Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/e9360c-d73e-430b-b72e-d6cf837b0efa/1/azO-aDRzdJeZXPnkpaxb8BBtrU8.roa
File:                     azO-aDRzdJeZXPnkpaxb8BBtrU8.roa (raw, json)
Hash identifier:          z6om+JaM7Y2eklhyA3h/kaXOgcnoTRDFx+JOSlMYz7k=
Subject key identifier:   6B:33:BE:68:34:73:74:97:99:5C:F9:E4:A5:AC:5B:F0:10:6D:AD:4F
Certificate issuer:       /CN=67f84e74691c3b7fd2d518e562f9ea87de5d3f50
Certificate serial:       019422202916CC1CACE7A2BDD1B8D21C1F0B
Authority key identifier: 67:F8:4E:74:69:1C:3B:7F:D2:D5:18:E5:62:F9:EA:87:DE:5D:3F:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_hOdGkcO3_S1RjlYvnqh95dP1A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/e9360c-d73e-430b-b72e-d6cf837b0efa/1/azO-aDRzdJeZXPnkpaxb8BBtrU8.roa
Signing time:             Wed 01 Jan 2025 13:48:40 +0000
ROA not before:           Wed 01 Jan 2025 13:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35442
IP address blocks:        91.195.96.0/23 maxlen: 23
                          193.239.254.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/e9360c-d73e-430b-b72e-d6cf837b0efa/1/Z_hOdGkcO3_S1RjlYvnqh95dP1A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/e9360c-d73e-430b-b72e-d6cf837b0efa/1/Z_hOdGkcO3_S1RjlYvnqh95dP1A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_hOdGkcO3_S1RjlYvnqh95dP1A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 04:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:29:16:cc:1c:ac:e7:a2:bd:d1:b8:d2:1c:1f:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f84e74691c3b7fd2d518e562f9ea87de5d3f50
        Validity
            Not Before: Jan  1 13:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b33be6834737497995cf9e4a5ac5bf0106dad4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:a7:e9:33:92:5a:da:77:5d:28:f1:05:22:ff:
                    d6:8a:9c:fa:92:40:b2:39:c6:9e:27:9c:6a:1a:fc:
                    20:03:22:c9:6f:1b:64:07:17:a5:33:47:8e:16:4e:
                    77:82:27:0d:7d:2d:d1:fd:79:5b:1f:e7:b4:bd:dd:
                    ad:7d:15:1a:5b:b9:78:81:06:59:a2:cf:b0:68:4f:
                    78:3a:cc:93:c3:d7:98:b8:c2:1b:19:31:58:46:81:
                    51:0c:9d:c8:02:19:da:25:e5:0e:ac:92:ef:18:ad:
                    43:16:43:ba:21:da:09:7e:52:31:81:67:55:57:30:
                    7f:f5:db:81:f8:2f:91:3a:d1:49:8d:96:14:4d:46:
                    b7:fd:db:bc:79:41:f5:78:1a:43:f6:0a:04:f9:e8:
                    ac:56:d3:dd:b4:73:e2:5e:ad:45:c6:8a:be:26:5e:
                    2f:7c:7e:c2:9e:0c:46:8b:37:f8:e8:49:3b:10:d1:
                    0d:a0:44:e7:c7:54:03:95:a4:1c:8a:24:1d:df:3d:
                    e0:65:c7:30:1f:b5:a2:03:4a:18:94:2a:ae:16:51:
                    f5:fe:7f:de:c7:67:6e:66:72:97:02:dd:c1:a3:b1:
                    c3:93:53:7e:10:83:61:73:fb:36:cb:fb:c7:ca:f9:
                    65:63:b0:50:1b:2e:b1:7a:a5:1b:d3:53:e7:6d:4e:
                    08:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:33:BE:68:34:73:74:97:99:5C:F9:E4:A5:AC:5B:F0:10:6D:AD:4F
            X509v3 Authority Key Identifier:
