Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/cgzTdEZPmNgBOOy4ZisbnPg33DQ.roa
File:                     cgzTdEZPmNgBOOy4ZisbnPg33DQ.roa (raw, json)
Hash identifier:          dyF7y8ojVlwglzB7vz7ngYfh2GiqNGPUjJEcuniSr/w=
Subject key identifier:   72:0C:D3:74:46:4F:98:D8:01:38:EC:B8:66:2B:1B:9C:F8:37:DC:34
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228DB01071686E06BE2EE5A3DE1B3FAF
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/cgzTdEZPmNgBOOy4ZisbnPg33DQ.roa
Signing time:             Wed 01 Jan 2025 15:48:18 +0000
ROA not before:           Wed 01 Jan 2025 15:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208916
IP address blocks:        176.236.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:b0:10:71:68:6e:06:be:2e:e5:a3:de:1b:3f:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=720cd374464f98d80138ecb8662b1b9cf837dc34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:2a:90:f0:66:95:ac:2c:b7:4a:b7:78:6d:16:
                    34:42:7e:a4:82:43:1e:42:96:b9:38:20:a9:21:99:
                    5c:99:ba:03:21:f4:46:26:5c:41:98:5b:c8:25:54:
                    07:a7:91:cf:35:b8:95:5d:47:d4:b4:7e:a1:f8:de:
                    c9:d9:e3:7c:02:5f:54:b8:23:70:34:95:a7:e4:1c:
                    f0:7e:af:4d:30:89:91:7b:6c:d3:4d:95:6e:a9:70:
                    b7:d6:6f:96:67:c0:f4:d1:1b:53:6e:0c:e2:f8:20:
                    86:00:6e:77:a6:6d:55:d8:ab:5b:d4:30:06:95:b7:
                    9c:8d:14:3a:f1:74:5f:50:0c:9a:83:c5:cf:83:eb:
                    bc:18:64:0a:73:a2:0d:ff:f2:6b:ef:a6:0a:a2:8b:
                    99:5e:3c:fa:e9:61:13:33:45:11:15:40:93:af:d4:
                    c3:e8:5d:85:55:1e:9e:16:fe:0e:6c:0d:74:09:07:
                    ae:18:ee:53:2e:98:27:60:34:60:af:64:6f:29:1f:
                    94:34:59:50:cc:6c:f0:27:2c:70:7d:e3:55:3e:5c:
                    d4:4e:31:c9:b9:e3:fc:ae:7c:90:6b:c8:80:70:f2:
                    5d:f6:ba:a6:95:74:94:22:6e:14:8e:2d:99:f9:4d:
                    40:6c:6a:b4:e8:68:e2:a1:dc:be:2b:b4:d0:2d:68:
                    e7:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:0C:D3:74:46:4F:98:D8:01:38:EC:B8:66:2B:1B:9C:F8:37:DC:34
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/cgzTdEZPmNgBOOy4ZisbnPg33DQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.236.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:1e:4f:1b:58:94:a3:ee:10:54:6b:d7:94:d8:84:c2:73:b3:
         19:f8:27:c0:28:39:bf:b6:c4:aa:dc:63:66:f1:ae:5c:a0:1b:
         2d:ce:e0:c4:41:78:65:6d:9f:6a:eb:01:28:ec:80:98:4c:55:
         f3:ec:fe:f6:00:4c:61:8d:40:0b:c8:22:b4:1f:74:1e:bd:47:
         6c:76:39:87:3b:ef:6a:97:c4:76:54:bd:16:00:57:42:49:ec:
         b0:8b:cb:99:5b:9d:2b:56:9a:75:c0:7d:27:9a:3c:15:a3:55:
         2b:2a:16:ab:47:c7:1a:d6:6d:58:3d:a6:9b:52:cf:b2:cd:69:
         17:c0:33:f1:4a:d5:02:70:5e:35:da:db:f4:af:c7:84:86:0e:
         98:d1:47:22:1d:70:e0:b8:f2:fa:fc:0b:18:b9:d4:71:d4:6c:
         31:ca:5d:c6:fd:bf:31:55:dd:9d:77:f3:0b:0e:51:a8:39:48:
         38:6b:5f:41:d3:b3:87:8e:63:b7:59:6d:c2:92:f8:64:ab:ba:
         26:b9:c0:d6:8d:e4:04:10:93:37:06:a6:42:71:2c:57:e9:a1:
         2e:13:5e:d4:7c:5c:6c:43:b3:76:b9:a8:b8:82:0d:dd:64:a2:
         73:e1:9b:ee:1a:fa:7e:c2:0f:9b:92:c1:04:8c:56:73:ba:be:
         98:21:83:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijbAQcWhuBr4u5aPeGz+vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjBjZDM3NDQ2NGY5OGQ4MDEzOGVjYjg2NjJiMWI5Y2Y4MzdkYzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6yqQ8GaVrCy3Srd4bRY0Qn6kgkMe
Qpa5OCCpIZlcmboDIfRGJlxBmFvIJVQHp5HPNbiVXUfUtH6h+N7J2eN8Al9UuCNw
NJWn5Bzwfq9NMImRe2zTTZVuqXC31m+WZ8D00RtTbgzi+CCGAG53pm1V2Ktb1DAG
lbecjRQ68XRfUAyag8XPg+u8GGQKc6IN//Jr76YKoouZXjz66WETM0URFUCTr9TD
6F2FVR6eFv4ObA10CQeuGO5TLpgnYDRgr2RvKR+UNFlQzGzwJyxwfeNVPlzUTjHJ
ueP8rnyQa8iAcPJd9rqmlXSUIm4Uji2Z+U1AbGq06Gjiody+K7TQLWjn4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHIM03RGT5jYATjsuGYrG5z4N9w0MB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvY2d6VGRFWlBtTmdCT095NFppc2JuUGczM0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsOz2MA0G
CSqGSIb3DQEBCwUAA4IBAQAdHk8bWJSj7hBUa9eU2ITCc7MZ+CfAKDm/tsSq3GNm
8a5coBstzuDEQXhlbZ9q6wEo7ICYTFXz7P72AExhjUALyCK0H3QevUdsdjmHO+9q
l8R2VL0WAFdCSeywi8uZW50rVpp1wH0nmjwVo1UrKharR8ca1m1YPaabUs+yzWkX
wDPxStUCcF412tv0r8eEhg6Y0UciHXDguPL6/AsYudRx1Gwxyl3G/b8xVd2dd/ML
DlGoOUg4a19B07OHjmO3WW3Ckvhkq7omucDWjeQEEJM3BqZCcSxX6aEuE17UfFxs
Q7N2uai4gg3dZKJz4ZvuGvp+wg+bksEEjFZzur6YIYP9
-----END CERTIFICATE-----