Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/zl2yTRzYTVKnIHInIXWpNdik9JM.roa
File:                     zl2yTRzYTVKnIHInIXWpNdik9JM.roa (raw, json)
Hash identifier:          0gI4qXr6mBvWS+0mXpayvNRDBb3i5vDtDcAMz2QbjOc=
Subject key identifier:   CE:5D:B2:4D:1C:D8:4D:52:A7:20:72:27:21:75:A9:35:D8:A4:F4:93
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01942827786B64AD999DEFB77FE70C8C9D2A
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/zl2yTRzYTVKnIHInIXWpNdik9JM.roa
Signing time:             Thu 02 Jan 2025 17:54:22 +0000
ROA not before:           Thu 02 Jan 2025 17:54:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216070
IP address blocks:        176.126.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:78:6b:64:ad:99:9d:ef:b7:7f:e7:0c:8c:9d:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce5db24d1cd84d52a72072272175a935d8a4f493
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:e3:2b:50:5f:05:31:36:b6:0f:e1:33:9c:9e:
                    f1:06:41:51:66:76:42:0e:5a:50:14:f2:fe:da:37:
                    6e:bb:a7:62:f9:c0:aa:45:21:26:21:39:27:3d:c1:
                    df:74:b3:4c:df:58:0f:b4:4f:b5:4d:3e:ac:03:c8:
                    fe:20:77:ea:51:66:ea:6f:fa:86:4d:3b:fc:3f:2a:
                    55:7d:c8:40:b1:54:c2:80:b8:18:80:aa:b8:23:8d:
                    19:1a:7a:0e:da:a0:02:cb:10:90:79:2f:10:07:70:
                    78:03:d9:03:cf:8e:e3:5b:fa:76:fb:8b:f5:6b:b4:
                    f4:e0:ed:49:07:22:7e:76:f8:fc:2a:20:b8:a5:18:
                    90:8d:9b:0f:48:72:b9:0e:3b:5a:91:27:1e:09:2c:
                    ed:02:36:1f:10:8b:b3:37:f5:08:c1:46:c4:33:51:
                    eb:47:3f:ac:57:05:aa:65:86:09:74:83:1f:06:f6:
                    70:bd:b2:f9:81:f0:08:d7:26:8c:1b:26:82:a5:51:
                    8f:d8:b3:82:83:2e:bb:c4:f5:10:3b:4c:d8:b2:79:
                    5c:ca:da:5d:2b:1d:82:37:85:05:90:50:ca:44:28:
                    13:46:7f:f0:7b:3b:36:03:46:9a:d5:f0:8e:85:a1:
                    3d:60:af:46:66:2c:6a:d5:99:34:70:dd:0a:d9:53:
                    ea:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:5D:B2:4D:1C:D8:4D:52:A7:20:72:27:21:75:A9:35:D8:A4:F4:93
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/zl2yTRzYTVKnIHInIXWpNdik9JM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.126.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:65:83:fb:19:10:e9:83:53:f3:2e:ed:72:6d:4c:f1:95:e8:
         db:60:9d:c9:20:8d:03:e3:b8:f8:2b:26:90:8f:7c:ca:ec:13:
         4b:a9:d1:48:d6:d3:26:ff:b5:0c:ea:31:46:c6:08:95:f2:bf:
         b7:64:c1:ba:ad:1b:1e:5e:fc:d0:53:ff:a6:4e:d3:1f:c5:71:
         4e:8d:29:7a:f9:e4:a6:67:64:69:84:82:13:0a:51:87:a5:b9:
         d2:61:42:6a:7b:47:15:17:03:bf:f2:5f:ea:39:c6:d1:fb:d8:
         88:b6:ad:95:06:8d:cf:07:03:f1:b8:6d:45:b9:74:d3:5f:66:
         f7:b6:ff:0b:bc:2e:03:a2:6a:c0:d4:82:12:c0:08:a6:a0:75:
         7b:3f:c8:3c:e2:b0:38:9a:31:73:44:ab:a1:10:6e:65:58:e6:
         91:72:ed:ca:99:43:31:c4:53:5a:9e:7d:d4:c3:80:2c:e1:75:
         c5:8c:7a:e3:17:c5:d1:10:76:e4:62:28:b7:b9:27:95:0e:36:
         72:13:c8:f8:db:3e:47:03:4b:7f:8d:aa:0e:f0:d2:02:b9:a0:
         59:85:04:d6:fc:33:f6:d7:76:a7:04:3a:12:41:af:64:3f:6b:
         f0:e5:51:4d:61:05:41:fd:ee:73:0d:1e:8c:bc:9b:dc:6a:3b:
         34:d6:d5:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ3hrZK2Zne+3f+cMjJ0qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTVkYjI0ZDFjZDg0ZDUyYTcyMDcyMjcyMTc1YTkzNWQ4YTRmNDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OMrUF8FMTa2D+EznJ7xBkFRZnZC
DlpQFPL+2jduu6di+cCqRSEmITknPcHfdLNM31gPtE+1TT6sA8j+IHfqUWbqb/qG
TTv8PypVfchAsVTCgLgYgKq4I40ZGnoO2qACyxCQeS8QB3B4A9kDz47jW/p2+4v1
a7T04O1JByJ+dvj8KiC4pRiQjZsPSHK5DjtakSceCSztAjYfEIuzN/UIwUbEM1Hr
Rz+sVwWqZYYJdIMfBvZwvbL5gfAI1yaMGyaCpVGP2LOCgy67xPUQO0zYsnlcytpd
Kx2CN4UFkFDKRCgTRn/wezs2A0aa1fCOhaE9YK9GZixq1Zk0cN0K2VPqOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5dsk0c2E1SpyByJyF1qTXYpPSTMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvemwyeVRSellUVktuSUhJbklYV3BOZGlrOUpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsH6uMA0G
CSqGSIb3DQEBCwUAA4IBAQBfZYP7GRDpg1PzLu1ybUzxlejbYJ3JII0D47j4KyaQ
j3zK7BNLqdFI1tMm/7UM6jFGxgiV8r+3ZMG6rRseXvzQU/+mTtMfxXFOjSl6+eSm
Z2RphIITClGHpbnSYUJqe0cVFwO/8l/qOcbR+9iItq2VBo3PBwPxuG1FuXTTX2b3
tv8LvC4DomrA1IISwAimoHV7P8g84rA4mjFzRKuhEG5lWOaRcu3KmUMxxFNann3U
w4As4XXFjHrjF8XREHbkYii3uSeVDjZyE8j42z5HA0t/jaoO8NICuaBZhQTW/DP2
13anBDoSQa9kP2vw5VFNYQVB/e5zDR6MvJvcajs01tXY
-----END CERTIFICATE-----