                keyid:67:F8:4E:74:69:1C:3B:7F:D2:D5:18:E5:62:F9:EA:87:DE:5D:3F:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_hOdGkcO3_S1RjlYvnqh95dP1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e9360c-d73e-430b-b72e-d6cf837b0efa/1/azO-aDRzdJeZXPnkpaxb8BBtrU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e9360c-d73e-430b-b72e-d6cf837b0efa/1/Z_hOdGkcO3_S1RjlYvnqh95dP1A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.96.0/23
                  193.239.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:bc:01:17:76:b8:5b:39:6e:3b:d0:49:ce:e8:31:01:e5:2e:
         24:90:2b:3d:49:14:a9:7b:29:c7:69:b5:fb:5b:99:3a:a1:32:
         4b:c5:fd:44:be:f1:3e:c3:ed:64:d8:8e:59:7c:c8:01:9e:fb:
         b8:9b:61:b6:a8:40:c5:f0:a2:f7:67:28:88:ca:88:66:cf:04:
         62:39:6c:60:1d:46:8f:56:d4:8c:f6:0f:20:f3:bc:6d:bc:bb:
         f0:5c:60:63:94:c6:29:51:77:49:05:58:7d:6c:24:86:2e:f6:
         1a:67:64:06:ad:4c:5c:c2:e9:29:6f:b4:86:16:94:3b:6e:7c:
         94:f7:d3:8e:57:37:ef:dd:85:4a:dc:98:80:9e:e5:cf:30:5a:
         43:db:b1:f6:04:bb:0a:17:4c:8f:b5:f4:5c:82:64:80:fc:9c:
         7d:0c:f9:3e:8f:3b:35:4d:ad:51:d7:ff:ee:70:f2:17:88:ae:
         da:56:73:56:e3:3c:90:68:12:d4:35:19:c9:78:58:8b:6c:6a:
         e9:9b:81:05:2c:fe:3f:66:16:07:4c:c0:df:73:ad:40:ce:f6:
         1d:6e:05:dc:83:c9:bb:66:f6:2c:90:94:04:ca:c8:9e:8e:17:
         60:28:bc:2c:bb:64:fa:f0:d0:c7:46:00:7a:bb:fa:fb:db:73:
         f5:79:86:0a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiICkWzBys56K90bjSHB8LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3Zjg0ZTc0NjkxYzNiN2ZkMmQ1MThlNTYyZjllYTg3ZGU1
ZDNmNTAwHhcNMjUwMTAxMTM0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjMzYmU2ODM0NzM3NDk3OTk1Y2Y5ZTRhNWFjNWJmMDEwNmRhZDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwafpM5Ja2nddKPEFIv/Wipz6kkCy
OcaeJ5xqGvwgAyLJbxtkBxelM0eOFk53gicNfS3R/XlbH+e0vd2tfRUaW7l4gQZZ
os+waE94OsyTw9eYuMIbGTFYRoFRDJ3IAhnaJeUOrJLvGK1DFkO6IdoJflIxgWdV
VzB/9duB+C+ROtFJjZYUTUa3/du8eUH1eBpD9goE+eisVtPdtHPiXq1Fxoq+Jl4v
fH7CngxGizf46Ek7ENENoETnx1QDlaQciiQd3z3gZccwH7WiA0oYlCquFlH1/n/e
x2duZnKXAt3Bo7HDk1N+EINhc/s2y/vHyvllY7BQGy6xeqUb01PnbU4IcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGszvmg0c3SXmVz55KWsW/AQba1PMB8GA1UdIwQY
MBaAFGf4TnRpHDt/0tUY5WL56ofeXT9QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9oT2RHa2NPM19TMVJqbFl2bnFoOTVkUDFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9lOTM2MGMtZDczZS00MzBiLWI3MmUt
ZDZjZjgzN2IwZWZhLzEvYXpPLWFEUnpkSmVaWFBua3BheGI4QkJ0clU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9lOTM2MGMtZDczZS00MzBiLWI3MmUtZDZjZjgzN2IwZWZh
LzEvWl9oT2RHa2NPM19TMVJqbFl2bnFoOTVkUDFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW8NgAwQB
we/+MA0GCSqGSIb3DQEBCwUAA4IBAQBhvAEXdrhbOW470EnO6DEB5S4kkCs9SRSp
eynHabX7W5k6oTJLxf1EvvE+w+1k2I5ZfMgBnvu4m2G2qEDF8KL3ZyiIyohmzwRi
OWxgHUaPVtSM9g8g87xtvLvwXGBjlMYpUXdJBVh9bCSGLvYaZ2QGrUxcwukpb7SG
FpQ7bnyU99OOVzfv3YVK3JiAnuXPMFpD27H2BLsKF0yPtfRcgmSA/Jx9DPk+jzs1
Ta1R1//ucPIXiK7aVnNW4zyQaBLUNRnJeFiLbGrpm4EFLP4/ZhYHTMDfc61AzvYd
bgXcg8m7ZvYskJQEysiejhdgKLwsu2T68NDHRgB6u/r723P1eYYK
-----END CERTIFICATE-----