Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/ZjCeZV9t7nMlhXxonfWRPwK3Fwk.roa
File:                     ZjCeZV9t7nMlhXxonfWRPwK3Fwk.roa (raw, json)
Hash identifier:          IHVGzBCSmheflmS7kNIg/vsky60Fc79LtR1kMK+Tm1w=
Subject key identifier:   66:30:9E:65:5F:6D:EE:73:25:85:7C:68:9D:F5:91:3F:02:B7:17:09
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01942827663D6A5D127C84DDE126300BFD23
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/ZjCeZV9t7nMlhXxonfWRPwK3Fwk.roa
Signing time:             Thu 02 Jan 2025 17:54:18 +0000
ROA not before:           Thu 02 Jan 2025 17:54:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203493
IP address blocks:        89.37.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:66:3d:6a:5d:12:7c:84:dd:e1:26:30:0b:fd:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66309e655f6dee7325857c689df5913f02b71709
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:0c:93:6d:4c:ee:05:b5:be:4f:4a:af:8d:22:
                    68:b1:03:82:4e:b4:6b:0b:b4:aa:6e:fb:16:fb:4d:
                    4a:25:fd:5c:53:ef:03:70:47:fc:eb:9b:8b:4e:96:
                    34:11:ce:1f:10:7c:65:0f:99:20:e7:08:58:de:36:
                    d3:fa:cb:95:57:3d:1b:e1:4c:07:0a:08:a2:fc:2c:
                    38:c0:57:02:2a:99:8d:ad:8c:67:f5:e5:b0:aa:ad:
                    8f:67:6b:89:66:4c:98:f7:cf:89:b7:f6:c7:1e:fd:
                    24:6e:b6:de:98:da:eb:23:24:a9:46:87:0b:54:4b:
                    3a:a8:d2:22:2a:66:c8:44:9a:30:57:12:66:97:d3:
                    8b:87:d1:05:4c:9f:fe:26:fb:f2:37:39:45:bf:c7:
                    95:1d:c2:06:9b:15:0f:6e:1f:66:69:81:cd:2a:59:
                    5f:ba:91:94:e9:5e:cf:ce:72:b5:e6:77:4e:68:0c:
                    aa:0e:57:e1:58:cc:b4:74:86:7b:64:48:4e:8a:83:
                    60:a1:26:4a:58:cf:e8:3c:70:2b:26:ea:23:69:a1:
                    9c:17:84:25:14:42:42:53:ac:c2:b5:13:04:65:23:
                    8f:19:58:aa:0e:ad:40:47:91:08:8e:15:9e:16:13:
                    0f:00:fe:75:69:e2:80:e5:7f:a0:58:09:0f:91:fd:
                    68:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:30:9E:65:5F:6D:EE:73:25:85:7C:68:9D:F5:91:3F:02:B7:17:09
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/ZjCeZV9t7nMlhXxonfWRPwK3Fwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:76:7b:b5:62:1e:b1:5f:09:d1:7a:35:95:bb:0f:eb:10:38:
         c0:a7:f3:35:f0:7f:4a:cf:8b:0f:70:1a:8a:9c:41:ec:6d:7b:
         5e:b4:6e:6f:86:b5:79:44:b4:83:ac:be:d5:cc:78:ac:16:b3:
         0f:78:1c:f1:7a:bd:f5:e5:0b:0e:8e:23:9b:b8:40:4a:30:de:
         d8:cc:ae:5b:73:25:0c:df:9d:8a:81:6e:04:bd:36:4f:1c:a2:
         20:dc:8f:18:7c:92:29:e7:0c:8e:a9:f7:b3:af:c3:69:58:53:
         cc:f1:71:72:a2:23:8d:e5:4b:df:e1:c0:f4:1c:b8:fa:54:ec:
         7e:26:ac:61:bc:a8:de:c6:2f:f9:0b:ee:52:58:64:ba:1a:66:
         42:ae:70:3f:30:84:4b:3a:32:41:4e:ac:f0:0e:47:68:d7:a2:
         77:57:30:3a:ce:de:87:d0:6b:3f:33:56:f1:ee:d7:09:33:f9:
         e5:6b:cf:ed:1d:16:cc:77:6a:4c:39:b4:24:e3:3e:13:cb:a1:
         d3:0e:a2:b1:bd:6a:86:54:8f:b9:74:d9:5e:a3:71:a5:f3:af:
         a4:2c:4a:42:4e:96:3b:26:1c:c3:3f:88:de:52:5c:6d:52:59:
         85:25:36:7e:72:04:f5:9e:5a:8b:44:1a:18:45:6c:38:ea:43:
         cc:9c:ed:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ2Y9al0SfITd4SYwC/0jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjMwOWU2NTVmNmRlZTczMjU4NTdjNjg5ZGY1OTEzZjAyYjcxNzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AyTbUzuBbW+T0qvjSJosQOCTrRr
C7SqbvsW+01KJf1cU+8DcEf865uLTpY0Ec4fEHxlD5kg5whY3jbT+suVVz0b4UwH
Cgii/Cw4wFcCKpmNrYxn9eWwqq2PZ2uJZkyY98+Jt/bHHv0kbrbemNrrIySpRocL
VEs6qNIiKmbIRJowVxJml9OLh9EFTJ/+JvvyNzlFv8eVHcIGmxUPbh9maYHNKllf
upGU6V7PznK15ndOaAyqDlfhWMy0dIZ7ZEhOioNgoSZKWM/oPHArJuojaaGcF4Ql
FEJCU6zCtRMEZSOPGViqDq1AR5EIjhWeFhMPAP51aeKA5X+gWAkPkf1o3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGYwnmVfbe5zJYV8aJ31kT8CtxcJMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvWmpDZVpWOXQ3bk1saFh4b25mV1JQd0szRndrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSXBMA0G
CSqGSIb3DQEBCwUAA4IBAQBMdnu1Yh6xXwnRejWVuw/rEDjAp/M18H9Kz4sPcBqK
nEHsbXtetG5vhrV5RLSDrL7VzHisFrMPeBzxer315QsOjiObuEBKMN7YzK5bcyUM
352KgW4EvTZPHKIg3I8YfJIp5wyOqfezr8NpWFPM8XFyoiON5Uvf4cD0HLj6VOx+
JqxhvKjexi/5C+5SWGS6GmZCrnA/MIRLOjJBTqzwDkdo16J3VzA6zt6H0Gs/M1bx
7tcJM/nla8/tHRbMd2pMObQk4z4Ty6HTDqKxvWqGVI+5dNleo3Gl86+kLEpCTpY7
JhzDP4jeUlxtUlmFJTZ+cgT1nlqLRBoYRWw46kPMnO3x
-----END CERTIFICATE-----