ff:bb:57:
                    ed:bd:43:9c:5d:c2:82:cc:0b:a4:ab:88:87:78:0d:
                    51:f9:07:9e:e2:dd:04:27:2e:87:a3:28:58:cf:b1:
                    12:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:34:98:5C:C7:78:71:90:42:44:3D:D3:4E:E9:87:0F:8E:11:5B:12
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/rzSYXMd4cZBCRD3TTumHD44RWxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.2.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         28:2e:cc:5f:7d:2f:e6:cb:c5:93:ca:b9:e6:12:46:78:e3:44:
         45:d8:2c:3e:2b:a7:36:1e:3d:db:c3:b7:d0:81:0c:29:c9:81:
         28:76:11:46:5e:75:ed:8c:c4:08:27:f6:d7:7e:fa:f5:97:a0:
         60:e5:38:6a:e8:0e:fe:48:b5:da:02:2d:e8:da:8f:7b:3d:e7:
         3f:7b:d7:0c:6a:2c:a7:76:e8:71:04:2b:57:5c:14:3a:1a:ed:
         cd:0c:98:6e:9e:fd:d3:69:f9:bf:3c:6b:bb:8c:18:40:de:e9:
         ec:e5:3d:58:98:f1:10:e8:5a:1e:c9:9a:60:1f:b2:3c:1f:6d:
         40:ec:df:3a:87:3e:be:5b:d5:50:c2:59:58:cf:27:71:43:3c:
         67:4c:5e:a5:f7:30:76:b7:30:dd:28:9a:13:87:93:86:c4:fb:
         70:83:66:5b:96:72:40:92:d0:2b:2b:01:00:a6:9f:07:72:04:
         f8:65:d5:58:86:05:be:fc:64:21:83:cf:8e:27:0b:cf:9b:80:
         7e:28:08:bc:0b:60:c6:d7:27:36:32:a5:4b:3f:f9:63:68:af:
         c4:75:2e:bd:26:26:16:2b:e1:46:c0:35:ed:9b:1c:27:26:e3:
         4c:54:3f:2f:1d:6d:05:4c:66:f3:9f:de:80:fd:1b:38:25:a3:
         97:4a:86:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVMsnq0bA5N1UmXf06l36JyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwMjI4MTMxNTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjM0OTg1Y2M3Nzg3MTkwNDI0NDNkZDM0ZWU5ODcwZjhlMTE1YjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8res8KYFz7gdBy20zlzeaoBCUyA
Rh/aGGifvPZuPpQkOvSQD6CpF7zKSoTzt3v5LLH3XjOh1kOXxabAOSJyzFgVBTz2
37vgFTuEqxCrMgfO1Cs83P8UuStBOew7dqfP9ZecXzBhNQPp4PG4YmG2mT9CbKI1
hyrd91pRY3DYOXPE7VzcayqGZuiWzpkcB8zWOyx06TZwl8lx8pe/kt8wAS6FzEPD
UmLhodVHm04gZomBqIS+M+QDNTL0b+HQ0gHAtYIhiIWoG1mCr0qlKOFkqZlpkABH
sTzjAbrWgvD/u1ftvUOcXcKCzAukq4iHeA1R+Qee4t0EJy6HoyhYz7ESFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK80mFzHeHGQQkQ9007phw+OEVsSMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvcnpTWVhNZDRjWkJDUkQzVFR1bUhENDRSV3hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmwLSMA0G
CSqGSIb3DQEBCwUAA4IBAQAoLsxffS/my8WTyrnmEkZ440RF2Cw+K6c2Hj3bw7fQ
gQwpyYEodhFGXnXtjMQIJ/bXfvr1l6Bg5Thq6A7+SLXaAi3o2o97Pec/e9cMaiyn
duhxBCtXXBQ6Gu3NDJhunv3Tafm/PGu7jBhA3uns5T1YmPEQ6FoeyZpgH7I8H21A
7N86hz6+W9VQwllYzydxQzxnTF6l9zB2tzDdKJoTh5OGxPtwg2ZblnJAktArKwEA
pp8HcgT4ZdVYhgW+/GQhg8+OJwvPm4B+KAi8C2DG1yc2MqVLP/ljaK/EdS69JiYW
K+FGwDXtmxwnJuNMVD8vHW0FTGbzn96A/Rs4JaOXSobI
-----END CERTIFICATE-----